On 21. mars 2019 11:19, Alptugay Değirmencioğlu wrote:
Hello,
This signature*Pdf.Exploit.CVE_2019_7057-6900620-0 *causes error on
clamd start both on versions 0.93 and 0.101.1.
The error is:
LibClamAV Error: cli_pcre_compile: PCRE compilation failed at offset 20:
unrecognized character after (?<
LibClamAV Error: cli_pcre_build: failed to build pcre regex
Thu Mar 21 13:11:33 2019 -> !Database initialization error: Malformed
database
The content of the signature is odd.
Pdf.Exploit.CVE_2019_7057-6900620-0;Engine:81-255,Target:10;1;7361766546696C7465726564584D4C;0/resolveNode[^>]*?(?<load>loadXML\([^>]*?save(XML|FilteredXML))[^>]*?(?P=load)[^>]*?(?P=load)/i
This is probably only a problem on machines with perl older than v.5.10.
I think it is the notation '(?<l' that causes problems for older perl/pcre.
perl 5.8.8:
perl -e 'print "OK\n"
unless(/(?<load>loadXML\([^>]*?save(XML|FilteredXML))/);'
Sequence (?<l...) not recognized in regex; marked by <-- HERE in m/(?<l
<-- HERE oad>loadXML\([^>]*?save(XML|FilteredXML))/ at -e line 1.
perl 5.10.1:
perl -e 'print "OK\n"
unless(/(?<load>loadXML\([^>]*?save(XML|FilteredXML))/);'
OK
Workaround:
echo "Pdf.Exploit.CVE_2019_7057-6900620-0" > /var/lib/clamav/pcre.ign2
--
Bernt 'Burnie' Pettersen /// DoD#2345
<E-mail:bur...@dod.no> /// <URL:http://burnie.sh/>
- Creative brains need creative workhours! -
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
