Try excluding Email.Exploit.Efail-6641027-1 from the main ClamAV set. You can do that by adding the signature name to a file called anything_you_like.ign2 and putting it in your database directory.
We had an issue with something crashing clamd and we strongly suspect that signature is to blame. It hasn't crashed since we started excluding it from the DB. Mark > On 1 May 2020, at 7:15 am, James Brown via clamav-users > <clamav-users@lists.clamav.net> wrote: > > Getting lots of crashes of clamd. No indication of an issue in the clamd.log. > > Installed via Homebrew. > > Crash Report has: > Process: clamd [29231] > Path: /usr/local/Cellar/clamav/0.102.2/sbin/clamd > Identifier: clamd > Version: 0 > Code Type: X86-64 (Native) > > Crashed Thread: 2 > > Exception Type: EXC_BAD_ACCESS (SIGBUS) > Exception Codes: KERN_PROTECTION_FAILURE at 0x0000700000a1cfa8 > Exception Note: EXC_CORPSE_NOTIFY > > Termination Signal: Bus error: 10 > Termination Reason: Namespace SIGNAL, Code 0xa > Terminating Process: exc handler [29231] > > VM Regions Near 0x700000a1cfa8: > Stack 000070000099a000-0000700000a1c000 [ 520K] rw-/rwx > SM=COW thread 1 > --> STACK GUARD 0000700000a1c000-0000700000a1d000 [ 4K] ---/rwx > SM=NUL stack guard for thread 2 > Stack 0000700000a1d000-0000700000b1f000 [ 1032K] rw-/rwx > SM=COW thread 2 > > Application Specific Information: > crashed on child side of fork pre-exec > > Thread 0:: Dispatch queue: com.apple.main-thread > 0 libsystem_kernel.dylib 0x00007fff6f6883d6 poll + 10 > 1 clamd 0x00000001001c2bbe fds_poll_recv + 426 > 2 clamd 0x00000001001c06c1 recvloop_th + 9039 > 3 clamd 0x00000001001bb76b main + 5428 > 4 libdyld.dylib 0x00007fff6f540cc9 start + 1 > > Thread 1: > 0 libsystem_kernel.dylib 0x00007fff6f6883d6 poll + 10 > 1 clamd 0x00000001001c2bbe fds_poll_recv + 426 > 2 clamd 0x00000001001c0b57 acceptloop_th + 114 > 3 libsystem_pthread.dylib 0x00007fff6f745109 _pthread_start + 148 > 4 libsystem_pthread.dylib 0x00007fff6f740b8b thread_start + 15 > > Thread 2 Crashed: > 0 libpcre.0.dylib 0x00007fff6e41eae6 0x7fff6e40a000 + > 84710 > 1 libpcre.0.dylib 0x00007fff6e41edea 0x7fff6e40a000 + > 85482 > 2 libpcre.0.dylib 0x00007fff6e42d10c 0x7fff6e40a000 + > 143628 > 3 libpcre.0.dylib 0x00007fff6e42d10c 0x7fff6e40a000 + > 143628 > 4 libpcre.0.dylib 0x00007fff6e42d10c 0x7fff6e40a000 + > 143628 > > Etc > > Thread 2 crashed with X86 Thread State (64-bit): > rax: 0x000000000000076c rbx: 0x00007fda45f3b432 rcx: 0x0000000000000006 > rdx: 0x00000001047437ab > rdi: 0x0000000104743f2d rsi: 0x00007fda45f3b435 rbp: 0x0000700000a1d0d0 > rsp: 0x0000700000a1cec0 > r8: 0x0000700000b196a0 r9: 0x0000000000000006 r10: 0x000000000000007e > r11: 0x0080000000000083 > r12: 0x0000000104743f2d r13: 0x0000000000000000 r14: 0x0000000000000000 > r15: 0x0000000000000000 > rip: 0x00007fff6e41eae6 rfl: 0x0000000000010206 cr2: 0x0000700000a1cfa8 > > Logical CPU: 8 > Error Code: 0x00000006 (no mapping for user data write) > Trap Number: 14 > > > I use a number of the third party sigs, securite.info, sanesecurity, Malware > Patrol, etc. Updating those or running Freshclam does not crash clamd. > > Any ideas what could be causing this? > > Thanks, > > James. > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
