Ged, This may be an excellent observation. I also see that you’re using libpcre instead of libpcre2. Libcpre and libcpre2 versions earlier than 10.30 use recursive function calls for backtracking.
>From the release notes (https://www.pcre.org/changelog.txt): Ø 1. The main interpreter, pcre2_match(), has been refactored into a new version Ø that does not use recursive function calls (and therefore the stack) for Ø remembering backtracking positions. This makes --disable-stack-for-recursion a Ø NOOP. The new implementation allows backtracking into recursive group calls in Ø patterns, making it more compatible with Perl, and also fixes some other Ø hard-to-do issues such as #1887 in Bugzilla. The code is also cleaner because Ø the old code had a number of fudges to try to reduce stack usage. It seems to Ø run no slower than the old code. We’ve observed crashes in specific files due when using regex/pcre signatures as a result of stack exhaustion and updating to a modern version of libcpre2 resolves it. I have a suspicion it may resolve the issue for you as well. If you installed from homebrew though, perhaps the homebrew package needs to be updated to use pcre2 instead of pcre. CC’ing the clamav-binary mailing list for other package maintainers. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users <[email protected]> Date: Friday, May 1, 2020 at 5:21 AM To: James Brown via clamav-users <[email protected]> Cc: G.W. Haywood <[email protected]> Subject: Re: [clamav-users] Clamd crashes frequently - macOS Catalina Hi there, On Fri, 1 May 2020, James Brown via clamav-users wrote: > Getting lots of crashes of clamd. No indication of an issue in the clamd.log. > ... > --> STACK GUARD 0000700000a1c000-0000700000a1d000 [ 4K] ---/rwx > SM=NUL stack guard for thread 2 > Stack 0000700000a1d000-0000700000b1f000 [ 1032K] rw-/rwx > SM=COW thread 2 > ... > Thread 2 Crashed: > 0 libpcre.0.dylib 0x00007fff6e41eae6 0x7fff6e40a000 + > 84710 > ... I'm unfamiliar with some of the tools that you're using but many here can relate their experiences of the outstandingly good stability of clamd under what I'll call normal circumstances. Some of us have even pushed the envelope a little with no stability issues at all. Unfortunately I have no experience of anything on a Mac that's under 20 years old so you'll need to treat my guesses with caution, but it looks like a PCRE library is bashing the stack there. It's the sort of thing that a dodgy PCRE library might easily be expected to do. Where did it come from? This is the library I'm using on a Raspberry Pi4b, old but not very old by the standards of the distribution: $ pldd `pidof clamd` | grep libpcre | xargs ls -lL -rw-r--r-- 1 root root 485200 Mar 25 2019 /usr/lib/arm-linux-gnueabihf/libpcre2-8.so.0 I looked at https://www.apple.com/uk/macos/catalina/ and it gave me the impression that the OS is "for entertainment only" but I guess I'm just an old grouch. > I use a number of the third party sigs, securite.info, sanesecurity, > Malware Patrol, etc. Updating those or running Freshclam does not > crash clamd. Do the clamd crashes happen at particular times, such as when clamd is reloading its databases, or is it while scanning? > Any ideas what could be causing this? It's probably easier to say what it's likely not to be. :( My guess is that it's likely not to be a fault in clamd itself, but in something in your OS to which clamd is linking, but I think there's less testing of ClamAV on Macs generally than on e.g. Linux, so anything's possible. How much RAM is in the machine? You'll need at least 2G free before starting clamd and freshclam, likely more with many 3rd party sigs. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
