Here are some information: It crashes when specific files are scanned. However, but it is unlikely that the file contains the bad signature (but im not sure). I have a sample file, but with personal data that I cannot share. Yesterday I was able to reproduce the crash, but today I no longer have the version 26908. If you send me the version of yesterday and describe what you need, I can try to debug something.
Here is my test from yesterday with version 0.103.8 on gentoo: # clamscan clamav-0c216ef050250d78d59408a83f383ba1.tmp LibClamAV Warning: Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0 LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie Segmentation fault # echo "Win.Downloader.LNKAgent-10001628-0" > /var/lib/clamav/bad_sig.ign2 # clamscan clamav-0c216ef050250d78d59408a83f383ba1.tmp clamav-0c216ef050250d78d59408a83f383ba1.tmp: OK The LibClamAV Warnings also came when scanning other files, but other files was successfully scanned without any crash. clamscan[26247]: segfault at 7fd6907960bf ip 00007fd5e36947a7 sp 00007ffe80983900 error 4 in libclamav.so.9.0.5[7fd5e3692000+116000] likely on CPU 0 (core 0, socket 0) Hope this helps to find the problem. PS: Thanks to my lifesaver Matthias for the tip about the whitelist yesterday. Mario Am Di., 16. Mai 2023 um 14:51 Uhr schrieb Matthias Rieber < matthias+cla...@zu-con.org>: > Hello, > > On Tue, 16 May 2023, Ralf Hildebrandt via clamav-users wrote: > > >> As far as I can tell this happens in > >> > >> 0x7fdfd44c377d <ac_backward_match_branch+813> > >> > >> We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye. > >> > >> Has anyone seen this, too? > > > > I've seen this with 1.1.0-1 as well. Maybe they're related to the > > "pattern issue" I posted a while ago > > yes, it turns out that you can mitigate this issue when you whitelist > this signature: > > $ echo "Win.Downloader.LNKAgent-10001628-0" > /var/lib/clamav/bad_sig.ign2 > > Regards, > Matthias > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat >
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
