Hi Mario, all, Thank you for the extra info and the offer for help.
Last night I also received a backtrace and a sample that will reproduce the crash. We should be able to figure out a fix for the bug from here. Thanks again! Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Mario Yorck via clamav-users <clamav-users@lists.clamav.net> Sent: Tuesday, May 16, 2023 11:55 PM To: ClamAV users ML <clamav-users@lists.clamav.net> Cc: Mario Yorck <marioyo...@gmail.com> Subject: Re: [clamav-users] [ext] Segfaults with database version 26908 Here are some information: It crashes when specific files are scanned. However, but it is unlikely that the file contains the bad signature (but im not sure). I have a sample file, but with personal data that I cannot share. Yesterday I was able to reproduce the crash, but today I no longer have the version 26908. If you send me the version of yesterday and describe what you need, I can try to debug something. Here is my test from yesterday with version 0.103.8 on gentoo: # clamscan clamav-0c216ef050250d78d59408a83f383ba1.tmp LibClamAV Warning: Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0 LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie Segmentation fault # echo "Win.Downloader.LNKAgent-10001628-0" > /var/lib/clamav/bad_sig.ign2 # clamscan clamav-0c216ef050250d78d59408a83f383ba1.tmp clamav-0c216ef050250d78d59408a83f383ba1.tmp: OK The LibClamAV Warnings also came when scanning other files, but other files was successfully scanned without any crash. clamscan[26247]: segfault at 7fd6907960bf ip 00007fd5e36947a7 sp 00007ffe80983900 error 4 in libclamav.so.9.0.5[7fd5e3692000+116000] likely on CPU 0 (core 0, socket 0) Hope this helps to find the problem. PS: Thanks to my lifesaver Matthias for the tip about the whitelist yesterday. Mario Am Di., 16. Mai 2023 um 14:51 Uhr schrieb Matthias Rieber <matthias+cla...@zu-con.org<mailto:matthias%2bcla...@zu-con.org>>: Hello, On Tue, 16 May 2023, Ralf Hildebrandt via clamav-users wrote: >> As far as I can tell this happens in >> >> 0x7fdfd44c377d <ac_backward_match_branch+813> >> >> We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye. >> >> Has anyone seen this, too? > > I've seen this with 1.1.0-1 as well. Maybe they're related to the > "pattern issue" I posted a while ago yes, it turns out that you can mitigate this issue when you whitelist this signature: $ echo "Win.Downloader.LNKAgent-10001628-0" > /var/lib/clamav/bad_sig.ign2 Regards, Matthias _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
