[Clamav-devel] Building ClamAV 0.99 with PCRE support

Kevin Lin klin at sourcefire.com
Tue Dec 8 13:36:41 EST 2015


It appears that the PCRE library is correctly linking in and ClamAV is
making calls to it. The error message:

LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0:
unknown option bit(s) set

results directly from a failed compilation of PCRE regex which in this case
is due to an unknown option bit being set.

Looking into it, the options that can be passed to pcre_compile are fairly
common ones; the only real exception is PCRE_NEVER_UTF which was added in
8.33. It's possible that the flag existed on the source machine but not the
destination.Are the PCRE configure options consistent across the source and
all the destination machines?

-Kevin



On Tue, Dec 8, 2015 at 12:15 PM, Mark Allan <markjallan at gmail.com> wrote:

> Hi all,
>
> Are there any recommendations for compilation options on/with pcre?
>
> I've tried several things but can't seem to get the build to work on
> anything other than OS X 10.11.  I never have a problem moving my ClamAV
> builds between machines, but something's going wrong with PCRE support -
> even when I build PCRE on the destination machine, I always end up with the
> following error from clamscan:
>
> LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0:
> unknown option bit(s) set
> LibClamAV Error: cli_pcre_build: failed to build pcre regex
> ERROR: Database initialization error: Malformed database
>
>
> Here's a section of the output with --debug on:
>
> LibClamAV debug: Ignoring signature Email.Trojan-417
> LibClamAV debug: main.ndb loaded
> LibClamAV debug: main.zmd loaded
> LibClamAV debug: main.fp loaded
> LibClamAV debug: in cli_tgzload_cleanup()
> LibClamAV debug: /usr/local/share/clamav/main.cvd loaded
> LibClamAV debug: Using filter for trie 0
> LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0:
> unknown option bit(s) set
> LibClamAV Error: cli_pcre_build: failed to build pcre regex
> ERROR: Database initialization error: Malformed database
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Freeing phishcheck struct
> LibClamAV debug: Phishcheck cleaned up
>
> These are the options I'm passing to pcre's configure phase:
> ./configure --prefix=/usr/local --enable-newline-is-any --enable-utf
> --enable-unicode-properties --enable-rebuild-chartables --enable-pcre16
> --enable-pcre32 --enable-jit
>
> This is what I'm passing to ClamAV's configure phase:
> ./configure --disable-dependency-tracking  --enable-llvm=no
> --enable-clamdtop --with-user=_clamav --with-group=_clamav
> --enable-all-jit-targets --with-pcre=/usr/local --prefix=/usr/local
>
> I get the same results regardless of what options I pass to PCRE's
> configure script. I've also tried pcre-8.37 and pcre-8.38.
>
> Can anyone suggest anything?
>
> Many thanks
> Mark
>
> > On 20 Nov 2015, at 6:01 pm, Mickey Sola <msola at sourcefire.com> wrote:
> >
> > Hi Mark,
> >
> > Unfortunately, as of right now the only way to get pcre 8.38 is via their
> > rc1 candidate (check the pcre-dev mailing list for a tarball).
> >
> > In practice, the pcre exploit ClamAV warns about (
> > http://www.securitytracker.com/id/1032453) relies upon an explicitly
> > malicious regex, so you don't have to worry too much unless you're using
> > untrusted sigs. Everything should still compile and run just fine, even
> > with 8.37.
> >
> > - Mickey
> >
> > On Fri, Nov 20, 2015 at 8:08 AM, Mark Allan <markjallan at gmail.com>
> wrote:
> >
> >> Hi all,
> >>
> >> I saw the blog post about v0.99 rc 2 and have downloaded it for testing.
> >>
> >> It looks like bug 11411 [
> >> https://bugzilla.clamav.net/show_bug.cgi?id=11411 ] is still open, so I
> >> decided to download and build PCRE as well.
> >>
> >> I initially tried the PCRE2 branch but it wasn't recognised by ClamAV's
> >> configure script, so I went with the most up-to-date version of PCRE
> (which
> >> is currently 8.37) but now configure outputs the following:
> >>
> >> configure: WARNING: The installed pcre version may contain a security
> bug.
> >> Please upgrade to 8.38 or later: http://www.pcre.org
> >>
> >> There is no 8.38 that I can see:
> >>        https://sourceforge.net/projects/pcre/files/pcre/
> >>
> >> Are you just assuming that 8.38 will be coming soon to fix the bug, or
> is
> >> there a download somewhere that I'm not seeing?
> >>
> >> Thanks
> >> Mark
> >>
> >> _______________________________________________
> >> http://lurker.clamav.net/list/clamav-devel.html
> >> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>
> >> http://www.clamav.net/contact.html#ml
> >>
> > _______________________________________________
> > http://lurker.clamav.net/list/clamav-devel.html
> > Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >
> > http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml
>


More information about the clamav-devel mailing list