[Clamav-devel] Building ClamAV 0.99 with PCRE support

Mark Allan markjallan at gmail.com
Tue Dec 8 12:15:49 EST 2015


Hi all,

Are there any recommendations for compilation options on/with pcre?

I've tried several things but can't seem to get the build to work on anything other than OS X 10.11.  I never have a problem moving my ClamAV builds between machines, but something's going wrong with PCRE support - even when I build PCRE on the destination machine, I always end up with the following error from clamscan:

LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0: unknown option bit(s) set
LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database


Here's a section of the output with --debug on:

LibClamAV debug: Ignoring signature Email.Trojan-417
LibClamAV debug: main.ndb loaded
LibClamAV debug: main.zmd loaded
LibClamAV debug: main.fp loaded
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV debug: /usr/local/share/clamav/main.cvd loaded
LibClamAV debug: Using filter for trie 0
LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0: unknown option bit(s) set
LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up

These are the options I'm passing to pcre's configure phase:
./configure --prefix=/usr/local --enable-newline-is-any --enable-utf --enable-unicode-properties --enable-rebuild-chartables --enable-pcre16 --enable-pcre32 --enable-jit

This is what I'm passing to ClamAV's configure phase:
./configure --disable-dependency-tracking  --enable-llvm=no --enable-clamdtop --with-user=_clamav --with-group=_clamav --enable-all-jit-targets --with-pcre=/usr/local --prefix=/usr/local

I get the same results regardless of what options I pass to PCRE's configure script. I've also tried pcre-8.37 and pcre-8.38.

Can anyone suggest anything?

Many thanks
Mark

> On 20 Nov 2015, at 6:01 pm, Mickey Sola <msola at sourcefire.com> wrote:
> 
> Hi Mark,
> 
> Unfortunately, as of right now the only way to get pcre 8.38 is via their
> rc1 candidate (check the pcre-dev mailing list for a tarball).
> 
> In practice, the pcre exploit ClamAV warns about (
> http://www.securitytracker.com/id/1032453) relies upon an explicitly
> malicious regex, so you don't have to worry too much unless you're using
> untrusted sigs. Everything should still compile and run just fine, even
> with 8.37.
> 
> - Mickey
> 
> On Fri, Nov 20, 2015 at 8:08 AM, Mark Allan <markjallan at gmail.com> wrote:
> 
>> Hi all,
>> 
>> I saw the blog post about v0.99 rc 2 and have downloaded it for testing.
>> 
>> It looks like bug 11411 [
>> https://bugzilla.clamav.net/show_bug.cgi?id=11411 ] is still open, so I
>> decided to download and build PCRE as well.
>> 
>> I initially tried the PCRE2 branch but it wasn't recognised by ClamAV's
>> configure script, so I went with the most up-to-date version of PCRE (which
>> is currently 8.37) but now configure outputs the following:
>> 
>> configure: WARNING: The installed pcre version may contain a security bug.
>> Please upgrade to 8.38 or later: http://www.pcre.org
>> 
>> There is no 8.38 that I can see:
>>        https://sourceforge.net/projects/pcre/files/pcre/
>> 
>> Are you just assuming that 8.38 will be coming soon to fix the bug, or is
>> there a download somewhere that I'm not seeing?
>> 
>> Thanks
>> Mark
>> 
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>> 
>> http://www.clamav.net/contact.html#ml
>> 
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> 
> http://www.clamav.net/contact.html#ml




More information about the clamav-devel mailing list