[Clamav-devel] Building ClamAV 0.99 with PCRE support

Mark Allan markjallan at gmail.com
Tue Dec 8 14:00:56 EST 2015


Hi Kevin,

Thanks.

Yes, the configure options are definitely the same. In fact PCRE isn't installed on OS X by default, so I'm compiling it as well and copying all the binaries & libraries etc over to the destination machines at the same time as copying the ClamAV binaries.

Mark

> On 8 Dec 2015, at 6:36 pm, Kevin Lin <klin at sourcefire.com> wrote:
> 
> It appears that the PCRE library is correctly linking in and ClamAV is
> making calls to it. The error message:
> 
> LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0:
> unknown option bit(s) set
> 
> results directly from a failed compilation of PCRE regex which in this case
> is due to an unknown option bit being set.
> 
> Looking into it, the options that can be passed to pcre_compile are fairly
> common ones; the only real exception is PCRE_NEVER_UTF which was added in
> 8.33. It's possible that the flag existed on the source machine but not the
> destination.Are the PCRE configure options consistent across the source and
> all the destination machines?
> 
> -Kevin
> 
> 
> 
> On Tue, Dec 8, 2015 at 12:15 PM, Mark Allan <markjallan at gmail.com> wrote:
> 
>> Hi all,
>> 
>> Are there any recommendations for compilation options on/with pcre?
>> 
>> I've tried several things but can't seem to get the build to work on
>> anything other than OS X 10.11.  I never have a problem moving my ClamAV
>> builds between machines, but something's going wrong with PCRE support -
>> even when I build PCRE on the destination machine, I always end up with the
>> following error from clamscan:
>> 
>> LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0:
>> unknown option bit(s) set
>> LibClamAV Error: cli_pcre_build: failed to build pcre regex
>> ERROR: Database initialization error: Malformed database
>> 
>> 
>> Here's a section of the output with --debug on:
>> 
>> LibClamAV debug: Ignoring signature Email.Trojan-417
>> LibClamAV debug: main.ndb loaded
>> LibClamAV debug: main.zmd loaded
>> LibClamAV debug: main.fp loaded
>> LibClamAV debug: in cli_tgzload_cleanup()
>> LibClamAV debug: /usr/local/share/clamav/main.cvd loaded
>> LibClamAV debug: Using filter for trie 0
>> LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0:
>> unknown option bit(s) set
>> LibClamAV Error: cli_pcre_build: failed to build pcre regex
>> ERROR: Database initialization error: Malformed database
>> LibClamAV debug: Cleaning up phishcheck
>> LibClamAV debug: Freeing phishcheck struct
>> LibClamAV debug: Phishcheck cleaned up
>> 
>> These are the options I'm passing to pcre's configure phase:
>> ./configure --prefix=/usr/local --enable-newline-is-any --enable-utf
>> --enable-unicode-properties --enable-rebuild-chartables --enable-pcre16
>> --enable-pcre32 --enable-jit
>> 
>> This is what I'm passing to ClamAV's configure phase:
>> ./configure --disable-dependency-tracking  --enable-llvm=no
>> --enable-clamdtop --with-user=_clamav --with-group=_clamav
>> --enable-all-jit-targets --with-pcre=/usr/local --prefix=/usr/local
>> 
>> I get the same results regardless of what options I pass to PCRE's
>> configure script. I've also tried pcre-8.37 and pcre-8.38.
>> 
>> Can anyone suggest anything?
>> 
>> Many thanks
>> Mark
>> 
>>> On 20 Nov 2015, at 6:01 pm, Mickey Sola <msola at sourcefire.com> wrote:
>>> 
>>> Hi Mark,
>>> 
>>> Unfortunately, as of right now the only way to get pcre 8.38 is via their
>>> rc1 candidate (check the pcre-dev mailing list for a tarball).
>>> 
>>> In practice, the pcre exploit ClamAV warns about (
>>> http://www.securitytracker.com/id/1032453) relies upon an explicitly
>>> malicious regex, so you don't have to worry too much unless you're using
>>> untrusted sigs. Everything should still compile and run just fine, even
>>> with 8.37.
>>> 
>>> - Mickey
>>> 
>>> On Fri, Nov 20, 2015 at 8:08 AM, Mark Allan <markjallan at gmail.com>
>> wrote:
>>> 
>>>> Hi all,
>>>> 
>>>> I saw the blog post about v0.99 rc 2 and have downloaded it for testing.
>>>> 
>>>> It looks like bug 11411 [
>>>> https://bugzilla.clamav.net/show_bug.cgi?id=11411 ] is still open, so I
>>>> decided to download and build PCRE as well.
>>>> 
>>>> I initially tried the PCRE2 branch but it wasn't recognised by ClamAV's
>>>> configure script, so I went with the most up-to-date version of PCRE
>> (which
>>>> is currently 8.37) but now configure outputs the following:
>>>> 
>>>> configure: WARNING: The installed pcre version may contain a security
>> bug.
>>>> Please upgrade to 8.38 or later: http://www.pcre.org
>>>> 
>>>> There is no 8.38 that I can see:
>>>>       https://sourceforge.net/projects/pcre/files/pcre/
>>>> 
>>>> Are you just assuming that 8.38 will be coming soon to fix the bug, or
>> is
>>>> there a download somewhere that I'm not seeing?
>>>> 
>>>> Thanks
>>>> Mark
>>>> 
>>>> _______________________________________________
>>>> http://lurker.clamav.net/list/clamav-devel.html
>>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>>> 
>>>> http://www.clamav.net/contact.html#ml
>>>> 
>>> _______________________________________________
>>> http://lurker.clamav.net/list/clamav-devel.html
>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>> 
>>> http://www.clamav.net/contact.html#ml
>> 
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>> 
>> http://www.clamav.net/contact.html#ml
>> 
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> 
> http://www.clamav.net/contact.html#ml




More information about the clamav-devel mailing list