[Clamav-devel] Building ClamAV 0.99 with PCRE support

Kevin Lin klin at sourcefire.com
Tue Dec 8 15:21:57 EST 2015


Can I ask you to try this patch and tell me if it fixes the issue? If the
issue persists, please submit the debug log. Thanks.

-Kevin

On Tue, Dec 8, 2015 at 2:00 PM, Mark Allan <markjallan at gmail.com> wrote:

> Hi Kevin,
>
> Thanks.
>
> Yes, the configure options are definitely the same. In fact PCRE isn't
> installed on OS X by default, so I'm compiling it as well and copying all
> the binaries & libraries etc over to the destination machines at the same
> time as copying the ClamAV binaries.
>
> Mark
>
> > On 8 Dec 2015, at 6:36 pm, Kevin Lin <klin at sourcefire.com> wrote:
> >
> > It appears that the PCRE library is correctly linking in and ClamAV is
> > making calls to it. The error message:
> >
> > LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0:
> > unknown option bit(s) set
> >
> > results directly from a failed compilation of PCRE regex which in this
> case
> > is due to an unknown option bit being set.
> >
> > Looking into it, the options that can be passed to pcre_compile are
> fairly
> > common ones; the only real exception is PCRE_NEVER_UTF which was added in
> > 8.33. It's possible that the flag existed on the source machine but not
> the
> > destination.Are the PCRE configure options consistent across the source
> and
> > all the destination machines?
> >
> > -Kevin
> >
> >
> >
> > On Tue, Dec 8, 2015 at 12:15 PM, Mark Allan <markjallan at gmail.com>
> wrote:
> >
> >> Hi all,
> >>
> >> Are there any recommendations for compilation options on/with pcre?
> >>
> >> I've tried several things but can't seem to get the build to work on
> >> anything other than OS X 10.11.  I never have a problem moving my ClamAV
> >> builds between machines, but something's going wrong with PCRE support -
> >> even when I build PCRE on the destination machine, I always end up with
> the
> >> following error from clamscan:
> >>
> >> LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0:
> >> unknown option bit(s) set
> >> LibClamAV Error: cli_pcre_build: failed to build pcre regex
> >> ERROR: Database initialization error: Malformed database
> >>
> >>
> >> Here's a section of the output with --debug on:
> >>
> >> LibClamAV debug: Ignoring signature Email.Trojan-417
> >> LibClamAV debug: main.ndb loaded
> >> LibClamAV debug: main.zmd loaded
> >> LibClamAV debug: main.fp loaded
> >> LibClamAV debug: in cli_tgzload_cleanup()
> >> LibClamAV debug: /usr/local/share/clamav/main.cvd loaded
> >> LibClamAV debug: Using filter for trie 0
> >> LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0:
> >> unknown option bit(s) set
> >> LibClamAV Error: cli_pcre_build: failed to build pcre regex
> >> ERROR: Database initialization error: Malformed database
> >> LibClamAV debug: Cleaning up phishcheck
> >> LibClamAV debug: Freeing phishcheck struct
> >> LibClamAV debug: Phishcheck cleaned up
> >>
> >> These are the options I'm passing to pcre's configure phase:
> >> ./configure --prefix=/usr/local --enable-newline-is-any --enable-utf
> >> --enable-unicode-properties --enable-rebuild-chartables --enable-pcre16
> >> --enable-pcre32 --enable-jit
> >>
> >> This is what I'm passing to ClamAV's configure phase:
> >> ./configure --disable-dependency-tracking  --enable-llvm=no
> >> --enable-clamdtop --with-user=_clamav --with-group=_clamav
> >> --enable-all-jit-targets --with-pcre=/usr/local --prefix=/usr/local
> >>
> >> I get the same results regardless of what options I pass to PCRE's
> >> configure script. I've also tried pcre-8.37 and pcre-8.38.
> >>
> >> Can anyone suggest anything?
> >>
> >> Many thanks
> >> Mark
> >>
> >>> On 20 Nov 2015, at 6:01 pm, Mickey Sola <msola at sourcefire.com> wrote:
> >>>
> >>> Hi Mark,
> >>>
> >>> Unfortunately, as of right now the only way to get pcre 8.38 is via
> their
> >>> rc1 candidate (check the pcre-dev mailing list for a tarball).
> >>>
> >>> In practice, the pcre exploit ClamAV warns about (
> >>> http://www.securitytracker.com/id/1032453) relies upon an explicitly
> >>> malicious regex, so you don't have to worry too much unless you're
> using
> >>> untrusted sigs. Everything should still compile and run just fine, even
> >>> with 8.37.
> >>>
> >>> - Mickey
> >>>
> >>> On Fri, Nov 20, 2015 at 8:08 AM, Mark Allan <markjallan at gmail.com>
> >> wrote:
> >>>
> >>>> Hi all,
> >>>>
> >>>> I saw the blog post about v0.99 rc 2 and have downloaded it for
> testing.
> >>>>
> >>>> It looks like bug 11411 [
> >>>> https://bugzilla.clamav.net/show_bug.cgi?id=11411 ] is still open,
> so I
> >>>> decided to download and build PCRE as well.
> >>>>
> >>>> I initially tried the PCRE2 branch but it wasn't recognised by
> ClamAV's
> >>>> configure script, so I went with the most up-to-date version of PCRE
> >> (which
> >>>> is currently 8.37) but now configure outputs the following:
> >>>>
> >>>> configure: WARNING: The installed pcre version may contain a security
> >> bug.
> >>>> Please upgrade to 8.38 or later: http://www.pcre.org
> >>>>
> >>>> There is no 8.38 that I can see:
> >>>>       https://sourceforge.net/projects/pcre/files/pcre/
> >>>>
> >>>> Are you just assuming that 8.38 will be coming soon to fix the bug, or
> >> is
> >>>> there a download somewhere that I'm not seeing?
> >>>>
> >>>> Thanks
> >>>> Mark
> >>>>
> >>>> _______________________________________________
> >>>> http://lurker.clamav.net/list/clamav-devel.html
> >>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>>>
> >>>> http://www.clamav.net/contact.html#ml
> >>>>
> >>> _______________________________________________
> >>> http://lurker.clamav.net/list/clamav-devel.html
> >>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>>
> >>> http://www.clamav.net/contact.html#ml
> >>
> >> _______________________________________________
> >> http://lurker.clamav.net/list/clamav-devel.html
> >> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>
> >> http://www.clamav.net/contact.html#ml
> >>
> > _______________________________________________
> > http://lurker.clamav.net/list/clamav-devel.html
> > Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >
> > http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pcre_flags_try.patch
Type: application/octet-stream
Size: 1611 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-devel/attachments/20151208/a692a0e1/attachment.obj>


More information about the clamav-devel mailing list