[Clamav-devel] ClamAV 0.102.3 - Can't allocate memory ERROR on macOS 10.15

Micah Snyder (micasnyd) micasnyd at cisco.com
Tue Jun 2 10:43:24 EDT 2020 

Hi Mark,

This is a very strange one you’ve encountered.  Can you send the file my way so I can reproduce the issue, and debug-step through the code?

-Micah

From: clamav-devel <clamav-devel-bounces at lists.clamav.net>
Date: Friday, May 29, 2020 at 7:46 PM
To: ClamAV Development <clamav-devel at lists.clamav.net>
Subject: Re: [Clamav-devel] ClamAV 0.102.3 - Can't allocate memory ERROR on macOS 10.15
Quick follow-up to this one.

Upon further digging, if the --fdpass flag is passed to clamdscan, you get different output...albeit still very wrong!
        /Applications/Microsoft Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll: (null) FOUND

Does anyone have any thoughts at all?

Thanks,
Mark

> On 29 May 2020, at 1:26 am, Mark Allan <markjallan at gmail.com> wrote:
>
> Hi folks,
>
> I'm still testing 0.102.3 but I've hit a few issues where some known-good files are being detected as infected because they're generating the following error:
>        Can't allocate memory ERROR
>
> Output from clamscan and clamdscan are as follows:
>
>> $ /usr/local/bin/clamscan /Applications/Microsoft\ Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll
>>
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 0
>> Engine version: 0.102.3
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 1
>> Data scanned: 0.00 MB
>> Data read: 0.01 MB (ratio 0.00:1)
>> Time: 0.009 sec (0 m 0 s)
>>
>> Escalate:/Applications $ /usr/local/bin/clamdscan --multiscan /Applications/Microsoft\ Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll
>> /Applications/Microsoft Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll: Can't allocate memory ERROR
>>
>> ----------- SCAN SUMMARY -----------
>> Infected files: 0
>> Total errors: 1
>> Time: 0.002 sec (0 m 0 s)
>> Escalate:/Applications $
>
>
> I removed main.cvd and bytecode.cvd from the database directory, unpacked daily.cvd and eventually tracked it down to daily.crb
>
> Removing the following definition solves the problem, but for some reason this can't be added to an ign2 file...and this sig worked on older versions of clamav, so it feels like that's the wrong solution anyway!
>        Trusted.CA.Microsoft-7350512-0
>
> Has anyone else come up against this problem before, and do you know what I can do about it?
>
> Many thanks
> Mark
>

_______________________________________________

clamav-devel mailing list
clamav-devel at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

More information about the clamav-devel mailing list