[Clamav-devel] ClamAV 0.102.3 - Can't allocate memory ERROR on macOS 10.15
Mark Allan
markjallan at gmail.com
Tue Jun 2 11:04:20 EDT 2020
Hi Micah,
Thanks. I've uploaded it to clamav.net <http://clamav.net/> as an FP report.
Here are the various hashes to help you find it.
MD5 460cd4f06997a968b1a0ba91ba127984
SHA-1 e35ffaafb6a0548fece874360c56204df2bf1233
SHA-256 1d9dd7f51e21b0f384355de6a5a22d9017ecad0e5adc3c91c24a03b599c54f1d
Thanks
Mark
> On 2 Jun 2020, at 3:43 pm, Micah Snyder (micasnyd) <micasnyd at cisco.com> wrote:
>
> Hi Mark,
>
> This is a very strange one you’ve encountered. Can you send the file my way so I can reproduce the issue, and debug-step through the code?
>
> -Micah
>
> From: clamav-devel <clamav-devel-bounces at lists.clamav.net>
> Date: Friday, May 29, 2020 at 7:46 PM
> To: ClamAV Development <clamav-devel at lists.clamav.net>
> Subject: Re: [Clamav-devel] ClamAV 0.102.3 - Can't allocate memory ERROR on macOS 10.15
> Quick follow-up to this one.
>
> Upon further digging, if the --fdpass flag is passed to clamdscan, you get different output...albeit still very wrong!
> /Applications/Microsoft Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll: (null) FOUND
>
> Does anyone have any thoughts at all?
>
> Thanks,
> Mark
>
>> On 29 May 2020, at 1:26 am, Mark Allan <markjallan at gmail.com> wrote:
>>
>> Hi folks,
>>
>> I'm still testing 0.102.3 but I've hit a few issues where some known-good files are being detected as infected because they're generating the following error:
>> Can't allocate memory ERROR
>>
>> Output from clamscan and clamdscan are as follows:
>>
>>> $ /usr/local/bin/clamscan /Applications/Microsoft\ Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll
>>>
>>> ----------- SCAN SUMMARY -----------
>>> Known viruses: 0
>>> Engine version: 0.102.3
>>> Scanned directories: 0
>>> Scanned files: 1
>>> Infected files: 1
>>> Data scanned: 0.00 MB
>>> Data read: 0.01 MB (ratio 0.00:1)
>>> Time: 0.009 sec (0 m 0 s)
>>>
>>> Escalate:/Applications $ /usr/local/bin/clamdscan --multiscan /Applications/Microsoft\ Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll
>>> /Applications/Microsoft Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll: Can't allocate memory ERROR
>>>
>>> ----------- SCAN SUMMARY -----------
>>> Infected files: 0
>>> Total errors: 1
>>> Time: 0.002 sec (0 m 0 s)
>>> Escalate:/Applications $
>>
>>
>> I removed main.cvd and bytecode.cvd from the database directory, unpacked daily.cvd and eventually tracked it down to daily.crb
>>
>> Removing the following definition solves the problem, but for some reason this can't be added to an ign2 file...and this sig worked on older versions of clamav, so it feels like that's the wrong solution anyway!
>> Trusted.CA.Microsoft-7350512-0
>>
>> Has anyone else come up against this problem before, and do you know what I can do about it?
>>
>> Many thanks
>> Mark
>>
>
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-devel
mailing list