[Clamav-devel] ClamAV 0.102.3 - Can't allocate memory ERROR on macOS 10.15

[Mark Allan]

Thanks for trying it out, Micah.

I wonder if it's something to do with the way I'm compiling it then?

Here's my ./configure incantation:

CFLAGS='-O2 -g -D_FILE_OFFSET_BITS=64 -mmacosx-version-min=10.10  -arch x86_64 -w -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -iwithsysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -I/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libxml2' CXXFLAGS='-O2 -g -D_FILE_OFFSET_BITS=64 -mmacosx-version-min=10.10  -arch x86_64 -w -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -iwithsysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -I/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libxml2' ./configure --disable-dependency-tracking  --enable-llvm=no --enable-clamdtop --with-user=_clamav --with-group=_clamav --enable-all-jit-targets --with-pcre=/usr/local/clamav --with-openssl=/usr/local/clamav --prefix=/usr/local/clamav

A few things I should probably explain with this:

1) The mmacosx-version-min=10.10 flag is so I can produce a package that supports macOS 10.10 to 10.15.
2) The version of PCRE is pcre2-10.35
3) OpenSSL isn't really compiled and distributed under /usr/local/clamav - it's just a bunch of symlinks to the openSSL libraries that ship a default install of macOS, which is ye olde libssl.0.9.8.dylib
4) If I don't pass in the header location for libxml2, the configure script still finds them, but the Make phase fails as it can't find "libxml/parser.h".

For what it's worth, the only step I had to change to make 0.102.3 compile was to add in step 4. Prior to 102.3 it compiled just fine without it...but I doubt that's the issue.

Not sure if that helps at all.

Thanks again
Mark

> On 2 Jun 2020, at 6:59 pm, Micah Snyder (micasnyd) <micasnyd at cisco.com> wrote:
> 
> I just tried reproducing the issue using 0.102.3, both with the file you provided and with my own copy (it turns out I have that filepath on my mac already).  Wasn’t able to reproduce the error with clamscan, clamdscan, or clamdscan –fdpass.  Not sure how to help.
> 
> Anyone else have any ideas?
> 
> -Micah
> 
> From: clamav-devel <clamav-devel-bounces at lists.clamav.net <mailto:clamav-devel-bounces at lists.clamav.net>>
> Date: Tuesday, June 2, 2020 at 11:04 AM
> To: ClamAV Development <clamav-devel at lists.clamav.net <mailto:clamav-devel at lists.clamav.net>>
> Subject: Re: [Clamav-devel] ClamAV 0.102.3 - Can't allocate memory ERROR on macOS 10.15
> Hi Micah,
> 
> Thanks. I've uploaded it to clamav.net <http://clamav.net/> <http://clamav.net/ <http://clamav.net/>> as an FP report.
> 
> Here are the various hashes to help you find it.
> 
> MD5     460cd4f06997a968b1a0ba91ba127984
> SHA-1   e35ffaafb6a0548fece874360c56204df2bf1233
> SHA-256 1d9dd7f51e21b0f384355de6a5a22d9017ecad0e5adc3c91c24a03b599c54f1d
> 
> Thanks
> Mark
> 
> 
>> On 2 Jun 2020, at 3:43 pm, Micah Snyder (micasnyd) <micasnyd at cisco.com <mailto:micasnyd at cisco.com>> wrote:
>> 
>> Hi Mark,
>> 
>> This is a very strange one you’ve encountered.  Can you send the file my way so I can reproduce the issue, and debug-step through the code?
>> 
>> -Micah
>> 
>> From: clamav-devel <clamav-devel-bounces at lists.clamav.net <mailto:clamav-devel-bounces at lists.clamav.net>>
>> Date: Friday, May 29, 2020 at 7:46 PM
>> To: ClamAV Development <clamav-devel at lists.clamav.net <mailto:clamav-devel at lists.clamav.net>>
>> Subject: Re: [Clamav-devel] ClamAV 0.102.3 - Can't allocate memory ERROR on macOS 10.15
>> Quick follow-up to this one.
>> 
>> Upon further digging, if the --fdpass flag is passed to clamdscan, you get different output...albeit still very wrong!
>>       /Applications/Microsoft Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll: (null) FOUND
>> 
>> Does anyone have any thoughts at all?
>> 
>> Thanks,
>> Mark
>> 
>>> On 29 May 2020, at 1:26 am, Mark Allan <markjallan at gmail.com <mailto:markjallan at gmail.com>> wrote:
>>> 
>>> Hi folks,
>>> 
>>> I'm still testing 0.102.3 but I've hit a few issues where some known-good files are being detected as infected because they're generating the following error:
>>>      Can't allocate memory ERROR
>>> 
>>> Output from clamscan and clamdscan are as follows:
>>> 
>>>> $ /usr/local/bin/clamscan /Applications/Microsoft\ Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll
>>>> 
>>>> ----------- SCAN SUMMARY -----------
>>>> Known viruses: 0
>>>> Engine version: 0.102.3
>>>> Scanned directories: 0
>>>> Scanned files: 1
>>>> Infected files: 1
>>>> Data scanned: 0.00 MB
>>>> Data read: 0.01 MB (ratio 0.00:1)
>>>> Time: 0.009 sec (0 m 0 s)
>>>> 
>>>> Escalate:/Applications $ /usr/local/bin/clamdscan --multiscan /Applications/Microsoft\ Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll
>>>> /Applications/Microsoft Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll: Can't allocate memory ERROR
>>>> 
>>>> ----------- SCAN SUMMARY -----------
>>>> Infected files: 0
>>>> Total errors: 1
>>>> Time: 0.002 sec (0 m 0 s)
>>>> Escalate:/Applications $
>>> 
>>> 
>>> I removed main.cvd and bytecode.cvd from the database directory, unpacked daily.cvd and eventually tracked it down to daily.crb
>>> 
>>> Removing the following definition solves the problem, but for some reason this can't be added to an ign2 file...and this sig worked on older versions of clamav, so it feels like that's the wrong solution anyway!
>>>      Trusted.CA.Microsoft-7350512-0
>>> 
>>> Has anyone else come up against this problem before, and do you know what I can do about it?
>>> 
>>> Many thanks
>>> Mark
>>> 
>> 
>> _______________________________________________
>> 
>> clamav-devel mailing list
>> clamav-devel at lists.clamav.net <mailto:clamav-devel at lists.clamav.net>
>> https://lists.clamav.net/mailman/listinfo/clamav-devel <https://lists.clamav.net/mailman/listinfo/clamav-devel>
>> 
>> Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls <https://github.com/Cisco-Talos/clamav-devel/pulls>
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
>> 
>> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
>> _______________________________________________
>> 
>> clamav-devel mailing list
>> clamav-devel at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-devel
>> 
>> Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> _______________________________________________
> 
> clamav-devel mailing list
> clamav-devel at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
> 
> Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> 
> clamav-devel mailing list
> clamav-devel at lists.clamav.net <mailto:clamav-devel at lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-devel <https://lists.clamav.net/mailman/listinfo/clamav-devel>
> 
> Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls <https://github.com/Cisco-Talos/clamav-devel/pulls>
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
> 
> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>