[clamav-users] [Clamav-devel] ClamAV(R): ClamAV 0.98.4rc1 is now available!

Mark Allan markjallan at blueyonder.co.uk
Thu May 22 12:45:58 UTC 2014 

Hi,

I've asked the user to recompile with the options below and provide feedback.  OS X uses llvm instead of gcc, which means using lldb instead of gdb, so hopefully I've given him the correct command to provide a stack trace!

He said it's likely to be the weekend before he gets a chance to do it though.

I'll feed the results back here as soon as he manages to do something.

Mark

On 20 May 2014, at 08:13 pm, Steven Morgan <smorgan at sourcefire.com> wrote:

> Hi,
> 
> It would help a lot and eliminate much guesswork if someone who has this
> problem could build a debug version of clamav, as in:
> 
> ./configure --enable-debug [other flags] CFLAGS='-g -O0'
> 
> and reproduce the problem with clamd running under gdb (sudo gdb clamd)
> with the clamd.conf statement:
> 
> Foreground yes
> 
> When the crash occurs, obtain the stack trace(bt) and also print(p)
> relevant variable values surrounding the crash location.
> 
> Either that, or send in some files that we can use to reproduce the problem.
> 
> Thanks,
> Steve
> 
> 
> On Tue, May 20, 2014 at 1:54 PM, Al Varnell <alvarnell at mac.com> wrote:
> 
>> I think there may be some confusion here.  There have been three users
>> report crashed clamd with Thunderbird, but I believe the INBOX files
>> concerned were all less than the 25MB limit at the time.  In my case, I had
>> never used Thunderbird and installed it simply for test purposes.  So as
>> the INBOX was growing there were many scans required as new messages
>> flooded in which resulted in multiple clamdscan processes being spawned
>> against that same INBOX mailbox.  That’s when the clamd crash occurred
>> leaving a could of clamdscan processes running at high CPU usage.  After
>> the INBOX grew to 1.15GB and clamd was restarted, there were no more
>> crashes, but the logs show no more scans of the INBOX which is consistent
>> with the 25MB limit.
>> 
>> At least one of the other two users has four accounts with INBOX files
>> below 25MB.  Both that user and myself are still using 0.98.3.
>> 
>> The third user compiled and ran his own copy of 0.98.4rc1 and is still
>> seeing clamd crashes and high CPU usage daily.  He has not yet reported the
>> size or number of INBOX files he has and as Mark said, has been asked to
>> supply his crash log.
>> 
>> My theory is that it’s the initial flood of messages at Thunderbird
>> startup that’s initiating this and not my huge INBOX.
>> 
>> 
>> -Al-
>> --
>> Al Varnell
>> Mountain View, CA
>> 
>> On May 20, 2014, at 6:14 AM, Shawn Webb <swebb at sourcefire.com> wrote:
>> 
>>> Hey Mark,
>>> 
>>> Is there a way you could get me the sample?
>>> 
>>> Thanks,
>>> 
>>> Shawn
>>> 
>>> 
>>> On Tue, May 20, 2014 at 6:49 AM, Mark Allan <markjallan at blueyonder.co.uk
>>> wrote:
>>> 
>>>> I may have been a bit hasty with this.  It appears there's another issue
>>>> with clamd.
>>>> 
>>>> I'm receiving reports of clamd crashing when attempting to parse email
>> in
>>>> an incredibly large (1.15 GB) Thunderbird mailbox file.
>>>> 
>>>> This particular report is from 0.98.3, but the user is reporting it
>> still
>>>> happens when testing against 0.98.4-rc1.  I'll attempt to get a crash
>> log
>>>> from the user.
>>>> 
>>>> Exception Type: EXC_BAD_ACCESS (SIGSEGV)
>>>> Exception Codes: KERN_INVALID_ADDRESS at 0x0000000117ffffff
>>>> 
>>>> Thread 2 Crashed:
>>>> 0 libclamav.6.dylib 0x000000010004fa6c parseEmailBody + 4668
>>>> 1 libclamav.6.dylib 0x000000010004d701 cli_mbox + 1057
>>>> 2 libclamav.6.dylib 0x0000000100048b97 cli_scanmail + 119
>>>> 3 libclamav.6.dylib 0x0000000100044349 magic_scandesc + 8537
>>>> 4 libclamav.6.dylib 0x0000000100042142 cli_base_scandesc + 242
>>>> 5 libclamav.6.dylib 0x0000000100046360 scan_common + 416
>>>> 6 libclamav.6.dylib 0x00000001000465d8 cl_scanfile_callback + 88
>>>> 7 clamd 0x000000010000c62d scan_callback + 749
>>>> 8 libclamav.6.dylib 0x00000001006c966c handle_entry + 252
>>>> 9 libclamav.6.dylib 0x00000001006c9388 cli_ftw + 424
>>>> 10 clamd 0x0000000100007363 command + 1331
>>>> 11 clamd 0x000000010000bd38 scanner_thread + 56
>>>> 12 clamd 0x000000010000918a thrmgr_worker + 938
>>>> 13 libsystem_c.dylib 0x00007fff8cb7b772 _pthread_start + 327
>>>> 14 libsystem_c.dylib 0x00007fff8cb681a1 thread_start + 13
>>>> 
>>>> I'm aware the offsets won't be too useful, but at least the method names
>>>> ought to help I think.
>>>> 
>>>> Mark
>>>> 
>>>> On 16 May 2014, at 03:03 pm, Mark Allan <markjallan at gmail.com> wrote:
>>>> 
>>>>> All works fine for me on OS X 10.6 - 10.9.
>>>>> 
>>>>> For info, compiled on 10.9.2 with support for 10.6 onwards.
>>>>> 
>>>>> CFLAGS="-O2 -g -D_FILE_OFFSET_BITS=64 -mmacosx-version-min=10.6 -arch
>>>> x86_64" CXXFLAGS="-O2 -g -D_FILE_OFFSET_BITS=64
>> -mmacosx-version-min=10.6
>>>> -arch x86_64" ./configure --disable-dependency-tracking  --enable-llvm
>>>> --enable-clamdtop --with-user=_clamav --with-group=_clamav
>>>> --enable-all-jit-targets
>>>>> 
>>>>> Mark
>>>>> 
>>>>> On 16 May 2014, at 02:01 pm, Joel Esler (jesler) <jesler at cisco.com>
>>>> wrote:
>>>>> 
>>>>>> http://blog.clamav.net/2014/05/clamav-0984rc1-is-now-available.html
>>>>>> 
>>>>>> ClamAV 0.98.4rc1 is now available for download.  Shown below are the
>>>> notes concerning this release:
>>>>>> 
>>>>>> 
>>>>>> 0.98.4rc1
>>>>>> ------
>>>>>> 
>>>>>> ClamAV 0.98.4 is a bug fix release. The following issues are now
>>>> resolved:
>>>>>> 
>>>>>> - Various build problems on Solaris, OpenBSD, AIX.
>>>>>> 
>>>>>> - Crashes of clamd on Windows and Mac OS X platforms when reloading
>>>>>> the virus signature database.
>>>>>> 
>>>>>> - Infinite loop in clamdscan when clamd is not running.
>>>>>> 
>>>>>> - Freshclam failure on Solaris 10.
>>>>>> 
>>>>>> - Buffer underruns when handling multi-part MIME email attachments.
>>>>>> 
>>>>>> - Configuration of OpenSSL on various platforms.
>>>>>> 
>>>>>> ----
>>>>>> 
>>>>>> ClamAV 0.98.4rc1 is available for download here:
>>>> http://sourceforge.net/projects/clamav/files/RC/clamav-0.98.4-rc1/.
>>>> Please download, test, and provide feedback to the mailing list here:
>>>>>> 
>>>>>> http://lists.clamav.net/mailman/listinfo/clamav-users
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/support/ml
>> 
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml

More information about the clamav-users mailing list