[clamav-users] Segmentation fault (core dumped) for clamscan & clamdscan for large zip files

Ravi ravin4u at gmail.com
Thu Jul 13 09:24:42 UTC 2017 

Hi,

We observed that segfaults causing clamd crash when scanning a zip
file(around 190 MB) which gets extracted by clamd in /tmp which goes upto
around 4.3 GB which is crossing hardlimits(*set to filesize and scanszie of
4294967295 bytes in clamd.conf*). The system(OEL Virtual Machine) has
around 12 GB total memory & free memory of around 9 GB when the scan was
run. Below is the more info. Need help here to resolve since previously we
had scanned files of around 5GB which was not causing the issues.

OS version : Oracle Linux Server release 7.2
System: CPU Core : 4, Memory: 12GB
ClamAV version: ClamAV 0.99.2/23555/Wed Jul 12 07:00:09 2017

*# clamconf*

*Config file: clamd.conf*
*-----------------------*
*LogFile disabled*
*StatsHostID disabled*
*StatsEnabled disabled*
*StatsPEDisabled disabled*
*StatsTimeout disabled*
*LogFileUnlock disabled*
*LogFileMaxSize = "1048576"*
*LogTime disabled*
*LogClean disabled*
*LogSyslog = "yes"*
*LogFacility = "LOG_LOCAL6"*
*LogVerbose disabled*
*LogRotate disabled*
*ExtendedDetectionInfo disabled*
*PidFile = "/var/run/clamd.scan/clamd.pid"*
*TemporaryDirectory disabled*
*DatabaseDirectory = "/var/lib/clamav"*
*OfficialDatabaseOnly disabled*
*LocalSocket = "/var/run/clamd.scan/clamd.sock"*
*LocalSocketGroup disabled*
*LocalSocketMode disabled*
*FixStaleSocket = "yes"*
*TCPSocket = "3310"*
*TCPAddr = "127.0.0.1"*
*MaxConnectionQueueLength = "30"*
*StreamMaxLength = "26214400"*
*StreamMinPort = "1024"*
*StreamMaxPort = "2048"*
*MaxThreads = "50"*
*ReadTimeout = "300"*
*CommandReadTimeout = "5"*
*SendBufTimeout = "500"*
*MaxQueue = "100"*
*IdleTimeout = "30"*
*ExcludePath disabled*
*MaxDirectoryRecursion = "15"*
*FollowDirectorySymlinks disabled*
*FollowFileSymlinks disabled*
*CrossFilesystems = "yes"*
*SelfCheck = "600"*
*DisableCache disabled*
*VirusEvent disabled*
*ExitOnOOM disabled*
*AllowAllMatchScan = "yes"*
*Foreground disabled*
*Debug disabled*
*LeaveTemporaryFiles disabled*
*User = "clamav"*
*AllowSupplementaryGroups = "yes"*
*Bytecode = "yes"*
*BytecodeSecurity = "TrustSigned"*
*BytecodeTimeout = "5000"*
*BytecodeUnsigned disabled*
*BytecodeMode = "ForceInterpreter"*
*DetectPUA disabled*
*ExcludePUA disabled*
*IncludePUA disabled*
*AlgorithmicDetection = "yes"*
*ScanPE = "yes"*
*ScanELF = "yes"*
*DetectBrokenExecutables = "yes"*
*ScanMail = "yes"*
*ScanPartialMessages disabled*
*PhishingSignatures = "yes"*
*PhishingScanURLs = "yes"*
*PhishingAlwaysBlockCloak disabled*
*PhishingAlwaysBlockSSLMismatch disabled*
*PartitionIntersection disabled*
*HeuristicScanPrecedence disabled*
*StructuredDataDetection disabled*
*StructuredMinCreditCardCount = "3"*
*StructuredMinSSNCount = "3"*
*StructuredSSNFormatNormal = "yes"*
*StructuredSSNFormatStripped disabled*
*ScanHTML = "yes"*
*ScanOLE2 = "yes"*
*OLE2BlockMacros disabled*
*ScanPDF = "yes"*
*ScanSWF = "yes"*
*ScanXMLDOCS = "yes"*
*ScanHWP3 = "yes"*
*ScanArchive = "yes"*
*ArchiveBlockEncrypted disabled*
*ForceToDisk disabled*
*MaxScanSize = "4294967295"*
*MaxFileSize = "4294967295"*
*MaxRecursion = "16"*
*MaxFiles = "10000"*
*MaxEmbeddedPE = "10485760"*
*MaxHTMLNormalize = "10485760"*
*MaxHTMLNoTags = "2097152"*
*MaxScriptNormalize = "5242880"*
*MaxZipTypeRcg = "1048576"*
*MaxPartitions = "50"*
*MaxIconsPE = "100"*
*MaxRecHWP3 = "16"*
*PCREMatchLimit = "10000"*
*PCRERecMatchLimit = "5000"*
*PCREMaxFileSize = "26214400"*
*ScanOnAccess disabled*
*OnAccessMountPath disabled*
*OnAccessIncludePath disabled*
*OnAccessExcludePath disabled*
*OnAccessExcludeUID disabled*
*OnAccessMaxFileSize = "5242880"*
*OnAccessDisableDDD disabled*
*OnAccessPrevention disabled*
*OnAccessExtraScanning disabled*
*DevACOnly disabled*
*DevACDepth disabled*
*DevPerformance disabled*
*DevLiblog disabled*
*DisableCertCheck disabled*

*Config file: freshclam.conf*
*---------------------------*
*StatsHostID disabled*
*StatsEnabled disabled*
*StatsTimeout disabled*
*LogFileMaxSize = "1048576"*
*LogTime disabled*
*LogSyslog = "yes"*
*LogFacility = "LOG_LOCAL6"*
*LogVerbose disabled*
*LogRotate disabled*
*PidFile disabled*
*DatabaseDirectory = "/var/lib/clamav"*
*Foreground disabled*
*Debug disabled*
*AllowSupplementaryGroups disabled*
*UpdateLogFile = "/var/log/clamav/freshclam.log"*
*DatabaseOwner = "clamav"*
*Checks = "12"*
*DNSDatabaseInfo = "current.cvd.clamav.net <http://current.cvd.clamav.net>"*
*DatabaseMirror = "db.us.clamav.net <http://db.us.clamav.net>"*
*PrivateMirror disabled*
*MaxAttempts = "3"*
*ScriptedUpdates = "yes"*
*TestDatabases = "yes"*
*CompressLocalDatabase disabled*
*ExtraDatabase disabled*
*DatabaseCustomURL disabled*
*HTTPProxyServer = "proxy "*
*HTTPProxyPort = "80"*
*HTTPProxyUsername = "test"*
*HTTPProxyPassword = "test"*
*HTTPUserAgent disabled*
*NotifyClamd = "/etc/clamd.conf"*
*OnUpdateExecute disabled*
*OnErrorExecute disabled*
*OnOutdatedExecute disabled*
*LocalIPAddress disabled*
*ConnectTimeout = "30"*
*ReceiveTimeout = "30"*
*SubmitDetectionStats disabled*
*DetectionStatsCountry disabled*
*DetectionStatsHostID disabled*
*SafeBrowsing disabled*
*Bytecode = "yes"*

*clamav-milter.conf not found*

*Software settings*
*-----------------*
*Version: 0.99.2*
*Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE
ICONV JIT*

*Database information*
*--------------------*
*Database directory: /var/lib/clamav*
*bytecode.cld: version 306, sigs: 65, built on Tue Jul 11 16:56:41 2017*
*daily.cvd: version 23555, sigs: 1739528, built on Wed Jul 12 07:00:09 2017*
*main.cld: version 58, sigs: 4566249, built on Wed Jun  7 16:38:10 2017*
*Total number of signatures: 6305842*

*Platform information*
*--------------------*
*uname: Linux 3.10.0-327.el7.x86_64 #1 SMP Fri Nov 20 00:18:34 PST 2015
x86_64*
*OS: linux-gnu, ARCH: x86_64, CPU: x86_64*
*zlib version: 1.2.7 (1.2.7), compile flags: a9*
*Triple: x86_64-redhat-linux-gnu*
*CPU: i686, Little-endian*
*platform id: 0x0a2152520804080503040805*

*Build information*
*-----------------*
*GNU C: 4.8.5 20150623 (Red Hat 4.8.5-4) (4.8.5)*
*GNU C++: 4.8.5 20150623 (Red Hat 4.8.5-4) (4.8.5)*
*CPPFLAGS:*
*CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic -Wall
-W -Wmissing-prototypes -Wmissing-declarations -std=gnu99
-fno-strict-aliasing  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE*
*CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic
-std=gnu++98*
*LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
-Wl,--as-needed*
*Configure: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--program-prefix='
'--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--localstatedir=/var'
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--disable-static' '--disable-rpath'
'--disable-silent-rules' '--disable-clamav' '--with-user=clamupdate'
'--with-group=clamupdate' '--with-libcurl=/usr'
'--with-dbdir=/var/lib/clamav' '--enable-milter' '--enable-clamdtop'
'--disable-unrar' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic -Wall
-W -Wmissing-prototypes -Wmissing-declarations -std=gnu99'
'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
-Wl,--as-needed'
'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
--enable-ltdl-convenience*
*sizeof(void*) = 8*
*Engine flevel: 82, dconf: 82*



*# clamdscan --fdpass
 2017-05-31T074648_324659544758317C34383030343232383837313333343438343933.zip*
*/AntiVirus/2017-05-31T074648_324659544758317C34383030343232383837313333343438343933.zip:
no reply from clamd*

*----------- SCAN SUMMARY -----------*
*Infected files: 0*
*Total errors: 1*
*Time: 14.427 sec (0 m 14 s)*

*# dmesg*
*[214766.813013] traps: polkitd[19511] general protection ip:7f96843eeca2
sp:7ffe16b8d010 error:0 in libmozjs-17.0.so
<http://libmozjs-17.0.so>[7f96842b0000+3b3000]*
*[215364.434433] clamd[25899]: segfault at 7f47925ec000 ip 00007f47b832d20b
sp 00007f4792fea138 error 7 in libc-2.17.so
<http://libc-2.17.so>[7f47b82a3000+1b4000]*


*#  clamscan --max-filesize=5000M --max-scansize=5000M
2017-05-31T074648_324659544758317C34383030343232383837313333343438343933.zip*
*WARNING: Numerical value for option max-filesize too high, resetting to 4G*
*WARNING: Numerical value for option max-scansize too high, resetting to 4G*
*Segmentation fault (core dumped)*


Thanks
Ravi

More information about the clamav-users mailing list