[clamav-users] Segmentation fault (core dumped) for clamscan & clamdscan for large zip files

Ravi ravin4u at gmail.com
Fri Jul 14 07:14:10 UTC 2017 

Hi Steve,

Thanks for the reply, i need to check since this zips contain customer
data. Any other insights from the data provided by me.

Thanks

Ravi

-------------------------------------------------------------------------------------

Hi Ravi,

Thanks for reporting this. Is it possible to upload the file to dropbox (or
other) for testing?

Steve

On Thu, Jul 13, 2017 at 5:24 AM, Ravi <ravin4u at gmail.com
<http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>>
wrote:

>* Hi,
*>>* We observed that segfaults causing clamd crash when scanning a zip
*>* file(around 190 MB) which gets extracted by clamd in /tmp which goes upto
*>* around 4.3 GB which is crossing hardlimits(*set to filesize and scanszie of
*>* 4294967295 bytes in clamd.conf*). The system(OEL Virtual Machine) has
*>* around 12 GB total memory & free memory of around 9 GB when the scan was
*>* run. Below is the more info. Need help here to resolve since previously we
*>* had scanned files of around 5GB which was not causing the issues.
*>>* OS version : Oracle Linux Server release 7.2
*>* System: CPU Core : 4, Memory: 12GB
*>* ClamAV version: ClamAV 0.99.2/23555/Wed Jul 12 07:00:09 2017
*>>* *# clamconf*
*>>* *Config file: clamd.conf*
*>* *-----------------------*
*>* *LogFile disabled*
*>* *StatsHostID disabled*
*>* *StatsEnabled disabled*
*>* *StatsPEDisabled disabled*
*>* *StatsTimeout disabled*
*>* *LogFileUnlock disabled*
*>* *LogFileMaxSize = "1048576"*
*>* *LogTime disabled*
*>* *LogClean disabled*
*>* *LogSyslog = "yes"*
*>* *LogFacility = "LOG_LOCAL6"*
*>* *LogVerbose disabled*
*>* *LogRotate disabled*
*>* *ExtendedDetectionInfo disabled*
*>* *PidFile = "/var/run/clamd.scan/clamd.pid"*
*>* *TemporaryDirectory disabled*
*>* *DatabaseDirectory = "/var/lib/clamav"*
*>* *OfficialDatabaseOnly disabled*
*>* *LocalSocket = "/var/run/clamd.scan/clamd.sock"*
*>* *LocalSocketGroup disabled*
*>* *LocalSocketMode disabled*
*>* *FixStaleSocket = "yes"*
*>* *TCPSocket = "3310"*
*>* *TCPAddr = "127.0.0.1"*
*>* *MaxConnectionQueueLength = "30"*
*>* *StreamMaxLength = "26214400"*
*>* *StreamMinPort = "1024"*
*>* *StreamMaxPort = "2048"*
*>* *MaxThreads = "50"*
*>* *ReadTimeout = "300"*
*>* *CommandReadTimeout = "5"*
*>* *SendBufTimeout = "500"*
*>* *MaxQueue = "100"*
*>* *IdleTimeout = "30"*
*>* *ExcludePath disabled*
*>* *MaxDirectoryRecursion = "15"*
*>* *FollowDirectorySymlinks disabled*
*>* *FollowFileSymlinks disabled*
*>* *CrossFilesystems = "yes"*
*>* *SelfCheck = "600"*
*>* *DisableCache disabled*
*>* *VirusEvent disabled*
*>* *ExitOnOOM disabled*
*>* *AllowAllMatchScan = "yes"*
*>* *Foreground disabled*
*>* *Debug disabled*
*>* *LeaveTemporaryFiles disabled*
*>* *User = "clamav"*
*>* *AllowSupplementaryGroups = "yes"*
*>* *Bytecode = "yes"*
*>* *BytecodeSecurity = "TrustSigned"*
*>* *BytecodeTimeout = "5000"*
*>* *BytecodeUnsigned disabled*
*>* *BytecodeMode = "ForceInterpreter"*
*>* *DetectPUA disabled*
*>* *ExcludePUA disabled*
*>* *IncludePUA disabled*
*>* *AlgorithmicDetection = "yes"*
*>* *ScanPE = "yes"*
*>* *ScanELF = "yes"*
*>* *DetectBrokenExecutables = "yes"*
*>* *ScanMail = "yes"*
*>* *ScanPartialMessages disabled*
*>* *PhishingSignatures = "yes"*
*>* *PhishingScanURLs = "yes"*
*>* *PhishingAlwaysBlockCloak disabled*
*>* *PhishingAlwaysBlockSSLMismatch disabled*
*>* *PartitionIntersection disabled*
*>* *HeuristicScanPrecedence disabled*
*>* *StructuredDataDetection disabled*
*>* *StructuredMinCreditCardCount = "3"*
*>* *StructuredMinSSNCount = "3"*
*>* *StructuredSSNFormatNormal = "yes"*
*>* *StructuredSSNFormatStripped disabled*
*>* *ScanHTML = "yes"*
*>* *ScanOLE2 = "yes"*
*>* *OLE2BlockMacros disabled*
*>* *ScanPDF = "yes"*
*>* *ScanSWF = "yes"*
*>* *ScanXMLDOCS = "yes"*
*>* *ScanHWP3 = "yes"*
*>* *ScanArchive = "yes"*
*>* *ArchiveBlockEncrypted disabled*
*>* *ForceToDisk disabled*
*>* *MaxScanSize = "4294967295"*
*>* *MaxFileSize = "4294967295"*
*>* *MaxRecursion = "16"*
*>* *MaxFiles = "10000"*
*>* *MaxEmbeddedPE = "10485760"*
*>* *MaxHTMLNormalize = "10485760"*
*>* *MaxHTMLNoTags = "2097152"*
*>* *MaxScriptNormalize = "5242880"*
*>* *MaxZipTypeRcg = "1048576"*
*>* *MaxPartitions = "50"*
*>* *MaxIconsPE = "100"*
*>* *MaxRecHWP3 = "16"*
*>* *PCREMatchLimit = "10000"*
*>* *PCRERecMatchLimit = "5000"*
*>* *PCREMaxFileSize = "26214400"*
*>* *ScanOnAccess disabled*
*>* *OnAccessMountPath disabled*
*>* *OnAccessIncludePath disabled*
*>* *OnAccessExcludePath disabled*
*>* *OnAccessExcludeUID disabled*
*>* *OnAccessMaxFileSize = "5242880"*
*>* *OnAccessDisableDDD disabled*
*>* *OnAccessPrevention disabled*
*>* *OnAccessExtraScanning disabled*
*>* *DevACOnly disabled*
*>* *DevACDepth disabled*
*>* *DevPerformance disabled*
*>* *DevLiblog disabled*
*>* *DisableCertCheck disabled*
*>>* *Config file: freshclam.conf*
*>* *---------------------------*
*>* *StatsHostID disabled*
*>* *StatsEnabled disabled*
*>* *StatsTimeout disabled*
*>* *LogFileMaxSize = "1048576"*
*>* *LogTime disabled*
*>* *LogSyslog = "yes"*
*>* *LogFacility = "LOG_LOCAL6"*
*>* *LogVerbose disabled*
*>* *LogRotate disabled*
*>* *PidFile disabled*
*>* *DatabaseDirectory = "/var/lib/clamav"*
*>* *Foreground disabled*
*>* *Debug disabled*
*>* *AllowSupplementaryGroups disabled*
*>* *UpdateLogFile = "/var/log/clamav/freshclam.log"*
*>* *DatabaseOwner = "clamav"*
*>* *Checks = "12"*
*>* *DNSDatabaseInfo = "current.cvd.clamav.net
<http://current.cvd.clamav.net> <http://current.cvd.clamav.net
<http://current.cvd.clamav.net/>
*>* >"*
*>* *DatabaseMirror = "db.us.clamav.net <http://db.us.clamav.net>
<http://db.us.clamav.net <http://db.us.clamav.net/>>"*
*>* *PrivateMirror disabled*
*>* *MaxAttempts = "3"*
*>* *ScriptedUpdates = "yes"*
*>* *TestDatabases = "yes"*
*>* *CompressLocalDatabase disabled*
*>* *ExtraDatabase disabled*
*>* *DatabaseCustomURL disabled*
*>* *HTTPProxyServer = "proxy "*
*>* *HTTPProxyPort = "80"*
*>* *HTTPProxyUsername = "test"*
*>* *HTTPProxyPassword = "test"*
*>* *HTTPUserAgent disabled*
*>* *NotifyClamd = "/etc/clamd.conf"*
*>* *OnUpdateExecute disabled*
*>* *OnErrorExecute disabled*
*>* *OnOutdatedExecute disabled*
*>* *LocalIPAddress disabled*
*>* *ConnectTimeout = "30"*
*>* *ReceiveTimeout = "30"*
*>* *SubmitDetectionStats disabled*
*>* *DetectionStatsCountry disabled*
*>* *DetectionStatsHostID disabled*
*>* *SafeBrowsing disabled*
*>* *Bytecode = "yes"*
*>>* *clamav-milter.conf not found*
*>>* *Software settings*
*>* *-----------------*
*>* *Version: 0.99.2*
*>* *Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE
*>* ICONV JIT*
*>>* *Database information*
*>* *--------------------*
*>* *Database directory: /var/lib/clamav*
*>* *bytecode.cld: version 306, sigs: 65, built on Tue Jul 11 16:56:41 2017*
*>* *daily.cvd: version 23555, sigs: 1739528, built on Wed Jul 12 07:00:09
*>* 2017*
*>* *main.cld: version 58, sigs: 4566249, built on Wed Jun  7 16:38:10 2017*
*>* *Total number of signatures: 6305842*
*>>* *Platform information*
*>* *--------------------*
*>* *uname: Linux 3.10.0-327.el7.x86_64 #1 SMP Fri Nov 20 00:18:34 PST 2015
*>* x86_64*
*>* *OS: linux-gnu, ARCH: x86_64, CPU: x86_64*
*>* *zlib version: 1.2.7 (1.2.7), compile flags: a9*
*>* *Triple: x86_64-redhat-linux-gnu*
*>* *CPU: i686, Little-endian*
*>* *platform id: 0x0a2152520804080503040805*
*>>* *Build information*
*>* *-----------------*
*>* *GNU C: 4.8.5 20150623 (Red Hat 4.8.5-4) (4.8.5)*
*>* *GNU C++: 4.8.5 20150623 (Red Hat 4.8.5-4) (4.8.5)*
*>* *CPPFLAGS:*
*>* *CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
*>* -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
*>* -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic -Wall
*>* -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99
*>* -fno-strict-aliasing  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE*
*>* *CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
*>* -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
*>* -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic
*>* -std=gnu++98*
*>* *LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
*>* -Wl,--as-needed*
*>* *Configure: '--build=x86_64-redhat-linux-gnu'
*>* '--host=x86_64-redhat-linux-gnu' '--program-prefix='
*>* '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr'
*>* '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
*>* '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64'
*>* '--libexecdir=/usr/libexec' '--localstatedir=/var'
*>* '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
*>* '--infodir=/usr/share/info' '--disable-static' '--disable-rpath'
*>* '--disable-silent-rules' '--disable-clamav' '--with-user=clamupdate'
*>* '--with-group=clamupdate' '--with-libcurl=/usr'
*>* '--with-dbdir=/var/lib/clamav' '--enable-milter' '--enable-clamdtop'
*>* '--disable-unrar' 'build_alias=x86_64-redhat-linux-gnu'
*>* 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
*>* -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
*>* --param=ssp-buffer-size=4 -grecord-gcc-switches
*>* -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic -Wall
*>* -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99'
*>* 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
*>* -Wl,--as-needed'
*>* 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
*>* --enable-ltdl-convenience*
*>* *sizeof(void*) = 8*
*>* *Engine flevel: 82, dconf: 82*
*>>>>* *# clamdscan --fdpass
*>*  2017-05-31T074648_324659544758317C34383030343232
*>* 383837313333343438343933.zip*
*>* */AntiVirus/2017-05-31T074648_324659544758317C34383030343232
*>* 383837313333343438343933.zip:
*>* no reply from clamd*
*>>* *----------- SCAN SUMMARY -----------*
*>* *Infected files: 0*
*>* *Total errors: 1*
*>* *Time: 14.427 sec (0 m 14 s)*
*>>* *# dmesg*
*>* *[214766.813013] traps: polkitd[19511] general protection ip:7f96843eeca2
*>* sp:7ffe16b8d010 error:0 in libmozjs-17.0.so <http://libmozjs-17.0.so>
*>* <http://libmozjs-17.0.so <http://libmozjs-17.0.so/>>[7f96842b0000+3b3000]*
*>* *[215364.434433] clamd[25899]: segfault at 7f47925ec000 ip 00007f47b832d20b
*>* sp 00007f4792fea138 error 7 in libc-2.17.so <http://libc-2.17.so>
*>* <http://libc-2.17.so <http://libc-2.17.so/>>[7f47b82a3000+1b4000]*
*>>>* *#  clamscan --max-filesize=5000M --max-scansize=5000M
*>* 2017-05-31T074648_324659544758317C34383030343232
*>* 383837313333343438343933.zip*
*>* *WARNING: Numerical value for option max-filesize too high, resetting to
*>* 4G*
*>* *WARNING: Numerical value for option max-scansize too high, resetting to
*>* 4G*
*>* *Segmentation fault (core dumped)*
*>>>* Thanks
*>* Ravi
*>* _______________________________________________
*>* clamav-users mailing list
*>* clamav-users at lists.clamav.net
<http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>
*>* http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
<http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>
*>>>* Help us build a comprehensive ClamAV guide:
*>* https://github.com/vrtadmin/clamav-faq
<https://github.com/vrtadmin/clamav-faq>
*>>* http://www.clamav.net/contact.html#ml
<http://www.clamav.net/contact.html#ml>
*>

More information about the clamav-users mailing list