[clamav-users] Clamscan crash on Mac OS X - yara rules
Micah Snyder (micasnyd)
micasnyd at cisco.com
Thu May 17 09:00:17 EDT 2018
Yes, please attach to https://bugzilla.clamav.net/show_bug.cgi?id=12077 and we'll take a look.
Unfortunately ClamAV yara support isn't as comprehensive as the full yara language definition. There's no guarantee that legitimate yara rules for other applications will work with ClamAV without testing of each rule. We have plans to improve the yara support, but I'm unsure if / when full yara support could be implemented.
Cisco Systems, Inc.
On May 17, 2018, at 1:27 AM, Al Varnell via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:
From: Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>>
Subject: Re: [clamav-users] Clamscan crash on Mac OS X - yara rules
Date: May 17, 2018 at 1:27:03 AM EDT
To: ClamAV users ML <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>>
You almost certainly need to attach it to a ticket at <https://bugzilla.clamav.net <https://bugzilla.clamav.net/>>. I don't see how anybody would be able to make sense of a partial crash report.
That being said, it's almost certainly the result of a misconfigured yara rule, so they will need to see that, as well, if you have the time to narrow it down to a single list. I know there is already an open ticket on a previous rule from an UNOFFICIAL definition list.
On Wed, May 16, 2018 at 07:08 PM, James Brown via clamav-users wrote:
Application Specific Information:
Assertion failed: (sp =3D=3D 0), function yr_execute_code, file =
yara_exec.c, line 177.
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x00007fff9895d82a __kill + 10
1 libsystem_c.dylib 0x00007fff92ed6a9c abort + 177
2 libsystem_c.dylib 0x00007fff92f095de __assert_rtn =
3 libclamav.7.dylib 0x000000010eaa61ee =
yr_execute_code + 4638 (yara_exec.c:177)
4 libclamav.7.dylib 0x000000010e9c7560 cli_exp_eval =
+ 928 (matcher.c:817)
5 libclamav.7.dylib 0x000000010e9c8bbc =
cli_fmap_scandesc + 3900 (matcher.c:1220)
6 libclamav.7.dylib 0x000000010e9de079 cli_scanraw + =
7 libclamav.7.dylib 0x000000010e9ddb4d =
magic_scandesc + 10333 (scanners.c:3469)
8 libclamav.7.dylib 0x000000010e9e000d =
cli_base_scandesc + 365 (scanners.c:3616)
9 libclamav.7.dylib 0x000000010e9e05df scan_common + =
10 libclamav.7.dylib 0x000000010e9e06b2 =
cl_scandesc_callback + 34 (scanners.c:4030)
11 clamscan 0x000000010e9a1a95 scanfile + =
12 clamscan 0x000000010e9a12a1 scanmanager + =
13 clamscan 0x000000010e99f968 main + 680 =
14 clamscan 0x000000010e99aff4 start + 52
Let me know if there=E2=80=99s an email address I can send the full =
crash logs to if that would help.
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
Help us build a comprehensive ClamAV guide:
More information about the clamav-users