[clamav-users] Pdf.Exploit.CVE_2019_7057-6900620-0 signature causes error on clamav start

Alptugay Değirmencioğlu alptugay at labrisnetworks.com
Thu Mar 21 06:19:25 EDT 2019


Hello,

This signature*Pdf.Exploit.CVE_2019_7057-6900620-0 *causes error on 
clamd start both on versions 0.93 and 0.101.1.

The error is:

LibClamAV Error: cli_pcre_compile: PCRE compilation failed at offset 20: 
unrecognized character after (?<
LibClamAV Error: cli_pcre_build: failed to build pcre regex
Thu Mar 21 13:11:33 2019 -> !Database initialization error: Malformed 
database

The content of the signature is odd.

Pdf.Exploit.CVE_2019_7057-6900620-0;Engine:81-255,Target:10;1;7361766546696C7465726564584D4C;0/resolveNode[^>]*?(?<load>loadXML\([^>]*?save(XML|FilteredXML))[^>]*?(?P=load)[^>]*?(?P=load)/i


-- 
Alptugay Değirmencioğlu
Güvenlik Araştırmaları ve Operasyon Takım Lideri
Security Research & Operations Team Lead

Labris Teknoloji A.Ş.
Galyum Blok, K1-1 ODTÜ TEKNOKENT
Ankara, Türkiye
alptugay at labrisnetworks.com
T : +90 312 210 1490 (pbx)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190321/f0c3ae8b/attachment.html>


More information about the clamav-users mailing list