[clamav-users] Pdf.Exploit.CVE_2019_7057-6900620-0 signature causes error on clamav start

Burnie burnie at dod.no
Thu Mar 21 10:09:33 EDT 2019


On 21. mars 2019 14:47, Alptugay Değirmencioğlu wrote:
> Thanks for the pointer Burnie.
> 
> Yes the ignore workaround works fine.
> 
> As I investigated further I have found that issue does not seem to be 
> related to perl version however it seems it is related to the pcre 
> version of the system. The pcre on my system (CentOS 5) was very old at 
> version 6.6. After upgrading the pcre library to 8.13 the problem was 
> solved.
> 
> But I think that this signature update will probably cause all ClamAV 
> installations to fail on CentOS 5 and maybe other distros as well. This 
> is the first time I have encountered such an error. So maybe if it is 
> possible it would be better to optimise/change the signature to a more 
> failsafe one.


potAto, poTato...
I *did* write perl/pcre, didn't I? :-)

Oh well. At least I got you on the right track.

(Seem to remember a similar regexp notation which broke SA on EL5 a few
  years ago)


BTW: Thanks for the pointer to the signature. Got lost in finding out 
which it was.


-- 
Bernt  'Burnie'  Pettersen  ///  DoD#2345
<E-mail:burnie at dod.no>     ///  <URL:http://burnie.sh/>
        - Creative brains need creative workhours! -


More information about the clamav-users mailing list