[clamav-users] new clamav definitions arent working with current install

Micah Snyder (micasnyd) micasnyd at cisco.com
Fri Feb 21 20:41:39 UTC 2020 

You absolutely must upgrade.  While the issue at hand is probably because your libpcre package is older and can’t handle newer features used in the current database, I must stress that 0.99.2 has unpatched publicly known vulnerabilities.  Scanning untrusted user content carries an inherent risk and doubly so for product versions with disclosed vulnerabilities.  I should also note that RHEL 5 is also past end-of-life, meaning ClamAV probably isn’t the only unpatched package on your system.  Even RHEL 6 is coming up on EOL this November.

I have a vague recollection that ClamAV behavior changed in 0.100 to skip signatures that fail to load – rather than failing to load the entire database.  It doesn’t help you, but from my perspective there isn’t much I can do to improve ClamAV to avoid this issue in the future.

I also don’t think that re-writing the regex signatures to be compatible with older libcpre versions is in the cards.  It’s not my call, but I wouldn’t recommend investing the time either.

Please, just find a way to upgrade.

Regards,
Micah

From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of 99r c via clamav-users <clamav-users at lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users at lists.clamav.net>
Date: Tuesday, February 18, 2020 at 2:44 PM
To: "clamav-users at lists.clamav.net" <clamav-users at lists.clamav.net>
Cc: 99r c <r.l.c99 at live.ca>
Subject: [clamav-users] new clamav definitions arent working with current install

I have ClamAV engine 0.99.2 installed and it no longer works with currently provided definitions
is there some way to reformat the currently downloaded definition so they will work in this older environment?

(I have tried to upgrade my PCRE version but to no avail I am running RHEL 5.5 which I cannot upgrade for reasons I wont go into)

[root at wclceste5 pcre]# clamscan -v
LibClamAV Error: cli_pcre_compile: PCRE compilation failed at offset 20: unrecognized character after (?<
LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database

----------- SCAN SUMMARY -----------
Known viruses: 6744096
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 110.135 sec (1 m 50 s)
[root at wclceste5 pcre]#


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200221/594ca409/attachment.htm>

More information about the clamav-users mailing list