[clamav-users] Clamd crashes frequently - macOS Catalina

Fri May 1 10:31:15 UTC 2020

Try excluding Email.Exploit.Efail-6641027-1 from the main ClamAV set. You can do that by adding the signature name to a file called anything_you_like.ign2 and putting it in your database directory.

We had an issue with something crashing clamd and we strongly suspect that signature is to blame. It hasn't crashed since we started excluding it from the DB.

Mark

> On 1 May 2020, at 7:15 am, James Brown via clamav-users <clamav-users at lists.clamav.net> wrote:
> 
> Getting lots of crashes of clamd. No indication of an issue in the clamd.log.
> 
> Installed via Homebrew.
> 
> Crash Report has:
> Process:               clamd [29231]
> Path:                  /usr/local/Cellar/clamav/0.102.2/sbin/clamd
> Identifier:            clamd
> Version:               0
> Code Type:             X86-64 (Native)
> 
> Crashed Thread:        2
> 
> Exception Type:        EXC_BAD_ACCESS (SIGBUS)
> Exception Codes:       KERN_PROTECTION_FAILURE at 0x0000700000a1cfa8
> Exception Note:        EXC_CORPSE_NOTIFY
> 
> Termination Signal:    Bus error: 10
> Termination Reason:    Namespace SIGNAL, Code 0xa
> Terminating Process:   exc handler [29231]
> 
> VM Regions Near 0x700000a1cfa8:
>    Stack                  000070000099a000-0000700000a1c000 [  520K] rw-/rwx SM=COW  thread 1
> --> STACK GUARD            0000700000a1c000-0000700000a1d000 [    4K] ---/rwx SM=NUL  stack guard for thread 2
>    Stack                  0000700000a1d000-0000700000b1f000 [ 1032K] rw-/rwx SM=COW  thread 2
> 
> Application Specific Information:
> crashed on child side of fork pre-exec
> 
> Thread 0:: Dispatch queue: com.apple.main-thread
> 0   libsystem_kernel.dylib        	0x00007fff6f6883d6 poll + 10
> 1   clamd                         	0x00000001001c2bbe fds_poll_recv + 426
> 2   clamd                         	0x00000001001c06c1 recvloop_th + 9039
> 3   clamd                         	0x00000001001bb76b main + 5428
> 4   libdyld.dylib                 	0x00007fff6f540cc9 start + 1
> 
> Thread 1:
> 0   libsystem_kernel.dylib        	0x00007fff6f6883d6 poll + 10
> 1   clamd                         	0x00000001001c2bbe fds_poll_recv + 426
> 2   clamd                         	0x00000001001c0b57 acceptloop_th + 114
> 3   libsystem_pthread.dylib       	0x00007fff6f745109 _pthread_start + 148
> 4   libsystem_pthread.dylib       	0x00007fff6f740b8b thread_start + 15
> 
> Thread 2 Crashed:
> 0   libpcre.0.dylib               	0x00007fff6e41eae6 0x7fff6e40a000 + 84710
> 1   libpcre.0.dylib               	0x00007fff6e41edea 0x7fff6e40a000 + 85482
> 2   libpcre.0.dylib               	0x00007fff6e42d10c 0x7fff6e40a000 + 143628
> 3   libpcre.0.dylib               	0x00007fff6e42d10c 0x7fff6e40a000 + 143628
> 4   libpcre.0.dylib               	0x00007fff6e42d10c 0x7fff6e40a000 + 143628
> 
> Etc
> 
> Thread 2 crashed with X86 Thread State (64-bit):
>  rax: 0x000000000000076c  rbx: 0x00007fda45f3b432  rcx: 0x0000000000000006  rdx: 0x00000001047437ab
>  rdi: 0x0000000104743f2d  rsi: 0x00007fda45f3b435  rbp: 0x0000700000a1d0d0  rsp: 0x0000700000a1cec0
>   r8: 0x0000700000b196a0   r9: 0x0000000000000006  r10: 0x000000000000007e  r11: 0x0080000000000083
>  r12: 0x0000000104743f2d  r13: 0x0000000000000000  r14: 0x0000000000000000  r15: 0x0000000000000000
>  rip: 0x00007fff6e41eae6  rfl: 0x0000000000010206  cr2: 0x0000700000a1cfa8
> 
> Logical CPU:     8
> Error Code:      0x00000006 (no mapping for user data write)
> Trap Number:     14
> 
> 
> I use a number of the third party sigs, securite.info, sanesecurity, Malware Patrol, etc. Updating those or running Freshclam does not crash clamd. 
> 
> Any ideas what could be causing this?
> 
> Thanks,
> 
> James.
> _______________________________________________
> 
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml