[clamav-users] Clamd crashes frequently - macOS Catalina

Tue May 5 17:28:01 UTC 2020

Mark,

It probably won’t make much difference, though there is a possible slow scan time issue in pcre2 10.32 for case-insensitive patterns.

If you have a sample and signature that cause the issue, I’d love a copy so I can investigate further.

-Micah

From: Mark Allan <markjallan at gmail.com>
Date: Tuesday, May 5, 2020 at 5:20 AM
To: ClamAV users ML <clamav-users at lists.clamav.net>, Micah Snyder (micasnyd) <micasnyd at cisco.com>
Subject: Re: [clamav-users] Clamd crashes frequently - macOS Catalina
Hi Micah,

Al is correct, we're using 10.32. I see 10.34 is now available, so I'll compile against that when I get a chance and see if it makes any difference.

Mark

On 5 May 2020, at 6:25 am, Al Varnell via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:

Micah,

Looks to be 10.32, but Mark should be along shortly to confirm.

-Al-

On May 4, 2020, at 13:23, Micah Snyder (micasnyd) via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:

Hi Mark,

Which pcre2 version are you using?

Regards,
Micah

From: clamav-users <clamav-users-bounces at lists.clamav.net<mailto:clamav-users-bounces at lists.clamav.net>>
Date: Saturday, May 2, 2020 at 5:50 PM
To: ClamAV users ML <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>>
Cc: Mark Allan <markjallan at gmail.com<mailto:markjallan at gmail.com>>
Subject: Re: [clamav-users] Clamd crashes frequently - macOS Catalina
Hi James,

Glad that seems to have helped.

Al and others are correct that the distro should be updated to use pcre2, but I'm not convinced that's the root of the problem. We're seeing the issue with that signature despite already using pcre2 in our build.

Mark

On 2 May 2020, at 3:45 am, Al Varnell via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:

Although I complete support what Mark has recommended, I would caution that there could easily be a future signature that will cause this same issue if the root cause of not upgrading to pcre2 is not accomplished, and figuring out what signature that is won’t be easy.
Sent from my iPad

-Al-

On May 1, 2020, at 18:38, James Brown via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:
On 1 May 2020, at 8:31 pm, Mark Allan via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:

Try excluding Email.Exploit.Efail-6641027-1 from the main ClamAV set.

Thanks Mark. After over 12 hours clamd is still up and running. Looks like that sig was causing the problem.

James.

_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200505/d3ede2c7/attachment.htm>