[clamav-users] Segfaults with database version 26908

Arjen de Korte build+clamav at de-korte.org
Tue May 16 19:54:42 UTC 2023 

Citeren David Raynor <draynor at sourcefire.com>:

> Based on these reports we've started a take-back of the signature, so it
> will be dropped in the next daily CVD publish. We'll also analyze to see
> why this signature is triggering that behavior on some platforms.

Here freshclam (1.1.0) does complain about this signature, but so far  
no crashes/segfaults.

May 16 09:35:35 mail systemd[1]: Starting Clam AntiVirus database updater...
May 16 09:35:35 mail freshclam[26095]: ClamAV update process started  
at Tue May 16 09:35:35 2023
May 16 09:35:35 mail freshclam[26095]: daily database available for  
update (local version: 26907, remote version: 26908)
May 16 09:35:37 mail freshclam[26095]: WARNING:  ******* RESULT 200,  
SIZE: 7213 *******
May 16 09:35:38 mail freshclam[26095]: Testing database:  
'/var/lib/clamav/tmp.32a46b71ab/clamav-0ccde10ac58d6d6c5dd79c0318b41381.tmp-daily.cld'  
...
May 16 09:35:43 mail freshclam[26097]: [LibClamAV] Don't know how to  
create filter for: Win.Downloader.LNKAgent-10001628-0
May 16 09:35:43 mail freshclam[26097]: [LibClamAV] cli_ac_addsig:  
cannot use filter for trie
May 16 09:35:47 mail freshclam[26095]: Database test passed.
May 16 09:35:49 mail freshclam[26095]: daily.cld updated (version:  
26908, sigs: 2034816, f-level: 90, builder: raynman)
May 16 09:35:49 mail freshclam[26095]: main.cvd database is up-to-date  
(version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
May 16 09:35:49 mail freshclam[26095]: bytecode.cvd database is  
up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
May 16 09:35:49 mail clamd[934]: SelfCheck: Database modification  
detected. Forcing reload.
May 16 09:35:49 mail clamd[934]: Reading databases from /var/lib/clamav
May 16 09:35:49 mail freshclam[26095]: Clamd successfully notified  
about the update.
May 16 09:35:49 mail systemd[1]: freshclam.service: Deactivated successfully.
May 16 09:35:49 mail systemd[1]: Finished Clam AntiVirus database updater.
May 16 09:35:49 mail systemd[1]: freshclam.service: Consumed 10.503s CPU time.
May 16 09:36:17 mail clamd[934]: Database correctly reloaded (8666724  
signatures)
May 16 09:36:17 mail clamd[934]: Activating the newly loaded database...

Maybe relevant, freshclam runs through a systemd.timer (so it is never  
daemonized).

More information about the clamav-users mailing list