[clamav-users] [ext] Segfaults with database version 26908
Micah Snyder (micasnyd)
micasnyd at cisco.com
Tue May 16 20:09:10 UTC 2023
All,
For those who experience the crashes - is this happening when scanning any specific files with this signature in the database? If so, can you please share that with me directly?
I see the same warning, but I haven't observed any crashes yet. I will continue to debug and try to figure out what may cause a crash.
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Matthias Rieber <matthias+clamav at zu-con.org>
Sent: Tuesday, May 16, 2023 5:50 AM
To: Ralf Hildebrandt via clamav-users <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] [ext] Segfaults with database version 26908
Hello,
On Tue, 16 May 2023, Ralf Hildebrandt via clamav-users wrote:
>> As far as I can tell this happens in
>>
>> 0x7fdfd44c377d <ac_backward_match_branch+813>
>>
>> We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye.
>>
>> Has anyone seen this, too?
>
> I've seen this with 1.1.0-1 as well. Maybe they're related to the
> "pattern issue" I posted a while ago
yes, it turns out that you can mitigate this issue when you whitelist
this signature:
$ echo "Win.Downloader.LNKAgent-10001628-0" > /var/lib/clamav/bad_sig.ign2
Regards,
Matthias
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20230516/56ae472a/attachment.htm>
More information about the clamav-users
mailing list