All,

For those who experience the crashes - is this happening when scanning any specific files with this signature in the database? If so, can you please share that with me directly?

I see the same warning, but I haven't observed any crashes yet.  I will continue to debug and try to figure out what may cause a crash. 

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Matthias Rieber <matthias+clamav@zu-con.org>
Sent: Tuesday, May 16, 2023 5:50 AM
To: Ralf Hildebrandt via clamav-users <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] [ext] Segfaults with database version 26908
 
Hello,

On Tue, 16 May 2023, Ralf Hildebrandt via clamav-users wrote:

>> As far as I can tell this happens in
>>
>> 0x7fdfd44c377d <ac_backward_match_branch+813>
>>
>> We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye.
>>
>> Has anyone seen this, too?
>
> I've seen this with 1.1.0-1 as well. Maybe they're related to the
> "pattern issue" I posted a while ago

yes, it turns out that you can mitigate this issue when you whitelist
this signature:

$ echo "Win.Downloader.LNKAgent-10001628-0" > /var/lib/clamav/bad_sig.ign2

Regards,
Matthias

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat