> -----Original Message----- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Paul Kosinski > Sent: Tuesday, July 31, 2018 2:42 PM > To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] After 0.100.1 Update, clamd crashes <...> > Software should *never* crash when presented with invalid input, > especially if the input arrives via the Internet. And it's quite > conceivable that some especially clever bad guy might attack the source > of signatures to incapacitate ClamAV, or, in the worst case, to cause it > to execute arbitrary code instead of "merely" crashing.
Yeah, I think everyone pretty much can agree with that. And it's not like it's uncommon, Gentoo just got wacked last month. As far as helping to fix the issue, what yara rule was causing the issue on 100.1? https://github.com/Yara-Rules/rules/blob/master/Antidebug_AntiVM/antidebug_a ntivm.yar This one always fails a few, so I tested this out. LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 497 undefined identifier "pe" LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 512 undefined identifier "pe" LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 528 undefined identifier "pe" LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 544 undefined identifier "pe" LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 557 undefined identifier "pe" LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 603 undefined identifier "pe" LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 614 undefined identifier "pe" LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/antidebug_antivm.yar, successfully loaded 92 rules. For loaded sigs: LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/antidebug_antivm.yar, successfully loaded 92 rules. If you guys need my config.log for versions of dependencies or anything just let me know. Running 18.04 Ubuntu with OpenSSL 1.1.1, so total dev environment, but looks like this release is 57 diffs from 100.1 release. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
