Bug#988218: Regression: clamdscan segfaults with --fdpass --multipass and ExcludePath in clamd.conf

Fri, 07 May 2021 15:09:17 -0700 

Package: clamav
Version: 0.103.2+dfsg-0+deb10u1
Severity: important

Dear Maintainer,

since the latest upgrade to 0.103.2+dfsg-0+deb10u1 clamdscan segfaults
immediately when called with both --fdpass and --multiscan and when the
ExcludePath option is used in clamd.conf. Ubuntu was hit by the same
regression, so I'm referencing the Ubuntu bug report for more details [1].
The issue is fixed upstream [2] and Ubuntu cherry-picked that fix already.
Please consider doing the same for Debian stable.

Thank you!

Regards,

Timo

[1] https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1926300
[2] 
https://github.com/Cisco-Talos/clamav-devel/commit/5adef25d8d0f4e5f3f2f9dc24c59beede72abf9a

-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "660"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "200"
StreamMaxLength = "104857600"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "3"
ReadTimeout = "300"
CommandReadTimeout = "30"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath = "^/\.snapshots/", "^/dev/", "^/proc/", "^/run/", "^/sys/"
MaxDirectoryRecursion = "50"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "600000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "300000"
MaxScanSize = "2097152000"
MaxFileSize = "1048576000"
MaxRecursion = "16"
MaxFiles = "100000"
MaxEmbeddedPE = "26214400"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "10485760"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "104857600"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "26214400"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "6"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.de.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "300"
Bytecode = "yes"
*** SafeBrowsing is DEPRECATED ***

clamav-milter.conf not found

Software settings
-----------------
Version: 0.103.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 
LIBXML2 PCRE2 ICONV JSON RAR 
Database information
--------------------
Database directory: /var/lib/clamav
main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 14:56:15 2019
bytecode.cld: version 333, sigs: 92, built on Mon Mar  8 16:21:51 2021
daily.cld: version 26162, sigs: 3977101, built on Thu May  6 13:11:07 2021
Total number of signatures: 8542095

Platform information
--------------------
uname: Linux 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 10 (buster)
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a217b7b0800000000080300

Build information
-----------------
GNU C: 8.3.0 (8.3.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-8IIwz9/clamav-0.103.2+dfsg=. 
-fstack-protector-strong -Wformat -Werror=format-security -Wall 
-D_FILE_OFFSET_BITS=64  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE 
-D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-8IIwz9/clamav-0.103.2+dfsg=. 
-fstack-protector-strong -Wformat -Werror=format-security -Wall 
-D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' 
'--includedir=/usr/include' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' 
'--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' 
'--libexecdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' 
'--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 
-fdebug-prefix-map=/build/clamav-8IIwz9/clamav-0.103.2+dfsg=. 
-fstack-protector-strong -Wformat -Werror=format-security -Wall 
-D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g 
-O2 -fdebug-prefix-map=/build/clamav-8IIwz9/clamav-0.103.2+dfsg=. 
-fstack-protector-strong -Wformat -Werror=format-security -Wall 
-D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' 
'--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' 
'--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' 
'--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' 
'--with-systemdsystemunitdir=/lib/systemd/system' 
'build_alias=x86_64-linux-gnu' 'OBJCFLAGS=-g -O2 
-fdebug-prefix-map=/build/clamav-8IIwz9/clamav-0.103.2+dfsg=. 
-fstack-protector-strong -Wformat -Werror=format-security'
sizeof(void*) = 8
Engine flevel: 123, dconf: 123

--- data dir ---
total 432016
-rw-r--r-- 1 clamav clamav   1438720 Mar  8 20:00 bytecode.cld
-rw-r--r-- 1 clamav clamav 323073024 May  6 15:10 daily.cld
-rw-r--r-- 1 clamav clamav 117859675 Dec 25 00:55 main.cvd
-rw-r--r-- 1 clamav clamav        69 Apr 24 05:06 mirrors.dat

-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (400, 
'proposed-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to 
en_US.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages clamav depends on:
ii  clamav-freshclam [clamav-data]  0.103.2+dfsg-0+deb10u1
ii  libc6                           2.28-10
ii  libclamav9                      0.103.2+dfsg-0+deb10u1
ii  libcurl4                        7.64.0-4+deb10u2
ii  libjson-c3                      0.12.1+ds-2+deb10u1
ii  libssl1.1                       1.1.1d-0+deb10u6
ii  zlib1g                          1:1.2.11.dfsg-1

Versions of packages clamav recommends:
ii  clamav-base  0.103.2+dfsg-0+deb10u1

Versions of packages clamav suggests:
pn  clamav-docs   <none>
ii  libclamunrar  0.102.3-0+deb10u1

-- no debconf information

Reply via email to