FS#58513 : [clamav] 0.100.0-1 coredump

FS#58513 - [clamav] 0.100.0-1 coredump

Attached to Project: Arch Linux
Opened by BAD+MAD (mat_weiss) - Wednesday, 09 May 2018, 08:39 GMT
Last edited by Levente Polyak (anthraxx) - Monday, 22 October 2018, 19:32 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 AMM (amish) (2018-05-16) BAD+MAD (mat_weiss) (2018-05-09)
Private	No

Details

Description:

coredump after update to clamav 0.100.0-1, after downgrade to 0.99.4 everything works fine.

Mai 09 09:18:19 arch-linux-2015.local-steb-ebh.net systemd-coredump[7443]: Process 7321 (clamscan) of user 333 dumped core.

Stack trace of thread 7321:
#0 0x00007f44dcbd686b raise (libc.so.6)
#1 0x00007f44dcbc140e abort (libc.so.6)
#2 0x00007f44dcbc12e0 __assert_fail_base.cold.0 (libc.so.6)
#3 0x00007f44dcbcf112 __assert_fail (libc.so.6)
#4 0x00007f44dd29307b n/a (libclamav.so.7)
#5 0x00007f44dd1b70ef n/a (libclamav.so.7)
#6 0x00007f44dd1b7be8 cli_fmap_scandesc (libclamav.so.7)
#7 0x00007f44dd1a37b7 n/a (libclamav.so.7)
#8 0x00007f44dd1cba59 n/a (libclamav.so.7)
#9 0x00007f44dd1cd364 n/a (libclamav.so.7)
#10 0x00007f44dd1cae06 n/a (libclamav.so.7)
#11 0x00007f44dd1a1775 n/a (libclamav.so.7)
#12 0x00007f44dd1cd062 n/a (libclamav.so.7)
#13 0x00007f44dd1cd364 n/a (libclamav.so.7)
#14 0x00007f44dd1ce0d4 n/a (libclamav.so.7)
#15 0x00007f44dd1ce419 cl_scandesc_callback (libclamav.so.7)
#16 0x0000559bf13c33bc n/a (clamscan)
#17 0x0000559bf13c39c5 n/a (clamscan)
#18 0x0000559bf13c5257 n/a (clamscan)
#19 0x0000559bf13bdc17 n/a (clamscan)
#20 0x00007f44dcbc306b __libc_start_main (libc.so.6)
#21 0x0000559bf13be02a n/a (clamscan)

This task depends upon

Closed by Levente Polyak (anthraxx)
Monday, 22 October 2018, 19:32 GMT
Reason for closing: Deferred
Additional comments about closing: clamav-unofficial-sigs problem

Comment by Levente Polyak (anthraxx) - Thursday, 10 May 2018, 02:45 GMT

that doesn't add any value, you will need to investigate a bit and post _useful_ output, exact signal and f.e. strace/ltrace, stdout etc otherwise this is a 'works for me' and will be closed

Comment by robert (_the_) - Friday, 11 May 2018, 06:15 GMT

ran into the same thing today.
coredumpctl reports me the following:
TIME PID UID GID SIG COREFILE EXE
Fri 2018-05-11 07:48:08 CEST 8809 1000 1000 6 present /usr/bin/clamscan

as coredumpctl gdb does not report any usefull things (no debugging symbols found) I will try to recompile clamav with debug infos and report back.

Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/clamscan...(no debugging symbols found)...done.
[New LWP 8809]
Core was generated by `clamscan --stdout --no-summary /tmp/tmp.uJBwZx4DVG'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007fe817b2e86b in ?? ()

Comment by BAD+MAD (mat_weiss) - Monday, 14 May 2018, 06:58 GMT

Here is more output:

coredumpctl dump clamscan
-------------------------

PID: 7321 (clamscan)
UID: 333 (amavis)
GID: 333 (amavis)
Signal: 6 (ABRT)
Timestamp: Wed 2018-05-09 09:18:07 CEST (4 days ago)
Command Line: /usr/sbin/clamscan --stdout --no-summary -r --tempdir=/var/spool/amavis/tmp /var/spool/amavis/tmp/amavis-20180509T091652-07119-MyyhxkW3/parts
Executable: /usr/bin/clamscan
Control Group: /system.slice/amavisd.service
Unit: amavisd.service
Slice: system.slice
Boot ID: ff6734edee9b45108fb21a4763c27e21
Machine ID: 4e41a26e68f541bfbca88aa45f88a732
Hostname: arch-linux-2015.local-steb-ebh.net
Storage: /var/lib/systemd/coredump/core.clamscan.333.ff6734edee9b45108fb21a4763c27e21.7321.1525850287000000.lz4
Message: Process 7321 (clamscan) of user 333 dumped core.

Stack trace of thread 7321:
#0 0x00007f44dcbd686b raise (libc.so.6)
#1 0x00007f44dcbc140e abort (libc.so.6)
#2 0x00007f44dcbc12e0 __assert_fail_base.cold.0 (libc.so.6)
#3 0x00007f44dcbcf112 __assert_fail (libc.so.6)
#4 0x00007f44dd29307b n/a (libclamav.so.7)
#5 0x00007f44dd1b70ef n/a (libclamav.so.7)
#6 0x00007f44dd1b7be8 cli_fmap_scandesc (libclamav.so.7)
#7 0x00007f44dd1a37b7 n/a (libclamav.so.7)
#8 0x00007f44dd1cba59 n/a (libclamav.so.7)
#9 0x00007f44dd1cd364 n/a (libclamav.so.7)
#10 0x00007f44dd1cae06 n/a (libclamav.so.7)
#11 0x00007f44dd1a1775 n/a (libclamav.so.7)
#12 0x00007f44dd1cd062 n/a (libclamav.so.7)
#13 0x00007f44dd1cd364 n/a (libclamav.so.7)
#14 0x00007f44dd1ce0d4 n/a (libclamav.so.7)
#15 0x00007f44dd1ce419 cl_scandesc_callback (libclamav.so.7)
#16 0x0000559bf13c33bc n/a (clamscan)
#17 0x0000559bf13c39c5 n/a (clamscan)
#18 0x0000559bf13c5257 n/a (clamscan)
#19 0x0000559bf13bdc17 n/a (clamscan)
#20 0x00007f44dcbc306b __libc_start_main (libc.so.6)
#21 0x0000559bf13be02a n/a (clamscan)

==========================================================================================
journalctl
----------

May 9 09:15:37 amavis[6020]: (06020-01) (!)ClamAV-clamd: Empty result from /run/clamav/clamd.ctl, retrying (2)
May 9 09:15:39 amavis[6019]: (06019-01) (!)ClamAV-clamscan av-scanner FAILED: /usr/sbin/clamscan ABORTED, signal 6 (0086) at (eval 74) line 950.
May 9 09:15:39 amavis[6019]: (06019-01) (!!)AV: ALL VIRUS SCANNERS FAILED

==========================================================================================

ls -ahl /run/clamav/
insgesamt 4,0K
drwxr-xr-x 2 clamav clamav 80 14. Mai 07:39 .
drwxr-xr-x 36 root root 1000 14. Mai 08:00 ..
srw-rw-rw- 1 clamav clamav 0 14. Mai 07:38 clamd.ctl
-rw-rw-r-- 1 clamav clamav 4 14. Mai 07:39 clamd.pid

==========================================================================================

cat /etc/clamav/clamd.conf
--------------------------

LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogTime yes
ExtendedDetectionInfo yes
PidFile /run/clamav/clamd.pid
TemporaryDirectory /tmp
LocalSocket /run/clamav/clamd.ctl
TCPSocket 3310
TCPAddr 127.0.0.1
User clamav
AllowSupplementaryGroups yes
AlgorithmicDetection yes
ScanPE yes
ScanELF yes
ScanOLE2 yes
OLE2BlockMacros yes
ScanPDF yes
ScanSWF yes
ScanMail yes
PhishingSignatures yes
PhishingScanURLs yes
HeuristicScanPrecedence yes
ScanHTML yes
ScanArchive yes
ArchiveBlockEncrypted yes
Bytecode yes
BytecodeSecurity TrustSigned

==========================================================================================

Comment by BAD+MAD (mat_weiss) - Monday, 14 May 2018, 12:08 GMT

Some output more from /var/log/mail/current:

May 14 12:57:09 [amavis] (04890-01) LMTP [127.0.0.1]:10024 /var/spool/amavis/tmp/amavis-20180514T125709-04890-tXg75j_2: <xyz@xyz.de> -> <xyz@xyz.de> SIZE=384329 BODY=8BITMIME Received: from xyz.de ([127.0.0.1]) by localhost (xyz.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP for <xyz@xyz.de>; Mon, 14 May 2018 12:57:09 +0200 (CEST)
May 14 12:57:09 [amavis] (04890-01) Checking: aHMA4TKid-_k MYNETS [172.16.1.8] <xyz@xyz.de> -> <xyz@xyz.de>
May 14 12:57:15 [amavis] (04890-01) ClamAV-clamd: Empty result from /run/clamav/clamd.ctl, retrying (1)
May 14 12:57:35 [amavis] (04890-01) (!)ClamAV-clamd: Empty result from /run/clamav/clamd.ctl, retrying (2)
May 14 12:57:56 [amavis] (04890-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /run/clamav/clamd.ctl (Empty result from /run/clamav/clamd.ctl) at (eval 74) line 659, <GEN20> line 5432.\n
May 14 12:57:56 [amavis] (04890-01) (!)WARN: all primary virus scanners failed, considering backups
May 14 12:58:20 [amavis] (04890-01) (!)ClamAV-clamscan av-scanner FAILED: /usr/sbin/clamscan ABORTED, signal 6 (0086) at (eval 74) line 950, <GEN20> line 5432.
May 14 12:58:20 [amavis] (04890-01) (!!)AV: ALL VIRUS SCANNERS FAILED

Comment by BAD+MAD (mat_weiss) - Monday, 14 May 2018, 12:10 GMT

As I said: After downgrade to 0.99.4 everything is back to normal.

Comment by Levente Polyak (anthraxx) - Monday, 14 May 2018, 16:40 GMT

please report the bug upstream

Comment by BAD+MAD (mat_weiss) - Tuesday, 15 May 2018, 09:34 GMT

Here is my bugreport to clamav

https://bugzilla.clamav.net/show_bug.cgi?id=12117

The package maintainer advised me to send the bug upstream...and here it is...

Coredump after update to clamav 0.100.0-1, after downgrade to 0.99.4 everything works fine.

===================================================================================

clamconf -n
-----------

Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamd.log"
LogFileMaxSize = "2097152"
LogTime = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/run/clamav/clamd.pid"
TemporaryDirectory = "/tmp"
LocalSocket = "/run/clamav/clamd.ctl"
TCPSocket = "3310"
TCPAddr = "127.0.0.1"
User = "clamav"
DetectPUA = "yes"
HeuristicScanPrecedence = "yes"
OLE2BlockMacros = "yes"
ArchiveBlockEncrypted = "yes"
*** AllowSupplementaryGroups is DEPRECATED ***

Config file: freshclam.conf
---------------------------
UpdateLogFile = "/var/log/clamav/freshclam.log"
Checks = "24"
DatabaseMirror = "db.de.clamav.net", "database.clamav.net"
OnUpdateExecute = "/usr/bin/sed '1!G;h;$!d' /var/log/clamav/freshclam.log | /usr/bin/sed '1d;/^-/,/$d/d' | /usr/bin/sed '1!G;h;$!d' | /usr/bin/mail -s "Virus Defs Updated on $HOSTNAME" root@centos-2017"
OnErrorExecute = "/usr/bin/sed '1!G;h;$!d' /var/log/clamav/freshclam.log | /usr/bin/sed '1d;/^-/,/$d/d' | /usr/bin/sed '1!G;h;$!d' | /usr/bin/mail -s "Virus Defs Update-Error on $HOSTNAME" root@centos-2017"
OnOutdatedExecute = "/usr/bin/sed '1!G;h;$!d' /var/log/clamav/freshclam.log | /usr/bin/sed '1d;/^-/,/$d/d' | /usr/bin/sed '1!G;h;$!d' | /usr/bin/mail -s "Clamd outdated on $HOSTNAME" root@centos-2017"
SafeBrowsing = "yes"

Config file: clamav-milter.conf
-------------------------------
LogFile = "/var/log/clamav/clamav-milter.log"
LogTime = "yes"
PidFile = "/run/clamav/clamav-milter.pid"
TemporaryDirectory = "/tmp"
User = "clamav"

Software settings
-----------------
Version: 0.100.0
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR

Database information
--------------------
Database directory: /var/lib/clamav
[3rd Party] jurlbl.ndb: 11044 sigs
[3rd Party] winnow_extended_malware.hdb: 245 sigs
[3rd Party] CVE-2010-0887.yar: 21 sigs
[3rd Party] spam.ldb: 2 sigs
[3rd Party] malware.expert.fp: 41 sigs
[3rd Party] spamattach.hdb: 14 sigs
[3rd Party] hackingteam.hsb: 435 sigs
[3rd Party] javascript.ndb: 49727 sigs
[3rd Party] foxhole_js.cdb: 48 sigs
[3rd Party] badmacro.ndb: 469 sigs
[3rd Party] malwarehash.hsb: 771 sigs
[3rd Party] Sanesecurity_sigtest.yara: 54 sigs
[3rd Party] sanesecurity.ftm: 170 sigs
[3rd Party] phish.ndb: 27375 sigs
[3rd Party] CVE-2010-0805.yar: 14 sigs
[3rd Party] EK_Zerox88.yar: 55 sigs
[3rd Party] lott.ndb: 2335 sigs
[3rd Party] winnow_spam_complete.ndb: 932 sigs
[3rd Party] foxhole_generic.cdb: 211 sigs
[3rd Party] CVE-2013-0074.yar: 17 sigs
[3rd Party] rogue.hdb: 2490 sigs
[3rd Party] phishtank.ndb: 33073 sigs
[3rd Party] EK_Angler.yar: 283 sigs
[3rd Party] spamimg.hdb: 153 sigs
[3rd Party] malware.expert.ndb: 790 sigs
[3rd Party] porcupine.ndb: 2817 sigs
[3rd Party] scam.ndb: 12484 sigs
[3rd Party] bofhland_malware_attach.hdb: 1835 sigs
[3rd Party] securiteinfoascii.hdb: 96271 sigs
[3rd Party] EK_Fragus.yar: 210 sigs
[3rd Party] foxhole_filename.cdb: 1432 sigs
[3rd Party] EK_Zeus.yar: 28 sigs
[3rd Party] CVE-2015-5119.yar: 22 sigs
[3rd Party] shelter.ldb: 15 sigs
[3rd Party] securiteinfoandroid.hdb: 99923 sigs
[3rd Party] EK_Sakura.yar: 62 sigs
[3rd Party] spear.ndb: 15104 sigs
[3rd Party] jurlbla.ndb: 1443 sigs
[3rd Party] junk.ndb: 56697 sigs
[3rd Party] winnow_malware.yara: 169 sigs
[3rd Party] EK_Crimepack.yar: 49 sigs
[3rd Party] CVE-2010-1297.yar: 15 sigs
[3rd Party] securiteinfohtml.hdb: 51909 sigs
[3rd Party] spearl.ndb: 415 sigs
safebrowsing.cld: version 47380, sigs: 2911527, built on Tue May 15 06:49:52 2018
[3rd Party] rfxn.ndb: 2025 sigs
[3rd Party] EK_Eleonore.yar: 165 sigs
[3rd Party] securiteinfopdf.hdb: 3479 sigs
[3rd Party] winnow.complex.patterns.ldb: 3 sigs
main.cvd: version 58, sigs: 4566249, built on Wed Jun 7 23:38:10 2017
[3rd Party] winnow_malware_links.ndb: 4624 sigs
[3rd Party] porcupine.hsb: 288 sigs
[3rd Party] EK_Phoenix.yar: 483 sigs
[3rd Party] packer.yar: 20243 sigs
[3rd Party] malwarepatrol.db: 163953 sigs
[3rd Party] foxhole_js.ndb: 4 sigs
[3rd Party] MiscreantPunch099-Low.ldb: 1236 sigs
[3rd Party] EMAIL_Cryptowall.yar: 52 sigs
[3rd Party] EK_Blackhole.yar: 453 sigs
[3rd Party] rfxn.hdb: 12602 sigs
[3rd Party] malware.expert.ldb: 142 sigs
[3rd Party] bofhland_malware_URL.ndb: 6 sigs
daily.cld: version 24571, sigs: 1947624, built on Tue May 15 06:31:01 2018
[3rd Party] EK_ZeroAcces.yar: 211 sigs
[3rd Party] Sanesecurity_spam.yara: 46 sigs
[3rd Party] winnow_bad_cw.hdb: 1 sig
[3rd Party] bofhland_cracked_URL.ndb: 36 sigs
[3rd Party] CVE-2013-0422.yar: 21 sigs
[3rd Party] EK_BleedingLife.yar: 112 sigs
[3rd Party] scamnailer.ndb: 50995 sigs
bytecode.cld: version 319, sigs: 75, built on Thu Dec 7 03:17:11 2017
[3rd Party] maldoc_somerules.yar: 283 sigs
[3rd Party] winnow_extended_malware_links.ndb: 1 sig
[3rd Party] Maldoc_Hidden_PE_file.yar: 23 sigs
[3rd Party] winnow.attachments.hdb: 5894 sigs
[3rd Party] antidebug_antivm.yar: 1812 sigs
[3rd Party] winnow_malware.hdb: 293 sigs
[3rd Party] securiteinfo.hdb: 1218929 sigs
[3rd Party] bofhland_phishing_URL.ndb: 36 sigs
[3rd Party] malware.expert.hdb: 375 sigs
[3rd Party] blurl.ndb: 13510 sigs
Total number of signatures: 11399480

Platform information
--------------------
uname: Linux 4.16.8-1-ARCH #1 SMP PREEMPT Wed May 9 11:25:02 UTC 2018 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: "Arch Linux"
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a215b5b0800000000070301

Build information
-----------------
GNU C: 7.3.1 20180406 (7.3.1)
CPPFLAGS: -D_FORTIFY_SOURCE=2
CFLAGS: -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt
LDFLAGS: -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now
Configure: '--prefix=/usr' '--sbindir=/usr/bin' '--sysconfdir=/etc/clamav' '--with-dbdir=/var/lib/clamav' '--with-user=clamav' '--with-group=clamav' '--disable-rpath' '--disable-clamav' '--disable-llvm' '--enable-zlib-vcheck' '--enable-milter' '--enable-clamdtop' 'CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt' 'LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
sizeof(void*) = 8
Engine flevel: 91, dconf: 91

===================================================================================

uname -mrsp
-----------

Linux 4.16.8-1-ARCH x86_64 unknown

===================================================================================

ldd --version
-------------

ldd (GNU libc) 2.27
Copyright © 2018 Free Software Foundation, Inc.
Dies ist freie Software; in den Quellen befinden sich die Lizenzbedingungen.
Es gibt KEINERLEI Garantie; nicht einmal für die TAUGLICHKEIT oder
VERWENDBARKEIT FÜR EINEN ANGEGEBENEN ZWECK.
Implementiert von Roland McGrath und Ulrich Drepper.

===================================================================================

ldconfig -p | grep "libz\."
---------------------------

libz.so.1 (libc6,x86-64) => /usr/lib/libz.so.1
libz.so (libc6,x86-64) => /usr/lib/libz.so

ls -ahl /usr/lib/libz.*
-----------------------

-rw-r--r-- 1 root root 122K 12. Jul 2017 /usr/lib/libz.a
lrwxrwxrwx 1 root root 14 12. Jul 2017 /usr/lib/libz.so -> libz.so.1.2.11
lrwxrwxrwx 1 root root 14 12. Jul 2017 /usr/lib/libz.so.1 -> libz.so.1.2.11
-rwxr-xr-x 1 root root 90K 12. Jul 2017 /usr/lib/libz.so.1.2.11

===================================================================================

journalctl -f -p 4
------------------

Mai 15 10:37:42 arch-linux-2015 systemd[1]: clamav-daemon.service: Main process exited, code=killed, status=6/ABRT
Mai 15 10:37:42 arch-linux-2015 systemd[1]: clamav-daemon.service: Failed with result 'signal'.
Mai 15 10:37:52 arch-linux-2015 systemd-coredump[523]: Process 481 (clamscan) of user 333 dumped core.

Stack trace of thread 481:
#0 0x00007fb5c53f586b raise (libc.so.6)
#1 0x00007fb5c53e040e abort (libc.so.6)
#2 0x00007fb5c53e02e0 __assert_fail_base.cold.0 (libc.so.6)
#3 0x00007fb5c53ee112 __assert_fail (libc.so.6)
#4 0x00007fb5c5ab207b n/a (libclamav.so.7)
#5 0x00007fb5c59d60ef n/a (libclamav.so.7)
#6 0x00007fb5c59d6be8 cli_fmap_scandesc (libclamav.so.7)
#7 0x00007fb5c59c27b7 n/a (libclamav.so.7)
#8 0x00007fb5c59eaa59 n/a (libclamav.so.7)
#9 0x00007fb5c59ec364 n/a (libclamav.so.7)
#10 0x00007fb5c59f0439 n/a (libclamav.so.7)
#11 0x00007fb5c59f04de n/a (libclamav.so.7)
#12 0x00007fb5c59f4c5c n/a (libclamav.so.7)
#13 0x00007fb5c59f41f2 n/a (libclamav.so.7)
#14 0x00007fb5c59f5a9b n/a (libclamav.so.7)
#15 0x00007fb5c59c072d n/a (libclamav.so.7)
#16 0x00007fb5c59ec062 n/a (libclamav.so.7)
#17 0x00007fb5c59ec364 n/a (libclamav.so.7)
#18 0x00007fb5c59ed0d4 n/a (libclamav.so.7)
#19 0x00007fb5c59ed419 cl_scandesc_callback (libclamav.so.7)
#20 0x0000555a004e03bc n/a (clamscan)
#21 0x0000555a004e09c5 n/a (clamscan)
#22 0x0000555a004e2257 n/a (clamscan)
#23 0x0000555a004dac17 n/a (clamscan)
#24 0x00007fb5c53e206b __libc_start_main (libc.so.6)
#25 0x0000555a004db02a n/a (clamscan)

===================================================================================

coredumpctl dump 481
--------------------

PID: 481 (clamscan)
UID: 333 (amavis)
GID: 333 (amavis)
Signal: 6 (ABRT)
Timestamp: Tue 2018-05-15 10:37:42 CEST (8min ago)
Command Line: /usr/sbin/clamscan --stdout --no-summary -r --tempdir=/var/spool/amavis/tmp /var/spool/amavis/tmp/amavis-20180515T083423-17453-EYj0TOBm/parts
Executable: /usr/bin/clamscan
Control Group: /system.slice/amavisd.service
Unit: amavisd.service
Slice: system.slice
Boot ID: f6ee2ed24ada4ff1a08377a44d1da0dd
Machine ID: 4e41a26e68f541bfbca88aa45f88a732
Hostname: arch-linux-2015.local-steb-ebh.net
Storage: /var/lib/systemd/coredump/core.clamscan.333.f6ee2ed24ada4ff1a08377a44d1da0dd.481.1526373462000000.lz4
Message: Process 481 (clamscan) of user 333 dumped core.

Stack trace of thread 481:
#0 0x00007fb5c53f586b raise (libc.so.6)
#1 0x00007fb5c53e040e abort (libc.so.6)
#2 0x00007fb5c53e02e0 __assert_fail_base.cold.0 (libc.so.6)
#3 0x00007fb5c53ee112 __assert_fail (libc.so.6)
#4 0x00007fb5c5ab207b n/a (libclamav.so.7)
#5 0x00007fb5c59d60ef n/a (libclamav.so.7)
#6 0x00007fb5c59d6be8 cli_fmap_scandesc (libclamav.so.7)
#7 0x00007fb5c59c27b7 n/a (libclamav.so.7)
#8 0x00007fb5c59eaa59 n/a (libclamav.so.7)
#9 0x00007fb5c59ec364 n/a (libclamav.so.7)
#10 0x00007fb5c59f0439 n/a (libclamav.so.7)
#11 0x00007fb5c59f04de n/a (libclamav.so.7)
#12 0x00007fb5c59f4c5c n/a (libclamav.so.7)
#13 0x00007fb5c59f41f2 n/a (libclamav.so.7)
#14 0x00007fb5c59f5a9b n/a (libclamav.so.7)
#15 0x00007fb5c59c072d n/a (libclamav.so.7)
#16 0x00007fb5c59ec062 n/a (libclamav.so.7)
#17 0x00007fb5c59ec364 n/a (libclamav.so.7)
#18 0x00007fb5c59ed0d4 n/a (libclamav.so.7)
#19 0x00007fb5c59ed419 cl_scandesc_callback (libclamav.so.7)
#20 0x0000555a004e03bc n/a (clamscan)
#21 0x0000555a004e09c5 n/a (clamscan)
#22 0x0000555a004e2257 n/a (clamscan)
#23 0x0000555a004dac17 n/a (clamscan)
#24 0x00007fb5c53e206b __libc_start_main (libc.so.6)
#25 0x0000555a004db02a n/a (clamscan)
Refusing to dump core to tty (use shell redirection or specify --output).

===================================================================================

cat /var/log/mail/current | grep '(!'
-------------------------------------

May 15 10:34:57 [amavis] (09657-20) (!)ClamAV-clamd: Empty result from /run/clamav/clamd.ctl, retrying (2)
May 15 10:35:16 [amavis] (09657-20) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /run/clamav/clamd.ctl (Empty result from /run/clamav/clamd.ctl) at (eval 74) line 659.\n
May 15 10:35:16 [amavis] (09657-20) (!)WARN: all primary virus scanners failed, considering backups
May 15 10:35:41 [amavis] (09657-20) (!)ClamAV-clamscan av-scanner FAILED: /usr/sbin/clamscan ABORTED, signal 6 (0086) at (eval 74) line 950.
May 15 10:35:41 [amavis] (09657-20) (!!)AV: ALL VIRUS SCANNERS FAILED
May 15 10:36:40 [amavis] (16192-14) (!)ClamAV-clamd: Empty result from /run/clamav/clamd.ctl, retrying (2)
May 15 10:36:59 [amavis] (17453-12) (!)ClamAV-clamd: Empty result from /run/clamav/clamd.ctl, retrying (2)
May 15 10:36:59 [amavis] (16192-14) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /run/clamav/clamd.ctl (Empty result from /run/clamav/clamd.ctl) at (eval 74) line 659.\n
May 15 10:36:59 [amavis] (16192-14) (!)WARN: all primary virus scanners failed, considering backups
May 15 10:37:20 [amavis] (17453-12) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /run/clamav/clamd.ctl (Empty result from /run/clamav/clamd.ctl) at (eval 74) line 659.\n
May 15 10:37:20 [amavis] (17453-12) (!)WARN: all primary virus scanners failed, considering backups
May 15 10:37:23 [amavis] (16192-14) (!)ClamAV-clamscan av-scanner FAILED: /usr/sbin/clamscan ABORTED, signal 6 (0086) at (eval 74) line 950.
May 15 10:37:23 [amavis] (16192-14) (!!)AV: ALL VIRUS SCANNERS FAILED
May 15 10:37:44 [amavis] (17453-12) (!)ClamAV-clamscan av-scanner FAILED: /usr/sbin/clamscan ABORTED, signal 6 (0086) at (eval 74) line 950.
May 15 10:37:44 [amavis] (17453-12) (!!)AV: ALL VIRUS SCANNERS FAILED
May 15 10:38:03 [amavis] (07324-18) (!)ClamAV-clamd: Empty result from /run/clamav/clamd.ctl, retrying (2)
May 15 10:38:23 [amavis] (07324-18) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /run/clamav/clamd.ctl (Empty result from /run/clamav/clamd.ctl) at (eval 74) line 659.\n
May 15 10:38:23 [amavis] (07324-18) (!)WARN: all primary virus scanners failed, considering backups
May 15 10:38:46 [amavis] (07324-18) (!)ClamAV-clamscan av-scanner FAILED: /usr/sbin/clamscan ABORTED, signal 6 (0086) at (eval 74) line 950.
May 15 10:38:46 [amavis] (07324-18) (!!)AV: ALL VIRUS SCANNERS FAILED
May 15 10:38:46 [amavis] (06883-16) (!)ClamAV-clamd: Empty result from /run/clamav/clamd.ctl, retrying (2)
May 15 10:39:08 [amavis] (06883-16) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /run/clamav/clamd.ctl (Empty result from /run/clamav/clamd.ctl) at (eval 74) line 659.\n
May 15 10:39:08 [amavis] (06883-16) (!)WARN: all primary virus scanners failed, considering backups
May 15 10:39:31 [amavis] (06883-16) (!)ClamAV-clamscan av-scanner FAILED: /usr/sbin/clamscan ABORTED, signal 6 (0086) at (eval 74) line 950.
May 15 10:39:31 [amavis] (06883-16) (!!)AV: ALL VIRUS SCANNERS FAILED
May 15 10:39:48 [amavis] (07324-18-2) (!)ClamAV-clamd: Empty result from /run/clamav/clamd.ctl, retrying (2)
May 15 10:40:07 [amavis] (06883-16-2) (!)ClamAV-clamd: Empty result from /run/clamav/clamd.ctl, retrying (2)
May 15 10:40:07 [amavis] (07324-18-2) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /run/clamav/clamd.ctl (Empty result from /run/clamav/clamd.ctl) at (eval 74) line 659.\n
May 15 10:40:07 [amavis] (07324-18-2) (!)WARN: all primary virus scanners failed, considering backups
May 15 10:40:27 [amavis] (06883-16-2) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /run/clamav/clamd.ctl (Empty result from /run/clamav/clamd.ctl) at (eval 74) line 659.\n
May 15 10:40:27 [amavis] (06883-16-2) (!)WARN: all primary virus scanners failed, considering backups
May 15 10:40:30 [amavis] (07324-18-2) (!)ClamAV-clamscan av-scanner FAILED: /usr/sbin/clamscan ABORTED, signal 6 (0086) at (eval 74) line 950.
May 15 10:40:30 [amavis] (07324-18-2) (!!)AV: ALL VIRUS SCANNERS FAILED

===================================================================================

ls -ahl /run/clamav/
--------------------

insgesamt 4,0K
drwxr-xr-x 2 clamav clamav 80 15. Mai 10:31 .
drwxr-xr-x 37 root root 1020 15. Mai 10:00 ..
srw-rw-rw- 1 clamav clamav 0 14. Mai 12:56 clamd.ctl
-rw-rw-r-- 1 clamav clamav 4 15. Mai 10:40 clamd.pid

===================================================================================

Comment by BAD+MAD (mat_weiss) - Wednesday, 16 May 2018, 06:30 GMT

The problem seems to come from the yara databases of the AUR package "clamav-unofficial-sigs".

After deleting all yara signature databases no more crashes occurred. What I do not quite understand is that there were error messages in version 0.99.4, but it never came to coredumps and crashes.
I have not yet figured out which yara database is responsible for the errors. Currently I have deactivated all yara databases and clamav is running stable.

Comment by Skupin Skupin (stefan.skupin) - Wednesday, 16 May 2018, 12:04 GMT

I can confirm that the problem comes from the yara databases of the AUR package "clamav-unofficial-sigs". It seems that some old files in /var/lib/clamav and/or /var/lib/clamav-unofficial-sigs cause the problem. After deleting everything in those two directories and running freshclam and clamav-unofficial-sigs.sh everything seems to work fine.

Comment by Levente Polyak (anthraxx) - Wednesday, 16 May 2018, 12:09 GMT

cool, that sounds like a progress. can you ping clamav-unofficial-sigs so it can be fixed there and others dont run into the very same problem?

Comment by AMM (amish) - Wednesday, 16 May 2018, 12:13 GMT

I had already reported to clamav-unofficial-sigs about yara rules issue about 5 days back

Somebody had already created issue for Solaris - so I had added a comment there that same bug exists for Arch linux too
https://github.com/extremeshok/clamav-unofficial-sigs/issues/203#issuecomment-388303234

Bug is almost a month old but there has been no response from extremeshok.

Comment by Skupin Skupin (stefan.skupin) - Wednesday, 16 May 2018, 12:20 GMT

Well, not sure this is really a bug, just some forgotten, outdated databases. No need to disable yara databases, at least in my case.

Comment by AMM (amish) - Wednesday, 16 May 2018, 12:44 GMT

Actually it is clamav bug too - it should not crash but should SKIP/IGNORE outdated database.

So bug should be reported to clamav to NOT crash and also to Yara people to update their database for clamav-0.100 compatibility.

So this is not an Arch linux bug but upstream bug.

Comment by BAD+MAD (mat_weiss) - Friday, 18 May 2018, 06:49 GMT

In my case, clamav is used for the mail traffic (amavis, postfix, dovecot) and the webproxy (squid over c-icap).
Hardware: Intel xeon, 24GB ECC-Ram, Raid5.
System: ArchLinux
After the update to clamav 0.100 it came to coredums and the accesses to the Internet over the squid-proxy became unbearably slow.
The following steps helped me to get the system working almost normally again. However, the system load on the CPU is considerably higher with clamav 0.100 than with clamav 0.99.4.
But at least I can now use the system again, without having to turn off the virus protection altogether. There are about 30 workstations on the system that use the mail server and the proxy.

Here are my steps:

1. Delete all signature databases that are located (in my case) under /var/lib/clamav.
2. Manual freshclam for the standard signatures
3. Setting default_dbs_rating="LOW" in /etc/clamav-unofficial-sigs/user.conf
4. Forcing reloading the signature databases with clamav-unofficial-sigs.sh -F

I use the following external sources:

sanesecurity_enabled = "yes"
securiteinfo_enabled = "yes"
linuxmalwaredetect_enabled = "yes"
malwarepatrol_enabled = "yes"
yararulesproject_enabled = "yes"
additional_enabled = "yes"

Maybe these steps will help you too.

	Tasks related to this task (0)

Duplicate tasks of this task (1)
~~FS#58522 - [clamav] clamav 0.100.0-1 coredump~~

Arch Linux

FS#58513 - [clamav] 0.100.0-1 coredump

Details

Loading...