Bugzilla – Bug 11309
freshclam crashing when trying to load bytecode
Last modified: 2020-02-19 09:43:50 EST
Just upgraded to clamav 0.98.7, freshclam dies with signal 11 after downloading bytecode.cvd: % sudo freshclam -v --debug Current working dir is /Volumes/Data/opt/local/share/clamav Max retries == 3 ClamAV update process started at Wed Apr 29 15:45:20 2015 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1742 Software version from DNS: 0.98.7 main.cvd version from DNS: 55 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd version from DNS: 20394 daily.cvd is up to date (version: 20394, sigs: 1379690, f-level: 63, builder: neo) Retrieving http://database.clamav.net/bytecode.cvd Ignoring mirror 78.46.84.244 (due to previous errors) Trying to download http://database.clamav.net/bytecode.cvd (IP: 200.236.31.1) Downloading bytecode.cvd [100%] LibClamAV debug: Initialized 0.98.7 engine LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = ba766dd858e88472b8cabe80e76ccac9 LibClamAV debug: cli_versig: Decoded signature: ba766dd858e88472b8cabe80e76ccac9 LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV debug: in cli_tgzload() LibClamAV debug: bytecode.info loaded LibClamAV debug: in cli_tgzload_cleanup() LibClamAV debug: in cli_tgzload() LibClamAV debug: in cli_tgzload_cleanup() LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Phishcheck cleaned up Loading signatures from bytecode.cvd LibClamAV debug: Initializing phishcheck module LibClamAV debug: Phishcheck: Compiling regex: ^ *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$ LibClamAV debug: Phishcheck module initialized LibClamAV debug: Bytecode initialized in JIT mode LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = ba766dd858e88472b8cabe80e76ccac9 LibClamAV debug: cli_versig: Decoded signature: ba766dd858e88472b8cabe80e76ccac9 LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV debug: in cli_tgzload() LibClamAV debug: bytecode.info loaded LibClamAV debug: in cli_tgzload_cleanup() LibClamAV debug: in cli_tgzload() LibClamAV debug: Initializing engine->root[0] LibClamAV debug: Initialising AC pattern matcher of root[0] LibClamAV debug: cli_initroots: Initializing BM tables of root[0] LibClamAV debug: Initializing engine->root[1] LibClamAV debug: Initialising AC pattern matcher of root[1] LibClamAV debug: cli_initroots: Initializing BM tables of root[1] LibClamAV debug: Initializing engine->root[2] LibClamAV debug: Initialising AC pattern matcher of root[2] LibClamAV debug: Initializing engine->root[3] LibClamAV debug: Initialising AC pattern matcher of root[3] LibClamAV debug: Initializing engine->root[4] LibClamAV debug: Initialising AC pattern matcher of root[4] LibClamAV debug: Initializing engine->root[5] LibClamAV debug: Initialising AC pattern matcher of root[5] LibClamAV debug: Initializing engine->root[6] LibClamAV debug: Initialising AC pattern matcher of root[6] LibClamAV debug: Initializing engine->root[7] LibClamAV debug: Initialising AC pattern matcher of root[7] LibClamAV debug: Initializing engine->root[8] LibClamAV debug: Initialising AC pattern matcher of root[8] LibClamAV debug: Initializing engine->root[9] LibClamAV debug: Initialising AC pattern matcher of root[9] LibClamAV debug: Initializing engine->root[10] LibClamAV debug: Initialising AC pattern matcher of root[10] LibClamAV debug: Initializing engine->root[11] LibClamAV debug: Initialising AC pattern matcher of root[11] LibClamAV debug: Initializing engine->root[12] LibClamAV debug: Initialising AC pattern matcher of root[12] LibClamAV debug: Initializing engine->root[13] LibClamAV debug: Initialising AC pattern matcher of root[13] LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 6 APIcalls, maxapi 15 LibClamAV debug: Parsed 9 BBs, 93 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000767942.cbc(1) has logical signature: BC.ClamAV-Test-File-detected-via-bytecode.{};Target:1;(0&2&1);0:4d5a50000200000004000f00ffff0000;EOF-544:4d5a50000200000004000f00ffff0000;S0+0:4d5a50000200000004000f00ffff0000 LibClamAV debug: 0000767942.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 6 APIcalls, maxapi 42 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 66 LibClamAV debug: unknown inst type: 66 LibClamAV debug: Parsed 48 BBs, 220 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000824716.cbc(2) has logical signature: BC.Exploit.CVE_2010_2568.{};Target:0;0;4c0000000114020000000000c000000000000046 LibClamAV debug: 0000824716.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 11 APIcalls, maxapi 66 LibClamAV debug: Parsed 55 BBs, 258 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000829571.cbc(3) has logical signature: BC.Exploit.CVE_2010_1885-2;Engine:52-255,Target:3;0;6863703a2f2f{25-700}736372697074{1-3}6465666572 LibClamAV debug: 0000829571.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 7 APIcalls, maxapi 89 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: Parsed 11 BBs, 42 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000830429.cbc(4) has logical signature: BC.Heuristic.Trojan.SusPacked.BF.{};Engine:51-255,IconGroup2:BIFROSE,Target:1;0;EP+0:60be00??41008dbe00??feff57eb0b908a064688074701db75078b1e83eefc11db72edb80100000001db75078b1e83eefc11db11c001 LibClamAV debug: 0000830429.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 9 APIcalls, maxapi 87 LibClamAV debug: Parsed 20 BBs, 67 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: 0000855079.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 11 APIcalls, maxapi 87 LibClamAV debug: Parsed 26 BBs, 150 instructions LibClamAV debug: Parsed 40 BBs, 131 instructions LibClamAV debug: Parsed 2 functions LibClamAV debug: 0000867507.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 13 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000872695.cbc(7) has logical signature: BC.Exploit.CVE_2010_3338.{Exploit-CVE_2010_3338};Engine:56-255,Target:1;0;S1+3125:003c005000 LibClamAV debug: 0000872695.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 23 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000872696.cbc(8) has logical signature: BC.Exploit.CVE_2010_3963.{Exploit-CVE_2010_3963};Engine:56-255,Target:1;(1|0);EOF-64:453a5c776f;453a5c776f LibClamAV debug: 0000872696.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 2 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 27 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000872785.cbc(9) has logical signature: BC.Exploit.CVE_2010_3943.{Exploit-CVE_2010_3943};Engine:56-255,Target:1;(0&2&1);S0+14736:ffff595f5e;S0+15632:8b00385dfc;S0+19520:83661c0059 LibClamAV debug: 0000872785.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 13 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000872786.cbc(10) has logical signature: BC.Exploit.CVE_2010_3939.{Exploit-CVE_2010_3939};Engine:56-255,Target:1;0;S0+0:81ecc80000 LibClamAV debug: 0000872786.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 33 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000872787.cbc(11) has logical signature: BC.Exploit.CVE_2010_3942.{Exploit-CVE_2010_3942};Engine:56-255,Target:1;(0&2&1);S0+4096:d6ffd05959;S0+9456:c6730f8b07;S0+12912:a0b9400089 LibClamAV debug: 0000872787.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 13 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000872788.cbc(12) has logical signature: BC.Exploit.CVE_2010_3940.{Exploit-CVE_2010_3940};Engine:56-255,Target:1;0;S1+608:256400000a LibClamAV debug: 0000872788.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 13 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000872793.cbc(13) has logical signature: BC.Exploit.CVE_2010_3941.{Exploit-CVE_2010_3941};Engine:56-255,Target:1;0;S1+6656:436f756c64 LibClamAV debug: 0000872793.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 2 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 19 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000872843.cbc(14) has logical signature: BC.Exploit.CVE_2010_3944.{Exploit-CVE_2010_3944};Engine:56-255,Target:1;(0&1);S0+1696:fc0000000f;S0+2864:1f837dfc00 LibClamAV debug: 0000872843.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 2 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 11 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000872844.cbc(15) has logical signature: BC.Exploit.CVE_2010_3961.{Exploit-CVE_2010_3961};Engine:56-255,Target:1;0;S1+704:7665640044 LibClamAV debug: 0000872844.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 5 APIcalls, maxapi 66 LibClamAV debug: Parsed 9 BBs, 38 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000873154.cbc(16) has logical signature: BC.Exploit.CVE_2010_3333.{Exploit-CVE_2010_3333};Engine:56-255,Target:0;0;5c7370{-100}5c736e2070467261676d656e7473{-100}5c7376 LibClamAV debug: 0000873154.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 13 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000876141.cbc(17) has logical signature: BC.Exploit.CVE_2011_0026.{Exploit-CVE_2011_0026};Engine:56-255,Target:1;0;S1+1200:fffeffebd0 LibClamAV debug: 0000876141.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 23 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000897200.cbc(18) has logical signature: BC.Exploit.CVE_2011_0030.{Exploit-CVE_2011_0030};Engine:56-255,Target:1;(1|0);S1+11272:483a5c7368656c6c;S1+2652:437372436c69656e7443616c6c536572766572 LibClamAV debug: 0000897200.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 23 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000897207.cbc(19) has logical signature: BC.Exploit.CVE_2011_0045.{Exploit-CVE_2011_0045};Engine:56-255,Target:1;(1|0);S1+346:54726163654576656e74;S0+0:558bec83ec48c745f0080000c0c745f8 LibClamAV debug: 0000897207.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 13 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000897208.cbc(20) has logical signature: BC.Exploit.CVE_2011_0090.{Exploit-CVE_2011_0090};Engine:56-255,Target:1;0;S0+64:558bec83ec68c745d80000000033c089 LibClamAV debug: 0000897208.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 23 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000897209.cbc(21) has logical signature: BC.Exploit.CVE_2011_0089.{Exploit-CVE_2011_0089};Engine:56-255,Target:1;(1|0);S2+16304:020000005c5c7265647465616d5c7365;S1+6000:51ff15242443003bf4e803efffff8bf4 LibClamAV debug: 0000897209.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 23 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000897211.cbc(22) has logical signature: BC.Exploit.CVE_2011_0088.{Exploit-CVE_2011_0088};Engine:56-255,Target:1;(1|0);S2+16224:4551466f020000005c5c726564746561;S1+5680:ec51ff15182443003bf4e838f0ffffb8 LibClamAV debug: 0000897211.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 23 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000898169.cbc(23) has logical signature: BC.Exploit.CVE_2011_0039.{Exploit-CVE_2011_0039};Engine:56-255,Target:1;(1|0);S0+784:5c564d572d5850535032454e5c63245c;S1+992:747874446f6d61696e00020438045802 LibClamAV debug: 0000898169.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 23 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000898175.cbc(24) has logical signature: BC.Exploit.CVE_2011_0087.{Exploit-CVE_2011_0087};Engine:56-255,Target:1;(1|0);S2+0:0a5b2a5d20466f756e642077696e646f;S0+80:550852ff15248140008b85f0feffff8b LibClamAV debug: 0000898175.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 23 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000898176.cbc(25) has logical signature: BC.Exploit.CVE_2011_0086.{Exploit-CVE_2011_0086};Engine:56-255,Target:1;(1|0);S2+16:6e642077696e646f773a202578202825;S0+256:4000e8ad03000083c4048b550852ff15 LibClamAV debug: 0000898176.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 3 BBs, 13 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000923457.cbc(26) has logical signature: BC.Exploit.CVE_2011_0037.{Exploit-CVE_2011_0037};Engine:56-255,Target:1;0;S1+736:626c6564000000002028557365642066 LibClamAV debug: 0000923457.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 66 LibClamAV debug: Parsed 15 BBs, 85 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0000954331.cbc(27) has logical signature: BC.Exploit.MS_04_11.{CVE_2011_0662,CVE_2011_1229_or_CVE_2011_1231,CVE_2011_1231,CVE_2011_1237,CVE_2011_1238,CVE_2011_1239,CVE_2011_1241,CVE_2011_1242};Engine:56-255,Target:1;(1|0|6|2|4|3|5);S2+16272:52534453bb1a649c7ea0154cb19ce3e3;S2+16240:000000000000000052534453646e64ce;S0+432:ff15d8ca40006a006830f10000681201;S2+16128:52534453645a82377e51384580df1e6c;S2+16272:00000000000000000000000052534453;S2+17568:0000000000000000525344537b499ed5;S2+16608:0000000000000000525344538c350b8e LibClamAV debug: 0000954331.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 9 APIcalls, maxapi 74 LibClamAV debug: Parsed 53 BBs, 226 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: 0001078231.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 9 APIcalls, maxapi 72 LibClamAV debug: Parsed 215 BBs, 940 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0001078233.cbc(29) has logical signature: BC.W32.Xpaj;Engine:57-255,Target:1;(1|0);5589e583ec;558bec83ec LibClamAV debug: 0001078233.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 5 LibClamAV debug: Parsed 43 BBs, 111 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0001133834.cbc(30) has logical signature: BC.Exploit.CVE_2011_4373-1;Engine:56-255,Container:CL_TYPE_PDF,Target:5;0;0:424d????00000000 LibClamAV debug: 0001133834.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 7 APIcalls, maxapi 55 LibClamAV debug: Parsed 15 BBs, 76 instructions LibClamAV debug: Parsed 8 BBs, 29 instructions LibClamAV debug: Parsed 2 functions LibClamAV debug: Bytecode 0001297758.cbc(31) has logical signature: BC.Exploit.CVE_2012_0158.{CVE_2012_0158};Engine:56-255,Target:0;(0&1);0:7b5c7274;*:4430434631314530 LibClamAV debug: 0001297758.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 4 APIcalls, maxapi 16 LibClamAV debug: Parsed 79 BBs, 313 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0001353653.cbc(32) has logical signature: BC.Exploit.CVE_2012_2543.{};Engine:56-255,Target:2;0;*:57006f0072006b0062006f006f006b*7808{2}7808 LibClamAV debug: 0001353653.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 5 LibClamAV debug: Parsed 17 BBs, 65 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0001353663.cbc(33) has logical signature: BC.Exploit.Briefcase.{CVE_2012_1527,CVE_2012_1528};Engine:56-255,Target:0;0;0:444453480205011414000000 LibClamAV debug: 0001353663.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 4 APIcalls, maxapi 16 LibClamAV debug: Parsed 14 BBs, 41 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0001353776.cbc(34) has logical signature: BC.Exploit.CVE_2012_1886-1.{};Engine:56-255,Target:2;0;0:d0cf11e0a1b11ae1*57006f0072006b0062006f006f006b*88000800 LibClamAV debug: 0001353776.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 4 APIcalls, maxapi 16 LibClamAV debug: Parsed 15 BBs, 54 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0002330899.cbc(35) has logical signature: BC.Exploit.CVE_2013_0030.{};Engine:57-255,Target:3;(0&2&1);646f63756d656e742e637265617465656c656d656e7428;3a7368617065;73657461747472696275746528{-5}70617468 LibClamAV debug: 0002330899.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 8 APIcalls, maxapi 55 LibClamAV debug: Parsed 101 BBs, 378 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0002330903.cbc(36) has logical signature: BC.Exploit.CVE_2013_0024.{};Engine:57-255,Target:3;(0&2&1);646f63756d656e742e626f64792e676574656c656d656e747362797461676e616d6528222a22293b;646f63756d656e742e73656c656374696f6e2e63726561746572616e676528;2e6d6f7665746f656c656d656e747465787428{-100}2e636f6c6c617073652874727565293b{-100}2e73656c65637428{-100}2e706173746568746d6c28 LibClamAV debug: 0002330903.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 8 APIcalls, maxapi 55 LibClamAV debug: Parsed 30 BBs, 108 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0003754809.cbc(37) has logical signature: BC.Exploit.CVE_2013_3146.{};Engine:57-255,Target:0;0;2e676574656c656d656e747362797461676e616d6528*636f6c756d6e2d636f756e74 LibClamAV debug: 0003754809.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 5 APIcalls, maxapi 42 LibClamAV debug: Parsed 61 BBs, 261 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0003818543.cbc(38) has logical signature: BC.Exploit.Andr.{Extra_Field,Master_Key};Engine:56-255,Target:0;(0&2&1);0:504b0304;*:416e64726f69644d616e69666573742e786d6c;*:636c61737365732e646578 LibClamAV debug: 0003818543.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 8 APIcalls, maxapi 55 LibClamAV debug: Parsed 38 BBs, 135 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0004387699.cbc(39) has logical signature: BC.Exploit.CVE_2013_3893.{CVE_2013_3893};Engine:57-255,Target:3;0;2e6170706c79656c656d656e7428*2e6f6e6c6f736563617074757265*2e7365746361707475726528*2e7365746361707475726528 LibClamAV debug: 0004387699.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 4 APIcalls, maxapi 16 LibClamAV debug: Parsed 35 BBs, 96 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0005534921.cbc(40) has logical signature: BC.Exploit.CVE_2012_4148.{};Engine:70-255,Target:10;(0&2&1);0:255044462d312e;*:2f416e6e6f74;*:2f53756274797065{-5}2f576964676574 LibClamAV debug: 0005534921.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 3 APIcalls, maxapi 5 LibClamAV debug: Parsed 7 BBs, 26 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 0006374815.cbc(41) has logical signature: BC.Exploit.CVE_2013_1978.{};Engine:56-255,Target:0;0;4:0000000700000002 LibClamAV debug: 0006374815.cbc loaded LibClamAV debug: last.hdb loaded LibClamAV debug: in cli_tgzload_cleanup() LibClamAV debug: /Volumes/Data/opt/local/share/clamav/clamav-1258084bf2b2a88a535920ace28f9632.tmp/clamav-a6c75de96d62c521870af8eda064a954.cvd loaded LibClamAV debug: environment detected: LibClamAV debug: check_platform(0x04235050, 0x08040201, 0x01040201) LibClamAV debug: check_platform(0x04 2 3 50 50,0x0 8 04 02 01,0x01 04 02 01) LibClamAV debug: check_platform( OS CPU COM FL DCONF,BE PTR CXX VV.VV.VV, FLG CC VV.VV.VV) LibClamAV debug: Engine version: 0.98.7 LibClamAV debug: Host triple: x86_64-apple-darwin14 LibClamAV debug: Host CPU: i686 LibClamAV debug: OS: Darwin LibClamAV debug: OS release: 14.3.0 LibClamAV debug: OS version: Darwin Kernel Version 14.3.0: Mon Mar 23 11:59:05 PDT 2015; root LibClamAV debug: OS hardware: x86_64 LibClamAV debug: OS LLVM category: 3 LibClamAV debug: Has JIT compiled: 1 LibClamAV debug: ------------------------------------------------------ LibClamAV debug: Bytecode: mode is 0 LibClamAV debug: Bytecode: BC_STARTUP running (loaded) LibClamAV debug: Bytecode 28: executing in interpeter mode LibClamAV debug: bytecode: registered ctx variable at 0x108adb3e0 (+256) id 6 LibClamAV debug: bytecode: registered ctx variable at 0x108adb2d4 (+2) id 2 LibClamAV debug: bytecode: registered ctx variable at 0x108adb2e0 (+256) id 1 LibClamAV debug: bytecode: registered ctx variable at 0x108adb4e0 (+4) id 5 LibClamAV debug: bytecode: registered ctx variable at 0x108adb4e8 (+648) id 4 LibClamAV debug: bytecode: registered ctx variable at 0x7faa98436760 (+752) id 7 LibClamAV debug: bytecode debug: startup: bytecode execution in auto mode LibClamAV debug: intepreter bytecode run finished in 49us, after executing 119 opcodes LibClamAV debug: Bytecode: disable status is 0 ERROR: During database load : LibClamAV debug: Initialized 0.98.7 engine [...] LibClamAV debug: Bytecode: disable status is 0 ERROR: Database load killed by signal 11 ERROR: Failed to load new database
looks like the fork()'d child in test_database_wrap() is crashing: * thread #1: tid = 0x4edd09, 0x000000010041d64d libclamav.6.dylib`llvm::MachineSSAUpdater::~MachineSSAUpdater() + 9, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) frame #0: 0x000000010041d64d libclamav.6.dylib`llvm::MachineSSAUpdater::~MachineSSAUpdater() + 9 libclamav.6.dylib`llvm::MachineSSAUpdater::~MachineSSAUpdater: -> 0x10041d64d <+9>: movq 0x8(%rbx), %rdi 0x10041d651 <+13>: movl (%rbx), %edx 0x10041d653 <+15>: shlq $0x4, %rdx 0x10041d657 <+19>: movl $0x5a, %esi (lldb) bt all * thread #1: tid = 0x4edd09, 0x000000010041d64d libclamav.6.dylib`llvm::MachineSSAUpdater::~MachineSSAUpdater() + 9, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) * frame #0: 0x000000010041d64d libclamav.6.dylib`llvm::MachineSSAUpdater::~MachineSSAUpdater() + 9 frame #1: 0x0000000100520679 libclamav.6.dylib`(anonymous namespace)::TailDuplicatePass::runOnMachineFunction(llvm::MachineFunction&) + 6601 frame #2: 0x000000010023ad94 libclamav.6.dylib`llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 48 frame #3: 0x0000000100252ecf libclamav.6.dylib`llvm::FPPassManager::runOnFunction(llvm::Function&) + 287 frame #4: 0x000000010025299d libclamav.6.dylib`llvm::FunctionPassManagerImpl::run(llvm::Function&) + 87 frame #5: 0x000000010025285d libclamav.6.dylib`llvm::FunctionPassManager::run(llvm::Function&) + 81 frame #6: 0x000000010020e89b libclamav.6.dylib`llvm::JIT::runJITOnFunctionUnlocked(llvm::Function*, llvm::MutexGuard const&) + 51 frame #7: 0x000000010020ea8e libclamav.6.dylib`llvm::JIT::getPointerToFunction(llvm::Function*) + 162 frame #8: 0x0000000100154152 libclamav.6.dylib`cli_bytecode_prepare_jit + 6107 frame #9: 0x00000001000c66d2 libclamav.6.dylib`cli_bytecode_prepare2 + 2139 frame #10: 0x000000010000f026 freshclam`test_database + 149 frame #11: 0x000000010000ef8a freshclam`test_database_wrap + 767 frame #12: 0x000000010000d602 freshclam`updatedb + 5914 frame #13: 0x000000010000b85a freshclam`downloadmanager + 4470 frame #14: 0x000000010000a518 freshclam`download + 118 frame #15: 0x0000000100009eed freshclam`main + 2777 frame #16: 0x00007fff8c96a5c9 libdyld.dylib`start + 1 frame #17: 0x00007fff8c96a5c9 libdyld.dylib`start + 1
Looking into this - it works OK on my Mac OS X x64, but it is a little behind what you are running(Darwin Kernel Version 13.4.0 vs Darwin Kernel Version 14.3.0). Are you using any parameters on ./configure?
yep, this is actually built with the MacPorts port (which I maintain). Mac OS X 10.10.3 . Configure is run with: ./configure --prefix=/opt/local --mandir=/opt/local/share/man --with-zlib=/opt/local --with-openssl=/opt/local --disable-silent-rules the MacPorts provided zlib is version 1.2.8 and openssl is 1.0.2a
libclamav/c++/configure has the problem from #11188, which is probably causing this. I'm patching/rebuilding now to test.
looks like patching libclamav/c++/configure did not fix this - I'm still seeing the same crash.
I should be running the latest Xcode/command line tools too: % clang --version Apple LLVM version 6.1.0 (clang-602.0.49) (based on LLVM 3.6.0svn) Target: x86_64-apple-darwin14.3.0 Thread model: posix
Mine is slightly behind again: Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1 Apple LLVM version 6.0 (clang-600.0.57) (based on LLVM 3.5svn) Target: x86_64-apple-darwin13.4.0 Thread model: posix Can't see any recent code changes affecting this... Your same setup is working with ClamAV 0.98.6?
yep - although I believe my 0.98.6 was built on whatever OS & Xcode release was current when it was released.
Created attachment 6872 [details] some more crash info (from lldb) this may or may not be helpful but I rebuilt with --enable-debug and did 'frame variable' for each frame that had info.
As as stupid hack, if I comment out the body of the destructor in clamav-0.98.7/libclamav/c++/llvm/lib/CodeGen/MachineSSAUpdater.cpp (the delete &getAvailableVals(AV);), it runs without crashing.
(In reply to Daniel J. Luke from comment #10) > As as stupid hack, if I comment out the body of the destructor in > clamav-0.98.7/libclamav/c++/llvm/lib/CodeGen/MachineSSAUpdater.cpp (the > delete &getAvailableVals(AV);), it runs without crashing. You could also try using ./configure --enable-llvm=no or --with-system-llvm options as possible workarounds.
(In reply to Steven Morgan from comment #11) > (In reply to Daniel J. Luke from comment #10) > > As as stupid hack, if I comment out the body of the destructor in > > clamav-0.98.7/libclamav/c++/llvm/lib/CodeGen/MachineSSAUpdater.cpp (the > > delete &getAvailableVals(AV);), it runs without crashing. > > You could also try using ./configure --enable-llvm=no or --with-system-llvm > options as possible workarounds. I don't think Apple ships an llvm-config for the configure script to find (I could pull in a MacPorts provided llvm, I guess). I would imagine it would work with --enable-llvm=no.
(In reply to Daniel J. Luke from comment #12) > I would imagine it would work with --enable-llvm=no. and I can confirm that this does work. I'll re-enable it in the MacPorts port once this bug has a fix.
An additional symptom of (apparently) this bug: Clamd gives a "Segmentation Fault: 11" when trying to run on OS X 10.10.3 after build with default configure/make (also happens with 0.98.6 when built on 10.10.3; 0.98.6 had built fine on 10.9.x with default configure/make). Configuring with --enable-llvm=no works for this symptom as well. Possibly related: Web searches indicate a number of programs that use libtool are having an issue with 10.10.x due to a test of MACOSX_DEPLOYMENT_TARGET treating 10.10 as if it's 10.1.
(In reply to Larry Stone from comment #14) > Possibly related: Web searches indicate a number of programs that use > libtool are having an issue with 10.10.x due to a test of > MACOSX_DEPLOYMENT_TARGET treating 10.10 as if it's 10.1. that's bug 11188 - after patching libclamav/c++ configure (and verifying that the top-level configure is already patched), the crash still happens.
(In reply to Daniel J. Luke from comment #15) > that's bug 11188 - after patching libclamav/c++ configure (and verifying > that the top-level configure is already patched), the crash still happens. I get "You are not authorized to access bug #11188."
Will compiling with --enable-llvm=no mean that there will be no support for bytecode signatures? If so, is the advice for package maintainers to stick with 0.98.6 or compile with llvm=no while we wait for 0.98.8? Which is the lesser of two evils and will 0.98.8 be release soon as a quick fix?
(In reply to Mark Allan from comment #17) > Will compiling with --enable-llvm=no mean that there will be no support for > bytecode signatures? > > If so, is the advice for package maintainers to stick with 0.98.6 or compile > with llvm=no while we wait for 0.98.8? Which is the lesser of two evils and > will 0.98.8 be release soon as a quick fix? --enable-llvm=no disables use of the llvm just-in-time compiler for ClamAV bytecode signatures. In this case, the built-in ClamAV bytecode interpreter handles ClamAV bytecode signatures. I would go with 0.98.7 if possible.
(In reply to Daniel J. Luke from comment #15) > (In reply to Larry Stone from comment #14) > > Possibly related: Web searches indicate a number of programs that use > > libtool are having an issue with 10.10.x due to a test of > > MACOSX_DEPLOYMENT_TARGET treating 10.10 as if it's 10.1. > > that's bug 11188 - after patching libclamav/c++ configure (and verifying > that the top-level configure is already patched), the crash still happens. Yep. Now that I can see 11188, I can say I had already tried patching those two files based on what I was reading elsewhere and still got the segmentation fault so will conclude that my issue with clamd is unrelated to the libtool MACOSX_DEPLOYMENT_TARGET issue.
*** Bug 11324 has been marked as a duplicate of this bug. ***
Additional note: we need to make sure that the unit tests (make check) work on Mac OS X 10.10.3. This issue was reported in bug #11324. It appears to be the same underlying cause (llvm).
Any progress in this issue?
(In reply to Sierk Bornemann from comment #22) > Any progress in this issue? It appears to be an issue compiling the built-in LLVM JIT using -O2. These are the possible work arounds identified so far: - compile llvm unoptimized: ./configure CXXFLAGS='-O0' - use llvm library already your system: ./configure --with-system-llvm - use the bytecode interpreter instead of LLVM JIT: ./configure --enable-llvm=no
ClamAV 0.98.7 and ClamAV 0.99.0-rc1 built on OS X 10.10 Yosemite and on 10.11 El Capitan have this issue. ClamAV 0.98.7 and ClamAV 0.99.0-rc1 built on OS X 10.9 Mavericks has no issue.
I tested to build and run ClamAV 0.99-rc1 on OS X 10.11.1 (15B42) El Capitan. 1. Versions of LLVM beyond 3.5 seem not be currently supported in ClamAV, so I installed LLVM 3.5.2 to /usr/local. 2. I configured ClamAV to use LLVM that I installed as a system library instead of the built-in LLVM JIT as following: --- export CFLAGS="-O3 -march=nocona" export CXXFLAGS="-O3 -march=nocona" export CPPFLAGS="-I/usr/local/ssl/include" ./configure --prefix=/usr/local/clamXav --build=x86_64-apple-darwin`uname -r` --with-openssl=/usr/local/ssl --with-pcre=/usr/local --with-system-llvm=/usr/local/clang+llvm-3.5.2-x86_64-apple-darwin/bin/llvm-config 3. Now now clamd and freshclam are running steadily as daemon. 4. Build information is follwing: Build information ----------------- Clang: 4.2.1 Compatible Apple LLVM 7.0.0 (clang-700.1.76) (4.2.1) GNU C++: 4.2.1 Compatible Apple LLVM 7.0.0 (clang-700.1.76) (4.2.1) CPPFLAGS: -I/usr/local/ssl/include -I/usr/local/include CFLAGS: -O3 -march=nocona -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE CXXFLAGS: -O3 -march=nocona LDFLAGS: -L/usr/local/lib -lpcre Configure: '--prefix=/usr/local/clamXav' '--build=x86_64-apple-darwin15.0.0' '--with-openssl=/usr/local/ssl' '--with-pcre=/usr/local' '--with-system-llvm=/usr/local/clang+llvm-3.5.2-x86_64-apple-darwin/bin/llvm-config' 'build_alias=x86_64-apple-darwin15.0.0' 'CFLAGS=-O3 -march=nocona' 'CPPFLAGS=-I/usr/local/ssl/include' --enable-ltdl-convenience sizeof(void*) = 8 Engine flevel: 81, dconf: 81
(In reply to Eiichi Yokota from comment #25) > I tested to build and run ClamAV 0.99-rc1 on OS X 10.11.1 (15B42) El Capitan. > > 1. Versions of LLVM beyond 3.5 seem not be currently supported in ClamAV, so > I installed LLVM 3.5.2 to /usr/local. Correct, some interfaces to LLVM have changed in 3.6/3.7. Work is in progress to get those versions supported by ClamAV --with-system-llvm. I've just added some info to docs/clamdoc* about LLVM support.
(In reply to Steven Morgan from comment #23) > It appears to be an issue compiling the built-in LLVM JIT using -O2. These > are the possible work arounds identified so far: > > - compile llvm unoptimized: ./configure CXXFLAGS='-O0' > - use llvm library already your system: ./configure --with-system-llvm > - use the bytecode interpreter instead of LLVM JIT: ./configure > --enable-llvm=no Is there a recommendation for which option packagers should be using (MacPorts is using the third option currently, but I can easily switch it to something else).
(In reply to Daniel J. Luke from comment #27) > (In reply to Steven Morgan from comment #23) > > It appears to be an issue compiling the built-in LLVM JIT using -O2. These > > are the possible work arounds identified so far: > > > > - compile llvm unoptimized: ./configure CXXFLAGS='-O0' > > - use llvm library already your system: ./configure --with-system-llvm > > - use the bytecode interpreter instead of LLVM JIT: ./configure > > --enable-llvm=no > > Is there a recommendation for which option packagers should be using > (MacPorts is using the third option currently, but I can easily switch it to > something else). I personally favor the 3rd option, followed by the 2nd, and lastly the 1st. Here are the considerations: Much smaller ClamAV code footprint for 2nd and 3rd options. Slightly faster in overall execution time with JIT (~.5% in our overall system measurements). Although, JIT can be much faster(~5X) when measuring long-running bytecode signatures and viewing only the bytecode signature execution time (measured with clamscan --statistics=bytecode). We don't ship that many bytecode sigs, which may partially explain the negligible overall difference. Also, of these, only one or two tend to be long-running. If using option two, you can get a more llvm version than than the built-in llvm, for whatever that's worth.
(In reply to Daniel J. Luke from comment #27) > (In reply to Steven Morgan from comment #23) > > It appears to be an issue compiling the built-in LLVM JIT using -O2. These > > are the possible work arounds identified so far: > > > > - compile llvm unoptimized: ./configure CXXFLAGS='-O0' > > - use llvm library already your system: ./configure --with-system-llvm > > - use the bytecode interpreter instead of LLVM JIT: ./configure > > --enable-llvm=no > > Is there a recommendation for which option packagers should be using > (MacPorts is using the third option currently, but I can easily switch it to > something else). What about using the --with-system-llvm option --with-openssl=/opt/local \ --with-pcre=/opt/local \ --with-system-llvm=/opt/local/libexec/llvm-3.5/bin/llvm-config on MacPorts' port file, creating a dependence on opensssl, pcre llvm-3.5 (or greater) ports? I use that for my ClamXav BYO, and it seems to work very well (I've installed pcre, openssl, llvm-3.5 via MacPorts).
(In reply to Sierk Bornemann from comment #29) > What about using the --with-system-llvm option [snip] If you'd like to have a MacPorts discussion, we should probably do it outside of the clamav bugtracker (feel free to post to the macports mailing lists, though). I'm hesitant to add a dependency on llvm-3.5 since it's a pretty large/long build.
Just for reference. Now versions of LLVM beyond 3.6 seem to be supported in ClamAV 0.99.1. I installed LLVM 3.6.2 to /usr/local and build ClamAV 0.99.1 using --with-system-llvm=/usr/local/clang+llvm-3.6.2-x86_64-apple-darwin/bin/llvm-config I can succeed to build and run ClamAV 0.99.1 on OS X 10.10 Yosemite and on 10.11 El Capitan.
(In reply to Eiichi Yokota from comment #31) > Just for reference. > > Now versions of LLVM beyond 3.6 seem to be supported in ClamAV 0.99.1. > I installed LLVM 3.6.2 to /usr/local and build ClamAV 0.99.1 using > --with-system-llvm=/usr/local/clang+llvm-3.6.2-x86_64-apple-darwin/bin/llvm- > config > > I can succeed to build and run ClamAV 0.99.1 on OS X 10.10 Yosemite and on > 10.11 El Capitan. I can confirm that for LLVM 3.6.2, it seems to build and work fine. For LLVM > 3.6: the build fails for LLVM 3.7.1 with --with-system-llvm=/opt/local/libexec/llvm-3.7/bin/llvm-config and the build process breaks shortly after: [..] configure: Using external LLVM checking for supported LLVM version... no (3.7.1) configure: error: LLVM < 3.7 required, but "3.7.1"(371) found configure: error: Failed to configure LLVM, and LLVM was explicitly requested [..] I've not tested with upcoming LLVM 3.8 release (on SVN server already tagged and branched as "final release") or LLVM 3.9svn trunk.
*** Bug 11841 has been marked as a duplicate of this bug. ***
this issue has been fixed