Bug 11880 – [clamav-users] "ERROR: Malformed database" for local.ign2 with Windows Newlines

Bug 11880 - [clamav-users] "ERROR: Malformed database" for local.ign2 with Windows Newlines


Summary:	[clamav-users] "ERROR: Malformed database" for local.ign2 with Windows Newlines

Status:	RESOLVED FIXED

Product:	ClamAV
Classification:	ClamAV
Component:	libclamav
Version:	ALL
Hardware:	x86_64 GNU/Linux

Importance:	P3 normal
Target Milestone:	0.99.4
Assigned To:	ClamAV team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-08-01 15:12 EDT by Steven Morgan
Modified:	2021-02-03 21:11 EST (History)
CC List:	1 user (show)

See Also:
QA Contact:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Steven Morgan 2017-08-01 15:12:21 EDT

Andy Schmidt <Andy_Schmidt@hm-software.com>
	
2:20 PM (51 minutes ago)
	
to ClamAV
I just confirmed that the Windows builds of ClamAV 0.99.2 will fail to start
ClamD if a "local.ign2" file exists in the database folder that (naturally)
was created under Windows, using the standard Notepad applet.

The default newline sequence for Windows is CR+LF.
The default newline sequence for Unix is LF.
(I think previous versions of Apple's operating systems had yet other
combinations, but that may no longer be an issue with OS/X and/or iOS)

The problem appears to be that ClamAV is not properly looking for any
newline sequence to, but rather is hard-coded to expect signature names
being separated by a single LF character, and will report a "Malformed
database" if any other newline character is encountered in local.ign2.

One I installed and used a suitable third-part software in place of the
standard Windows "Notepad", I finally was able to create a file with
UNIX-style line endings, and then ClamD was able to start again.

Comment 1 Micah Snyder 2021-02-03 21:11:30 EST

This issue must've been fixed at some point since 0.99.2.

I had no problems running clamscan.exe with the following blah.ign2 file:

~/Downloads/clamav-0.103.1-win-x64-portable took 25s
❯ hexyl.exe .\database\blah.ign2
┌────────┬─────────────────────────┬─────────────────────────┬────────┬────────┐
│00000000│ 66 61 6b 65 5f 64 6f 6e ┊ 74 5f 72 65 6d 6f 76 65 │fake_don┊t_remove│
│00000010│ 5f 74 68 69 73 5f 6c 69 ┊ 6e 65 0d 0a 57 69 6e 2e │_this_li┊ne__Win.│
│00000020│ 54 72 6f 6a 61 6e 2e 46 ┊ 72 6f 6d 61 74 43 2d 33 │Trojan.F┊romatC-3│
│00000030│ 0d 0a                   ┊                         │__      ┊        │
└────────┴─────────────────────────┴─────────────────────────┴────────┴────────┘

Note the 0d 0a newlines.

I tested it using: .\clamscan.exe . -r --debug
I found it does load the database.
...
LibClamAV debug: Loading databases from C:\Users\micah\Downloads\clamav-0.103.1-win-x64-portable\database
LibClamAV debug: C:\Users\micah\Downloads\clamav-0.103.1-win-x64-portable\database\blah.ign2 loaded
...