search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
3.99k stars 670 forks source link

libyara code used in ClamAV needs to be updated #1115

Open micahsnyder opened 6 months ago

micahsnyder commented 6 months ago

Describe the bug

ClamAV includes some yara headers and parser logic (lex/grammar stuff) from libyara for loading yara rules into the pattern matching structures alongside traditional clamav logical signatures. Our copy of these yara structures, lexer, and grammar files are circa 2014 (~9 years old!) and should really be updated:

libclamav/yara_arena.c
libclamav/yara_arena.h
libclamav/yara_clam.h
libclamav/yara_compiler.c
libclamav/yara_compiler.h
libclamav/yara_exec.c
libclamav/yara_exec.h
libclamav/yara_grammar.c
libclamav/yara_grammar.h
libclamav/yara_grammar.y
libclamav/yara_hash.c
libclamav/yara_hash.h
libclamav/yara_lexer.c
libclamav/yara_lexer.h
libclamav/yara_lexer.l
libclamav/yara_parser.c
libclamav/yara_parser.h

I have two reasons for wanting to update.

  1. there was an old bugzilla ticket describing an incompatibility between GPLv2 and the old license used by libyara (Apache 2.0). The gist is that Apache 2.0 isn't as "free" as GPLv2, so people who own the GPLv2 code (us) may object to the less-free Apache 2.0 being included. For the record, we're cool with it -- but rather than add and exception to our COPYING.txt file to say as much, we planned to just upgrade the code. That... just hasn't happened yet.

  2. Oss-fuzz has found a handful of issues with code quality when loading yara sigs into clam. At least a few of these are issues fixed in modern yara code. Upgrading our copy of those sources should resolve them.

micahsnyder commented 6 months ago

For internal reference, see Jira CLAM-1058

Rutuj-Runwal commented 6 months ago

Can I work on the version upgrade?

micahsnyder commented 6 months ago

I believe we talked about this in Discord chat. Leaving a note here so it doesn't look like we don't want the help.

Per the discord chat discussion, I created this issue for @brightprogrammer to work on. I don't know their username on Github. If that's not you, feel free to ask if they decide they can't work on it if they want to hand off to you.

brightprogrammer commented 6 months ago

Yes that's me. Was too enthusiastic at that moment. Started working on it and then went off a tangent. Sorry for that 🙏

micahsnyder commented 6 months ago

@brightprogrammer do you want to work on it in the future, or hand off to @Rutuj-Runwal ?

brightprogrammer commented 6 months ago

Hand over please. I won't be able to continue my work here.