search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
4.28k stars 693 forks source link

Random segv with clamav 103.5 on Fedora 35 #440

Closed infra-monkey closed 2 years ago

infra-monkey commented 2 years ago

Describe the bug

Clamd randomly crashes and restarts. For example, this morning, it crashed 3 times in half an hour. Jan 26 09:46:09 monkey-desktop.dyn.empire.lan systemd[1]: Starting clamd scanner (scan) daemon... Jan 26 09:46:22 monkey-desktop.dyn.empire.lan systemd[1]: Started clamd scanner (scan) daemon. Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Main process exited, code=killed, status=11/SEGV Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Failed with result 'signal'. Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 33.472s CPU time. Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Scheduled restart job, restart counter is at 1. Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: Stopped clamd scanner (scan) daemon. Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 33.472s CPU time. Jan 26 09:56:10 monkey-desktop.dyn.empire.lan systemd[1]: Starting clamd scanner (scan) daemon... Jan 26 09:56:24 monkey-desktop.dyn.empire.lan systemd[1]: Started clamd scanner (scan) daemon. Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Main process exited, code=killed, status=11/SEGV Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Failed with result 'signal'. Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 32.066s CPU time. Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Scheduled restart job, restart counter is at 2. Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: Stopped clamd scanner (scan) daemon. Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 32.066s CPU time. Jan 26 10:13:52 monkey-desktop.dyn.empire.lan systemd[1]: Starting clamd scanner (scan) daemon... Jan 26 10:14:06 monkey-desktop.dyn.empire.lan systemd[1]: Started clamd scanner (scan) daemon. Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Main process exited, code=killed, status=11/SEGV Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Failed with result 'signal'. Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 17.169s CPU time. Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Scheduled restart job, restart counter is at 3. Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: Stopped clamd scanner (scan) daemon. Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: clamd@scan.service: Consumed 17.169s CPU time. Jan 26 10:20:12 monkey-desktop.dyn.empire.lan systemd[1]: Starting clamd scanner (scan) daemon... Jan 26 10:20:26 monkey-desktop.dyn.empire.lan systemd[1]: Started clamd scanner (scan) daemon.

How to reproduce the problem

I do not have a specific process to reproduce.

Checking configuration files in /etc

Config file: clamd.d/scan.conf

TemporaryDirectory = "/var/tmp" LocalSocket = "/run/clamd.scan/clamd.sock" LocalSocketGroup = "virusgroup" LocalSocketMode = "660" MaxThreads = "8" MaxQueue = "24" ExcludePath = "^/proc/", "^/sys/", "^/dev/", "^/run/", "^/usr/", "^/var/", "^/tmp/", "^/lib", "^/root/quarantine" SelfCheck = "28800" VirusEvent = "/usr/local/bin/clamd-virus-event.sh" ScanPE disabled ScanMail disabled OnAccessMountPath = "/data/home2-monkey", "/home" OnAccessExcludePath = "^/proc/", "^/sys/", "^/dev/", "^/run/", "^/usr/", "^/var/", "^/tmp/", "^/lib", "^/root/quarantine" OnAccessExcludeRootUID = "yes" OnAccessMaxFileSize = "1048576" OnAccessMaxThreads = "6" OnAccessRetryAttempts = "3"

Config file: freshclam.conf

LogRotate = "yes" DatabaseMirror = "database.clamav.net"

mail/clamav-milter.conf not found

Software settings

Version: 0.103.5 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON

Database information

Database directory: /var/lib/clamav bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 16:21:51 2021 main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021 daily.cld: version 26433, sigs: 1972669, built on Tue Jan 25 10:33:19 2022 Total number of signatures: 8620188

Platform information

uname: Linux 5.15.16-200.fc35.x86_64 #1 SMP Thu Jan 20 15:38:18 UTC 2022 x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x0a217e7e08000000020b0201

Build information

GNU C: 11.2.1 20211203 (Red Hat 11.2.1-7) (11.2.1) CPPFLAGS: -I/usr/include/libprelude CFLAGS: -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection LDFLAGS: -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -lprelude Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXX=g++' 'CXXFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1' 'CC=gcc' 'CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' sizeof(void*) = 8 Engine flevel: 126, dconf: 126

Attachments

I have generated a coredump and backtrace from abrt but the file is over 400MB. Tell me if you want it to be uploaded and where.

infra-monkey commented 2 years ago

Here is part of the backtrace. clamd-backtrace.txt

micahsnyder commented 2 years ago

Hi @infra-monkey thanks for the report. We've also observed this and are working on a fix. We'll have something to resolve it in the next patch release.

infra-monkey commented 2 years ago

@micahsnyder thank you for the info and the quick reply. I hope to see it land soon in my distro of choice :smile:

infra-monkey commented 2 years ago

Hello @micahsnyder I see that 104.2 is out. Does it contain the fix mentioned before? Just to know before notifying the distro package maintainer.

micahsnyder commented 2 years ago

@infra-monkey nope. There has not been a patch release since the initial report. The next patch releases (0.103.6 and 0.104.3) will be in late April and will include the fix.

infra-monkey commented 2 years ago

@micahsnyder thank you for the clarification. I did not understand well the lifecycle.