Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
antidebug_antivm.yar & EMAIL_Cryptowall.yar crashes ClamAV 0.100 on Solaris #203
If EMAIL_Cryptowall.yar & antidebug_antivm.yar are used I get core dump on clamav 0.100. Previous versions gave errors but never crashed.
Jusr proof it works without these 2 files:
can confirm for Debian Jessie.
libclamav7:amd64 (0.99.2+dfsg-0+deb8u3, 0.100.0+dfsg-0+deb8u1)
Jun 25 19:12:57 mail amavis: (03777-16) (!)ClamAV-clamd: Empty result from /var/run/clamav/clamd.ctl, retrying (2)
same problem here,
(14-456 smtpout03) smtpout-03 ~ # rpm -qa | grep clamav
[...] blah blah
referenced this issue
Jul 18, 2018
Fedora 28, same:
There's looks to be a bug in the yara rule parsing, which is filed here: https://bugzilla.clamav.net/show_bug.cgi?id=12077 No ETA on a fix. I have removed the yara rules as per @vladki77 's suggestion in #203 (comment) to resolve the issue. According to https://bugzilla.clamav.net/show_bug.cgi?id=12077#c14, the offending yara rule is in