Skip to content
This repository has been archived by the owner on Aug 6, 2024. It is now read-only.

ClamAV malformed database for Raw64 dropper #35

Open
siemhermans opened this issue Dec 21, 2020 · 0 comments
Open

ClamAV malformed database for Raw64 dropper #35

siemhermans opened this issue Dec 21, 2020 · 0 comments

Comments

@siemhermans
Copy link

ClamAV seems to experience issues when reading the ruleset from APT_Dropper_Raw64_TEARDROP_1.yar on Ubuntu 18.04.5 LTS. All other Yara rulesets work without issues.

$ clamscan -ir -d APT_Dropper_Raw64_TEARDROP_1.yar /
LibClamAV Error: parse_yara_hex_string: Single byte subpatterns unsupported in ClamAV
LibClamAV Error: load_oneyara: error in parsing yara hex string
LibClamAV Warning: load_oneyara: clamav cannot support 1 input strings, skipping YARA.APT_Dropper_Raw64_TEARDROP_1
LibClamAV Warning: cli_loadyara: problem parsing yara file APT_Dropper_Raw64_TEARDROP_1.yar, yara rule APT_Dropper_Raw64_TEARDROP_1
LibClamAV Error: Can't load APT_Dropper_Raw64_TEARDROP_1.yar: Malformed database
ERROR: Malformed database

----------- SCAN SUMMARY -----------
Known viruses: 0
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.006 sec (0 m 0 s)                                                                                                                                                                                                                                                                                                 

$  clamscan --version                                                            
ClamAV 0.102.4/26024/Mon Dec 21 13:48:10 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@siemhermans