Bug 1539030

Summary:	CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380
Product:	[Fedora] Fedora EPEL	Reporter:	Ruben Püttmann <ruben>
Component:	clamav	Assignee:	Robert Scheck <redhat-bugzilla>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	urgent	Docs Contact:
Priority:	unspecified
Version:	epel7	CC:	andreas.moog, bennie.joubert, customercare, gbcox, janfrode, j, ondrejj, orion, redhat-bugzilla, rh-bugzilla, sergio, steve
Target Milestone:	---	Keywords:	Reopened
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	clamav-0.99.3-1.el7 clamav-0.99.3-8.el6	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-03-02 16:02:51 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Ruben Püttmann 2018-01-26 13:02:25 UTC

Description of problem:


Seven CVE's in current clamav (EPEL7 EPEL6) please update urgent to:

ClamAV 0.99.3

Please see: 

http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

Comment 1 customercare 2018-01-26 23:08:34 UTC

Info:

0.99.3. Build is ready.

We installed it on serveral servers, 
no problems yet.

Comment 2 customercare 2018-01-26 23:09:20 UTC

Architecture used:

X86_64 + i686 packages.

Comment 3 Fedora Update System 2018-01-27 01:41:36 UTC

clamav-0.99.3-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-685990fa70

Comment 4 Fedora Update System 2018-01-27 01:43:13 UTC

clamav-0.99.3-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-369a48191f

Comment 5 customercare 2018-01-27 09:22:27 UTC

First Bugreport from Fedora 26 X86_64 

Server was not able to start clamd after a reboot (4:34 am)

Jan 27 04:05:29 s113 clamd[29825]: SelfCheck: Database status OK.
Jan 27 04:15:30 s113 clamd[29825]: SelfCheck: Database status OK.
Jan 27 04:25:30 s113 clamd[29825]: SelfCheck: Database status OK.
Jan 27 04:31:22 s113 systemd[1]: Stopping Clamd Exim An Interface Between MTA And Content Checkers...
Jan 27 04:31:23 s113 clamd[29825]: Pid file removed.
Jan 27 04:31:23 s113 clamd[29825]: --- Stopped at Sat Jan 27 04:31:23 2018
Jan 27 04:31:23 s113 clamd[29825]: Socket file removed.
Jan 27 04:31:23 s113 systemd[1]: Stopped Clamd Exim An Interface Between MTA And Content Checkers.
Jan 27 04:34:06 s113 systemd[1]: Starting Clamd Exim An Interface Between MTA And Content Checkers...
Jan 27 04:34:08 s113 clamd[739]: Received 0 file descriptor(s) from systemd.
Jan 27 04:34:08 s113 clamd[739]: clamd daemon 0.99.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 27 04:34:08 s113 clamd[739]: Running as user exim (UID 93, GID 93)
Jan 27 04:34:08 s113 clamd[739]: Log file size limited to 1048576 bytes.
Jan 27 04:34:08 s113 clamd[739]: Reading databases from /var/lib/clamav
Jan 27 04:34:08 s113 clamd[739]: Not loading PUA signatures.
Jan 27 04:34:08 s113 clamd[739]: Bytecode: Security mode set to "TrustSigned".
Jan 27 04:35:36 s113 systemd[1]: clamd.exim.service: Start operation timed out. Terminating.
Jan 27 04:35:36 s113 systemd[1]: Failed to start Clamd Exim An Interface Between MTA And Content Checkers.
Jan 27 04:35:36 s113 systemd[1]: clamd.exim.service: Unit entered failed state.
Jan 27 04:35:36 s113 systemd[1]: clamd.exim.service: Failed with result 'timeout'.

After i started it by hand, it complained about a duplicate database :

Jan 27 10:14:40 s113 systemd[1]: Starting Clamd Exim An Interface Between MTA And Content Checkers...
Jan 27 10:14:41 s113 clamd[7710]: Received 0 file descriptor(s) from systemd.
Jan 27 10:14:41 s113 clamd[7710]: clamd daemon 0.99.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 27 10:14:41 s113 clamd[7710]: Running as user exim (UID 93, GID 93)
Jan 27 10:14:41 s113 clamd[7710]: Log file size limited to 1048576 bytes.
Jan 27 10:14:41 s113 clamd[7710]: Reading databases from /var/lib/clamav
Jan 27 10:14:41 s113 clamd[7710]: Not loading PUA signatures.
Jan 27 10:14:41 s113 clamd[7710]: Bytecode: Security mode set to "TrustSigned".
Jan 27 10:14:55 s113 clamd[7710]: LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them
Jan 27 10:14:56 s113 clamd[7710]: LibClamAV Warning: Detected duplicate databases /var/lib/clamav/bytecode.cvd and /var/lib/clamav/bytecode.cld, please manually remove one of them
Jan 27 10:14:56 s113 clamd[7710]: Loaded 6397212 signatures.
Jan 27 10:14:58 s113 clamd[7710]: LOCAL: Unix socket file /var/run/clamd.exim/clamd.sock
Jan 27 10:14:58 s113 clamd[7710]: LOCAL: Setting connection queue length to 200
Jan 27 10:14:58 s113 clamd[7715]: Limits: Global size limit set to 104857600 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: File size limit set to 26214400 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: Recursion level limit set to 16.
Jan 27 10:14:58 s113 clamd[7715]: Limits: Files limit set to 10000.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxScriptNormalize limit set to 5242880 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxPartitions limit set to 50.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxIconsPE limit set to 100.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxRecHWP3 limit set to 16.
Jan 27 10:14:58 s113 clamd[7715]: Limits: PCREMatchLimit limit set to 10000.
Jan 27 10:14:58 s113 clamd[7715]: Limits: PCRERecMatchLimit limit set to 5000.
Jan 27 10:14:58 s113 clamd[7715]: Limits: PCREMaxFileSize limit set to 26214400.
Jan 27 10:14:58 s113 clamd[7715]: Archive support enabled.
Jan 27 10:14:58 s113 clamd[7715]: Algorithmic detection enabled.
Jan 27 10:14:58 s113 clamd[7715]: Portable Executable support enabled.
Jan 27 10:14:58 s113 clamd[7715]: ELF support enabled.
Jan 27 10:14:58 s113 clamd[7715]: Mail files support enabled.
Jan 27 10:14:58 s113 clamd[7715]: OLE2 support enabled.
Jan 27 10:14:58 s113 clamd[7715]: PDF support enabled.
Jan 27 10:14:58 s113 clamd[7715]: SWF support enabled.
Jan 27 10:14:58 s113 clamd[7715]: HTML support enabled.
Jan 27 10:14:58 s113 clamd[7715]: XMLDOCS support enabled.
Jan 27 10:14:58 s113 clamd[7715]: HWP3 support enabled.
Jan 27 10:14:58 s113 clamd[7715]: Self checking every 600 seconds.
Jan 27 10:15:00 s113 systemd[1]: Started Clamd Exim An Interface Between MTA And Content Checkers.

Comment 6 customercare 2018-01-27 09:25:13 UTC

-rw-r--r-- 1 clamupdate clamupdate    766976 10. Dez 04:25 bytecode.cld
-rw-r--r-- 1 clamupdate clamupdate    153228  9. Jan 01:24 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate 131275264 27. Jan 03:01 daily.cld
-rw-r--r-- 1 clamupdate clamupdate 307499008 10. Dez 04:24 main.cld
-rw-r--r-- 1 clamupdate clamupdate 117892267  9. Jan 01:28 main.cvd
-rw------- 1 clamupdate clamupdate      2236 27. Jan 10:24 mirrors.dat

i removed the .cld files, they don't look right in my eyes.

Comment 7 Sergio Basto 2018-01-27 19:07:32 UTC

For moments tough that was a bad update of .cvd files and I unpush epel7 0.99.2-18 build.
But "Detected duplicate databases" is usual and not a problem, .cvd and .cld files are supposed to be identical, so yes you would use one or the other. cvd is a compressed file and cld is not. daily.cvd is from clamav-data and daily.cld is downloaded with clamav-update and they are marked as ghostfiles in clamav.spec (for package clamav-update) i.e. file is empty in package , so must be downloaded .
In short if you update databases you should remove .cvd (rm *cvd) you may also do: dnf install clamav-data-empty --allowerasing


2nd thing you mention that you started the service manually, but  now start , stop and restart works well ?  maybe it is just because service changed the type ... .

Comment 8 Fedora Update System 2018-01-28 22:09:57 UTC

clamav-0.99.3-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-369a48191f

Comment 9 Fedora Update System 2018-01-28 22:10:14 UTC

clamav-0.99.3-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-685990fa70

Comment 10 Fedora Update System 2018-01-29 17:30:25 UTC

clamav-0.99.3-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2018-02-15 01:38:43 UTC

clamav-0.99.3-8.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-be69c94866

Comment 12 Fedora Update System 2018-02-15 14:49:12 UTC

clamav-0.99.3-8.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-be69c94866

Comment 13 Fedora Update System 2018-03-02 16:02:51 UTC

clamav-0.99.3-8.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.