Bug 1918444

Summary: clamonacc crashes repeatedly in 0.103.0-1 packages from EPEL for CentOS and RHEL 7
Product: [Fedora] Fedora EPEL Reporter: Jeff Blaine <jblaine>
Component: clamavAssignee: Robert Scheck <redhat-bugzilla>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: epel7CC: anon.amish, bennie.joubert, gbcox, hanspeter.gosteli, janfrode, j, lee.jnk, ondrejj, orion, pgnet.dev, redhat-bugzilla, rh-bugzilla, sergio, steve
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: clamav-0.103.0-3.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-13 02:14:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeff Blaine 2021-01-20 18:03:16 UTC 
Description of problem:

OnAccess scanning via clamonacc is completely broken in the 0.103.0-1 packages out in EPEL 7. I reported this at https://bugzilla.clamav.net/show_bug.cgi?id=12650 and it was determined that the code works fine but something in the EPEL build + packaging process has broken the product.

Version-Release number of selected component (if applicable): 0.103.0-1

How reproducible: Always

Steps to Reproduce:

(see "Additional Info" below, but basically...)
1. Install 0.103.0-1 from EPEL 7
2. Turn on OnAccess scanning and include some path like /home
3. cat some file under that path

Actual results:

clamonacc crashes ("stack smashing")

Expected results:

clamonacc scans the file and doesn't crash

Additional info:

ENVIRONMENT: RHEL 7.9 and CentOS 7.9 with ClamAV 0.103.0-1 as delivered via EPEL circa 12/12/2020

clamd.conf contains:
...
OnAccessMaxFileSize 100M
OnAccessIncludePath /home
OnAccessExcludeRootUID yes
OnAccessPrevention yes

One host's info is below. A query of all of our hosts running this version shows they are all experiencing this to varying degree.

-bash-4.2$ sudo grep clam /var/log/yum.log
Dec 12 06:03:47 Updated: clamav-filesystem-0.103.0-1.el7.noarch
Dec 12 06:03:48 Updated: clamav-lib-0.103.0-1.el7.x86_64
Dec 12 06:03:48 Updated: clamav-update-0.103.0-1.el7.x86_64
Dec 12 06:03:48 Updated: clamav-0.103.0-1.el7.x86_64
Dec 12 06:03:48 Updated: clamd-0.103.0-1.el7.x86_64
Dec 12 06:03:55 Updated: clamav-data-0.103.0-1.el7.noarch
-bash-4.2$
-bash-4.2$ rpm -qa | grep clam
clamd-0.103.0-1.el7.x86_64
clamav-filesystem-0.103.0-1.el7.noarch
clamav-lib-0.103.0-1.el7.x86_64
clamav-update-0.103.0-1.el7.x86_64
clamav-0.103.0-1.el7.x86_64
clamav-data-0.103.0-1.el7.noarch
-bash-4.2$

-bash-4.2$ sudo grep smash /var/log/messages
Dec 12 06:29:41 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 12 11:28:33 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 12 13:22:30 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 12 13:34:35 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 13 06:34:41 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 13 07:28:20 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 13 07:33:07 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 13 08:33:31 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 14 06:33:31 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 14 07:32:26 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 15 06:33:31 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 15 07:32:26 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 16 06:33:31 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 16 07:32:26 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 17 06:33:31 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Dec 17 07:32:26 host.our.com clamonacc: *** stack smashing detected ***: /usr/sbin/clamonacc terminated
Comment 1 Sergio Basto 2021-01-20 18:26:15 UTC 
ls -l /usr/sbin/clamonacc , what is the size of this file ?
Comment 2 Jeff Blaine 2021-01-20 18:42:33 UTC 
[m26560@ipac-el7-tplt ~]$ ls -l /usr/sbin/clamonacc
-rwxr-xr-x. 1 root root 197280 Nov 26 09:46 /usr/sbin/clamonacc
[m26560@ipac-el7-tplt ~]$ sha256sum /usr/sbin/clamonacc
1c044568395d6e5e22ff3979bba537aa90d4c1248ea74fabdd6a7be3b6baa455  /usr/sbin/clamonacc
[m26560@ipac-el7-tplt ~]$ rpm -qa | grep clam
clamd-0.103.0-1.el7.x86_64
clamav-0.103.0-1.el7.x86_64
clamav-filesystem-0.103.0-1.el7.noarch
clamav-data-0.103.0-1.el7.noarch
clamav-update-0.103.0-1.el7.x86_64
clamav-lib-0.103.0-1.el7.x86_64
[m26560@ipac-el7-tplt ~]$
Comment 3 Hanspeter Gosteli 2021-01-22 23:18:34 UTC 
thanks for the info! the latest compiled clamonacc dev/0.103.1 seems stable on rhel7. the clamonacc produced by fedpkg/mock is (identical to sha256sum above) broken as mentioned https://bugzilla.redhat.com/show_bug.cgi?id=1909113#c12

clamav-devel 0.103.1 is supposed to be released within 30 days. if someone could provide a patch i'd be happy to test.
Comment 4 Fedora Update System 2021-01-28 00:55:54 UTC 
FEDORA-EPEL-2021-76471a2936 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-76471a2936
Comment 5 Fedora Update System 2021-01-29 03:02:32 UTC 
FEDORA-EPEL-2021-76471a2936 has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-76471a2936

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2021-02-13 02:14:19 UTC 
FEDORA-EPEL-2021-76471a2936 has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.