Bug 1660590 - After clamav-unofficial-sigs update, update process segfaults
Summary: After clamav-unofficial-sigs update, update process segfaults
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: clamav-unofficial-sigs
Version: 29
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Didier Fabert (tartare)
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-18 18:36 UTC by Jason Tibbitts
Modified: 2019-01-10 21:24 UTC (History)
5 users (show)

Fixed In Version: clamav-unofficial-sigs-5.6.2-3.fc28 clamav-unofficial-sigs-5.6.2-3.fc29 clamav-unofficial-sigs-5.6.2-3.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-01-01 01:39:49 UTC


Attachments (Terms of Use)

Description Jason Tibbitts 2018-12-18 18:36:35 UTC
Description of problem:

I let clamav-unofficial-sigs update last night:


    Upgrade  clamav-unofficial-sigs-5.6.2-2.fc29.noarch          @updates
    Upgraded clamav-unofficial-sigs-3.7.2-6.fc29.noarch          @@System


After that, the nightly update process failed.  Here's the relevant output from a run of clamav-unofficial-sigs.sh -F:

================================
Yara-Rules Database File Updates
================================
Checking for yararulesproject updates...
Checking for updated yararulesproject database file: antidebug_antivm.yar
2018-12-18 12:19:05 URL:https://raw.githubusercontent.com/Yara-Rules/rules/master//Antidebug_AntiVM/antidebug_antivm.yar [47013/47013] -> "/var/lib/clamav-unofficial-sigs/dbs-yara/antidebug_antivm.yar" [1]
Testing updated yararulesproject database file: antidebug_antivm.yar
/usr/sbin/clamav-unofficial-sigs.sh: line 2741: 28448 Aborted                 (core dumped) $clamscan_bin --quiet -d "$work_dir_yararulesproject/$db_file" "$work_dir_work_configs/scan-test.txt" 2> /dev/null
Clamscan reports yararulesproject antidebug_antivm.yar database integrity tested BAD
Removed invalid database: /var/lib/clamav-unofficial-sigs/dbs-yara/antidebug_antivm.yar
No updated yararulesproject antidebug_antivm.yar database file found

The issue here is that some of the signatures from the YARA rules project are broken and clamav segfaults when processing them.  This wasn't much of a problem before because the previous version of this package didn't enable them.  

You can see more background at 
https://bugzilla.redhat.com/show_bug.cgi?id=1590545 and there is a bug filed upstream with clamav at https://bugzilla.clamav.net/show_bug.cgi?id=12077

I recommend that the problematic signature database be disabled by default.  Unfortunately anyone who had clamav-unofficial-sigs installed and let it update might now have some manual cleanup to do.

Comment 1 Didier Fabert (tartare) 2018-12-20 13:53:53 UTC
This bug is already known by upstream: https://github.com/extremeshok/clamav-unofficial-sigs/issues/215 and I'm waiting for a fix since ... too many time now. Yara rules will be deactivated in the next release (asap).

Fortunately, this can be done easily in config file (which have not the "no-replace" tag in spec file)

Comment 2 Fedora Update System 2018-12-23 17:49:39 UTC
clamav-unofficial-sigs-5.6.2-3.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e496be9ece

Comment 3 Fedora Update System 2018-12-23 17:51:44 UTC
clamav-unofficial-sigs-5.6.2-3.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e76e2df5ea

Comment 4 Fedora Update System 2018-12-23 17:52:37 UTC
clamav-unofficial-sigs-5.6.2-3.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-4b8c08af4d

Comment 5 Fedora Update System 2018-12-24 01:18:01 UTC
clamav-unofficial-sigs-5.6.2-3.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e496be9ece

Comment 6 Fedora Update System 2018-12-24 04:19:27 UTC
clamav-unofficial-sigs-5.6.2-3.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-e76e2df5ea

Comment 7 Fedora Update System 2018-12-24 06:03:33 UTC
clamav-unofficial-sigs-5.6.2-3.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-4b8c08af4d

Comment 8 Fedora Update System 2019-01-01 01:39:49 UTC
clamav-unofficial-sigs-5.6.2-3.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2019-01-01 02:55:26 UTC
clamav-unofficial-sigs-5.6.2-3.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2019-01-10 21:24:47 UTC
clamav-unofficial-sigs-5.6.2-3.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.