clamdscan - MULTISCAN parameter causes Segmentation fault error

On Ubuntu 20.04.2 LTS, downgraded to 0.102.2 - the issue does not occur

Please find below some tests

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.10
DISTRIB_CODENAME=groovy
DISTRIB_DESCRIPTION="Ubuntu 20.10"
/etc/lsb-release (END)

root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log --stdout --verbose --multiscan --fdpass /opt
--------------------------------------
Segmentation fault (core dumped)

root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log --stdout --verbose --fdpass /opt
--------------------------------------
/opt: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.817 sec (0 m 0 s)
Start Date: 2021:04:28 09:08:22
End Date: 2021:04:28 09:08:23

root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log --stdout --verbose --multiscan /opt
--------------------------------------
/opt: lstat() failed: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
Start Date: 2021:04:28 09:08:32
End Date: 2021:04:28 09:08:32

root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log --multiscan /opt
--------------------------------------
/opt: lstat() failed: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
Start Date: 2021:04:28 09:08:44
End Date: 2021:04:28 09:08:44
root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log /opt
--------------------------------------
/opt: lstat() failed: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
Start Date: 2021:04:28 09:08:49
End Date: 2021:04:28 09:08:49

root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log --fdpass /opt
--------------------------------------
/opt: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.818 sec (0 m 0 s)
Start Date: 2021:04:28 09:08:59
End Date: 2021:04:28 09:09:00

Hello Codrin and thanks for your bug report. From your testing it seems to me that the segfault is triggered by using --fdpass together with --multiscan, rather than by --multiscan alone. From your comment to [1] it seems that you agree.

I think the "base" upstream bug here is [2], which according to Comment 8 is fixed in the 0.104 devel branch by the changeset [3].

If we correctly identified the problem then you should have a ExcludePath regex in your clamd.conf (see [4]). Can you confirm this is the case? I'm linking [2] as the upstream bug report for this issue, but we'll wait for your confirmation to move forward.

[1] https://bugzilla.clamav.net/show_bug.cgi?id=12727
[2] https://bugzilla.clamav.net/show_bug.cgi?id=12676
[3] https://github.com/Cisco-Talos/clamav-devel/compare/5553a5e206ce...1cc8c2dce36c
[4] https://github.com/Cisco-Talos/clamav-devel/commit/5adef25d8d0f4e5f3f2f9dc24c59beede72abf9a

Hi Mark,

Please find below the output from clamconf -n
Indeed, I use ExcludePath in the configuration.
If I remove the ExcludePath(s) from the config, the scan starts with both parameters (--fdpass & --multiscan )

Regards

Config file: clamd.conf
-----------------------
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock = "yes"
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
TemporaryDirectory = "/tmp/clamav/"
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
MaxConnectionQueueLength = "15"
MaxThreads = "12"
ReadTimeout = "180"
SendBufTimeout = "200"
MaxQueue = "144"
ExcludePath = "^/sys", "^/proc", "^/mnt", "/lxcfs", "^/run", "^/snap", "^/dev"
SelfCheck = "3600"
User = "clamav"
BytecodeTimeout = "60000"
MaxScanTime = "120000"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogRotate = "yes"
UpdateLogFile = "/var/log/clamav/freshclam.log"
Checks = "24"
PrivateMirror = "10.xx.xx.xx"
MaxAttempts = "5"
ReceiveTimeout = "30"
*** SafeBrowsing is DEPRECATED ***

clamav-milter.conf not found

Software settings
-----------------
Version: 0.103.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT

Database information
--------------------
Database directory: /var/lib/clamav
bytecode.cld: version 333, sigs: 92, built on Mon Mar 8 15:21:51 2021
main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 13:56:15 2019
daily.cld: version 26153, sigs: 3974422, built on Tue Apr 27 11:09:27 2021
Total number of signatures: 8539416

Platform information
--------------------
uname: Linux 5.3.0-1023-aws #25~18.04.1-Ubuntu SMP Fri Jun 5 15:18:30 UTC 2020 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Ubuntu 18.04.5 LTS
zlib version: 1.2.11 (1.2.11), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: knl, Little-endian
platform id: 0x0a217b7b0807050001070500

Build information
-----------------
GNU C: 7.5.0 (7.5.0)
GNU C++: 7.5.0 (7.5.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-Grs235/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-Grs235/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-Grs235/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFL...

Hey @codrinh,

Updates with the fix commit where pushed to security-proposed, could you please test it?

here the url: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+sourcepub/12397052/+listing-archive-extra
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+sourcepub/12397284/+listing-archive-extra

Appears to be the same issue we encountered. Also using an ExcludePath regexp with --fdpass and --multiscan. Can conform the proposed update resolved the segmentation fault in our test environment.

Thanks for test it Tim!

This bug was fixed in the package clamav - 0.103.2+dfsg-0ubuntu0.20.10.2

---------------
clamav (0.103.2+dfsg-0ubuntu0.20.10.2) groovy-security; urgency=medium

  * SECURITY REGRESSION: clamdscan - MULTISCAN parameter causes
    Segmentation fault.
    (LP: #1926300)
    - debian/patches/lp_1926300_multiscan_param_segfault.patch: fix
      --fdpass -m & ExcludePath crash in clamd/scanner.c,
      libclamav/others.h, libclamav/others_common.c,
      unit_tests/check_clamd.c.

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 29 Apr 2021 08:22:23 -0300

This bug was fixed in the package clamav - 0.103.2+dfsg-0ubuntu0.18.04.2

---------------
clamav (0.103.2+dfsg-0ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY REGRESSION: clamdscan - MULTISCAN parameter causes
    Segmentation fault.
    (LP: #1926300)
    - debian/patches/lp_1926300_multiscan_param_segfault.patch: fix
      --fdpass -m & ExcludePath crash in clamd/scanner.c,
      libclamav/others.h, libclamav/others_common.c,
      unit_tests/check_clamd.c.

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 29 Apr 2021 08:33:37 -0300

This bug was fixed in the package clamav - 0.103.2+dfsg-1ubuntu0.21.04.1

---------------
clamav (0.103.2+dfsg-1ubuntu0.21.04.1) hirsute-security; urgency=medium

  * SECURITY REGRESSION: clamdscan - MULTISCAN parameter causes
    Segmentation fault.
    (LP: #1926300)
    - debian/patches/lp_1926300_multiscan_param_segfault.patch: fix
      --fdpass -m & ExcludePath crash in clamd/scanner.c,
      libclamav/others.h, libclamav/others_common.c,
      unit_tests/check_clamd.c.

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 29 Apr 2021 08:16:36 -0300

This bug was fixed in the package clamav - 0.103.2+dfsg-0ubuntu0.20.04.2

---------------
clamav (0.103.2+dfsg-0ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY REGRESSION: clamdscan - MULTISCAN parameter causes
    Segmentation fault.
    (LP: #1926300)
    - debian/patches/lp_1926300_multiscan_param_segfault.patch: fix
      --fdpass -m & ExcludePath crash in clamd/scanner.c,
      libclamav/others.h, libclamav/others_common.c,
      unit_tests/check_clamd.c.

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 29 Apr 2021 08:25:03 -0300

@leosilvab

Is it possible to apply the fix for the ubuntu 16 (xenial) packages ?

Regards

sudo apt-get install --only-upgrade clamav clamav-base clamav-daemon clamav-freshclam clamdscan libclamav9:amd64
Reading package lists... Done
Building dependency tree
Reading state information... Done
clamav is already the newest version (0.103.2+dfsg-0ubuntu0.16.04.1).
clamav-base is already the newest version (0.103.2+dfsg-0ubuntu0.16.04.1).
clamav-daemon is already the newest version (0.103.2+dfsg-0ubuntu0.16.04.1).
clamav-freshclam is already the newest version (0.103.2+dfsg-0ubuntu0.16.04.1).
clamdscan is already the newest version (0.103.2+dfsg-0ubuntu0.16.04.1).
libclamav9 is already the newest version (0.103.2+dfsg-0ubuntu0.16.04.1).
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.

Hi,

Can you please advise if ubuntu 16 will receive the patch in the future ?
As per the current status 'xenial' is marked as 'Fix released'...

Thanks

Hi Leonidas,
Can you please advise if ubuntu 16 will receive the patch in the future ?
As per the current status 'xenial' is marked as 'Fix released' but the issue is persisting.
Regards.

Please stop changing the status on this bug.

Since Xenial is now in Extended Security Maintenance, the fix was pushed to the ESM repository for Xenial. The "Fix Released" status on this bug is accurate.

See the following for more information on Extended Security Maintenance:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005930.html

Hi Codrin,

Please note that Xenial reached end of standard support on April 30 2021. Extended Security Maintenance for Xenial is provided to customers through Ubuntu Advantage. See:

https://lists.ubuntu.com/archives/ubuntu-announce/2021-March/000266.html

(Sorry for the duplicate comment, apparently me and Marc were replying at the same time. The good thing that we both pointed to the very same announcement!)

Hello,

I can confirm that I'm running the fixed version on Bionic but am still experiencing the same issue when using clamdscan --multiscan --fdpass with ExcludePath in /etc/clamav/clamd.conf:

dpkg:
ii clamav 0.103.2+dfsg-0ubuntu0.18.04.2

Output:
clamdscan --multiscan --fdpass /
/proc: Excluded
/sys: Excluded
/dev: Excluded
/run: Excluded
LibClamAV Warning: cli_realpath: Invalid arguments.
Segmentation fault

dmesg:
[393093.530873] clamdscan[13571]: segfault at 0 ip 00007f521647405c sp 00007ffe681ce878 error 4 in libc-2.27.so[7f52162f7000+1e7000]

Hello Lloyd,

That *may* be a bug related but different from this one. Apparently you have an ExcludePath that triggers this warning:

  LibClamAV Warning: cli_realpath: Invalid arguments.

and then clamdscan segfaults. I'd try to identify the ExcludePath rule causing the warning and check if removing (or fixing) it makes the segfault go away. If this is the case we'll be in a good position to start debugging. Otherwise we'll have to find out what triggers the segfault.

In any case my suggestion here is to file a new bug report, unless you're convinced we're in the very same case this report is about. Thanks!