clamdscan - MULTISCAN parameter causes Segmentation fault error

Bug #1926300 reported by Codrin H on 2021-04-27
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ClamAV
Unknown
Unknown
clamav (Ubuntu)
Undecided
Leonidas S. Barbosa
Xenial
Undecided
Leonidas S. Barbosa
Bionic
Undecided
Leonidas S. Barbosa
Focal
Undecided
Leonidas S. Barbosa
Groovy
Undecided
Leonidas S. Barbosa
Hirsute
Undecided
Leonidas S. Barbosa

Bug Description

While running clamdscan with the --multiscan parameter we get the following error: Segmentation fault (core dumped)

The scan starts without '--multiscan' but it cause performance issues
The issue is present on Ubuntu 16.04.7 LTS, Ubuntu 18.04.5 LTS, Ubuntu 20.04.2 LTS

from dmesg log:
[Wed Apr 21 13:45:30 2021] clamdscan[5805]: segfault at 0 ip 00007f42b5128bf5 sp 00007fff89b76088 error 4 in libc-2.27.so[7f42b5072000+1e7000]
[Wed Apr 21 13:45:30 2021] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 8f 0b 00 00 66 0f ef c0 <f3> 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f

ClamAV 0.103.2/26152/Mon Apr 26 11:04:28 2021

clamav 0.103.2+dfsg-0ubuntu0.16.04.1 amd64
clamav-base 0.103.2+dfsg-0ubuntu0.16.04.1 all
clamav-daemon 0.103.2+dfsg-0ubuntu0.16.04.1 amd64
clamav-docs 0.103.2+dfsg-0ubuntu0.16.04.1 all
clamav-freshclam 0.103.2+dfsg-0ubuntu0.16.04.1 amd64
clamdscan 0.103.2+dfsg-0ubuntu0.16.04.1 amd64

Codrin H (codrinh) wrote :

On Ubuntu 20.04.2 LTS, downgraded to 0.102.2 - the issue does not occur

summary: - clamdscan MULTISCAN Segmentation fault
+ clamdscan - MULTISCAN parameter causes Segmentation fault
summary: - clamdscan - MULTISCAN parameter causes Segmentation fault
+ clamdscan - MULTISCAN parameter causes Segmentation fault error
Codrin H (codrinh) wrote :

Please find below some tests

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.10
DISTRIB_CODENAME=groovy
DISTRIB_DESCRIPTION="Ubuntu 20.10"
/etc/lsb-release (END)

root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log --stdout --verbose --multiscan --fdpass /opt
--------------------------------------
Segmentation fault (core dumped)

root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log --stdout --verbose --fdpass /opt
--------------------------------------
/opt: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.817 sec (0 m 0 s)
Start Date: 2021:04:28 09:08:22
End Date: 2021:04:28 09:08:23

root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log --stdout --verbose --multiscan /opt
--------------------------------------
/opt: lstat() failed: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
Start Date: 2021:04:28 09:08:32
End Date: 2021:04:28 09:08:32

root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log --multiscan /opt
--------------------------------------
/opt: lstat() failed: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
Start Date: 2021:04:28 09:08:44
End Date: 2021:04:28 09:08:44
root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log /opt
--------------------------------------
/opt: lstat() failed: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
Start Date: 2021:04:28 09:08:49
End Date: 2021:04:28 09:08:49

root@hostname:/opt# /usr/bin/clamdscan --log=/var/log/clamav/clamav.log --fdpass /opt
--------------------------------------
/opt: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.818 sec (0 m 0 s)
Start Date: 2021:04:28 09:08:59
End Date: 2021:04:28 09:09:00

Codrin H (codrinh) on 2021-04-28
information type: Public → Public Security
information type: Public Security → Public
Paride Legovini (paride) wrote :

Hello Codrin and thanks for your bug report. From your testing it seems to me that the segfault is triggered by using --fdpass together with --multiscan, rather than by --multiscan alone. From your comment to [1] it seems that you agree.

I think the "base" upstream bug here is [2], which according to Comment 8 is fixed in the 0.104 devel branch by the changeset [3].

If we correctly identified the problem then you should have a ExcludePath regex in your clamd.conf (see [4]). Can you confirm this is the case? I'm linking [2] as the upstream bug report for this issue, but we'll wait for your confirmation to move forward.

[1] https://bugzilla.clamav.net/show_bug.cgi?id=12727
[2] https://bugzilla.clamav.net/show_bug.cgi?id=12676
[3] https://github.com/Cisco-Talos/clamav-devel/compare/5553a5e206ce...1cc8c2dce36c
[4] https://github.com/Cisco-Talos/clamav-devel/commit/5adef25d8d0f4e5f3f2f9dc24c59beede72abf9a

Changed in clamav (Ubuntu):
status: New → Triaged
Paride Legovini (paride) on 2021-04-29
tags: added: regression-update
Changed in clamav (Ubuntu Focal):
status: New → Triaged
Changed in clamav (Ubuntu Groovy):
status: New → Triaged
Changed in clamav (Ubuntu Hirsute):
status: New → Triaged
Changed in clamav (Ubuntu Xenial):
status: New → Triaged
Changed in clamav (Ubuntu Bionic):
status: New → Triaged
Changed in clamav (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in clamav (Ubuntu Bionic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in clamav (Ubuntu Focal):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in clamav (Ubuntu Groovy):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in clamav (Ubuntu Hirsute):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in clamav (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
Codrin H (codrinh) wrote :
Download full text (3.9 KiB)

Hi Mark,

Please find below the output from clamconf -n
Indeed, I use ExcludePath in the configuration.
If I remove the ExcludePath(s) from the config, the scan starts with both parameters (--fdpass & --multiscan )

Regards

Config file: clamd.conf
-----------------------
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock = "yes"
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
TemporaryDirectory = "/tmp/clamav/"
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
MaxConnectionQueueLength = "15"
MaxThreads = "12"
ReadTimeout = "180"
SendBufTimeout = "200"
MaxQueue = "144"
ExcludePath = "^/sys", "^/proc", "^/mnt", "/lxcfs", "^/run", "^/snap", "^/dev"
SelfCheck = "3600"
User = "clamav"
BytecodeTimeout = "60000"
MaxScanTime = "120000"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogRotate = "yes"
UpdateLogFile = "/var/log/clamav/freshclam.log"
Checks = "24"
PrivateMirror = "10.xx.xx.xx"
MaxAttempts = "5"
ReceiveTimeout = "30"
*** SafeBrowsing is DEPRECATED ***

clamav-milter.conf not found

Software settings
-----------------
Version: 0.103.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT

Database information
--------------------
Database directory: /var/lib/clamav
bytecode.cld: version 333, sigs: 92, built on Mon Mar 8 15:21:51 2021
main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 13:56:15 2019
daily.cld: version 26153, sigs: 3974422, built on Tue Apr 27 11:09:27 2021
Total number of signatures: 8539416

Platform information
--------------------
uname: Linux 5.3.0-1023-aws #25~18.04.1-Ubuntu SMP Fri Jun 5 15:18:30 UTC 2020 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Ubuntu 18.04.5 LTS
zlib version: 1.2.11 (1.2.11), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: knl, Little-endian
platform id: 0x0a217b7b0807050001070500

Build information
-----------------
GNU C: 7.5.0 (7.5.0)
GNU C++: 7.5.0 (7.5.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-Grs235/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-Grs235/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-Grs235/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFL...

Read more...

Changed in clamav (Ubuntu):
assignee: Marc Deslauriers (mdeslaur) → Leonidas S. Barbosa (leosilvab)
Changed in clamav (Ubuntu Xenial):
assignee: Marc Deslauriers (mdeslaur) → Leonidas S. Barbosa (leosilvab)
Changed in clamav (Ubuntu Bionic):
assignee: Marc Deslauriers (mdeslaur) → Leonidas S. Barbosa (leosilvab)
Changed in clamav (Ubuntu Focal):
assignee: Marc Deslauriers (mdeslaur) → Leonidas S. Barbosa (leosilvab)
Changed in clamav (Ubuntu Groovy):
assignee: Marc Deslauriers (mdeslaur) → Leonidas S. Barbosa (leosilvab)
Changed in clamav (Ubuntu Hirsute):
assignee: Marc Deslauriers (mdeslaur) → Leonidas S. Barbosa (leosilvab)
Leonidas S. Barbosa (leosilvab) wrote :

Hey @codrinh,

Updates with the fix commit where pushed to security-proposed, could you please test it?

Tim Laszlo (yello-timl) wrote :

Appears to be the same issue we encountered. Also using an ExcludePath regexp with --fdpass and --multiscan. Can conform the proposed update resolved the segmentation fault in our test environment.

Leonidas S. Barbosa (leosilvab) wrote :

Thanks for test it Tim!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.103.2+dfsg-0ubuntu0.20.10.2

---------------
clamav (0.103.2+dfsg-0ubuntu0.20.10.2) groovy-security; urgency=medium

  * SECURITY REGRESSION: clamdscan - MULTISCAN parameter causes
    Segmentation fault.
    (LP: #1926300)
    - debian/patches/lp_1926300_multiscan_param_segfault.patch: fix
      --fdpass -m & ExcludePath crash in clamd/scanner.c,
      libclamav/others.h, libclamav/others_common.c,
      unit_tests/check_clamd.c.

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 29 Apr 2021 08:22:23 -0300

Changed in clamav (Ubuntu Groovy):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.103.2+dfsg-0ubuntu0.18.04.2

---------------
clamav (0.103.2+dfsg-0ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY REGRESSION: clamdscan - MULTISCAN parameter causes
    Segmentation fault.
    (LP: #1926300)
    - debian/patches/lp_1926300_multiscan_param_segfault.patch: fix
      --fdpass -m & ExcludePath crash in clamd/scanner.c,
      libclamav/others.h, libclamav/others_common.c,
      unit_tests/check_clamd.c.

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 29 Apr 2021 08:33:37 -0300

Changed in clamav (Ubuntu Bionic):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.103.2+dfsg-1ubuntu0.21.04.1

---------------
clamav (0.103.2+dfsg-1ubuntu0.21.04.1) hirsute-security; urgency=medium

  * SECURITY REGRESSION: clamdscan - MULTISCAN parameter causes
    Segmentation fault.
    (LP: #1926300)
    - debian/patches/lp_1926300_multiscan_param_segfault.patch: fix
      --fdpass -m & ExcludePath crash in clamd/scanner.c,
      libclamav/others.h, libclamav/others_common.c,
      unit_tests/check_clamd.c.

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 29 Apr 2021 08:16:36 -0300

Changed in clamav (Ubuntu Hirsute):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.103.2+dfsg-0ubuntu0.20.04.2

---------------
clamav (0.103.2+dfsg-0ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY REGRESSION: clamdscan - MULTISCAN parameter causes
    Segmentation fault.
    (LP: #1926300)
    - debian/patches/lp_1926300_multiscan_param_segfault.patch: fix
      --fdpass -m & ExcludePath crash in clamd/scanner.c,
      libclamav/others.h, libclamav/others_common.c,
      unit_tests/check_clamd.c.

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 29 Apr 2021 08:25:03 -0300

Changed in clamav (Ubuntu Focal):
status: Triaged → Fix Released
Changed in clamav (Ubuntu Xenial):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.