Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clamd can't start if FailIfCvdOlderThan is defined and a white list is used #1174

Closed
jmlrt opened this issue Feb 15, 2024 · 2 comments
Closed

Clamd can't start if FailIfCvdOlderThan is defined and a white list is used #1174

jmlrt opened this issue Feb 15, 2024 · 2 comments
Labels
🐛bug 🙏help wanted

Comments

@jmlrt
Copy link

jmlrt commented Feb 15, 2024
edited
Loading

Describe the bug

clamd fail to start when FailIfCvdOlderThan is defined in clamd.conf and a whitelist file is created in /var/lib/clamav.

How to reproduce the problem

$ echo "CVE_2012_0773-2" > /var/lib/clamav/my_whitelist.ign2
$ clamd
LibClamAV Error: cli_cvdverify: Can't read CVD header
LibClamAV Error: cl_cvdgetage: cvdgetfileage() failed for /var/lib/clamav/my_whitelist.ign2
ERROR: Broken or not a CVD file
$ clamconf -n
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
AlertExceedsMax yes
FailIfCvdOlderThan 10
LocalSocket /home/clamav/clamd.sock
LogClean yes
LogFile  /home/clamav/clamd.log
LogFileMaxSize 0
MaxDirectoryRecursion 100
MaxFileSize 0
MaxFiles 0
MaxScanSize 0
MaxScanTime 0
MaxThreads 6
OnAccessExcludeUID 23
OnAccessIncludePath /clamav/files-to-scan/
OnAccessMaxFileSize 0
OnAccessMaxThreads 6
PidFile /home/clamav/clamd.pid
SelfCheck 72000
User clamav

Config file: freshclam.conf
---------------------------
PidFile = "/run/clamav/freshclam.pid"
DatabaseMirror = "database.clamav.net"

clamav-milter.conf not found

Software settings
-----------------
Version: 1.2.2
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON

Database information
--------------------
Database directory: /var/lib/clamav
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 12:32:42 2021
bytecode.cvd: version 334, sigs: 91, built on Wed Feb 22 21:33:21 2023
daily.cvd: version 27181, sigs: 2052851, built on Sat Feb 10 09:34:05 2024
[3rd Party] my_whitelist.ign2: 1 sig
Total number of signatures: 8700370

Platform information
--------------------
uname: Linux 6.6.12-linuxkit #1 SMP Fri Jan 19 08:53:17 UTC 2024 x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
zlib version: 1.3.1 (1.3.1), compile flags: a9
platform id: 0x0a21c0c008000000000d0201

Build information
-----------------
GNU C: 13.2.1 20231014 (13.2.1)
sizeof(void*) = 8
Engine flevel: 192, dconf: 192

Attachments

If applicable, add screenshots to help explain your problem.

If the issue is reproducible only when scanning a specific file, attach it to the ticket.
@brebell
Copy link

brebell commented Feb 15, 2024

Thank you for calling this bug to our attention.

@userwiths userwiths mentioned this issue Jul 12, 2024
Merged
@userwiths
Copy link
Contributor

Hello, in the above PR I've written down what I believe was the issue and did changes that I consider reasonable that would fix this issue.

All best wishes, and hope this helps.

micahsnyder pushed a commit to userwiths/clamav that referenced this issue Jul 23, 2024
@userwiths @micahsnyder
fix: Issue with --fail-if-cvd-older-than and non-CVD database files
2c7860f 
Clamscan and ClamD will throw an error if you use the
'--fail-if-cvd-older-than=DAYS' / 'FailIfCvdOlderThan' option and
try to load any plaintext signature files.
That is, it throws an error when encountering plain signature files like
`.ign2`, `.ldb`, `.hdb`, etc.
This feature should only verify CVD / CLD files.

The feature (and bug) was introduced in ClamAV 1.1.0, here:
Cisco-Talos@e4fe665

With this change, the `cl_cvdgetage` checks will skip any file that is
not a CVD or CLD.

Fixes: Cisco-Talos#1174
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛bug 🙏help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmlrt @userwiths @brebell