Hello everyone,
This concerns a older version of the package,
I wanted to inform you that I discovered a phenomenon where the fixes for known issues in the ClamAV-1.0.7 RPM package appear to differ between clamscan and clamdscan.
There is an issue where scanning certain python libraries placed on AIX causes ClamAV to crash without leaving any message.
It seems that there are some libraries prone to issues, but in my test environment, scanning libraries including following path almost always caused a crash;
/opt/freeware/lib/python3.9/ensurepip/_bundled/setuptools-58.1.0-py3-none-any.whl
At that time, the ClamAV installed on the system (AIX 7.2) was version 1.0.7-2.
When analyzing the core from scanning the relevant file with clamscan, I found following message;
Segmentation fault in pow.pow [/usr/lib/libbsd.a] at 0x90000000144ffb8 ($t3)
0x90000000144ffb8 (pow+0x98) 7ec6c2ae lhax r22,r6,r24
Based on this message, the following issue set up on ClamAV's GitHub was immediately found;
https://github.com/Cisco-Talos/clamav/issues/1435
I found ClamAV-1.0.7-3 on the AIX ToolBox site, so I updated the RPM.
(I know that version 1.4.3 has already been released, but due to limitations in updating the system environment, we are currently unable to immediately update the package to a new major version.)
After updating to 1.0.7-3, clamscan started scanning problematic files properly.
However, clamdscan in the same package continues to crash clamd when scanning this file.
Since I had set it to output a core, I analyzed it and it seems that it is indeed crashing in pow() of libbsd.a as follows;
Segmentation fault in pow.pow [/usr/lib/libbsd.a] at 0x90000000144ffb8 ($t3)
0x90000000144ffb8 (pow+0x98) 7ec6c2ae lhax r22,r6,r24
Is it that the known issues were only left unaddressed in clamd, or is there another problem?
I understand that support for ClamAV 1.0.x will end next month, but If that is causing crashes due to a known issue, I don't think it's good.