Here is the information using dbx on the core file. There are other errors that were in the output but it is a lot of data.
I can up load the complete output if needed.
Hopefully this points to where the issue is for scanning the files with the new clamav.
#dbx /opt/freeware/bin/clamscan_64 /tmp/core
Type 'help' for help.
warning: The core file is truncated. You may need to increasethe ulimit
for file and coredump, or free some space on the filesystem.
[using memory image in /tmp/core]
reading symbolic information ...
Segmentation fault in util.move at 0x90000000061b838 ($t1)
0x90000000061b838 (move+0x38) 90040000 stw r0,0x0(r4)
(dbx) where
util.move(??, ??) at 0x90000000061b838
pow.pow(??, ??, ??, ??) at 0x90000000061ffcc
internal error: unexpected value 120 at line 5201 in file stabstring.c
internal error: 1283-228 expected char ',', found 's__LC_locale:,1088,64;__meth_ptr:150,1152,64;__data_ptr:150,1216,64;;'
internal error: 1283-228 expected char ',', found '__LC_locale:,1088,64;__meth_ptr:150,1152,64;__data_ptr:150,1216,64;;'
internal error: 1283-228 expected char ';', found '_LC_locale:,1088,64;__meth_ptr:150,1152,64;__data_ptr:150,1216,64;;'
internal error: unexpected value 44 at line 5201 in file stabstring.c
internal error: 1283-228 expected char ',', found '1088,64;__meth_ptr:150,1152,64;__data_ptr:150,1216,64;;'
internal error: unexpected value 120 at line 5201 in file stabstring.c
internal error: unexpected value 120 at line 5201 in file stabstring.c
internal error: 1283-228 expected char ',', found 's_LC_locale_objhdl:,128,64;;'
internal error: 1283-228 expected char ',', found '_LC_locale_objhdl:,128,64;;'
internal error: 1283-228 expected char ';', found 'LC_locale_objhdl:,128,64;;'
internal error: unexpected value 44 at line 5201 in file stabstring.c
internal error: 1283-228 expected char ',', found '128,64;;'
internal error: unexpected value 120 at line 5201 in file stabstring.c
internal error: unexpected value 120 at line 5201 in file stabstring.c
internal error: unexpected value 120 at line 5201 in file stabstring.c
internal error: unexpected value 120 at line 5201 in file stabstring.c
#env | egrep -v "SSH| `uname -n`| `host \`hostname\`| cut -f3 -d\" \"`"
_=/usr/bin/env
LANG=en_US
LOGIN=root
CLCMD_PASSTHRU=1
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java8_64/jre/bin:/usr/java8_64/bin:/opt/freeware/bin
LC__FASTMSG=true
LOGNAME=root
MAIL=/usr/spool/mail/root
LOCPATH=/usr/lib/nls/loc
USER=root
AUTHSTATE=compat
DISPLAY=localhost:10.0
SHELL=/usr/bin/ksh
ODMDIR=/etc/objrepos
HOME=/
TERM=xterm
MAILMSG=[YOU HAVE NEW MAIL]
PWD=/tmp
TZ=CST6CDT
A__z=! LOGNAME
NLSPATH=/usr/lib/nls/msg/%L/%N:/usr/lib/nls/msg/%L/%N.cat:/usr/lib/nls/msg/%l.%c/%N:/usr/lib/nls/msg/%l.%c/%N.cat
#ulimit -aS
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 32768
memory(kbytes) 32768
coredump(blocks) 2097151
nofiles(descriptors) 2000
threads(per process) unlimited
processes(per user) 128
#ulimit -aH
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 4194304
memory(kbytes) unlimited
coredump(blocks) unlimited
nofiles(descriptors) unlimited
threads(per process) unlimited
processes(per user) 128
Thank you!
------------------------------
Stanley
------------------------------
Original Message:
Sent: Tue May 17, 2022 09:22 AM
From: Jan Harris
Subject: New version of ClamAV needed
Hi, Stanley
So it is core dumping scanning these Windows executables.
I still cannot generate a core.
Can you run dbx again, but use the 64 bit binary:
# dbx /opt/freeware/bin/clamscan_64 /tmp/core
(dbx) where
<...>
(dbx) quit
Also, share any non-private output from env command ( I omit host/ip info in following example)
# env | egrep -v "SSH| `uname -n`| `host \`hostname\`| cut -f3 -d\" \"`"
------------------------------
Jan Harris
AIX Development Support (Liaison to the AIX Toolbox for Open Source)
IBM (Contract)
Austin TX
Original Message:
Sent: Tue May 17, 2022 08:29 AM
From: Stanley Speegle
Subject: New version of ClamAV needed
I scanned /opt/freeware with clamscan and it scanned lots of files then core dumped.
/opt/freeware/lib/python2.7/site-packages/pip/_vendor/distlib/scripts.pyc: OK
Scanning /opt/freeware/lib/python2.7/site-packages/pip/_vendor/distlib/t32.exe
/opt/freeware/lib/python2.7/site-packages/pip/_vendor/distlib/t32.exe: OK
Scanning /opt/freeware/lib/python2.7/site-packages/pip/_vendor/distlib/t64.exe
Segmentation fault(coredump)
I ran the dbx on the core file with this output.
#dbx /opt/freeware/bin/clamscan /tmp/core
Type 'help' for help.
Core file "/tmp/core" program "clamscan_64" does not match current program (ignored)
reading symbolic information ...
(dbx) where
ustart() at 0x9fffffff00011b4
(dbx) quit
I hope this helps!
Thank you for your assistance!
------------------------------
Stanley
Original Message:
Sent: Mon May 16, 2022 04:47 PM
From: Jan Harris
Subject: New version of ClamAV needed
FYI, I tested a scan, with debug.
# clamscan --debug -rvLibClamAV debug: cache_add: da7b7f8a189c660a5679cd59892df84f (level 0)LibClamAV debug: cli_unzip: extracted to /tmp//20220516_144635-scantem.0a4c11e5af/clamav-d7eb047ec6b6c6b56ef617a989f96a92.tmpLibClamAV debug: in cli_magic_scan_desc_type (recursion_level: 0/17)LibClamAV debug: Recognized MS-EXE/DLL fileLibClamAV debug: cache_check: a32a382b8a5a906e03a83b4f3e5b7a9b is negativeLibClamAV debug: cli_peheader: SizeOfHeader is not aligned to the SectionAlignmentcalloc_problem: Not enough spaceLibClamAV Error: cli_calloc(): Can't allocate memory (51374336 bytes).LibClamAV Error: cli_ac_init: Can't allocate memory for data->lsigsuboff_(last|first)[0]LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0LibClamAV debug: Descriptor[7]: scanraw error Can't allocate memoryLibClamAV debug: cli_magic_scan_desc: returning 20 at line 4857LibClamAV debug: matcher_run: performing regex matching on full map: 492288+90799(583087) >= 583087LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0LibClamAV debug: cli_magic_scan_desc: returning 20 at line 4857/opt/freeware/lib64/python3.7/ensurepip/_bundled/unpack/setuptools/winfiles/zip/setuptools-47.1.0-py3-none-any.whl: Can't allocate memory ERRORLibClamAV debug: Cleaning up phishcheckLibClamAV debug: Freeing phishcheck structLibClamAV debug: Phishcheck cleaned up
Next, I unpacked the two zip files:
- pip-20.1.1-py2.py3-none-any.whl
- setuptools-47.1.0-py3-none-any.whl
I tested only those unpacked directories, and found errors all occur with Windows binaries.
96768 /opt/freeware/lib64/python3.7/ensurepip/unpack/pip/_vendor/distlib/t32.exe 105984 /opt/freeware/lib64/python3.7/ensurepip/unpack/pip/_vendor/distlib/t64.exe 90112 /opt/freeware/lib64/python3.7/ensurepip/unpack/pip/_vendor/distlib/w32.exe 99840 /opt/freeware/lib64/python3.7/ensurepip/unpack/pip/_vendor/distlib/w64.exe 65536 /opt/freeware/lib64/python3.7/ensurepip/unpack/setuptools/cli-32.exe 74752 /opt/freeware/lib64/python3.7/ensurepip/unpack/setuptools/cli-64.exe 65536 /opt/freeware/lib64/python3.7/ensurepip/unpack/setuptools/cli.exe 65536 /opt/freeware/lib64/python3.7/ensurepip/unpack/setuptools/gui-32.exe 75264 /opt/freeware/lib64/python3.7/ensurepip/unpack/setuptools/gui-64.exe 65536 /opt/freeware/lib64/python3.7/ensurepip/unpack/setuptools/gui.exe
I tested with another windows binary file
- /opt/freeware/lib64/python3.7/distutils/command/wininst-10.0.exe
and get the same memory errors. So the cli_calloc errors seem related to Windows executables. issue with Windows files in this environment.
If I set ulimit -d unlimited, I no longer get the errors. I have matched Stanley's ulimit settings, but do not get a core dump.
Stanley, can you collect a stack trace for the core dump:
# dbx /opt/freeware/bin/clamscan <path_to_core_file>(dbx) where<stack trace>(dbx) quit
This might give an idea of the failing code.
------------------------------
Jan Harris
AIX Development Support (Liaison to the AIX Toolbox for Open Source)
IBM (Contract)
Austin TX
Original Message:
Sent: Mon May 16, 2022 01:28 PM
From: SANKET RATHI
Subject: New version of ClamAV needed
Thank you Stanley for reporting issue.
We will look into it.
------------------------------
SANKET RATHI
Original Message:
Sent: Fri May 13, 2022 09:47 AM
From: Stanley Speegle
Subject: New version of ClamAV needed
I se the the ulimit -d to unlimited
#ulimit -aS
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 32768
memory(kbytes) 32768
coredump(blocks) 2097151
nofiles(descriptors) 2000
threads(per process) unlimited
processes(per user) 128
#ulimit -aH
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 4194304
memory(kbytes) unlimited
coredump(blocks) unlimited
nofiles(descriptors) unlimited
threads(per process) unlimited
processes(per user) 128
The clamscan errors with a Segmentation fault and core dumps on the pip-20.1.1-py2.py3-none-any.whl file.
#/opt/freeware/bin/clamscan -rv /opt/freeware/lib64/python3.7/ensurepip/_bundled/
Loading: 16s, ETA: 0s [========================>] 8.62M/8.62M sigs
Compiling: 6s, ETA: 0s [========================>] 41/41 tasks
Scanning /opt/freeware/lib64/python3.7/ensurepip/_bundled/pip-20.1.1-py2.py3-none-any.whl
Segmentation fault(coredump)
Thank you for your help!
Stan
------------------------------
Stanley
Original Message:
Sent: Fri May 13, 2022 01:50 AM
From: SANKET RATHI
Subject: New version of ClamAV needed
While running on my system I did not see any issue.
It could be that in your system it needs to allocate more memory and probably ulimit is not enough.
Can you try setting ulimit of data to unlimited and test.
$ ulimit -d unlimited
------------------------------
SANKET RATHI
Original Message:
Sent: Thu May 12, 2022 01:52 PM
From: Stanley Speegle
Subject: New version of ClamAV needed
Thank you for the new version of clamav. It installed with out any issues but I am receiving out of memory errors when scanning some files.
Have you seen this issue before? The LPAR has plenty of RAM 10GB and there are no errors in the errpt.
root@mh-p9-nim:/tmp #/opt/freeware/bin/clamscan -rv /opt/freeware/lib64/python3.7/ensurepip/_bundled/
Loading: 16s, ETA: 0s [========================>] 8.62M/8.62M sigs
Compiling: 6s, ETA: 0s [========================>] 41/41 tasks
Scanning /opt/freeware/lib64/python3.7/ensurepip/_bundled/pip-20.1.1-py2.py3-none-any.whl
calloc_problem: Not enough space
LibClamAV Error: cli_calloc(): Can't allocate memory (60126208 bytes).
LibClamAV Error: cli_ac_init: Can't allocate memory for data->lsigsuboff_(last|first)[0]
/opt/freeware/lib64/python3.7/ensurepip/_bundled/pip-20.1.1-py2.py3-none-any.whl: Can't allocate memory ERROR
Scanning /opt/freeware/lib64/python3.7/ensurepip/_bundled/setuptools-47.1.0-py3-none-any.whl
calloc_problem: Not enough space
LibClamAV Error: cli_calloc(): Can't allocate memory (60126208 bytes).
LibClamAV Error: cli_ac_init: Can't allocate memory for data->lsigsuboff_(last|first)[0]
/opt/freeware/lib64/python3.7/ensurepip/_bundled/setuptools-47.1.0-py3-none-any.whl: Can't allocate memory ERROR
----------- SCAN SUMMARY -----------
Known viruses: 8616419
Engine version: 0.104.2
Scanned directories: 1
Scanned files: 0
Infected files: 0
Total errors: 2
Data scanned: 6.65 MB
Data read: 1.97 MB (ratio 3.37:1)
Time: 30.898 sec (0 m 30 s)
These could just be normal errors on these files but I would like to know why,
Thank you,
Stan
------------------------------
Stanley
Original Message:
Sent: Mon May 09, 2022 03:46 AM
From: SANKET RATHI
Subject: New version of ClamAV needed
clamav-0.104.2-1 is now available on AIX toolbox. You can use dnf/yum to update to latest level.
------------------------------
SANKET RATHI
Original Message:
Sent: Wed May 04, 2022 11:50 AM
From: SANKET RATHI
Subject: New version of ClamAV needed
Hi Stanley,
We have built the new ClamAV and will upload in couple of days.
Hopefully you will have it by end of this week.
------------------------------
SANKET RATHI
Original Message:
Sent: Mon May 02, 2022 09:14 AM
From: Stanley Speegle
Subject: New version of ClamAV needed
Can we have an update on the release date of a new version of ClamAV?
Thank you!
Stan Speegle
------------------------------
Stanley
Original Message:
Sent: Mon March 14, 2022 01:15 PM
From: SANKET RATHI
Subject: New version of ClamAV needed
The new version of ClamAV has new dependencies so it is taking time for us.
We are working on the building new dependencies and newer version of package.
Also there are some internal process. Our target is by end of this month or early next month.
------------------------------
SANKET RATHI
Original Message:
Sent: Wed March 09, 2022 06:05 AM
From: Hector Speight
Subject: New version of ClamAV needed
Do you have an ETA for the delivery of version 0.103 to the AIX Toolbox
------------------------------
Hector Speight
Original Message:
Sent: Thu February 10, 2022 09:49 AM
From: Ayappan P
Subject: New version of ClamAV needed
Thanks for reporting. We will update it ASAP.
------------------------------
Ayappan P
Original Message:
Sent: Thu February 10, 2022 09:12 AM
From: Stanley Speegle
Subject: New version of ClamAV needed
Receiving Warnings that ClamAV is out of date when updating the ClamAV database but the system is running the latest version in the AIX Toolbox.
Please update the version of ClamAV in the AIX Toolbox.
# /opt/freeware/bin/freshclam -F
ClamAV update process started at Thu Feb 10 08:04:05 2022
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.102.2 Recommended version: 0.103.5
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
root@awx:/home #/opt/freeware/bin/dnf info clamav
Last metadata expiration check: 0:11:10 ago on Thu Feb 10 07:44:23 CST 2022.
Installed Packages
Name : clamav
Version : 0.102.2
Release : 1
Architecture : ppc
Size : 16 M
Source : clamav-0.102.2-1.src.rpm
Repository : @System
From repo : AIX_Toolbox
Summary : Antivirus Toolkit
URL : http://www.clamav.net
License : GPL-2.0-only
Description : ClamAV is an antivirus engine designed for detecting trojans,
: viruses, malware and other malicious threats. It is the de-facto
: standard for mail gateway scanning. It provides a multi-threaded
: scanning daemon, command line utilities for on-demand file scanning,
: and a tool for automatic signature updates. The core ClamAV library
: provides numerous file format detection mechanisms, file unpacking
: support, archive support, and multiple signature languages for
: detecting threats.
Thank you for your help!
Stan
------------------------------
Stanley
------------------------------