Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: devel

Libclam crashes...

  

 
ClamAV devel RSS feed   Index | Next | Previous | View Threaded


james at kyzo

Aug 26, 2003, 6:27 AM

Post #1 of 4 (949 views)
Permalink
Libclam crashes...
I've tried sending this to the devel mailing list four times and it
never gets in there, I don't know why - I never get any bounce message
either.

I have also tried sending it to njh [at] bandsman twice now, with the
same results. I will now try sending it WITHOUT the offending message
attached :-

The e-mail in this (NOW NO LONGER) attached ZIP file crashes (SEGV) the
libclam in 20030720 and 20030806 (line 60 in blob.c). I was unable to
test it with devel-20030822 as it requires Autoconf version 2.52 or
higher, which I currently don't have. So, I copied the code into the
20030806 directory and compiled it from there, same SEGV.

The SEGV is caused when trying to free an address, which I presume, is
not malloc'ed. I am not at work today, so I will have a closer look at
it tomorrow.

(Needless to say, you will need to add a "From me" to the top of the
file to have it accepted as a mbox file).



Also, we can only access the web through a cache, and they don't like us
using "Pragma: no-cache". So, it would be nice if "freshclam" had the
option to switch it off.

Currently we use "wget" and have added an option to "freshclam" called
"--only-notify", which means we can still notify "clamd" when wget has
got a new version.


Keep up the most excellent work.




James


tk at mat

Aug 26, 2003, 7:07 AM

Post #2 of 4 (926 views)
Permalink
Re: Libclam crashes... [In reply to]
> The SEGV is caused when trying to free an address, which I presume, is
> not malloc'ed. I am not at work today, so I will have a closer look at
> it tomorrow.

Please send the message to Nigel within an encrypted zip archive.

> Also, we can only access the web through a cache, and they don't like us
> using "Pragma: no-cache". So, it would be nice if "freshclam" had the
> option to switch it off.

No problem.

Best regards,
Tomasz Kojm
--
oo ..... zolw [at] konarski
(\/)\......... http://www.konarski.edu.pl/~zolw
\..........._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinensis www.pajacyk.pl


James at kyzo

Aug 27, 2003, 7:54 AM

Post #3 of 4 (929 views)
Permalink
Re: Libclam crashes... [In reply to]
Thanks for the libclam SEGV fix. I haven't tried it, yet, but I will.

In the meantime, I have gone through our e-mail archives, which date
back to 2001. We have about 81,000 e-mails archived in total and so I
thought I'd run Clam against them all to see if I could find any others
that could make it crash.

There was - just one other. I have attached it (password "virus"). It
looks a lot like the first one that made libclam crash, in that it is an
attachment of an attachment, so I would expect the previous fix also
fixes this one.


The next thing I want to get onto is the memory leaking. "clamd" leaks
like mad, so I will try and pick out which messages make it leak worse
than others and put together a zip of them, if that would be helpful.

Here's an example of it scanning the messages for the last few days (the
two numbers are clamd's VSZ and RSS, respectively. As you can see the
number are just rising and rising. At the point the system ran out of
swap I would have to re-start "clamd"... (the "OK" means it hasn't crashed)!

Start - 7800 6980
./2003/08/16 - OK - 9260 8040
./2003/08/17 - OK - 14772 12936
./2003/08/18 - OK - 22168 19216
./2003/08/19 - OK - 23128 19224
./2003/08/20 - OK - 24348 19224
./2003/08/21 - OK - 30988 21948
./2003/08/22 - OK - 32040 21948
./2003/08/23 - OK - 32960 21948
./2003/08/24 - OK - 33472 21948
./2003/08/25 - OK - 34260 21948
./2003/08/26 - OK - 35184 21948
./2003/08/27 - OK - 35788 22076

What's interesting, is that some day's archives are obviously causing it
to leak more memory than others. Hence I want to investigate it further
and try and identify specific messages that cause a leak.

(FYI: the archives are directories full of EML files, logged by a
logging milter. I then use a bash script to feed them into "clamdscan"
to scan each file individually).



What's the plan on making a new release? 0.60 isn't really usable, but
20030720 is pretty good and would be even better if it included the new
SEGV fix, I assume 20030806 is as good. There was talk of a new version
soon after the transition to SourceForge ?



James
Attachments: crash2.zip (102 KB)


njh at bandsman

Aug 27, 2003, 8:43 AM

Post #4 of 4 (914 views)
Permalink
Re: Libclam crashes... [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 27 Aug 2003 3:53 pm, James Stevens wrote:

> I have attached it (password "virus"). It
> looks a lot like the first one that made libclam crash, in that it is an
> attachment of an attachment, so I would expect the previous fix also
> fixes this one.

This works fine for me, but don't forget I am running it through my version
of the code which is always going to be ahead of the next snapshot.

I see this from clamscan --mbox
200306260447-h5Q4lZ1n002994-0.eml: OK

- -Nigel

- --
Nigel Horne. Arranger, Composer, Conductor, Typesetter.
Owner of the brass band group of the Internet. ICQ#20252325
njh [at] bandsman http://www.bandsman.co.uk/music.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/TNE8Ov/MqfDWaY8RArNuAKCmpp3XO12zxETrAA+Ozzg8T/xWGACg0BKz
1dHQKOdgDQG/6LcD9AMPyX4=
=gFD4
-----END PGP SIGNATURE-----

ClamAV devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.