clamav icon indicating copy to clipboard operation
clamav copied to clipboard

Published 20 hours ago verified publisher icon Cisco-Talos

libyara code used in ClamAV needs to be updated

Open micahsnyder opened this issue 1 year ago • 6 comments

Describe the bug

ClamAV includes some yara headers and parser logic (lex/grammar stuff) from libyara for loading yara rules into the pattern matching structures alongside traditional clamav logical signatures. Our copy of these yara structures, lexer, and grammar files are circa 2014 (~9 years old!) and should really be updated:

libclamav/yara_arena.c
libclamav/yara_arena.h
libclamav/yara_clam.h
libclamav/yara_compiler.c
libclamav/yara_compiler.h
libclamav/yara_exec.c
libclamav/yara_exec.h
libclamav/yara_grammar.c
libclamav/yara_grammar.h
libclamav/yara_grammar.y
libclamav/yara_hash.c
libclamav/yara_hash.h
libclamav/yara_lexer.c
libclamav/yara_lexer.h
libclamav/yara_lexer.l
libclamav/yara_parser.c
libclamav/yara_parser.h

I have two reasons for wanting to update.

  1. there was an old bugzilla ticket describing an incompatibility between GPLv2 and the old license used by libyara (Apache 2.0). The gist is that Apache 2.0 isn't as "free" as GPLv2, so people who own the GPLv2 code (us) may object to the less-free Apache 2.0 being included. For the record, we're cool with it -- but rather than add and exception to our COPYING.txt file to say as much, we planned to just upgrade the code. That... just hasn't happened yet.

  2. Oss-fuzz has found a handful of issues with code quality when loading yara sigs into clam. At least a few of these are issues fixed in modern yara code. Upgrading our copy of those sources should resolve them.

micahsnyder avatar Dec 14 '23 17:12 micahsnyder

For internal reference, see Jira CLAM-1058

micahsnyder avatar Dec 14 '23 17:12 micahsnyder

Can I work on the version upgrade?

Rutuj-Runwal avatar Dec 16 '23 15:12 Rutuj-Runwal

I believe we talked about this in Discord chat. Leaving a note here so it doesn't look like we don't want the help.

Per the discord chat discussion, I created this issue for @brightprogrammer to work on. I don't know their username on Github. If that's not you, feel free to ask if they decide they can't work on it if they want to hand off to you.

micahsnyder avatar Jan 09 '24 16:01 micahsnyder

Yes that's me. Was too enthusiastic at that moment. Started working on it and then went off a tangent. Sorry for that 🙏

brightprogrammer avatar Jan 09 '24 16:01 brightprogrammer

@brightprogrammer do you want to work on it in the future, or hand off to @Rutuj-Runwal ?

micahsnyder avatar Jan 09 '24 16:01 micahsnyder

Hand over please. I won't be able to continue my work here.

brightprogrammer avatar Jan 09 '24 16:01 brightprogrammer