clamav icon indicating copy to clipboard operation
clamav copied to clipboard

Published 20 hours ago verified publisher icon Cisco-Talos

CR / CRLF line ending compatibility on Windows with versions 1.3.1, 1.3.2, 1.4.0 and 1.4.1

Open gotspatel opened this issue 5 months ago • 6 comments

Describe the bug ---------------- I had version 1.3.0 installed and perfectly running on window server 2019 VM, Yesterday tried updating it to 1.4.0 but found issues with freshclam service (it stopped abruptly and immediately on start generating error in eventlog as below)

Faulting application name: freshclam.exe, version: 1.4.0.0, time stamp: 0x66bd0724
Faulting module name: ucrtbase.dll, version: 10.0.17763.6189, time stamp: 0xbc3e3f37
Exception code: 0xc0000005
Fault offset: 0x0000000000025990
Faulting process id: 0x2c68
Faulting application start time: 0x01daff5f791b2503
Faulting application path: C:\Program Files\ClamAV\freshclam.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 730971f8-e1fc-4528-a917-98a91128208a
Faulting package full name: 
Faulting package-relative application ID:

Then I tried Fresh Install of Version 1.4.0 Again, but same issue

Later I tried fresh install of 1.4.1, but same issue So I again tested with 1.3.1, 1.3.2 version also but same issue

I reverted back to 1.3.0 again and there is no problem for freshclam service it works flawlessly as before and updated the signatures

How to reproduce the problem ----------------------------

Try installing it on Windows Server 2019 with all VC Libs installed using abbodi1406 script

I did fresh install on a fresh VM and I was able to reproduce the same for all version 1.3.1, 1.3.2, 1.40. and 1.4.1

C:\Program Files\ClamAV>clamconf -n Checking configuration files in C:\Program Files\ClamAV

Config file: clamd.conf

LogFile = "C:\Program Files\ClamAV\logs\clamd.log" LogTime = "yes" LogVerbose = "yes" LogRotate = "yes" ExtendedDetectionInfo = "yes" TemporaryDirectory = "C:\temp\CLAMTemp" TCPSocket = "3310" TCPAddr = "127.0.0.1" ExcludePath = "C:\Windows", "C:\Scripts" SelfCheck = "1800" AlertBrokenExecutables = "yes" MaxRecursion = "40"

Config file: freshclam.conf

LogTime = "yes" LogRotate = "yes" Foreground = "yes" UpdateLogFile = "C:\Program Files\ClamAV\logs\freshclam.log" Checks = "24" DatabaseMirror = "database.clamav.net" DatabaseCustomURL = <<<< REMOVED AS IT HAS SENSITIVE INFORMATION >>>>

clamav-milter.conf not found

Software settings

Version: 1.3.0 Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 JSON RAR

Database information

Database directory: C:\Program Files\ClamAV\database [3rd Party] badmacro.ndb: 706 sigs [3rd Party] blurl.ndb: 1953 sigs [3rd Party] bofhland_cracked_URL.ndb: 40 sigs [3rd Party] bofhland_malware_attach.hdb: 1836 sigs [3rd Party] bofhland_malware_URL.ndb: 4 sigs [3rd Party] bofhland_phishing_URL.ndb: 72 sigs bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 21:07:24 2024 daily.cld: version 27387, sigs: 2066357, built on Tue Sep 3 14:08:04 2024 daily.cvd: version 27389, sigs: 2066461, built on Thu Sep 5 14:03:25 2024 [3rd Party] foxhole.ign2: 6 sigs [3rd Party] foxhole_all.cdb: 149 sigs [3rd Party] foxhole_all.ndb: 101 sigs [3rd Party] foxhole_filename.cdb: 3609 sigs [3rd Party] foxhole_generic.cdb: 215 sigs [3rd Party] foxhole_js.cdb: 48 sigs [3rd Party] foxhole_js.ndb: 4 sigs [3rd Party] foxhole_mail.cdb: 37 sigs [3rd Party] hackingteam.hsb: 435 sigs [3rd Party] ignore_list.ign2: 1 sig [3rd Party] interserver256.hdb: 28766 sigs [3rd Party] interservertopline.db: 1138 sigs [3rd Party] javascript.ndb: 10557 sigs [3rd Party] junk.ndb: 55064 sigs [3rd Party] jurlbl.ndb: 29699 sigs [3rd Party] lott.ndb: 2337 sigs main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 18:02:42 2021 [3rd Party] malware.expert.hdb: 1 sig [3rd Party] malwarehash.hsb: 1031 sigs [3rd Party] MiscreantPunch099-Low.ldb: 1199 sigs [3rd Party] phish.ndb: 30709 sigs [3rd Party] phishtank.ndb: 1 sig [3rd Party] porcupine.hsb: 183 sigs [3rd Party] porcupine.ndb: 1607 sigs [3rd Party] rogue.hdb: 7287 sigs [3rd Party] sanesecurity.ftm: 185 sigs [3rd Party] Sanesecurity_sigtest.yara: 54 sigs [3rd Party] Sanesecurity_spam.yara: 46 sigs [3rd Party] scam.ndb: 13097 sigs [3rd Party] securiteinfo.hdb: 49086 sigs [3rd Party] securiteinfo.ign2: 222 sigs [3rd Party] securiteinfoandroid.hdb: 29652 sigs [3rd Party] securiteinfoascii.hdb: 36181 sigs [3rd Party] securiteinfohtml.hdb: 32966 sigs [3rd Party] securiteinfoold.hdb: 4145583 sigs [3rd Party] securiteinfopdf.hdb: 3408 sigs [3rd Party] shell.hdb: 4277 sigs [3rd Party] shell.ldb: 57 sigs [3rd Party] shellb.db: 292 sigs [3rd Party] shelter.ldb: 62 sigs [3rd Party] sigwhitelist.ign2: 18 sigs [3rd Party] spam.ldb: 2 sigs [3rd Party] spamattach.hdb: 14 sigs [3rd Party] spamimg.hdb: 233 sigs [3rd Party] spam_marketing.ndb: 37626 sigs [3rd Party] spear.ndb: 1 sig [3rd Party] spearl.ndb: 1 sig [3rd Party] urlhaus.ndb: 10705 sigs [3rd Party] whitelist.fp: 3081 sigs [3rd Party] winnow.attachments.hdb: 1 sig [3rd Party] winnow_bad_cw.hdb: 1 sig [3rd Party] winnow_extended_malware.hdb: 1 sig [3rd Party] winnow_malware.hdb: 1 sig [3rd Party] winnow_malware_links.ndb: 133 sigs [3rd Party] winnow_phish_complete.ndb: 53 sigs Total number of signatures: 15326165

Platform information

uname: Microsoft Windows Server 6.2 SP0.0 Build 9200 OS: Windows, ARCH: AMD64, CPU: AMD64 zlib version: 1.3.1 (1.3.1), compile flags: 65 platform id: 0x1025c8c80800000000000792

Build information

Microsoft Visual C++: (0.7.146) sizeof(void*) = 8 Engine flevel: 200, dconf: 200

C:\Program Files\ClamAV>

gotspatel avatar Sep 06 '24 03:09 gotspatel