sunburst_countermeasures icon indicating copy to clipboard operation
sunburst_countermeasures copied to clipboard
verified publisher icon mandiant

ClamAV malformed database for Raw64 dropper

Open siemhermans opened this issue 5 years ago • 0 comments

ClamAV seems to experience issues when reading the ruleset from APT_Dropper_Raw64_TEARDROP_1.yar on Ubuntu 18.04.5 LTS. All other Yara rulesets work without issues.

$ clamscan -ir -d APT_Dropper_Raw64_TEARDROP_1.yar /
LibClamAV Error: parse_yara_hex_string: Single byte subpatterns unsupported in ClamAV
LibClamAV Error: load_oneyara: error in parsing yara hex string
LibClamAV Warning: load_oneyara: clamav cannot support 1 input strings, skipping YARA.APT_Dropper_Raw64_TEARDROP_1
LibClamAV Warning: cli_loadyara: problem parsing yara file APT_Dropper_Raw64_TEARDROP_1.yar, yara rule APT_Dropper_Raw64_TEARDROP_1
LibClamAV Error: Can't load APT_Dropper_Raw64_TEARDROP_1.yar: Malformed database
ERROR: Malformed database

----------- SCAN SUMMARY -----------
Known viruses: 0
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.006 sec (0 m 0 s)                                                                                                                                                                                                                                                                                                 

$  clamscan --version                                                            
ClamAV 0.102.4/26024/Mon Dec 21 13:48:10 2020

siemhermans avatar Dec 21 '20 21:12 siemhermans