[Pkg-clamav-devel] Bug#773318: clamav dies/hangs

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Sat Dec 20 11:12:13 UTC 2014 

Control: tags 773041 security
Control: severity 773041 grave
Justification: causes remote denial of service

Hi James,

On 19.12.2014 23:12, James Cloos wrote:
> Even w/ the milter not called, one of the MXs has one clamd thread
> consuming 100% cpu right now.  gdb says:
>
> #0  0x00007fd0b4791ed0 in ?? () from /usr/lib/x86_64-linux-gnu/libmspack.so.0
> #1  0x00007fd0b47863ea in ?? () from /usr/lib/x86_64-linux-gnu/libmspack.so.0
> #2  0x00007fd0b55c1e26 in cli_scanmscab (ctx=0x7fd096dfb6b0, sfx_offset=256) at libmspack.c:384
> #3  0x00007fd0b5597aa0 in magic_scandesc (ctx=0x7fd096dfb6b0, type=CL_TYPE_ANY)
>      at scanners.c:2703
> #4  0x00007fd0b5598059 in cli_base_scandesc (desc=12, ctx=0x7fd096dfb6b0, type=CL_TYPE_ANY)
>      at scanners.c:3051
> #5  0x00007fd0b559bf33 in fileblobScan (fb=0x7fd088003910) at blob.c:641
> #6  0x00007fd0b559c01d in fileblobScanAndDestroy (fb=fb at entry=0x7fd088003910) at blob.c:399
> #7  0x00007fd0b55a08db in do_multipart (mainMessage=0x0, messages=<optimized out>,
>      i=<optimized out>, rc=0x7fd096dfa35c, mctx=0x7fd096dfa420, messageIn=<optimized out>,
>      tptr=0x7fd096dfa360, recursion_level=0) at mbox.c:3712
> #8  0x00007fd0b55a0019 in parseEmailBody (messageIn=0x7fd095df4000,
>      messageIn at entry=0x7fd088004940, textIn=0x100, textIn at entry=0x0, mctx=0x7fd0880047b1,
>      recursion_level=32512, recursion_level at entry=0) at mbox.c:1533
> #9  0x00007fd0b55a1232 in cli_parse_mbox (
>      dir=dir at entry=0x7fd088000e50 "/tmp/clamav-4b94ddbad0a132b5af6d2f6db3a76e40.tmp",
>      ctx=ctx at entry=0x7fd096dfb6b0) at mbox.c:508
> #10 0x00007fd0b55a1b1a in cli_mbox (
>      dir=dir at entry=0x7fd088000e50 "/tmp/clamav-4b94ddbad0a132b5af6d2f6db3a76e40.tmp",
>      ctx=ctx at entry=0x7fd096dfb6b0) at mbox.c:309
> #11 0x00007fd0b5579218 in cli_scanmail (ctx=0x7fd096dfb6b0) at scanners.c:1702

Thanks for the backtrace!

As it shows that clamd hangs in libmspack, I think this is bug #773041 
[1]. A possible fix is mentioned in [2]. We'll have to include it in the 
libmspack copy embedded in clamav, which is used in wheezy.

Best regards,
Andreas


1: https://bugs.debian.org/773041
2: https://bugs.debian.org/773041#8

More information about the Pkg-clamav-devel mailing list