[Pkg-clamav-devel] Bug#1073128: clamav: unaligned access on armhf architecture
Gianfranco Costamagna
locutusofborg at debian.org
Thu Jun 13 08:34:14 BST 2024
Source: clamav
Version: 1.3.1+dfsg-3
Severity: serious
tags: patch
Hello, in Ubuntu, where the kernel is configured to forbid unaligned accesses on armhf, the package FTBFS
(this should be reproducible also on some Debian buildd machines, this is why I'm reporting as serious severity)
example of failure:
https://launchpadlibrarian.net/734963041/buildlog_ubuntu-oracular-armhf.clamav_1.3.1+dfsg-3ubuntu1_BUILDING.txt.gz
3: clamscan/fp_check_test.py::TC::test_fp_for_normalized PASSED [ 52%]
5: freshclam_test.py::TC::test_freshclam_08_cdiff_update_twice PASSED [100%]
5:
5: =============================== warnings summary ===============================
5: freshclam_test.py:20
5: /<<PKGBUILDDIR>>/unit_tests/freshclam_test.py:20: DeprecationWarning: 'cgi' is deprecated and slated for removal in Python 3.13
5: import cgi
5:
5: -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
5: ================== 10 passed, 1 skipped, 1 warning in 49.40s ===================
3: clamscan/fp_check_test.py::TC::test_fp_for_normalized_wild PASSED [ 54%]
4: clamd_test.py::TC::test_clamd_08_VirusEvent PASSED [ 69%]
3: clamscan/fp_check_test.py::TC::test_fp_for_zipped_file PASSED [ 56%]
3: clamscan/fp_check_test.py::TC::test_fp_for_zipped_file_wild PASSED [ 58%]
2/6 Test #5: freshclam ........................ Passed 51.50 sec
test 6
Start 6: sigtool
6: Test command: /usr/bin/pytest "-v" "sigtool_test.py"
6: Working Directory: /<<PKGBUILDDIR>>/unit_tests
6: Environment variables:
6: PYTHONTRACEMALLOC=1
6: VERSION=1.3.1
6: SOURCE=/<<PKGBUILDDIR>>
6: BUILD=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf
6: TMP=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests
6: CK_FORK=no
6: CK_DEFAULT_TIMEOUT=300
6: LD_LIBRARY_PATH=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/libfreshclam:/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/libclamav:/usr/lib/arm-linux-gnueabihf:
6: DYLD_LIBRARY_PATH=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/libfreshclam:/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/libclamav:/usr/lib/arm-linux-gnueabihf:
6: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
6: LIBSSL=/usr/lib/arm-linux-gnueabihf/libssl.so
6: LIBCRYPTO=/usr/lib/arm-linux-gnueabihf/libcrypto.so
6: LIBZ=/usr/lib/arm-linux-gnueabihf/libz.so
6: LIBBZ2=/usr/lib/arm-linux-gnueabihf/libbz2.so
6: LIBPCRE2=/usr/lib/arm-linux-gnueabihf/libpcre2-8.so
6: LIBXML2=/usr/lib/arm-linux-gnueabihf/libxml2.so
6: LIBCURL=/usr/lib/arm-linux-gnueabihf/libcurl.so
6: LIBJSONC=/usr/lib/arm-linux-gnueabihf/libjson-c.so
6: LIBICONV=
6: LLVM_LIBS=
6: LLVM_DIRS=
6: LIBPTHREADW32=
6: LIBWIN32COMPAT=
6: LIBCLAMAV=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/libclamav/libclamav.so.12.0.2
6: LIBCLAMMSPACK=/usr/lib/arm-linux-gnueabihf/libmspack.so
6: LIBCLAMUNRARIFACE=
6: LIBCLAMUNRAR=
6: CHECK_CLAMAV=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/check_clamav
6: CHECK_CLAMD=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/check_clamd
6: CHECK_FPU_ENDIAN=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/check_fpu_endian
6: CLAMBC=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clambc/clambc
6: CLAMD=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamd/clamd
6: CLAMDSCAN=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamdscan/clamdscan
6: CLAMDTOP=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamdtop/clamdtop
6: CLAMSCAN=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamscan/clamscan
6: CLAMSUBMIT=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamsubmit/clamsubmit
6: CLAMCONF=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamconf/clamconf
6: FRESHCLAM=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/freshclam/freshclam
6: SIGTOOL=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/sigtool/sigtool
6: CLAMAV_MILTER=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamav-milter/clamav-milter
6: CLAMONACC=/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamonacc/clamonacc
6: Test timeout computed to be: 1500
3: clamscan/fuzzy_img_hash_test.py::TC::test_sigs_bad_algorithm PASSED [ 60%]
3: clamscan/fuzzy_img_hash_test.py::TC::test_sigs_bad_hamming PASSED [ 62%]
3: clamscan/fuzzy_img_hash_test.py::TC::test_sigs_bad_hash PASSED [ 64%]
3: clamscan/fuzzy_img_hash_test.py::TC::test_sigs_good_allmatch PASSED [ 66%]
4: clamd_test.py::TC::test_clamd_09_clamdscan_ExcludePath PASSED [ 76%]
6: ============================= test session starts ==============================
6: platform linux -- Python 3.12.3, pytest-7.4.4, pluggy-1.5.0 -- /usr/bin/python3
6: cachedir: .pytest_cache
6: rootdir: /<<PKGBUILDDIR>>/unit_tests
6: collecting ... collected 3 items
6:
3: clamscan/heuristics_test.py::TC::test_allmatch FAILED [ 67%]
6: sigtool_test.py::TC::test_sigtool_00_version PASSED [ 33%]
3: clamscan/heuristics_test.py::TC::test_allmatch_precedence FAILED [ 69%]
6: sigtool_test.py::TC::test_sigtool_01_run_cdiff PASSED [ 66%]
4: clamd_test.py::TC::test_clamd_10_allmatch_not_sticky PASSED [ 84%]
3: clamscan/heuristics_test.py::TC::test_hidden_by_strong_indicator FAILED [ 71%]
6: sigtool_test.py::TC::test_sigtool_02_rust_logs_messages_work PASSED [100%]
6:
6: ============================== 3 passed in 2.98s ===============================
4: clamd_test.py::TC::test_clamd_11_alertexceedsmax_maxfilesize PASSED [ 92%]
3: clamscan/heuristics_test.py::TC::test_only_heur FAILED [ 73%]
3/6 Test #6: sigtool .......................... Passed 4.61 sec
3: clamscan/heuristics_test.py::TC::test_precedence PASSED [ 75%]
4: clamd_test.py::TC::test_clamd_12_onenote_disabled PASSED [100%]
4:
4: ======================== 13 passed in 76.89s (0:01:16) =========================
3: clamscan/image_extraction_test.py::TC::test_HTML_style_with_detection PASSED [ 77%]
3: clamscan/image_extraction_test.py::TC::test_xls_jpeg_png PASSED [ 79%]
3: clamscan/image_extraction_test.py::TC::test_xls_with_detection PASSED [ 81%]
4/6 Test #4: clamd ............................ Passed 79.82 sec
3: clamscan/match_offsets_test.py::TC::test_LDB_VI PASSED [ 83%]
3: clamscan/match_offsets_test.py::TC::test_yara_at_offset PASSED [ 84%]
1: libclamav_test.py::TC::test_libclamav_00_unit_test PASSED [100%]
1:
1: ======================== 1 passed in 100.35s (0:01:40) =========================
3: clamscan/match_offsets_test.py::TC::test_yara_in_range PASSED [ 86%]
3: clamscan/phishing_test.py::TC::test_not_enabled PASSED [ 88%]
5/6 Test #1: libclamav ........................ Passed 103.82 sec
3: clamscan/phishing_test.py::TC::test_ssl_and_cloak PASSED [ 90%]
3: clamscan/regex_test.py::TC::test_ldb_multi_pcre PASSED [ 92%]
3: clamscan/regex_test.py::TC::test_ldb_offset_pcre PASSED [ 94%]
3: clamscan/regex_test.py::TC::test_pcre_flag PASSED [ 96%]
3: clamscan/regex_test.py::TC::test_slash_colon PASSED [ 98%]
3: clamscan/regex_test.py::TC::test_yara PASSED [100%]
3:
3: =================================== FAILURES ===================================
3: _______________________________ TC.test_allmatch _______________________________
3:
3: self = <heuristics_test.TC testMethod=test_allmatch>
3:
3: def test_allmatch(self):
3: '''
3: This test uses a ZIP that has two things:
3: 1. malformed file that will alert with --alert-broken-media
3: 2. the clam.exe file that will alert normally.
3: The idea is that since the malformed file is first, the heuristic alert will be encountered first.
3:
3: In this test we use --allmatch but we don't use --heuristic-scan-precedence.
3: That means the NDB sig should alert first, even though the heuristic is encountered first.
3: Note the verify_output() uses STRICT_ORDER.
3: '''
3: self.step_name('Test that a clam heuristic alert will alert LAST in allmatch mode without heuristic-precedence.')
3:
3: testfile = TC.heuristics_testfile
3:
3: command = '{valgrind} {valgrind_args} {clamscan} -d {clam_exe_db} {testfiles} --alert-broken-media \
3: --allmatch'.format(
3: valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
3: clam_exe_db=TC.path_tmp / 'clam.ndb',
3: testfiles=testfile,
3: )
3: output = self.execute_command(command)
3:
3: > assert output.ec == 1 # virus
3: E AssertionError: assert 135 == 1
3: E + where 135 = CmdResult(ec=135, out='', err='Bus error (core dumped)\n').ec
3:
3: /<<PKGBUILDDIR>>/unit_tests/clamscan/heuristics_test.py:158: AssertionError
3: ----------------------------- Captured stdout call -----------------------------
3:
3: [INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3: [INFO]: Test that a clam heuristic alert will alert LAST in allmatch mode without heuristic-precedence.
3: [INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3: [DEBUG]: Run command: /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamscan/clamscan -d /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/clam.ndb /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip --alert-broken-media --allmatch
3: [DEBUG]: Exit code: 135
3: [DEBUG]: stdout:
3: [DEBUG]: stderr: Bus error (core dumped)
3:
3:
3: _________________________ TC.test_allmatch_precedence __________________________
3:
3: self = <heuristics_test.TC testMethod=test_allmatch_precedence>
3:
3: def test_allmatch_precedence(self):
3: '''
3: This test uses a ZIP that has two things:
3: 1. malformed file that will alert with --alert-broken-media
3: 2. the clam.exe file that will alert normally.
3: The idea is that since the malformed file is first, the heuristic alert will be encountered first.
3:
3: In this test we use --allmatch AND we use --heuristic-scan-precedence.
3: That means the heuristic is encountered first and should be treated equally, so it should alert first.
3: Note the verify_output() uses STRICT_ORDER.
3: '''
3: self.step_name('Test that a clam heuristic alert will alert FIRST in allmatch mode with heuristic-precedence.')
3:
3: testfile = TC.heuristics_testfile
3:
3: command = '{valgrind} {valgrind_args} {clamscan} -d {clam_exe_db} {testfiles} --alert-broken-media \
3: --allmatch \
3: --heuristic-scan-precedence'.format(
3: valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
3: clam_exe_db=TC.path_tmp / 'clam.ndb',
3: testfiles=testfile,
3: )
3: output = self.execute_command(command)
3:
3: > assert output.ec == 1 # virus
3: E AssertionError: assert 135 == 1
3: E + where 135 = CmdResult(ec=135, out='/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip: Heuristics.Broken.Media.PNG.EOFReadingChunk FOUND\n', err='Bus error (core dumped)\n').ec
3:
3: /<<PKGBUILDDIR>>/unit_tests/clamscan/heuristics_test.py:190: AssertionError
3: ----------------------------- Captured stdout call -----------------------------
3:
3: [INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3: [INFO]: Test that a clam heuristic alert will alert FIRST in allmatch mode with heuristic-precedence.
3: [INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3: [DEBUG]: Run command: /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamscan/clamscan -d /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/clam.ndb /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip --alert-broken-media --allmatch --heuristic-scan-precedence
3: [DEBUG]: Exit code: 135
3: [DEBUG]: stdout: /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip: Heuristics.Broken.Media.PNG.EOFReadingChunk FOUND
3:
3: [DEBUG]: stderr: Bus error (core dumped)
3:
3:
3: ______________________ TC.test_hidden_by_strong_indicator ______________________
3:
3: self = <heuristics_test.TC testMethod=test_hidden_by_strong_indicator>
3:
3: def test_hidden_by_strong_indicator(self):
3: '''
3: This test uses a ZIP that has two things:
3: 1. malformed file that will alert with --alert-broken-media
3: 2. the clam.exe file that will alert normally.
3: The idea is that since the malformed file is first, the heuristic alert will be encountered first.
3:
3: In this test the heuristic alert must not alert because neither allmatch is specified, nor --heuristic-scan-precedence
3: '''
3: self.step_name('Test that a clam heuristic not alert because regular sig alerts first.')
3:
3: testfile = TC.heuristics_testfile
3:
3: command = '{valgrind} {valgrind_args} {clamscan} -d {clam_exe_db} {testfiles} --alert-broken-media'.format(
3: valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
3: clam_exe_db=TC.path_tmp / 'clam.ndb',
3: testfiles=testfile,
3: )
3: output = self.execute_command(command)
3:
3: > assert output.ec == 1 # virus
3: E AssertionError: assert 135 == 1
3: E + where 135 = CmdResult(ec=135, out='', err='Bus error (core dumped)\n').ec
3:
3: /<<PKGBUILDDIR>>/unit_tests/clamscan/heuristics_test.py:70: AssertionError
3: ----------------------------- Captured stdout call -----------------------------
3:
3: [INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3: [INFO]: Test that a clam heuristic not alert because regular sig alerts first.
3: [INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3: [DEBUG]: Run command: /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamscan/clamscan -d /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/clam.ndb /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip --alert-broken-media
3: [DEBUG]: Exit code: 135
3: [DEBUG]: stdout:
3: [DEBUG]: stderr: Bus error (core dumped)
3:
3:
3: ______________________________ TC.test_only_heur _______________________________
3:
3: self = <heuristics_test.TC testMethod=test_only_heur>
3:
3: def test_only_heur(self):
3: '''
3: This test uses a ZIP that has two things:
3: 1. malformed file that will alert with --alert-broken-media
3: 2. the clam.exe file that will alert normally.
3: The idea is that since the malformed file is first, the heuristic alert will be encountered first.
3:
3: In this test the heuristic alert must alert because we don't use the sig for the other file.
3: '''
3: self.step_name('Test that a clam heuristic will alert, because it is the only detection.')
3:
3: testfile = TC.heuristics_testfile
3:
3: # Add an empty NDB file, because we need to pass in some sort of database.
3: (TC.path_tmp / 'empty.ndb').write_text(
3: "# Just a comment\n"
3: )
3:
3: command = '{valgrind} {valgrind_args} {clamscan} -d {clam_exe_db} {testfiles} --alert-broken-media'.format(
3: valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
3: clam_exe_db=TC.path_tmp / 'empty.ndb',
3: testfiles=testfile,
3: )
3: output = self.execute_command(command)
3:
3: > assert output.ec == 1 # virus
3: E AssertionError: assert 135 == 1
3: E + where 135 = CmdResult(ec=135, out='', err='Bus error (core dumped)\n').ec
3:
3: /<<PKGBUILDDIR>>/unit_tests/clamscan/heuristics_test.py:101: AssertionError
3: ----------------------------- Captured stdout call -----------------------------
3:
3: [INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3: [INFO]: Test that a clam heuristic will alert, because it is the only detection.
3: [INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3: [DEBUG]: Run command: /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamscan/clamscan -d /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/empty.ndb /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip --alert-broken-media
3: [DEBUG]: Exit code: 135
3: [DEBUG]: stdout:
3: [DEBUG]: stderr: Bus error (core dumped)
3:
3:
3: =========================== short test summary info ============================
3: FAILED clamscan/heuristics_test.py::TC::test_allmatch - AssertionError: asser...
3: FAILED clamscan/heuristics_test.py::TC::test_allmatch_precedence - AssertionE...
3: FAILED clamscan/heuristics_test.py::TC::test_hidden_by_strong_indicator - Ass...
3: FAILED clamscan/heuristics_test.py::TC::test_only_heur - AssertionError: asse...
3: =================== 4 failed, 49 passed in 110.64s (0:01:50) ===================
6/6 Test #3: clamscan .........................***Failed 114.20 sec
============================= test session starts ==============================
platform linux -- Python 3.12.3, pytest-7.4.4, pluggy-1.5.0 -- /usr/bin/python3
cachedir: .pytest_cache
rootdir: /<<PKGBUILDDIR>>/unit_tests
collecting ... collected 53 items
clamscan/_basic_test.py::TC::test_00_version PASSED [ 1%]
clamscan/_basic_test.py::TC::test_01_all_testfiles PASSED [ 3%]
clamscan/_basic_test.py::TC::test_02_all_testfiles_ign2 PASSED [ 5%]
clamscan/allmatch_test.py::TC::test_exe_imphash_plus_zipsfx PASSED [ 7%]
clamscan/allmatch_test.py::TC::test_exe_pattern_plus_zipsfx PASSED [ 9%]
clamscan/allmatch_test.py::TC::test_many_sigs PASSED [ 11%]
clamscan/allmatch_test.py::TC::test_many_sigs_no_allmatch PASSED [ 13%]
clamscan/allmatch_test.py::TC::test_pe_allmatch PASSED [ 15%]
clamscan/allmatch_test.py::TC::test_regression_cbc_and_ndb PASSED [ 16%]
clamscan/allmatch_test.py::TC::test_regression_imphash_nosize PASSED [ 18%]
clamscan/allmatch_test.py::TC::test_txt_plus_clam_zipsfx PASSED [ 20%]
clamscan/assorted_test.py::TC::test_00_version PASSED [ 22%]
clamscan/assorted_test.py::TC::test_iso_missing_joliet PASSED [ 24%]
clamscan/assorted_test.py::TC::test_onenote_disabled PASSED [ 26%]
clamscan/assorted_test.py::TC::test_pe_cert_block PASSED [ 28%]
clamscan/assorted_test.py::TC::test_pe_cert_trust PASSED [ 30%]
clamscan/assorted_test.py::TC::test_pe_cert_trust_archive PASSED [ 32%]
clamscan/assorted_test.py::TC::test_weak_indicator_icon PASSED [ 33%]
clamscan/bytecode_test.py::TC::test_pdf_hook PASSED [ 35%]
clamscan/container_sigs_test.py::TC::test_clamscan_container_cache PASSED [ 37%]
clamscan/container_sigs_test.py::TC::test_container PASSED [ 39%]
clamscan/container_sigs_test.py::TC::test_intermediates PASSED [ 41%]
clamscan/container_sigs_test.py::TC::test_intermediates_cache PASSED [ 43%]
clamscan/fp_check_test.py::TC::test_alerts_on_normalized PASSED [ 45%]
clamscan/fp_check_test.py::TC::test_alerts_on_zip PASSED [ 47%]
clamscan/fp_check_test.py::TC::test_fp_for_nonnormalized PASSED [ 49%]
clamscan/fp_check_test.py::TC::test_fp_for_nonnormalized_wild PASSED [ 50%]
clamscan/fp_check_test.py::TC::test_fp_for_normalized PASSED [ 52%]
clamscan/fp_check_test.py::TC::test_fp_for_normalized_wild PASSED [ 54%]
clamscan/fp_check_test.py::TC::test_fp_for_zipped_file PASSED [ 56%]
clamscan/fp_check_test.py::TC::test_fp_for_zipped_file_wild PASSED [ 58%]
clamscan/fuzzy_img_hash_test.py::TC::test_sigs_bad_algorithm PASSED [ 60%]
clamscan/fuzzy_img_hash_test.py::TC::test_sigs_bad_hamming PASSED [ 62%]
clamscan/fuzzy_img_hash_test.py::TC::test_sigs_bad_hash PASSED [ 64%]
clamscan/fuzzy_img_hash_test.py::TC::test_sigs_good_allmatch PASSED [ 66%]
clamscan/heuristics_test.py::TC::test_allmatch FAILED [ 67%]
clamscan/heuristics_test.py::TC::test_allmatch_precedence FAILED [ 69%]
clamscan/heuristics_test.py::TC::test_hidden_by_strong_indicator FAILED [ 71%]
clamscan/heuristics_test.py::TC::test_only_heur FAILED [ 73%]
clamscan/heuristics_test.py::TC::test_precedence PASSED [ 75%]
clamscan/image_extraction_test.py::TC::test_HTML_style_with_detection PASSED [ 77%]
clamscan/image_extraction_test.py::TC::test_xls_jpeg_png PASSED [ 79%]
clamscan/image_extraction_test.py::TC::test_xls_with_detection PASSED [ 81%]
clamscan/match_offsets_test.py::TC::test_LDB_VI PASSED [ 83%]
clamscan/match_offsets_test.py::TC::test_yara_at_offset PASSED [ 84%]
clamscan/match_offsets_test.py::TC::test_yara_in_range PASSED [ 86%]
clamscan/phishing_test.py::TC::test_not_enabled PASSED [ 88%]
clamscan/phishing_test.py::TC::test_ssl_and_cloak PASSED [ 90%]
clamscan/regex_test.py::TC::test_ldb_multi_pcre PASSED [ 92%]
clamscan/regex_test.py::TC::test_ldb_offset_pcre PASSED [ 94%]
clamscan/regex_test.py::TC::test_pcre_flag PASSED [ 96%]
clamscan/regex_test.py::TC::test_slash_colon PASSED [ 98%]
clamscan/regex_test.py::TC::test_yara PASSED [100%]
=================================== FAILURES ===================================
_______________________________ TC.test_allmatch _______________________________
self = <heuristics_test.TC testMethod=test_allmatch>
def test_allmatch(self):
'''
This test uses a ZIP that has two things:
1. malformed file that will alert with --alert-broken-media
2. the clam.exe file that will alert normally.
The idea is that since the malformed file is first, the heuristic alert will be encountered first.
In this test we use --allmatch but we don't use --heuristic-scan-precedence.
That means the NDB sig should alert first, even though the heuristic is encountered first.
Note the verify_output() uses STRICT_ORDER.
'''
self.step_name('Test that a clam heuristic alert will alert LAST in allmatch mode without heuristic-precedence.')
testfile = TC.heuristics_testfile
command = '{valgrind} {valgrind_args} {clamscan} -d {clam_exe_db} {testfiles} --alert-broken-media \
--allmatch'.format(
valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
clam_exe_db=TC.path_tmp / 'clam.ndb',
testfiles=testfile,
)
output = self.execute_command(command)
> assert output.ec == 1 # virus
E AssertionError: assert 135 == 1
E + where 135 = CmdResult(ec=135, out='', err='Bus error (core dumped)\n').ec
/<<PKGBUILDDIR>>/unit_tests/clamscan/heuristics_test.py:158: AssertionError
----------------------------- Captured stdout call -----------------------------
[INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[INFO]: Test that a clam heuristic alert will alert LAST in allmatch mode without heuristic-precedence.
[INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[DEBUG]: Run command: /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamscan/clamscan -d /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/clam.ndb /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip --alert-broken-media --allmatch
[DEBUG]: Exit code: 135
[DEBUG]: stdout:
[DEBUG]: stderr: Bus error (core dumped)
_________________________ TC.test_allmatch_precedence __________________________
self = <heuristics_test.TC testMethod=test_allmatch_precedence>
def test_allmatch_precedence(self):
'''
This test uses a ZIP that has two things:
1. malformed file that will alert with --alert-broken-media
2. the clam.exe file that will alert normally.
The idea is that since the malformed file is first, the heuristic alert will be encountered first.
In this test we use --allmatch AND we use --heuristic-scan-precedence.
That means the heuristic is encountered first and should be treated equally, so it should alert first.
Note the verify_output() uses STRICT_ORDER.
'''
self.step_name('Test that a clam heuristic alert will alert FIRST in allmatch mode with heuristic-precedence.')
testfile = TC.heuristics_testfile
command = '{valgrind} {valgrind_args} {clamscan} -d {clam_exe_db} {testfiles} --alert-broken-media \
--allmatch \
--heuristic-scan-precedence'.format(
valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
clam_exe_db=TC.path_tmp / 'clam.ndb',
testfiles=testfile,
)
output = self.execute_command(command)
> assert output.ec == 1 # virus
E AssertionError: assert 135 == 1
E + where 135 = CmdResult(ec=135, out='/<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip: Heuristics.Broken.Media.PNG.EOFReadingChunk FOUND\n', err='Bus error (core dumped)\n').ec
/<<PKGBUILDDIR>>/unit_tests/clamscan/heuristics_test.py:190: AssertionError
----------------------------- Captured stdout call -----------------------------
[INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[INFO]: Test that a clam heuristic alert will alert FIRST in allmatch mode with heuristic-precedence.
[INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[DEBUG]: Run command: /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamscan/clamscan -d /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/clam.ndb /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip --alert-broken-media --allmatch --heuristic-scan-precedence
[DEBUG]: Exit code: 135
[DEBUG]: stdout: /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip: Heuristics.Broken.Media.PNG.EOFReadingChunk FOUND
[DEBUG]: stderr: Bus error (core dumped)
______________________ TC.test_hidden_by_strong_indicator ______________________
self = <heuristics_test.TC testMethod=test_hidden_by_strong_indicator>
def test_hidden_by_strong_indicator(self):
'''
This test uses a ZIP that has two things:
1. malformed file that will alert with --alert-broken-media
2. the clam.exe file that will alert normally.
The idea is that since the malformed file is first, the heuristic alert will be encountered first.
In this test the heuristic alert must not alert because neither allmatch is specified, nor --heuristic-scan-precedence
'''
self.step_name('Test that a clam heuristic not alert because regular sig alerts first.')
testfile = TC.heuristics_testfile
command = '{valgrind} {valgrind_args} {clamscan} -d {clam_exe_db} {testfiles} --alert-broken-media'.format(
valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
clam_exe_db=TC.path_tmp / 'clam.ndb',
testfiles=testfile,
)
output = self.execute_command(command)
> assert output.ec == 1 # virus
E AssertionError: assert 135 == 1
E + where 135 = CmdResult(ec=135, out='', err='Bus error (core dumped)\n').ec
/<<PKGBUILDDIR>>/unit_tests/clamscan/heuristics_test.py:70: AssertionError
----------------------------- Captured stdout call -----------------------------
[INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[INFO]: Test that a clam heuristic not alert because regular sig alerts first.
[INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[DEBUG]: Run command: /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamscan/clamscan -d /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/clam.ndb /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip --alert-broken-media
[DEBUG]: Exit code: 135
[DEBUG]: stdout:
[DEBUG]: stderr: Bus error (core dumped)
______________________________ TC.test_only_heur _______________________________
self = <heuristics_test.TC testMethod=test_only_heur>
def test_only_heur(self):
'''
This test uses a ZIP that has two things:
1. malformed file that will alert with --alert-broken-media
2. the clam.exe file that will alert normally.
The idea is that since the malformed file is first, the heuristic alert will be encountered first.
In this test the heuristic alert must alert because we don't use the sig for the other file.
'''
self.step_name('Test that a clam heuristic will alert, because it is the only detection.')
testfile = TC.heuristics_testfile
# Add an empty NDB file, because we need to pass in some sort of database.
(TC.path_tmp / 'empty.ndb').write_text(
"# Just a comment\n"
)
command = '{valgrind} {valgrind_args} {clamscan} -d {clam_exe_db} {testfiles} --alert-broken-media'.format(
valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
clam_exe_db=TC.path_tmp / 'empty.ndb',
testfiles=testfile,
)
output = self.execute_command(command)
> assert output.ec == 1 # virus
E AssertionError: assert 135 == 1
E + where 135 = CmdResult(ec=135, out='', err='Bus error (core dumped)\n').ec
/<<PKGBUILDDIR>>/unit_tests/clamscan/heuristics_test.py:101: AssertionError
----------------------------- Captured stdout call -----------------------------
[INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[INFO]: Test that a clam heuristic will alert, because it is the only detection.
[INFO]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[DEBUG]: Run command: /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/clamscan/clamscan -d /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/empty.ndb /<<PKGBUILDDIR>>/obj-arm-linux-gnueabihf/unit_tests/TC-r8erx0vs/heuristics-test.zip --alert-broken-media
[DEBUG]: Exit code: 135
[DEBUG]: stdout:
[DEBUG]: stderr: Bus error (core dumped)
The following patch makes sure the unaligned access is fixed:
Description: resolve armhf failure to build from source.
Author: Vladimir Petko <vladimir.petko at canonical.com>
--- a/libclamav/special.c
+++ b/libclamav/special.c
@@ -48,7 +48,8 @@
int cli_check_mydoom_log(cli_ctx *ctx)
{
- const uint32_t *record;
+ const uint32_t record[16];
+ const uint32_t mask = 0xffffffff;
uint32_t check, key;
fmap_t *map = ctx->fmap;
unsigned int blocks = map->len / (8 * 4);
@@ -59,14 +60,20 @@
if (blocks > 5)
blocks = 5;
- record = fmap_need_off_once(map, 0, 8 * 4 * blocks);
- if (!record)
+ // returns unaligned memory block
+ const char* data = fmap_need_off_once(map, 0, 8 * 4 * blocks);
+ if (!data)
return CL_CLEAN;
+
while (blocks) { /* This wasn't probably intended but that's what the current code does anyway */
- if (record[--blocks] == 0xffffffff)
+ unsigned int offset = --blocks;
+ offset *=sizeof(uint32_t);
+ // safe (but slow) on unaligned memory
+ if (!memcmp(&data[offset], &mask, sizeof(uint32_t)))
return CL_CLEAN;
}
-
+ // copy into aligned array to perform bit operations
+ memcpy(record, data, sizeof(record));
key = ~be32_to_host(record[0]);
check = (be32_to_host(record[1]) ^ key) +
(be32_to_host(record[2]) ^ key) +
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-clamav-devel/attachments/20240613/c5b23498/attachment-0001.sig>
More information about the Pkg-clamav-devel
mailing list