Hi all,
Are there any recommendations for compilation options on/with pcre?
I've tried several things but can't seem to get the build to work on anything other than OS X 10.11. I never have a problem moving my ClamAV builds between machines, but something's going wrong with PCRE support - even when I build PCRE on the destination machine, I always end up with the following error from clamscan:
LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0: unknown option bit(s) set
LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database
Here's a section of the output with --debug on:
LibClamAV debug: Ignoring signature Email.Trojan-417
LibClamAV debug: main.ndb loaded
LibClamAV debug: main.zmd loaded
LibClamAV debug: main.fp loaded
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV debug: /usr/local/share/clamav/main.cvd loaded
LibClamAV debug: Using filter for trie 0
LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0: unknown option bit(s) set
LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up
These are the options I'm passing to pcre's configure phase:
./configure --prefix=/usr/local --enable-newline-is-any --enable-utf --enable-unicode-properties --enable-rebuild-chartables --enable-pcre16 --enable-pcre32 --enable-jit
This is what I'm passing to ClamAV's configure phase:
./configure --disable-dependency-tracking --enable-llvm=no --enable-clamdtop --with-user=_clamav --with-group=_clamav --enable-all-jit-targets --with-pcre=/usr/local --prefix=/usr/local
I get the same results regardless of what options I pass to PCRE's configure script. I've also tried pcre-8.37 and pcre-8.38.
Can anyone suggest anything?
Many thanks
Mark
> On 20 Nov 2015, at 6:01 pm, Mickey Sola <msola@sourcefire.com> wrote:
>
> Hi Mark,
>
> Unfortunately, as of right now the only way to get pcre 8.38 is via their
> rc1 candidate (check the pcre-dev mailing list for a tarball).
>
> In practice, the pcre exploit ClamAV warns about (
> http://www.securitytracker.com/id/1032453) relies upon an explicitly
> malicious regex, so you don't have to worry too much unless you're using
> untrusted sigs. Everything should still compile and run just fine, even
> with 8.37.
>
> - Mickey
>
> On Fri, Nov 20, 2015 at 8:08 AM, Mark Allan <markjallan@gmail.com> wrote:
>
>> Hi all,
>>
>> I saw the blog post about v0.99 rc 2 and have downloaded it for testing.
>>
>> It looks like bug 11411 [
>> https://bugzilla.clamav.net/show_bug.cgi?id=11411 ] is still open, so I
>> decided to download and build PCRE as well.
>>
>> I initially tried the PCRE2 branch but it wasn't recognised by ClamAV's
>> configure script, so I went with the most up-to-date version of PCRE (which
>> is currently 8.37) but now configure outputs the following:
>>
>> configure: WARNING: The installed pcre version may contain a security bug.
>> Please upgrade to 8.38 or later: http://www.pcre.org
>>
>> There is no 8.38 that I can see:
>> https://sourceforge.net/projects/pcre/files/pcre/
>>
>> Are you just assuming that 8.38 will be coming soon to fix the bug, or is
>> there a download somewhere that I'm not seeing?
>>
>> Thanks
>> Mark
>>
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
http://www.clamav.net/contact.html#ml
Are there any recommendations for compilation options on/with pcre?
I've tried several things but can't seem to get the build to work on anything other than OS X 10.11. I never have a problem moving my ClamAV builds between machines, but something's going wrong with PCRE support - even when I build PCRE on the destination machine, I always end up with the following error from clamscan:
LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0: unknown option bit(s) set
LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database
Here's a section of the output with --debug on:
LibClamAV debug: Ignoring signature Email.Trojan-417
LibClamAV debug: main.ndb loaded
LibClamAV debug: main.zmd loaded
LibClamAV debug: main.fp loaded
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV debug: /usr/local/share/clamav/main.cvd loaded
LibClamAV debug: Using filter for trie 0
LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0: unknown option bit(s) set
LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up
These are the options I'm passing to pcre's configure phase:
./configure --prefix=/usr/local --enable-newline-is-any --enable-utf --enable-unicode-properties --enable-rebuild-chartables --enable-pcre16 --enable-pcre32 --enable-jit
This is what I'm passing to ClamAV's configure phase:
./configure --disable-dependency-tracking --enable-llvm=no --enable-clamdtop --with-user=_clamav --with-group=_clamav --enable-all-jit-targets --with-pcre=/usr/local --prefix=/usr/local
I get the same results regardless of what options I pass to PCRE's configure script. I've also tried pcre-8.37 and pcre-8.38.
Can anyone suggest anything?
Many thanks
Mark
> On 20 Nov 2015, at 6:01 pm, Mickey Sola <msola@sourcefire.com> wrote:
>
> Hi Mark,
>
> Unfortunately, as of right now the only way to get pcre 8.38 is via their
> rc1 candidate (check the pcre-dev mailing list for a tarball).
>
> In practice, the pcre exploit ClamAV warns about (
> http://www.securitytracker.com/id/1032453) relies upon an explicitly
> malicious regex, so you don't have to worry too much unless you're using
> untrusted sigs. Everything should still compile and run just fine, even
> with 8.37.
>
> - Mickey
>
> On Fri, Nov 20, 2015 at 8:08 AM, Mark Allan <markjallan@gmail.com> wrote:
>
>> Hi all,
>>
>> I saw the blog post about v0.99 rc 2 and have downloaded it for testing.
>>
>> It looks like bug 11411 [
>> https://bugzilla.clamav.net/show_bug.cgi?id=11411 ] is still open, so I
>> decided to download and build PCRE as well.
>>
>> I initially tried the PCRE2 branch but it wasn't recognised by ClamAV's
>> configure script, so I went with the most up-to-date version of PCRE (which
>> is currently 8.37) but now configure outputs the following:
>>
>> configure: WARNING: The installed pcre version may contain a security bug.
>> Please upgrade to 8.38 or later: http://www.pcre.org
>>
>> There is no 8.38 that I can see:
>> https://sourceforge.net/projects/pcre/files/pcre/
>>
>> Are you just assuming that 8.38 will be coming soon to fix the bug, or is
>> there a download somewhere that I'm not seeing?
>>
>> Thanks
>> Mark
>>
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
http://www.clamav.net/contact.html#ml