Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] new clamav definitions arent working with current install
clamav-users at lists
Feb 18, 2020, 11:44 AM
Post #1 of 2 (267 views)
Permalink
I have ClamAV engine 0.99.2 installed and it no longer works with currently provided definitions
is there some way to reformat the currently downloaded definition so they will work in this older environment?

(I have tried to upgrade my PCRE version but to no avail I am running RHEL 5.5 which I cannot upgrade for reasons I wont go into)

[root@wclceste5 pcre]# clamscan -v
LibClamAV Error: cli_pcre_compile: PCRE compilation failed at offset 20: unrecognized character after (?<
LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database

----------- SCAN SUMMARY -----------
Known viruses: 6744096
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 110.135 sec (1 m 50 s)
[root@wclceste5 pcre]#
Re: [clamav-users] new clamav definitions arent working with current install [ In reply to ]
clamav-users at lists
Feb 21, 2020, 12:41 PM
Post #2 of 2 (263 views)
Permalink
You absolutely must upgrade. While the issue at hand is probably because your libpcre package is older and can’t handle newer features used in the current database, I must stress that 0.99.2 has unpatched publicly known vulnerabilities. Scanning untrusted user content carries an inherent risk and doubly so for product versions with disclosed vulnerabilities. I should also note that RHEL 5 is also past end-of-life, meaning ClamAV probably isn’t the only unpatched package on your system. Even RHEL 6 is coming up on EOL this November.

I have a vague recollection that ClamAV behavior changed in 0.100 to skip signatures that fail to load – rather than failing to load the entire database. It doesn’t help you, but from my perspective there isn’t much I can do to improve ClamAV to avoid this issue in the future.

I also don’t think that re-writing the regex signatures to be compatible with older libcpre versions is in the cards. It’s not my call, but I wouldn’t recommend investing the time either.

Please, just find a way to upgrade.

Regards,
Micah

From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of 99r c via clamav-users <clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Tuesday, February 18, 2020 at 2:44 PM
To: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
Cc: 99r c <r.l.c99@live.ca>
Subject: [clamav-users] new clamav definitions arent working with current install

I have ClamAV engine 0.99.2 installed and it no longer works with currently provided definitions
is there some way to reformat the currently downloaded definition so they will work in this older environment?

(I have tried to upgrade my PCRE version but to no avail I am running RHEL 5.5 which I cannot upgrade for reasons I wont go into)

[root@wclceste5 pcre]# clamscan -v
LibClamAV Error: cli_pcre_compile: PCRE compilation failed at offset 20: unrecognized character after (?<
LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database

----------- SCAN SUMMARY -----------
Known viruses: 6744096
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 110.135 sec (1 m 50 s)
[root@wclceste5 pcre]#

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal