Mark, It probably won’t make much difference, though there is a possible slow scan time issue in pcre2 10.32 for case-insensitive patterns.
If you have a sample and signature that cause the issue, I’d love a copy so I can investigate further. -Micah From: Mark Allan <markjal...@gmail.com> Date: Tuesday, May 5, 2020 at 5:20 AM To: ClamAV users ML <clamav-users@lists.clamav.net>, Micah Snyder (micasnyd) <micas...@cisco.com> Subject: Re: [clamav-users] Clamd crashes frequently - macOS Catalina Hi Micah, Al is correct, we're using 10.32. I see 10.34 is now available, so I'll compile against that when I get a chance and see if it makes any difference. Mark On 5 May 2020, at 6:25 am, Al Varnell via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: Micah, Looks to be 10.32, but Mark should be along shortly to confirm. -Al- On May 4, 2020, at 13:23, Micah Snyder (micasnyd) via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: Hi Mark, Which pcre2 version are you using? Regards, Micah From: clamav-users <clamav-users-boun...@lists.clamav.net<mailto:clamav-users-boun...@lists.clamav.net>> Date: Saturday, May 2, 2020 at 5:50 PM To: ClamAV users ML <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> Cc: Mark Allan <markjal...@gmail.com<mailto:markjal...@gmail.com>> Subject: Re: [clamav-users] Clamd crashes frequently - macOS Catalina Hi James, Glad that seems to have helped. Al and others are correct that the distro should be updated to use pcre2, but I'm not convinced that's the root of the problem. We're seeing the issue with that signature despite already using pcre2 in our build. Mark On 2 May 2020, at 3:45 am, Al Varnell via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: Although I complete support what Mark has recommended, I would caution that there could easily be a future signature that will cause this same issue if the root cause of not upgrading to pcre2 is not accomplished, and figuring out what signature that is won’t be easy. Sent from my iPad -Al- On May 1, 2020, at 18:38, James Brown via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: On 1 May 2020, at 8:31 pm, Mark Allan via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: Try excluding Email.Exploit.Efail-6641027-1 from the main ClamAV set. Thanks Mark. After over 12 hours clamd is still up and running. Looks like that sig was causing the problem. James. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
