Re: [clamav-users] Bytecode run timed out in interpreter after 5000 opcodes

Tue, 20 Feb 2024 11:00:58 -0800 

Hi Ralf,

There are 3 bytecode rules for detecting CVE's that seem to take a rather long 
time to run, particularly as the file grows in size.  I'm discussing with our 
threat research team if we can remove them as CVE's are old enough that no one 
should reasonably still be affected by the vulnerabilities.

I am curious though - what are your MaxFileSize / MaxScanSize settings? I 
wonder if you're seeing timeouts with the default settings or if you increased 
them.

Regards,
Micah


Micah Snyder (they/them)
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Ralf 
Hildebrandt via clamav-users <clamav-users@lists.clamav.net>
Sent: Tuesday, February 20, 2024 9:36 AM
To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
Cc: Ralf Hildebrandt <ralf.hildebra...@charite.de>
Subject: [clamav-users] Bytecode run timed out in interpreter after 5000 opcodes

In yesterdays logs I found this:

Feb 19 12:18:35 mail-cbf-int clamd[4147902]: LibClamAV Warning: Bytecode run 
timed out in interpreter after 5000 opcodes
Feb 19 12:18:35 mail-cbf-int clamd[4147902]: LibClamAV Warning: Bytecode 
'BC.Img.Exploit.CVE-2017-16386-6404655-1.{}' (id: 77) failed to run: Exceeded 
time limit

is this a bad Bytecode rule?

--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin

Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Reply via email to