Yara -clamav clamscan killed by SIGABRT

Bugs in eFa 4
Post Reply
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Yara -clamav clamscan killed by SIGABRT

Post by henk »

After the latest updates, Yara is enabled again. :clap:

I received 1 Daily mail: abrt clamav: clamscan killed by SIGABRT

Code: Select all

reason:         clamscan killed by SIGABRT
cmdline:        /usr/bin/clamscan --quiet -d /var/lib/clamav-unofficial-sigs/dbs-yara/antidebug_antivm.yar /var/lib/clamav-unofficial-sigs/configs/scan-test.txt
executable:     /usr/bin/clamscan
package:        clamav-0.103.0-1.el7
component:      clamav
After login:

ABRT has detected 1 problem(s). For more info run: abrt-cli list --since 1607890240
[root@efa ~]# abrt-cli list --since 1607890240

Code: Select all

id ba125ac796d8a81c1f36c56adr5j85d01506ed0487231
reason:         clamscan killed by SIGABRT
time:           Sun 13 Dec 2020 04:16:28 PM CET
cmdline:        /usr/bin/clamscan --quiet -d /var/lib/clamav-unofficial-sigs/dbs-yara/antidebug_antivm.yar /var/lib/clamav-unofficial-sigs/configs/scan-test.txt
package:        clamav-0.103.0-1.el7
uid:            0 (root)
count:          2
Directory:      /var/spool/abrt/ccpp-2020-12-13-16:16:28-26686

Solution DISABLE antidebug_antivm/antidebug_antivm.yar

Code: Select all

/etc/clamav-unofficial-sigs//master.conf

Code: Select all

# Anti debug and anti virtualization techniques used by malware
#antidebug_antivm/antidebug_antivm.yar|LOW
antidebug_antivm/antidebug_antivm.yar|DISABLED # (core dumped)
Info: https://codeclimate.com/github/extremes ... builds/358
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Post Reply