X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=OClG66cuTyPJIJBH GF6hsTeIJTncW6EOTqdLEdVqZzQ5O97OAmcEzGuzIq3FOTVq7piuu1ovek2rhj9u muX5FJh+VuoBMZHfWyI6V4MO6wOGB5KbQsmPqzWIk7sl/y6GQS66le390SMSuBqV PLP1WbMEQsGAT1xEQnkyMohHNZA= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; s=default; bh=PAMpFYII8UTWoEIMOm7kPK /OwKs=; b=NJ7zQjuGK39qMDtaUZBfTjAAAYNKzZgFmLdsRa/wblqrBmEAI63841 9UIdz3gzPYMbdtQq3hc3/EHilQvUVsNBLI1FH7E9EEO4pwUmOwHcjkQyAPD0uefQ T6aGM3KCXndr+uPmpcCvDnpc0cwlNdPVSp/fQW04cMYzu3f9e0ObI= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.8 required=5.0 tests=BAYES_00,EXECUTABLE_URI,KAM_EXEURI,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=signing, Hx-languages-length:1846, viruses, young X-HELO: mx1.redhat.com Subject: Re: [ANNOUNCEMENT] clamav 0.99.1-1 To: cygwin@cygwin.com References: <6da62132-1e66-41c9-043d-c552f4faf1c3@redhat.com> <4f86f77b-e2cb-b654-760b-499623dd61a1@cygwin.com> <360d98a0-8e44-e816-ea44-d87a2e2655a4@redhat.com> <91F687B2-C7E2-444D-91C3-2FAD580955A2@etr-usa.com> From: Mike Bonnet Message-ID: Date: Fri, 13 May 2016 11:51:05 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.0 MIME-Version: 1.0 In-Reply-To: <91F687B2-C7E2-444D-91C3-2FAD580955A2@etr-usa.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-IsSubscribed: yes On 5/11/16 9:14 AM, Warren Young wrote: > On May 11, 2016, at 10:10 AM, Mike Bonnet wrote: >> >> On 5/11/16 8:18 AM, Yaakov Selkowitz wrote: >>> On 2016-05-11 09:35, Mike Bonnet wrote: >>> >>>> Any chance we could get a new 64-bit build? >>> >>> We'd need to find the real cause of this before it would be of any help. >>> I'd start with updating to 0.99.2, however we borrow Fedora's -norar >>> sources but they haven't bumped yet (#1333949). >> >> I'll retry with 0.99.2 when it's available. > > Or you could rebuild 0.99.1 from the sources and see if that fixes the symptom. If it does, you have a reason to reject Yaakov’s answer. If not, Yaakov was right to disbelieve your hypothesis. The build issue was a red herring, sorry about that. It turns out a specific file, xdate.exe, is causing clamscan to segfault. This is an old file, from 2012, used for date formatting, but it has just started causing problems. I've reproduced the segfault in 0.99.1-1 and 0.98.7-2 running on Cygwin64 on Windows Server 2012, but didn't go any further back than that. I've verified that there are no viruses in the file (according to virustotal.com): https://virustotal.com/en/file/937800ed6b0408b9dba4e4dc507cd0b1962d3adb6285947db520009d19cbe24e/analysis/1463097443/ The file is here (it's listed as "free for any use"): http://people.redhat.com/mikeb/clamscan-segfault/xdate.exe The output from running "clamscan --debug xdate.exe" is here: http://people.redhat.com/mikeb/clamscan-segfault/clamscan-debug-xdate.log and the stackdump is here: http://people.redhat.com/mikeb/clamscan-segfault/clamscan.exe.stackdump Sounds like this should be reported to Clamav upstream. Is anyone involved with Clamav already, that could report this to the right people, or do I need to start signing up for mailing lists? :) -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple