Friday, January 26, 2018

Update on the recent "File Descriptors" issue in ClamAV

A signature introduced in daily.cvd version 24256 triggered bug that exists in all current stable releases of ClamAV.

The symptoms on a Linux/Unix machine running clamd under heavy load results in the system running out of file descriptors, because the file descriptors for deleted temp files were not being closed.  On Windows systems, a different error occurred wherein the system reported “permission denied” errors when closing (unlinking) the temp files.

The bug was reported as early as April 2016 here: https://bugzilla.clamav.net/show_bug.cgi?id=11549. A patch for this bug was applied towards the upcoming 0.100.0 feature release of ClamAV, but unfortunately the fix didn’t make it into the recent 0.99.3 security patch release.

For the time-being, the offending signature was pulled as of daily.cvd version 24258, and changes to our backend processes have been implemented to prevent this from happening again.

We apologize for the inconvenience this has caused. Future releases of ClamAV will have a fix in place to prevent this issue from reocurring.