This repository was archived by the owner on Aug 6, 2024. It is now read-only.
ClamAV malformed database for Raw64 dropper #35
Description
ClamAV seems to experience issues when reading the ruleset from APT_Dropper_Raw64_TEARDROP_1.yar on Ubuntu 18.04.5 LTS. All other Yara rulesets work without issues.
$ clamscan -ir -d APT_Dropper_Raw64_TEARDROP_1.yar /
LibClamAV Error: parse_yara_hex_string: Single byte subpatterns unsupported in ClamAV
LibClamAV Error: load_oneyara: error in parsing yara hex string
LibClamAV Warning: load_oneyara: clamav cannot support 1 input strings, skipping YARA.APT_Dropper_Raw64_TEARDROP_1
LibClamAV Warning: cli_loadyara: problem parsing yara file APT_Dropper_Raw64_TEARDROP_1.yar, yara rule APT_Dropper_Raw64_TEARDROP_1
LibClamAV Error: Can't load APT_Dropper_Raw64_TEARDROP_1.yar: Malformed database
ERROR: Malformed database
----------- SCAN SUMMARY -----------
Known viruses: 0
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.006 sec (0 m 0 s)
$ clamscan --version
ClamAV 0.102.4/26024/Mon Dec 21 13:48:10 2020