View previous topic :: View next topic |
Author |
Message |
kao Tux's lil' helper
Joined: 25 Dec 2002 Posts: 86
|
Posted: Wed Nov 24, 2010 10:13 am Post subject: clamav && chpax (hardened profile) error |
|
|
Hello!
1. update to 0.96.4
----------
2. /etc/init.d/clamd restart
* Stopping clamd ... [ ok ]
* Stopping freshclam ... [ ok ]
* Starting clamd ...
LibClamAV Warning: Bytecode: disabling JIT because PaX is preventing 'mprotect' access.
Run 'paxctl -cm <executable>' [ ok ]
* Starting freshclam ...
---------
3. paxctl -cm clamd
4.
paxctl -v clamd
PaX control v0.5
Copyright 2004,2005,2006,2007 PaX Team <pageexec@freemail.hu>
- PaX flags: -----m-x-e-- [clamd]
MPROTECT is disabled
RANDEXEC is disabled
EMUTRAMP is disabled
--------
5. /etc/init.d/clamd start
* Starting clamd ...
/lib/rcscripts/sh/rc-daemon.sh: line 231: 7172 Segmentation fault /sbin/start-stop-daemon '--start' '--quiet' '--nicelevel' '3' '--exec' '/usr/sbin/clamd'
* Failed to start clamd [ !! ]
* Starting freshclam ...
-----
Why?
Bug?
Thanks! |
|
Back to top |
|
|
mimosinnet l33t
Joined: 10 Aug 2006 Posts: 713 Location: Barcelona, Spain
|
Posted: Sat Feb 02, 2013 7:21 am Post subject: |
|
|
I have come to the same issue after upgrading my box. Have you been able to solve it?
Cheers! _________________ Please add [solved] to the initial post's subject line if you feel your problem is resolved.
Take care of the community answering unanswered posts. |
|
Back to top |
|
|
Suicidal l33t
Joined: 30 Jul 2003 Posts: 959 Location: /dev/null
|
Posted: Fri Mar 21, 2014 6:03 pm Post subject: |
|
|
mimosinnet wrote: | I have come to the same issue after upgrading my box. Have you been able to solve it?
Cheers! |
Upgrading to the latest ~arch and running:
Code: | #!/bin/bash
for bin in $(qlist clamav | grep bin); do
paxctl-ng -pemrs ${bin}
done
|
fixed it on my end. Weird thing is there are no pax warnings in dmesg. I think this is coming from clamav trying to read pax flags from the binaries. |
|
Back to top |
|
|
zorry Developer
Joined: 30 Mar 2008 Posts: 380 Location: Umeå The north part of scandinavia
|
Posted: Fri Mar 21, 2014 7:50 pm Post subject: |
|
|
The warning you see is that it do a test if it can use Bytecode.
Bytecode use JIT and that will be killed by mprotect.
Clamav will work fine without Bytecode
I would not run anny anitvirus program with mprotector off _________________ gcc version 6.1.0 (Gentoo Hardened 6.1.0 p1.1) |
|
Back to top |
|
|
|