kaspersky icon indicating copy to clipboard operation
kaspersky copied to clipboard
verified publisher icon malice-plugins

Fatal crash: exit status 2

Open seihtam opened this issue 7 years ago • 5 comments

All plugins are up to date.

I tested multiple files (both binary and text files) and all resulted in the following message from the kaspersky plugin:

>> docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:/malice/samples --network="host" malice/engine scan --logs putty.exe

...

time="2018-11-29T09:43:44Z" level=fatal msg="exit status 2" category=av path=/malware/7afb56dd48565c3c9804f683c80ef47e5333f847f2d3211ec11ed13ad36061e1 plugin=kaspersky

...

Let me know if there is a way i can provide more information to help debug the problem.

Docker version:

Docker version:
Client:
 Version:           18.09.0
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        4d60db4
 Built:             Wed Nov  7 00:49:01 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.0
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.4
  Git commit:       4d60db4
  Built:            Wed Nov  7 00:16:44 2018
  OS/Arch:          linux/amd64
  Experimental:     false

Docker info (with some info removed):

Docker info:
Containers: 6
 Running: 1
 Paused: 0
 Stopped: 5
Images: 26
Server Version: 18.09.0
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-39-generic
Operating System: Linux Mint 19
OSType: linux
Architecture: x86_64
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: No swap limit support

seihtam avatar Nov 29 '18 11:11 seihtam

Can you please try scanning with JUST this plugin and not through malice?

blacktop avatar Dec 09 '18 15:12 blacktop

When I run it I see this:

docker run -v /Users/blacktop:/malware malice/kaspersky -t Downloads/putty.exe

Kaspersky

Infected Result Engine Updated
false 8.0.4.312 20181202

blacktop avatar Dec 09 '18 19:12 blacktop

Same result:

>> docker run -v `pwd`:/malware malice/kaspersky -t putty.exe
time="2018-12-13T09:29:54Z" level=fatal msg="exit status 2" category=av path=/malware/putty.exe plugin=kaspersky

seihtam avatar Dec 13 '18 09:12 seihtam

Hmmm I get that when I run with malice, but not when I run by itself. I'm looking in to it now.

blacktop avatar Feb 10 '19 03:02 blacktop

@blacktop what's the status of this issue? I have same problem, but also, I have error inside container

root@1853d18d5426:/opt/kaspersky/kav4fs/bin# ./kav4fs-control --scan-file /malware/EICAR 
Couldn't scan file /malware/EICAR
Description: Operation isn't allowed

I see that you fixed this issue from this comment https://github.com/maliceio/malice/issues/79#issuecomment-441470303, but can't understand where to change locale.

mescudi21 avatar Apr 03 '19 07:04 mescudi21