Building and Testing ClamAV with Fuzzing Sanitizers
Build & Reproduce Fuzz Reports using OSS-Fuzz Tools
Check out the google/oss-fuzz repository and the clamav
repo side by side. .
Then inside the oss-fuzz
directory, run:
python3 infra/helper.py build_image clamav
python3 infra/helper.py build_fuzzers --sanitizer address clamav ../clamav
python3 infra/helper.py reproduce clamav clamav_scanmap_fuzzer /path/to/poc_file
Tip: You can substitute
address
argument in the second command that selects the Address Sanitizer (ASan) withmemory
orundefined
to use the Memory Sanitizer (MSan) or the Undefined Behavior Sanitizer (UBSan).
See https://google.github.io/oss-fuzz/advanced-topics/reproducing/ for more details.
Build & Test Fuzz Targets Sanitizers in CMake (v0.104 and newer)
Inside your clamav
git clone, run:
mkdir build-fuzz && cd build-fuzz
export CC=`which clang` && \
export CXX=`which clang++` && \
export SANITIZER=address && \
cmake .. -G Ninja \
-D OPTIMIZE=OFF \
-D CMAKE_BUILD_TYPE="Debug" \
-D ENABLE_FUZZ=ON \
&& \
ninja
This will build the fuzz target executables in the build-fuzz/fuzz/
directory. You can run them just like a regular program, passing the file as input.
E.g.:
./fuzz/clamav_scanfile_fuzzer /path/to/poc_file
ClamAV with Address Sanitizer (ASAN) in Autotools (v0.103 and older)
Building ClamAV with ASAN support can be extremely useful in detecting memory corruption and memory leaks. To build with ASAN, use a ..\configure
line like the following:
CFLAGS="-ggdb -O0 -fsanitize=address -fno-omit-frame-pointer" LDFLAGS="-fsanitize=address" CXXFLAGS="-ggdb -O0 -fsanitize=address -fno-omit-frame-pointer" OBJCFLAGS="-ggdb -O0 -fsanitize=address -fno-omit-frame-pointer" ../configure --prefix=`pwd`/../installed --enable-debug --enable-libjson --with-systemdsystemunitdir=no --enable-experimental --enable-clamdtop --enable-libjson --enable-xml --enable-pcre --disable-llvm