@@ -17,11 +17,16 @@ ClamAV 0.102.0 is in development.

   - The new home for the documentation markdown is in our

     [ClamAV FAQ Github repository](https://github.com/Cisco-Talos/clamav-faq)

+### Additional minor bug fixes

+

+- Fix to prevent a possible crash when loading LDB type signature databases

+  and PCRE is not available. Patch courtesy of Tomasz Kojm.

+

 ### Acknowledgements

 The ClamAV team thanks the following individuals for their code submissions:

--

+- Tomasz Kojm

 ## 0.101.1

@@ -119,18 +124,18 @@ we've cooked up over the past 6 months.

     |                                  | `AlertEncryptedArchive`      |

     |                                  | `AlertEncryptedDoc`          |

-    | Old `clamscan` option        | *New* `clamscan` option          |

-    | ---------------------------- | -------------------------------- |

-    | `--algorithmic-detection`    | `--heuristic-alerts`             |

-    | `--detect-broken`            | `--alert-broken`                 |

-    | `--phishing-cloak`           | `--alert-phishing-cloak`         |

-    | `--phishing-ssl`             | `--alert-phishing-ssl`           |

-    | `--partition-intersection`   | `--alert-partition-intersection` |

-    | `--block-max`                | `--alert-exceeds-max`            |

-    | `--block-macros`             | `--alert-macros`                 |

-    | `--block-encrypted`          | `--alert-encrypted`              |

-    |                              | `--alert-encrypted-archive`      |

-    |                              | `--alert-encrypted-doc`          |

+    | Old `clamscan` option      | *New* `clamscan` option          |

+    | -------------------------- | -------------------------------- |

+    | `--algorithmic-detection`  | `--heuristic-alerts`             |

+    | `--detect-broken`          | `--alert-broken`                 |

+    | `--phishing-cloak`         | `--alert-phishing-cloak`         |

+    | `--phishing-ssl`           | `--alert-phishing-ssl`           |

+    | `--partition-intersection` | `--alert-partition-intersection` |

+    | `--block-max`              | `--alert-exceeds-max`            |

+    | `--block-macros`           | `--alert-macros`                 |

+    | `--block-encrypted`        | `--alert-encrypted`              |

+    |                            | `--alert-encrypted-archive`      |

+    |                            | `--alert-encrypted-doc`          |

 ### Some more subtle improvements

@@ -1740,18 +1740,6 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig

     }

     subsigs++;

-#if !HAVE_PCRE

-    /* Regex Usage and Support Check */

-    for (i = 0; i < subsigs; ++i) {

-        char *slash = strchr(tokens[i + 3], '/');

-        if (slash && strchr(slash + 1, '/')) {

-            cli_warnmsg("cli_loadldb: logical signature for %s uses PCREs but support is disabled, skipping\n", virname);

-            (*sigs)--;

-            return CL_SUCCESS;

-        }

-    }

-#endif

-

     if (!line) {

         /* This is a logical signature from the bytecode, we need all

          * subsignatures, even if not referenced from the logical expression */

@@ -1766,6 +1754,18 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig

         return CL_EMALFDB;

     }

+#if !HAVE_PCRE

+    /* Regex Usage and Support Check */

+    for (i = 0; i < subsigs; ++i) {

+        char *slash = strchr(tokens[i + 3], '/');

+        if (slash && strchr(slash + 1, '/')) {

+            cli_warnmsg("cli_loadldb: logical signature for %s uses PCREs but support is disabled, skipping\n", virname);

+            (*sigs)--;

+            return CL_SUCCESS;

+        }

+    }

+#endif

+

     /* enforce MAX_LDB_SUBSIGS(currently 64) subsig cap */

     if (subsigs > MAX_LDB_SUBSIGS) {

         cli_errmsg("cli_loadldb: Broken logical expression or too many subsignatures\n");