LibClamAV gives warning regarding bytecode signature when uploading large pdf file over TCP/IP socket and scanning timeout occurs

[telepvin7]

ClamAV (docker image) version: 1.4.1

Scanning a large pdf file fails for the first time after bytecode signature database is updated. Warnings regarding a byte code are printed to logs and scanning timeout occurs. Sending the same file again for scanning produces successful result and does not print the logs given below. In our use case the file is uploaded to ClamAV using TCP/IP socket.

Logs produced on first upload:

LibClamAV Warning: Bytecode run timed out in interpreter after 30000 opcodes
LibClamAV Warning: Bytecode 'BC.Pdf.Exploit.CVE_2017_2818-6399052-0.{}' (id: 14) failed to run: Exceeded time limit

We tried increasing byte code timeout from 10 seconds to 60 seconds, but this did not help. The number of opcodes was just increased, but timeout occurs nevertheless.

The pdf file that causes this issue is too large to be attached. Not every pdf file causes the problem to happen. The pdf needs to be sufficiently large (~ 100 Mb or above), but even some larger files do not cause the problem. Details of the pdf file below:

Name: testitiedosto2.pdf
Size: 95,0 Mb

The file is large, generated pdf file for testing handling of files that large.