On 2010-03-11 15:44, Renato Botelho wrote: > > IIRC, you can use --enable-llvm=no at ./configure to disable. >
That just disables the JIT, not the interpreter. On 2010-03-11 16:26, Tomasz Kojm wrote: > On Thu, 11 Mar 2010 13:29:16 +0000 (GMT) > "G.W. Haywood" <clamav-de...@jubileegroup.co.uk> wrote: > >> Hi there, >> >> On Thu, 11 Mar 2010 David F. Skoll wrote: >> >>> I noticed the announcement of the bytecode interpreter in the 0.96-rc1 >>> announcement. >>> ... >>> Why do we need the bytecode interpreter? Can we disable it if we decide >>> the cons outweigh the pros? >> I was about to write something along these lines when Mr. Skoll's post >> arrived. The very idea of a bytecode interpreter in ClamAV gives me >> the creeps. It sounds like a whole bunch of vulnerabilities waiting >> to happen. > > Due to security reasons all bytecodes need to be digitally signed, > so no 3rd parties will be able to inject any code into your installations. > When it comes to vulnerabilities, they will not be that critical as > vulnerabilities in the regular code since all bytecodes can be remotely > fixed/removed. Yes, and let me explain some of the other security features: - bytecode can only call functions it defines itself, and a limited ClamAV API (see libclamav/bytecode_api.h), no syscalls - no direct access to the filesystem, it can only read the currently scanned file (via the API), and write to a temporary file via the API (when unpacking) - no arbitrary memory access, bounds of all accesses must be known, bounds checks inserted by the compiler, or libclamav itself (see BytecodeSecurity in clamd.conf) - although the above should be enough, there is also stack smashing protection in the JITed code (which simply aborts the bytecode, not clamd) > >> I'd like to add my voice to those who want an easy way to >> disable it - I can see nothing in the clamd.conf man page for 0.96-rc1 >> which offers any solace. > > As Edwin already described, you just set the "Bytecode" option to "no" > in freshclam.conf. > >> In the same man page there are a couple of small formatting errors in >> the bold attributes for LocalSocketGroup and LocalSocketMode. > > Thanks, this will be fixed in the next release > > Regards, > _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net