Hey Ged, Per your comments about INSTALL.md: The fix was made in our "main" branch which goes towards all future feature releases. We always fix things in "main" first, then backport to the published releases as needed. This way we don't accidentally fix things in a patch release but forget to include the fix towards the next release and have the same bug happen all over again.
In this case, it would have been good to backport this documentation fix to the 0.104 release (our "rel/0.104" branch). So, as you observed, the 0.104 release branch is different from the main (default) branch: * 0.104 release branch: https://github.com/Cisco-Talos/clamav/blob/rel/0.104/INSTALL.md * main (towards 0.105): https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md If you're interested in learning more about our branching strategy, we have more information here: https://docs.clamav.net/manual/Development/clamav-git-work-flow.html Per your comments about the daily database update oddity: Our web team and ops team's have done their to clear Cloudflare's cache when we publish new databases. Despite this, Cloudflare frequently serves up an older version of daily.cvd. What you observed is FreshClam detecting that the version downloaded does not match the version advertised. FreshClam in 0.103.3 and newer is smart enough to update the rest of the way using the CDIFF patches. I hope that helps. -Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> Sent: Thursday, November 4, 2021 6:36 AM To: ClamAV users ML <clamav-users@lists.clamav.net> Cc: G.W. Haywood <cla...@jubileegroup.co.uk> Subject: Re: [clamav-users] Solaris users in a bind Hi there, On Wed, 3 Nov 2021, G.W. Haywood wrote: > On Wed, 3 Nov 2021, Gary R. Schmidt wrote: > >> ... what will we do about scanning email? >> >> It seems obvious that we should just bung a supported VM of some recent >> vintage somewhere, or sneak a Pi into a rack, and then do it remotely, are >> there simple recipes out there for how to do it? ... > > Up until the changeover from Autotools to Cmake it was straightforward > to build on the Pi. > > Building the release candidates of ClamAV 0.104 on the Pi did give me > some troubles but it seemed much easier for the most recent rc. When > I get a minute I'll run through the process on another one of our Pis > which hasn't done it before, and make some notes. With luck I'll be > able to use the new ClamAV release (due on Nov. 4th) for the exercise. > I've just run through the prerequisites as detailed in > > https://docs.clamav.net/manual/Installing/Installing-from-source-Unix.html#ubuntu--debian > > and > > https://docs.clamav.net/manual/Installing/Installing-from-source-Unix.html#adding-new-system-user-and-group > > which is basically just this script: > > 8<---------------------------------------------------------------------- > #!/bin/bash > sudo groupadd clamav > sudo useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav > sudo apt-get update && apt-get install -y \ > gcc make pkg-config python3 python3-pip python3-pytest valgrind \ > check libbz2-dev libcurl4-openssl-dev libjson-c-dev libmilter-dev \ > libncurses5-dev libpcre2-dev libssl-dev libxml2-dev zlib1g-dev > python3 -m pip install --user cmake > 8<---------------------------------------------------------------------- > > That should have set up the build environment ready for 'tar xzvf...'. > No issues so far. This was on an approximation to Raspian Bullseye, I > used 'script' to record the session in case later we find oddities... This morning I downloaded the 0.104.1 tarball and extracted it to ~/temp/ on the Pi3B+ which I use as my desktop thin client. The first thing that I noticed (because I was looking for it) was that the error in INSTALL.md allegedly fixed by Micah https://lists.clamav.net/pipermail/clamav-users/2021-October/011997.html wasn't fixed. The INSTALL.md on Github isn't the one in the tarball. HOW IN HELL CAN THAT HAPPEN? I'll keep banging on about Sourcefire's quality control until it seems to me that *somebody* there is taking it seriously. I attempted to build: $ cd ~/temp/ $ tar xzf clamav--- $ cd clamav---- $ mkdir build $ cd build $ cmake .. -D CMAKE_BUILD_TYPE="Release" $ cmake --build . --config Release The first few attempts failed because cmake/Python/modules but eventually it compiled with just a few (well, three hundred and sixty-one) warnings. IMHO compilations shoulld be SILENT unless something is wrong. Then I tried to install it with $ sudo cmake --build . --config Release --target install and gave up after the fourth attempt. Didn't seem to want to use the user-installed version of cmake even after explicitly setting the PATH and linking to the files in ~/.local/bin/ from /usr/local/bin/. So I installed cmake system-wide, then # cmake --build . --config Release --target install and finally: # freshclam Creating missing database directory: /usr/local/share/clamav Assigned ownership of database directory to user "clamav". ClamAV update process started at Thu Nov 4 10:59:02 2021 daily database available for download (remote version: 26343) ... Testing database: '/usr/local/share/clamav/tmp.d4d23352f9/clamav-1bce76... Database test passed. daily.cvd updated (version: 26342, sigs: 1941589, f-level: 90, builder: raynman) Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date. daily database available for update (local version: 26342, remote version: 26343) Current database is 1 version behind. Downloading database patch # 26343... ... Testing database: '/usr/local/share/clamav/tmp.d4d23352f9/clamav-a85a10... Database test passed. daily.cld updated (version: 26343, sigs: 1941807, f-level: 90, builder: raynman) main database available for download (remote version: 62) ... Testing database: '/usr/local/share/clamav/tmp.d4d23352f9/clamav-428c412... Database test passed. main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode database available for download (remote version: 333) ... Testing database: '/usr/local/share/clamav/tmp.d4d23352f9/clamav-6e1b2d1... Database test passed. bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2) 8<---------------------------------------------------------------------- It seems a little strange that freshclam found this: * daily database available for download (remote version: 26343) but then did this: * daily.cvd updated (version: 26342, sigs: 1941589, f-level: 90, builder: raynman) smartly followed by this: * daily database available for update (local version: 26342, remote version: 26343) and this: * Downloading database patch # 26343... and this: * daily.cld updated (version: 26343, sigs: 1941807, f-level: 90, builder: raynman) but otherwise things seem to have worked so I'll let others worry about that. The poor ol' Pi3B+ struggled a bit to test the database because it's driven into swap, but it did eventually finish OK. I didn't try to start clamd as there isn't nearly enough RAM on the Pi3B+ and I didn't want to crash it. So there you have it. Not exactly a breeze but a great deal less trouble than working with a completely different architecture. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
