Re: [Clamav-devel] Second ClamAV 1.0.0 release candidate AND updated packages for 0.105.1

[Micah Snyder (micasnyd)]

Hi Mark, Ged:

Ged: That was rather rude.  Do please try to rein in the snark a bit.

Mark: Sorry, there is no way to pick and choose beyond disabling clamonacc and 
clamav-milter.  I think you'll have to go the delete-bits route.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


From: clamav-devel  on behalf of Mark 
Allan 
Sent: Monday, November 28, 2022 7:48 AM
To: ClamAV Development 
Subject: Re: [Clamav-devel] Second ClamAV 1.0.0 release candidate AND updated 
packages for 0.105.1



> On 26 Nov 2022, at 12:58 pm, G.W. Haywood  
> wrote:
>
> On Sat, 26 Nov 2022, Mark Allan via clamav-devel-requ...@lists.clamav.net 
> wrote:
>
>> I thought there was an issue with v1.0 rc2, as a comparison with a
>> previous installation (0.104.1) on the same machine showed massively
>> increased scan times. After about an hour of digging and laboriously
>> comparing output from clamscan --debug, as well as the man pages and
>> clamd.conf, I finally realised the max file size has increased.
>> Comments in the clamd.conf file says the default MaxFileSize is now
>> 100MB (up from 25MB in 0.104.1), and it looks like there's been a
>> corresponding increase in clamscan as well. Adding
>> `--max-filesize=25M` on the command line brings scan times back to
>> previous values.
>> There's no mention of the change to the maximum file size in the man
>> pages for either clamd clamd.conf or clamscan.
>
> This sort of thing should probably go to the user's list, not dev.

My email was also sent to the users' list, however, it's not the users who 
produce the code or the source tarball; it's the developers, hence sending my 
email here.

> The changes were announced in March 2022, both on the announcements
> list and in the ClamAV blog, for the release candidate for v0.105.0:
>
> If you're serious about ClamaV you might want to subscribe to the
> announcements list:

I *am* serious about ClamAV, and I do subscribe to all the ClamAV mailing 
lists, but I'm also human and we humans are known on occasion to have fallible 
memories. Neither of those two statements alters the fact that the man pages 
are wrong. I was simply passing on some information to the people who produce 
the software and who might be interested in doing something about it.

If *you're* serious about ClamAV, you might want to reign in the unhelpful 
comments.

I'm aware you have occasionally made helpful contributions to the list, but 
you've also made your fair share of sarcastic, unnecessary and unhelpful 
comments. If you've nothing nice to say, please don't say anything.

Mark

___

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: 
https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: 
https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-devel] Second ClamAV 1.0.0 release candidate AND updated packages for 0.105.1

[Mark Allan]

> On 26 Nov 2022, at 12:58 pm, G.W. Haywood  
> wrote:
> 
> On Sat, 26 Nov 2022, Mark Allan via clamav-devel-requ...@lists.clamav.net 
> wrote:
> 
>> I thought there was an issue with v1.0 rc2, as a comparison with a
>> previous installation (0.104.1) on the same machine showed massively
>> increased scan times. After about an hour of digging and laboriously
>> comparing output from clamscan --debug, as well as the man pages and
>> clamd.conf, I finally realised the max file size has increased.
>> Comments in the clamd.conf file says the default MaxFileSize is now
>> 100MB (up from 25MB in 0.104.1), and it looks like there's been a
>> corresponding increase in clamscan as well. Adding
>> `--max-filesize=25M` on the command line brings scan times back to
>> previous values.
>> There's no mention of the change to the maximum file size in the man
>> pages for either clamd clamd.conf or clamscan.
> 
> This sort of thing should probably go to the user's list, not dev.

My email was also sent to the users' list, however, it's not the users who 
produce the code or the source tarball; it's the developers, hence sending my 
email here.

> The changes were announced in March 2022, both on the announcements
> list and in the ClamAV blog, for the release candidate for v0.105.0:
> 
> If you're serious about ClamaV you might want to subscribe to the
> announcements list:

I *am* serious about ClamAV, and I do subscribe to all the ClamAV mailing 
lists, but I'm also human and we humans are known on occasion to have fallible 
memories. Neither of those two statements alters the fact that the man pages 
are wrong. I was simply passing on some information to the people who produce 
the software and who might be interested in doing something about it.

If *you're* serious about ClamAV, you might want to reign in the unhelpful 
comments.

I'm aware you have occasionally made helpful contributions to the list, but 
you've also made your fair share of sarcastic, unnecessary and unhelpful 
comments. If you've nothing nice to say, please don't say anything.

Mark

___

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: 
https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-devel] Second ClamAV 1.0.0 release candidate AND updated packages for 0.105.1

[G.W. Haywood]

Hi there,

On Sat, 26 Nov 2022, Mark Allan via clamav-devel-requ...@lists.clamav.net wrote:


I thought there was an issue with v1.0 rc2, as a comparison with a
previous installation (0.104.1) on the same machine showed massively
increased scan times. After about an hour of digging and laboriously
comparing output from clamscan --debug, as well as the man pages and
clamd.conf, I finally realised the max file size has increased.

Comments in the clamd.conf file says the default MaxFileSize is now
100MB (up from 25MB in 0.104.1), and it looks like there's been a
corresponding increase in clamscan as well. Adding
`--max-filesize=25M` on the command line brings scan times back to
previous values.

There's no mention of the change to the maximum file size in the man
pages for either clamd clamd.conf or clamscan.


This sort of thing should probably go to the user's list, not dev.

The changes were announced in March 2022, both on the announcements
list and in the ClamAV blog, for the release candidate for v0.105.0:

https://blog.clamav.net/2022/03/clamav-01050-release-candidate-now.html

https://lists.clamav.net/pipermail/clamav-announce/2022/62.html

If you're serious about ClamaV you might want to subscribe to the
announcements list:

https://docs.clamav.net/Introduction.html#mailing-lists-and-chat

--

73,
Ged.
___

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: 
https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-devel] Second ClamAV 1.0.0 release candidate AND updated packages for 0.105.1

[Mark Allan]

I thought there was an issue with v1.0 rc2, as a comparison with a previous 
installation (0.104.1) on the same machine showed massively increased scan 
times. After about an hour of digging and laboriously comparing output from 
clamscan --debug, as well as the man pages and clamd.conf, I finally realised 
the max file size has increased.

Comments in the clamd.conf file says the default MaxFileSize is now 100MB (up 
from 25MB in 0.104.1), and it looks like there's been a corresponding increase 
in clamscan as well. Adding `--max-filesize=25M` on the command line brings 
scan times back to previous values.

There's no mention of the change to the maximum file size in the man pages for 
either clamd clamd.conf or clamscan.

Mark
___

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: 
https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-devel] Second ClamAV 1.0.0 release candidate AND updated packages for 0.105.1

[Mark Allan]

> On 19 Nov 2022, at 1:29 pm, G.W. Haywood  
> wrote:
> 
> On Sat, 19 Nov 2022, Mark Allan wrote:
> 
>> I'm trying to build the ClamAV 1.0.0 RC and saw this in the documentation
>> "Some of the dependencies are optional if you elect to not build all
>> of the command line applications, or elect to only build the
>> libclamav library. Specifically:
>> libcurl: required for libfreshclam, freshclam, clamsubmit, clamonacc
>> ncurses: required for clamdtop"
>> I don't need any of those binaries but I can't see how to specify
>> that in the CMake configuration call. I've had a look at the
>> INSTALL.md file within the source directory but the only feature I
>> seem to be able to disable is "clamonacc". The ENABLE_APP option
>> seems to turn on/off all of the programs rather than letting me pick
>> and choose.
>> All I really need is clamd, clamdscan, clamscan and sigtool. Is
>> there a way to achieve that without building everything and deleting
>> the bits I don't want?
> 
> DISCLAIMER: The CMake system is completely new to me so I don't know
> what the "correct" way to do things like this might be, but if you
> look at around line 1051 in CMakeLists.txt you'll see this:
> 
> 8<--
> 
> 8<--
> 
> My guess from that (because of the part about ENABLE_MILTER) is that
> if you simply edit this file to prevent creation of the subdirectories
> for the relevant binaries you'll at least prevent them from being
> built.  Whether the result will be what you want remains to be seen...
> 
> Ged.

Hi Ged,

Many thanks for this, it's extremely helpful and does *appear* to do the right 
thing. I'll obviously need to do a lot more testing, but you've set me on the 
right path!

Thanks again
Mark
___

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: 
https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-devel] Second ClamAV 1.0.0 release candidate AND updated packages for 0.105.1

[G.W. Haywood]

Hi there,

On Sat, 19 Nov 2022, Mark Allan wrote:


I'm trying to build the ClamAV 1.0.0 RC and saw this in the documentation



"Some of the dependencies are optional if you elect to not build all
of the command line applications, or elect to only build the
libclamav library. Specifically:
libcurl: required for libfreshclam, freshclam, clamsubmit, clamonacc
ncurses: required for clamdtop"

I don't need any of those binaries but I can't see how to specify
that in the CMake configuration call. I've had a look at the
INSTALL.md file within the source directory but the only feature I
seem to be able to disable is "clamonacc". The ENABLE_APP option
seems to turn on/off all of the programs rather than letting me pick
and choose.

All I really need is clamd, clamdscan, clamscan and sigtool. Is
there a way to achieve that without building everything and deleting
the bits I don't want?


DISCLAIMER: The CMake system is completely new to me so I don't know
what the "correct" way to do things like this might be, but if you
look at around line 1051 in CMakeLists.txt you'll see this:

8<--
if(NOT ENABLE_LIBCLAMAV_ONLY)
add_subdirectory( common )

add_subdirectory( libfreshclam )

if(ENABLE_APP)
# Build targets for primary applications.
add_subdirectory( clamconf )

add_subdirectory( clamd )

add_subdirectory( clamdscan )

if(C_LINUX AND ENABLE_CLAMONACC)
add_subdirectory( clamonacc )
endif()

if(ENABLE_MILTER)
add_subdirectory( clamav-milter )
endif()

add_subdirectory( clamscan )

add_subdirectory( sigtool )

add_subdirectory( clambc )

add_subdirectory( clamsubmit )

add_subdirectory( freshclam )

add_subdirectory( clamdtop )

if(WIN32)
add_subdirectory( win32/conf_examples )
else()
add_subdirectory( etc )
endif()
endif()
endif()
8<--

My guess from that (because of the part about ENABLE_MILTER) is that
if you simply edit this file to prevent creation of the subdirectories
for the relevant binaries you'll at least prevent them from being
built.  Whether the result will be what you want remains to be seen...

--

73,
Ged.
___

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: 
https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-devel] Second ClamAV 1.0.0 release candidate AND updated packages for 0.105.1

[Mark Allan]

Hi all,

I'm trying to build the ClamAV 1.0.0 RC and saw this in the documentation "Some 
of the dependencies are optional if you elect to not build all of the command 
line applications, or elect to only build the libclamav library. Specifically:
libcurl: required for libfreshclam, freshclam, clamsubmit, clamonacc
ncurses: required for clamdtop"

I don't need any of those binaries but I can't see how to specify that in the 
CMake configuration call. I've had a look at the INSTALL.md file within the 
source directory but the only feature I seem to be able to disable is 
"clamonacc". The ENABLE_APP option seems to turn on/off all of the programs 
rather than letting me pick and choose.

All I really need is clamd, clamdscan, clamscan and sigtool. Is there a way to 
achieve that without building everything and deleting the bits I don't want?

Thanks
Mark

___

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: 
https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[Clamav-devel] Second ClamAV 1.0.0 release candidate AND updated packages for 0.105.1

[Micah Snyder (micasnyd)]

​Read this online at 
https://blog.clamav.net/2022/11/second-clamav-100-release-candidate-and.html


Today we are publishing a second release candidate for ClamAV 1.0.0. If you 
haven't gotten a chance to test the 1.0.0 release candidate yet, please have a 
look before we publish the stable release. You can find the ClamAV 1.0.0-rc2 
release candidate files on the ClamAV.net Downloads 
page.

We expect to publish the stable 1.0.0 release in two weeks.

Today we are also publishing updated packages for ClamAV 0.105.1.

Why we updated the 0.105.1 packages, again

On October 31st, we repackaged all currently supported ClamAV versions to patch 
the bundled libxml2 and zlib library dependencies. For 0.105.1, this was 
intended to also include bug fixes for the jpeg and tiff Rust-based libraries 
that are bundled with the source code tarball. Unfortunately, those fixes were 
not all release-ready in time for the 0.105.1-2 packages. We have fixed the 
issue and are now publishing a third revision for ClamAV 0.105.1 packages.

Where to find the updated packages

The new packages have a "-3" suffix to indicate the package revision. For 
example, clamav-0.105.1-3.macos.universal.pkg is the updated package replacing 
clamav-0.105.1-2.macos.universal.pkg.

As always, you can get the updated packages from the ClamAV.net Downloads 
page. The original packages have been hidden 
on the web page and replaced by the updated packages. If you need the 
originals, the URLs to download them still work.

1.0.0-rc2 release notes

ClamAV 1.0.0-rc2 includes the following improvements and changes.

Major changes:

  *   Support for decrypting read-only OLE2-based XLS files that are encrypted 
with the default password. Use of the default password will now appear in the 
metadata JSON.

 *   GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/700

  *   Overhauled the implementation of the all-match feature. The newer code is 
more reliable and easier to maintain.

 *   This project fixed several known issues with signature detection in 
all- match mode:

*   Enabled embedded file-type recognition signatures to match when a 
malware signature also matched in a scan of the same layer.

*   Enabled bytecode signatures to run in all-match mode after a match 
has occurred.

*   Fixed an assortment of all-match edge case issues.

 *   Added multiple test cases to verify correct all-match behavior.

 *   GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/687

  *   Added a new callback to the public API for inspecting file content during 
a scan at each layer of archive extraction.

 *   The new callback function type is clcb_file_inspection defined in 
clamav.h.

 *   The function cl_engine_set_clcb_file_inspection() may be used to 
enable the callback prior to performing a scan.

 *   This new callback is to be considered unstable for the 1.0 release. We 
may alter this function in a subsequent feature version.

 *   GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/170

  *   Added a new function to the public API for unpacking CVD signature 
archives.

 *   The new function is cl_cvdunpack(). The last parameter for the 
function may be set to verify if a CVD's signature is valid before unpacking 
the CVD content to the destination directory.

 *   GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/690

  *   The option to build with an external TomsFastMath library has been 
removed. ClamAV requires non-default build options for TomsFastMath to support 
bigger floating point numbers. Without this change, database and Windows 
EXE/DLL authenticode certificate validation may fail. The 
ENABLE_EXTERNAL_TOMSFASTMATH build is now ignored.

 *   GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/742

Other improvements:

  *   Add checks to limit PDF object extraction recursion.

 *   GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/629

  *   Increased the limit for memory allocations based on untrusted input and 
altered the warning message when the limit is exceeded so that it is more 
helpful and less dramatic.

 *   GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/723

  *   Dramatically improved the build time of libclamav-Rust unit tests. The 
unit test build is included in the time limit for the test itself and was 
timing out on slower systems. The ClamAV Rust code modules now share the same 
build directory, which also reduces the amount of disk space used for the build.

 *   GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/694

  *   For Windows: The debugging symbol (PDB) files are now installed alongside 
the DLL and LIB library files when built in "RelWithDebInfo" or "Debug" mode.

 *   GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/669
  *   Relaxed th