Re: [clamav-users] ClamAV®: ClamAV 0.98.3 has been released!
On Wed, May 7, 2014 8:52 pm, Joel Esler (jesler) wrote: > > ClamAV 0.98.3 has been released, and is available here: Win32/64 released here... with... drumroll... Zips *and* MSI versions.. thanks guys! :) http://sourceforge.net/projects/clamav/files/clamav/win32/0.98.3/ Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Compiling error: /usr/lib/libxml2.so: error adding symbols: File in wrong format
Hello Shawn,
I executed 'make clean distclean'.
I pasted the output of command #2 (CC="gcc ${BUILD64}" ./configure ...)
at http://de.pastebin.de/124756
Output of command #3 (make) is pasted at http://de.pastebin.de/124757
Regards
Alexander
Am 08.05.2014 08:40, schrieb Shawn Webb:
Can you run these commands, and paste the output of commands 2 and 3 to
your pastebin service (friendly remember to pipe stderr to stdout):
1. make clean distclean
2. CC="gcc ${BUILD64}" ./configure --prefix=/usr --sysconfdir=/etc/clamav
--with-zlib=/usr --with-dbdir=/usr/share/clamav --disable-silent-rules
3. make
Thanks,
Shawn
On Thu, May 8, 2014 at 2:33 AM, Alexander Tampermeier <
alexan...@tampermeier.at> wrote:
Hello Shawn,
thank you for your response.
This is output of 'file /usr/lib/libxml2.so':
/usr/lib/libxml2.so: symbolic link to `libxml2.so.2.9.1'
And 'file /usr/lib/libxml2.so.2.9.1' outputs:
/usr/lib/libxml2.so.2.9.1: ELF 32-bit LSB shared object, Intel 80386,
version 1 (SYSV), dynamically linked, not stripped
As my box is cross compiled x86/x64 there are also 64bit libraries, so
that 'file /usr/lib64/libxml2.so' gives:
/usr/lib64/libxml2.so: symbolic link to `libxml2.so.2.9.1'
And file 'file /usr/lib64/libxml2.so.2.9.1' outputs:
/usr/lib64/libxml2.so.2.9.1: ELF 64-bit LSB shared object, x86-64, version
1 (SYSV), dynamically linked, not stripped
This is my configure command (building 64bit):
CC="gcc ${BUILD64}" ./configure --prefix=/usr --sysconfdir=/etc/clamav
--with-zlib=/usr --with-dbdir=/usr/share/clamav
Where 'echo ${BUILD64}' outputs:
-m64
I pasted the content of my config.log at http://de.pastebin.de/124754
Regards
Alexander
Am 08.05.2014 07:52, schrieb Shawn Webb:
What's the output of this command: file /usr/lib/libxml2.so
Can you paste (preferably to a pastebin service) your config.log? What
options did you pass to ./configure?
On Thu, May 8, 2014 at 1:48 AM, Alexander Tampermeier <
alexan...@tampermeier.at> wrote:
I have been using ClamAV on my Linux box (Cross Compiled Linux from
Scratch; gcc 4.8.2) for years now and it always compiled well.
Now, compiling version 0.98.3 (and also in 0.98.2) I get the following
compiling error:
CC libclamav_la-fp_sqr_comba_8.lo
CC libclamav_la-fp_sqr_comba_9.lo
CC libclamav_la-fp_sqr_comba_generic.lo
CC libclamav_la-fp_sqr_comba_small_set.lo
CC libclamav_la-fp_sqrmod.lo
CC libclamav_internal_utils_la-str.lo
CC libclamav_internal_utils_la-crypto.lo
CC libclamav_internal_utils_la-iowrap.lo
CC libclamav_internal_utils_la-others_common.lo
CC libclamav_internal_utils_la-qsort.lo
CC libclamav_internal_utils_la-regcomp.lo
CC libclamav_internal_utils_la-regerror.lo
CC libclamav_internal_utils_la-regexec.lo
CC libclamav_internal_utils_la-regfree.lo
CCLD libclamav_internal_utils.la
CCLD libclamav.la
/usr/lib/libxml2.so: error adding symbols: File in wrong format
collect2: error: ld returned 1 exit status
Makefile:969: recipe for target 'libclamav.la' failed
make[4]: *** [libclamav.la] Error 1
make[4]: Leaving directory '/j/development/clamav-0.98.3/libclamav'
Makefile:3011: recipe for target 'all-recursive' failed
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory '/j/development/clamav-0.98.3/libclamav'
Makefile:893: recipe for target 'all' failed
make[2]: *** [all] Error 2
make[2]: Leaving directory '/j/development/clamav-0.98.3/libclamav'
Makefile:649: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/j/development/clamav-0.98.3'
Makefile:477: recipe for target 'all' failed
make: *** [all] Error 2
Does anybody know how to get around this? I already recompiled libxml2
(v2.9.1) but the error persists.
ClamAV v0.98.1 still compiles perfectly.
Regards
Alexander
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
Re: [clamav-users] Compiling error: /usr/lib/libxml2.so: error adding symbols: File in wrong format
Did you add the --disable-silent-rules to your ./configure run? It looks
like step 3 is still producing friendly output.
On Thu, May 8, 2014 at 3:21 AM, Alexander Tampermeier <
alexan...@tampermeier.at> wrote:
> Hello Shawn,
>
> I executed 'make clean distclean'.
>
> I pasted the output of command #2 (CC="gcc ${BUILD64}" ./configure ...) at
> http://de.pastebin.de/124756
>
> Output of command #3 (make) is pasted at http://de.pastebin.de/124757
>
> Regards
> Alexander
>
>
> Am 08.05.2014 08:40, schrieb Shawn Webb:
>
>> Can you run these commands, and paste the output of commands 2 and 3 to
>> your pastebin service (friendly remember to pipe stderr to stdout):
>>
>> 1. make clean distclean
>> 2. CC="gcc ${BUILD64}" ./configure --prefix=/usr --sysconfdir=/etc/clamav
>>
>> --with-zlib=/usr --with-dbdir=/usr/share/clamav --disable-silent-rules
>> 3. make
>>
>> Thanks,
>>
>> Shawn
>>
>>
>> On Thu, May 8, 2014 at 2:33 AM, Alexander Tampermeier <
>>
>> alexan...@tampermeier.at> wrote:
>>
>> Hello Shawn,
>>> thank you for your response.
>>>
>>> This is output of 'file /usr/lib/libxml2.so':
>>> /usr/lib/libxml2.so: symbolic link to `libxml2.so.2.9.1'
>>>
>>> And 'file /usr/lib/libxml2.so.2.9.1' outputs:
>>> /usr/lib/libxml2.so.2.9.1: ELF 32-bit LSB shared object, Intel 80386,
>>> version 1 (SYSV), dynamically linked, not stripped
>>>
>>> As my box is cross compiled x86/x64 there are also 64bit libraries, so
>>> that 'file /usr/lib64/libxml2.so' gives:
>>> /usr/lib64/libxml2.so: symbolic link to `libxml2.so.2.9.1'
>>>
>>> And file 'file /usr/lib64/libxml2.so.2.9.1' outputs:
>>> /usr/lib64/libxml2.so.2.9.1: ELF 64-bit LSB shared object, x86-64,
>>> version
>>> 1 (SYSV), dynamically linked, not stripped
>>>
>>> This is my configure command (building 64bit):
>>> CC="gcc ${BUILD64}" ./configure --prefix=/usr --sysconfdir=/etc/clamav
>>> --with-zlib=/usr --with-dbdir=/usr/share/clamav
>>>
>>> Where 'echo ${BUILD64}' outputs:
>>> -m64
>>>
>>> I pasted the content of my config.log at http://de.pastebin.de/124754
>>>
>>> Regards
>>> Alexander
>>>
>>>
>>>
>>>
>>> Am 08.05.2014 07:52, schrieb Shawn Webb:
>>>
>>> What's the output of this command: file /usr/lib/libxml2.so
Can you paste (preferably to a pastebin service) your config.log? What
options did you pass to ./configure?
On Thu, May 8, 2014 at 1:48 AM, Alexander Tampermeier <
alexan...@tampermeier.at> wrote:
I have been using ClamAV on my Linux box (Cross Compiled Linux from
> Scratch; gcc 4.8.2) for years now and it always compiled well.
>
> Now, compiling version 0.98.3 (and also in 0.98.2) I get the following
> compiling error:
>
> CC libclamav_la-fp_sqr_comba_8.lo
> CC libclamav_la-fp_sqr_comba_9.lo
> CC libclamav_la-fp_sqr_comba_generic.lo
> CC libclamav_la-fp_sqr_comba_small_set.lo
> CC libclamav_la-fp_sqrmod.lo
> CC libclamav_internal_utils_la-str.lo
> CC libclamav_internal_utils_la-crypto.lo
> CC libclamav_internal_utils_la-iowrap.lo
> CC libclamav_internal_utils_la-others_common.lo
> CC libclamav_internal_utils_la-qsort.lo
> CC libclamav_internal_utils_la-regcomp.lo
> CC libclamav_internal_utils_la-regerror.lo
> CC libclamav_internal_utils_la-regexec.lo
> CC libclamav_internal_utils_la-regfree.lo
> CCLD libclamav_internal_utils.la
> CCLD libclamav.la
> /usr/lib/libxml2.so: error adding symbols: File in wrong format
> collect2: error: ld returned 1 exit status
> Makefile:969: recipe for target 'libclamav.la' failed
> make[4]: *** [libclamav.la] Error 1
> make[4]: Leaving directory '/j/development/clamav-0.98.3/libclamav'
> Makefile:3011: recipe for target 'all-recursive' failed
> make[3]: *** [all-recursive] Error 1
> make[3]: Leaving directory '/j/development/clamav-0.98.3/libclamav'
> Makefile:893: recipe for target 'all' failed
> make[2]: *** [all] Error 2
> make[2]: Leaving directory '/j/development/clamav-0.98.3/libclamav'
> Makefile:649: recipe for target 'all-recursive' failed
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory '/j/development/clamav-0.98.3'
> Makefile:477: recipe for target 'all' failed
> make: *** [all] Error 2
>
> Does anybody know how to get around this? I already recompiled libxml2
> (v2.9.1) but the error persists.
> ClamAV v0.98.1 still compiles perfectly.
>
> Regards
> Alexander
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
> ___
>
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
>>
Re: [clamav-users] Crash on reload. Version 0.98.3. Mac OS X 10.7.5
Hey All, This bug only affects OSX machines and is due to an improper return. This commit fixes it: https://github.com/vrtadmin/clamav-devel/commit/9e47301bc96964b33fe578170296c780924b3b7b Additionally, this bug has been filed as bug 10986: https://bugzilla.clamav.net/show_bug.cgi?id=10986 Thanks, Shawn On Wed, May 7, 2014 at 10:05 PM, James Brown wrote: > > On 8 May 2014, at 12:02 pm, Dennis Peterson wrote: > > > On 5/7/14, 6:38 PM, James Brown wrote: > >> Have just upgraded to version 0.98.3 from 0.98.1. > >> > >> Clamd starts fine, but anytime I reload the database (e.g. running > freshclam) clamd will crash. > >> > >> > > Would you mind pasting in the output of clamconf too, please. I'd like > to see the build options compared to my own. > > > > dp > > $ clamconf > Checking configuration files in /usr/local/etc > > Config file: clamd.conf > --- > LogFile = "/var/log/clamd.log" > StatsHostID disabled > StatsEnabled disabled > StatsPEDisabled disabled > StatsTimeout disabled > LogFileUnlock disabled > LogFileMaxSize = "2097152" > LogTime = "yes" > LogClean disabled > LogSyslog disabled > LogFacility = "LOG_LOCAL6" > LogVerbose disabled > LogRotate = "yes" > ExtendedDetectionInfo = "yes" > PidFile = "/var/run/clamd/clamd.pid" > TemporaryDirectory disabled > DatabaseDirectory = "/usr/local/clamav" > OfficialDatabaseOnly disabled > LocalSocket = "/tmp/clamd" > LocalSocketGroup disabled > LocalSocketMode disabled > FixStaleSocket = "yes" > TCPSocket disabled > TCPAddr disabled > MaxConnectionQueueLength = "200" > StreamMaxLength = "26214400" > StreamMinPort = "1024" > StreamMaxPort = "2048" > MaxThreads = "10" > ReadTimeout = "120" > CommandReadTimeout = "5" > SendBufTimeout = "500" > MaxQueue = "100" > IdleTimeout = "30" > ExcludePath disabled > MaxDirectoryRecursion = "15" > FollowDirectorySymlinks disabled > FollowFileSymlinks disabled > CrossFilesystems = "yes" > SelfCheck = "600" > DisableCache disabled > VirusEvent disabled > ExitOnOOM disabled > AllowAllMatchScan = "yes" > Foreground disabled > Debug disabled > LeaveTemporaryFiles disabled > User disabled > AllowSupplementaryGroups disabled > Bytecode = "yes" > BytecodeSecurity = "TrustSigned" > BytecodeTimeout = "5000" > BytecodeUnsigned disabled > BytecodeMode = "Auto" > DetectPUA disabled > ExcludePUA disabled > IncludePUA disabled > AlgorithmicDetection = "yes" > ScanPE = "yes" > ScanELF = "yes" > DetectBrokenExecutables disabled > ScanMail = "yes" > ScanPartialMessages = "yes" > PhishingSignatures = "yes" > PhishingScanURLs = "yes" > PhishingAlwaysBlockCloak disabled > PhishingAlwaysBlockSSLMismatch disabled > PartitionIntersection disabled > HeuristicScanPrecedence disabled > StructuredDataDetection disabled > StructuredMinCreditCardCount = "3" > StructuredMinSSNCount = "3" > StructuredSSNFormatNormal = "yes" > StructuredSSNFormatStripped disabled > ScanHTML = "yes" > ScanOLE2 = "yes" > OLE2BlockMacros disabled > ScanPDF = "yes" > ScanSWF = "yes" > ScanArchive = "yes" > ArchiveBlockEncrypted disabled > ForceToDisk disabled > MaxScanSize = "104857600" > MaxFileSize = "26214400" > MaxRecursion = "16" > MaxFiles = "1" > MaxEmbeddedPE = "10485760" > MaxHTMLNormalize = "10485760" > MaxHTMLNoTags = "2097152" > MaxScriptNormalize = "5242880" > MaxZipTypeRcg = "1048576" > MaxPartitions = "50" > MaxIconsPE = "100" > ScanOnAccess disabled > OnAccessIncludePath disabled > OnAccessExcludePath disabled > OnAccessExcludeUID disabled > OnAccessMaxFileSize = "5242880" > DevACOnly disabled > DevACDepth disabled > DevPerformance disabled > DevLiblog disabled > DisableCertCheck disabled > > Config file: freshclam.conf > --- > StatsHostID disabled > StatsEnabled disabled > StatsTimeout disabled > LogFileMaxSize = "4294967295" > LogTime disabled > LogSyslog = "yes" > LogFacility = "LOG_LOCAL6" > LogVerbose disabled > LogRotate disabled > PidFile = "/var/run/freshclam.pid" > DatabaseDirectory = "/usr/local/clamav" > Foreground disabled > Debug disabled > AllowSupplementaryGroups disabled > UpdateLogFile = "/var/log/freshclam.log" > DatabaseOwner = "clamav" > Checks = "48" > DNSDatabaseInfo = "current.cvd.clamav.net" > DatabaseMirror = "db.AU.clamav.net", "database.clamav.net" > PrivateMirror disabled > MaxAttempts = "3" > ScriptedUpdates = "yes" > TestDatabases = "yes" > CompressLocalDatabase disabled > ExtraDatabase disabled > DatabaseCustomURL disabled > HTTPProxyServer disabled > HTTPProxyPort disabled > HTTPProxyUsername disabled > HTTPProxyPassword disabled > HTTPUserAgent disabled > NotifyClamd = "/usr/local/etc/clamd.conf" > OnUpdateExecute disabled > OnErrorExecute disabled > OnOutdatedExecute disabled > LocalIPAddress disabled > ConnectTimeout = "30" > ReceiveTimeout = "30" > SubmitDetectionStats = "/usr/local/etc/clamd.conf" > DetectionStatsCountry disabled > DetectionStatsHostID disabled > SafeBrowsing = "yes" > Bytecode = "yes" > > clamav-milter.conf not found > > Software settings > ---
Re: [clamav-users] Compiling error: /usr/lib/libxml2.so: error adding symbols: File in wrong format
Shawn,
I am very sorry. Obviously I mixed something up totally.
Here is the corrected output of the configure command (now including
option --disable-silent-rules): http://de.pastebin.de/124760
And here is the corrected output of the make command:
http://de.pastebin.de/124761
Regards
Alexander
Am 08.05.2014 09:29, schrieb Shawn Webb:
Did you add the --disable-silent-rules to your ./configure run? It looks
like step 3 is still producing friendly output.
On Thu, May 8, 2014 at 3:21 AM, Alexander Tampermeier <
alexan...@tampermeier.at> wrote:
Hello Shawn,
I executed 'make clean distclean'.
I pasted the output of command #2 (CC="gcc ${BUILD64}" ./configure ...) at
http://de.pastebin.de/124756
Output of command #3 (make) is pasted at http://de.pastebin.de/124757
Regards
Alexander
Am 08.05.2014 08:40, schrieb Shawn Webb:
Can you run these commands, and paste the output of commands 2 and 3 to
your pastebin service (friendly remember to pipe stderr to stdout):
1. make clean distclean
2. CC="gcc ${BUILD64}" ./configure --prefix=/usr --sysconfdir=/etc/clamav
--with-zlib=/usr --with-dbdir=/usr/share/clamav --disable-silent-rules
3. make
Thanks,
Shawn
On Thu, May 8, 2014 at 2:33 AM, Alexander Tampermeier <
alexan...@tampermeier.at> wrote:
Hello Shawn,
thank you for your response.
This is output of 'file /usr/lib/libxml2.so':
/usr/lib/libxml2.so: symbolic link to `libxml2.so.2.9.1'
And 'file /usr/lib/libxml2.so.2.9.1' outputs:
/usr/lib/libxml2.so.2.9.1: ELF 32-bit LSB shared object, Intel 80386,
version 1 (SYSV), dynamically linked, not stripped
As my box is cross compiled x86/x64 there are also 64bit libraries, so
that 'file /usr/lib64/libxml2.so' gives:
/usr/lib64/libxml2.so: symbolic link to `libxml2.so.2.9.1'
And file 'file /usr/lib64/libxml2.so.2.9.1' outputs:
/usr/lib64/libxml2.so.2.9.1: ELF 64-bit LSB shared object, x86-64,
version
1 (SYSV), dynamically linked, not stripped
This is my configure command (building 64bit):
CC="gcc ${BUILD64}" ./configure --prefix=/usr --sysconfdir=/etc/clamav
--with-zlib=/usr --with-dbdir=/usr/share/clamav
Where 'echo ${BUILD64}' outputs:
-m64
I pasted the content of my config.log at http://de.pastebin.de/124754
Regards
Alexander
Am 08.05.2014 07:52, schrieb Shawn Webb:
What's the output of this command: file /usr/lib/libxml2.so
Can you paste (preferably to a pastebin service) your config.log? What
options did you pass to ./configure?
On Thu, May 8, 2014 at 1:48 AM, Alexander Tampermeier <
alexan...@tampermeier.at> wrote:
I have been using ClamAV on my Linux box (Cross Compiled Linux from
Scratch; gcc 4.8.2) for years now and it always compiled well.
Now, compiling version 0.98.3 (and also in 0.98.2) I get the following
compiling error:
CC libclamav_la-fp_sqr_comba_8.lo
CC libclamav_la-fp_sqr_comba_9.lo
CC libclamav_la-fp_sqr_comba_generic.lo
CC libclamav_la-fp_sqr_comba_small_set.lo
CC libclamav_la-fp_sqrmod.lo
CC libclamav_internal_utils_la-str.lo
CC libclamav_internal_utils_la-crypto.lo
CC libclamav_internal_utils_la-iowrap.lo
CC libclamav_internal_utils_la-others_common.lo
CC libclamav_internal_utils_la-qsort.lo
CC libclamav_internal_utils_la-regcomp.lo
CC libclamav_internal_utils_la-regerror.lo
CC libclamav_internal_utils_la-regexec.lo
CC libclamav_internal_utils_la-regfree.lo
CCLD libclamav_internal_utils.la
CCLD libclamav.la
/usr/lib/libxml2.so: error adding symbols: File in wrong format
collect2: error: ld returned 1 exit status
Makefile:969: recipe for target 'libclamav.la' failed
make[4]: *** [libclamav.la] Error 1
make[4]: Leaving directory '/j/development/clamav-0.98.3/libclamav'
Makefile:3011: recipe for target 'all-recursive' failed
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory '/j/development/clamav-0.98.3/libclamav'
Makefile:893: recipe for target 'all' failed
make[2]: *** [all] Error 2
make[2]: Leaving directory '/j/development/clamav-0.98.3/libclamav'
Makefile:649: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/j/development/clamav-0.98.3'
Makefile:477: recipe for target 'all' failed
make: *** [all] Error 2
Does anybody know how to get around this? I already recompiled libxml2
(v2.9.1) but the error persists.
ClamAV v0.98.1 still compiles perfectly.
Regards
Alexander
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
_
Re: [clamav-users] Compiling error: /usr/lib/libxml2.so: error adding symbols: File in wrong format
No worries. Since I'm most familiar with more conventional Linux
distributions, I'm not entirely sure what's going on, but it appears your
compiler/linker is still trying to link against the 32bit libraries rather
than the 64bit ones: -Wl,-rpath -Wl,/usr/lib64/../lib64 -Wl,-rpath
-Wl,/usr/lib64/../lib -Wl,-rpath -Wl,/usr/lib64/../lib64 -Wl,-rpath
-Wl,/usr/lib64/../lib -L/usr/lib /usr/lib/libxml2.so -lz -L/usr/lib64
By specifying -L/usr/lib/libxml2.so, that forces the compiler/linker to
attempt link against that library (the 32bit one). Instead, it should be
linking against libxml2 by using -lxml2. I'm the only member of the team
awake at this hour tonight (it's 4am here). I'll bring it up with the team
first thing in the morning and see what they think. I'm sure we can get a
patch out to you soon.
Thanks,
Shawn
On Thu, May 8, 2014 at 3:49 AM, Alexander Tampermeier <
alexan...@tampermeier.at> wrote:
> Shawn,
>
> I am very sorry. Obviously I mixed something up totally.
>
> Here is the corrected output of the configure command (now including
> option --disable-silent-rules): http://de.pastebin.de/124760
>
> And here is the corrected output of the make command:
> http://de.pastebin.de/124761
>
> Regards
> Alexander
>
>
> Am 08.05.2014 09:29, schrieb Shawn Webb:
>
>> Did you add the --disable-silent-rules to your ./configure run? It looks
>> like step 3 is still producing friendly output.
>>
>>
>> On Thu, May 8, 2014 at 3:21 AM, Alexander Tampermeier <
>>
>> alexan...@tampermeier.at> wrote:
>>
>> Hello Shawn,
>>>
>>> I executed 'make clean distclean'.
>>>
>>> I pasted the output of command #2 (CC="gcc ${BUILD64}" ./configure ...)
>>> at
>>> http://de.pastebin.de/124756
>>>
>>> Output of command #3 (make) is pasted at http://de.pastebin.de/124757
>>>
>>> Regards
>>> Alexander
>>>
>>>
>>> Am 08.05.2014 08:40, schrieb Shawn Webb:
>>>
>>> Can you run these commands, and paste the output of commands 2 and 3 to
your pastebin service (friendly remember to pipe stderr to stdout):
1. make clean distclean
2. CC="gcc ${BUILD64}" ./configure --prefix=/usr
--sysconfdir=/etc/clamav
--with-zlib=/usr --with-dbdir=/usr/share/clamav --disable-silent-rules
3. make
Thanks,
Shawn
On Thu, May 8, 2014 at 2:33 AM, Alexander Tampermeier <
alexan...@tampermeier.at> wrote:
Hello Shawn,
> thank you for your response.
>
> This is output of 'file /usr/lib/libxml2.so':
> /usr/lib/libxml2.so: symbolic link to `libxml2.so.2.9.1'
>
> And 'file /usr/lib/libxml2.so.2.9.1' outputs:
> /usr/lib/libxml2.so.2.9.1: ELF 32-bit LSB shared object, Intel 80386,
> version 1 (SYSV), dynamically linked, not stripped
>
> As my box is cross compiled x86/x64 there are also 64bit libraries, so
> that 'file /usr/lib64/libxml2.so' gives:
> /usr/lib64/libxml2.so: symbolic link to `libxml2.so.2.9.1'
>
> And file 'file /usr/lib64/libxml2.so.2.9.1' outputs:
> /usr/lib64/libxml2.so.2.9.1: ELF 64-bit LSB shared object, x86-64,
> version
> 1 (SYSV), dynamically linked, not stripped
>
> This is my configure command (building 64bit):
> CC="gcc ${BUILD64}" ./configure --prefix=/usr --sysconfdir=/etc/clamav
> --with-zlib=/usr --with-dbdir=/usr/share/clamav
>
> Where 'echo ${BUILD64}' outputs:
> -m64
>
> I pasted the content of my config.log at http://de.pastebin.de/124754
>
> Regards
> Alexander
>
>
>
>
> Am 08.05.2014 07:52, schrieb Shawn Webb:
>
> What's the output of this command: file /usr/lib/libxml2.so
>
>> Can you paste (preferably to a pastebin service) your config.log? What
>> options did you pass to ./configure?
>>
>>
>> On Thu, May 8, 2014 at 1:48 AM, Alexander Tampermeier <
>> alexan...@tampermeier.at> wrote:
>>
>>I have been using ClamAV on my Linux box (Cross Compiled Linux from
>>
>> Scratch; gcc 4.8.2) for years now and it always compiled well.
>>>
>>> Now, compiling version 0.98.3 (and also in 0.98.2) I get the
>>> following
>>> compiling error:
>>>
>>> CC libclamav_la-fp_sqr_comba_8.lo
>>> CC libclamav_la-fp_sqr_comba_9.lo
>>> CC libclamav_la-fp_sqr_comba_generic.lo
>>> CC libclamav_la-fp_sqr_comba_small_set.lo
>>> CC libclamav_la-fp_sqrmod.lo
>>> CC libclamav_internal_utils_la-str.lo
>>> CC libclamav_internal_utils_la-crypto.lo
>>> CC libclamav_internal_utils_la-iowrap.lo
>>> CC libclamav_internal_utils_la-others_common.lo
>>> CC libclamav_internal_utils_la-qsort.lo
>>> CC libclamav_internal_utils_la-regcomp.lo
>>> CC libclamav_internal_utils_la-regerror.lo
>>> CC libclamav_internal_utils_la-regexec.lo
>>> CC libclamav_internal_utils_la-regfree.lo
>>>
Re: [clamav-users] clamav-users Digest, Vol 116, Issue 2
Hi there, On Fri, 2 May 2014, Greg Mueller wrote: It has Debian on it and was booting fine. But now when it starts to boot it gets this message. What did you do to it between when it was booting fine and when it stopped booting fine? You didn't tell us, we need to know, and we aren't clairvoyant. This Version of the clamavb engine is outdated Don't Panic Read http://www.clamav.nrt/support/faq When you post messages like this, it's usually important to get them right. You've made some errors in typing, but at the moment that is the least of the problems. It's also important to describe everything that happens, not just a part that you think might be interesting. There was probably much more than this shown on the screen when the machine booted, quite likely including a screen from 'grub' (the GRand Unified Bootloader) which Debian normally uses to start the system. Do you get a 'grub' boot screen? If so you can probably choose an option to start the system in recovery mode, but normally you only get five seconds to press a key. Press the 'down arrow' key and then grub will wait as long as you like to read the screen and make up your mind. If you have chosen to start the system in recovery mode it should then give you a way to log on as root and repair the system, although if you're new to Debian/Linux then repairing it might not be very easy. If you do not get a 'grub' screen then you might be able to boot from a Debian LiveCD and attempt to recover the system that way. I don't think that this is really a ClamAV problem yet. -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Crash on reload. Version 0.98.3. Mac OS X 10.7.5
Thanks! I'll have a fix for you first thing in the morning. It looks like there might be a buggy edge case. Thanks, Shawn On May 7, 2014 9:46 PM, "James Brown" wrote: On 8 May 2014, at 11:42 am, Shawn Webb wrote: > Hey James, > > Can you paste your clamd.conf file please? Hi Shawn. Below is my clamd.conf. The only difference is that I have now turned off the StatsEnabled. Hopefully this will fix it. James. ## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled LogFile /var/log/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). # This option disables log file locking. # Default: no #LogFileUnlock yes # Maximum size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log # rotation (the LogRotate option) will always be enabled. # Default: 1M LogFileMaxSize 2M # Log time with each message. # Default: no LogTime yes # Also log clean files. Useful in debugging but drastically increases the # log size. # Default: no #LogClean yes # Use system logger (can work together with LogFile). # Default: no #LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable verbose logging. # Default: no #LogVerbose yes # Enable log rotation. Always enabled when LogFileMaxSize is enabled. # Default: no LogRotate yes # Log additional information about the infected file, such as its # size and hash, together with the virus name. #ExtendedDetectionInfo yes ExtendedDetectionInfo yes # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled PidFile /var/run/clamd/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). #TemporaryDirectory /var/tmp # Path to the database directory. # Default: hardcoded (depends on installation options) DatabaseDirectory /usr/local/clamav # Only load the official signatures published by the ClamAV project. # Default: no #OfficialDatabaseOnly no # The daemon can work in local mode, network mode or both. # Due to security reasons we recommend the local mode. # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) LocalSocket /tmp/clamd # Sets the group ownership on the unix socket. # Default: disabled (the primary group of the user running clamd) #LocalSocketGroup virusgroup # Sets the permissions on the unix socket to the specified mode. # Default: disabled (socket is world accessible) #LocalSocketMode 660 # Remove stale socket after unclean shutdown. # Default: yes #FixStaleSocket yes # TCP port address. # Default: no #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. This option can be specified multiple # times if you want to listen on multiple IPs. IPv6 is now supported. # Default: no #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 200 #MaxConnectionQueueLength 30 # Clamd uses FTP-like protocol to receive data from remote clients. # If you are using clamav-milter to balance load between remote clamd daemons # on firewall servers you may need to tune the options below. # Close the connection when the data size limit is exceeded. # The value should match your MTA's limit for a maximum attachment size. # Default: 25M #StreamMaxLength 10M # Limit port range. # Default: 1024 #StreamMinPort 3 # Default: 2048 #StreamMaxPort 32000 # Maximum number of threads running at the same time. # Default: 10 #MaxThreads 20 # Waiting for data from a client socket will timeout after this time (seconds). # Default: 120 #ReadTimeout 300 # This option specifies the time (in seconds) after which clamd should # timeout if a client doesn't provide any initial command after connecting. # Default: 5 #CommandReadTimeout 5 # This option specifies how long to wait (in miliseconds) if the send buffer is full. # Keep this value low to prevent clamd hanging # # Default: 500 #SendBufTimeout 200 # Maximum number of queued items (including those being processed by MaxThreads threads) # It is recommended to have this value at least twice MaxThreads if possible. # WARNING: you shouldn't increase this too much to
[clamav-users] Clamav is not finding any viruses
Hi, I have got clamav running on the box and recently had a complain from the customer saying that he is getting viruses. In fact Clamav is finding phishing messages but any virus (besides eicar) is not being found. Tried to test it from the command line and it says that the files I'm checking are not infected when Kaspersky is picking up viruses (Trojan.Win32.Yakes.elfb) but clamav says OK. Tried the latest version of clamav also and the same. I have got databases up-to-date according to freshclam. Can anyone help me ? Thank you. Regards TH ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Version 0.98.3 compile failure on Solaris
The configure code checking for the newly required openssl library is broken. [...] configure:16590: checking for OpenSSL installation configure:16632: checking for SSL_library_init in -lssl configure:16657: gcc -o conftest -I/tmp/ssl/ssl/include -L/tmp/ssl/ssl/lib -lss l -lcrypto conftest.c -lssl -lnsl -lsocket >&5 Undefined first referenced symbol in file ERR_clear_error /tmp/ssl/ssl/lib/libssl.a(ssl_cert.o) SHA512_Transform/tmp/ssl/ssl/lib/libssl.a(s3_cbc.o) [many more deleted] The reason for the failure is the second instance of -lssl, which just like the first instance requires augmentation with -lcrypto. Checking where it comes from, I figured that the following patch to m4/reorganization/libs/openssl.m4 works around the failure, but I haven't the time to rewrite the test properly. --%<-- --- openssl.m4.dist 2014-05-06 19:39:56.0 +0100 +++ openssl.m4 2014-05-08 15:23:22.520238757 +0100 @@ -35,7 +35,7 @@ have_ssl="no" have_crypto="no" -AC_CHECK_LIB([ssl], [SSL_library_init], [have_ssl="yes"], [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])]) +AC_CHECK_LIB([ssl], [SSL_library_init], [have_ssl="yes"], [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])],[-lcrypto]) AC_CHECK_LIB([crypto], [EVP_EncryptInit], [have_crypto="yes"], [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])]) --%<-- This is most likely not a problem on newer platforms with a more intelligent linker. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Version 0.98.3 fails on Solaris
Hello, after building 0.98.3 on Solaris 10 (Sparc) I got some error messages from freshclam. The first run: ERROR: Corrupted database file /var/clamav/main.cvd: Can't allocate memory Corrupted database file renamed to /var/clamav/main.cvd.broken ERROR: Corrupted database file /var/clamav/daily.cld: Malformed database Corrupted database file renamed to /var/clamav/daily.cld.broken ERROR: Corrupted database file /var/clamav/bytecode.cld: Malformed database Corrupted database file renamed to /var/clamav/bytecode.cld.broken Any subsequent run: Downloading main.cvd [100%] LibClamAV debug: Initialized 0.98.3 engine LibClamAV debug: in cli_cvdload() LibClamAV debug: cli_cvdverify: Cannot generate hash, out of memory LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Phishcheck cleaned up ERROR: Verification: Can't allocate memory There is enough memory and up to version 0.98 there was never any memory problem or similar messages. How can one resolve this ? Regards, Martin -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen smime.p7s Description: S/MIME Cryptographic Signature ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Clamav is not finding any viruses
Hi Thorvald, You can also check which vendors' AV systems detect viruses on a file at virustotal.com. Also, please submit your virus file to http://www.clamav.net/lang/en/sendvirus/ so that we can write a ClamAV signature for it. Thanks, Steve On Thu, May 8, 2014 at 11:01 AM, Thorvald Hallvardsson < thorvald.hallvards...@gmail.com> wrote: > Hi, > > I have got clamav running on the box and recently had a complain from the > customer saying that he is getting viruses. In fact Clamav is finding > phishing messages but any virus (besides eicar) is not being found. Tried > to test it from the command line and it says that the files I'm checking > are not infected when Kaspersky is picking up viruses > (Trojan.Win32.Yakes.elfb) but clamav says OK. > > Tried the latest version of clamav also and the same. I have got databases > up-to-date according to freshclam. > > Can anyone help me ? > > Thank you. > > Regards > TH > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Version 0.98.3 fails on Solaris
On Thu, May 8, 2014 at 11:13 AM, Martin Preen < pr...@informatik.uni-freiburg.de> wrote: > Hello, > after building 0.98.3 on Solaris 10 (Sparc) I got some error > messages from freshclam. > > The first run: > > ERROR: Corrupted database file /var/clamav/main.cvd: Can't allocate memory > Corrupted database file renamed to /var/clamav/main.cvd.broken > ERROR: Corrupted database file /var/clamav/daily.cld: Malformed database > Corrupted database file renamed to /var/clamav/daily.cld.broken > ERROR: Corrupted database file /var/clamav/bytecode.cld: Malformed database > Corrupted database file renamed to /var/clamav/bytecode.cld.broken > > Any subsequent run: > > Downloading main.cvd [100%] > LibClamAV debug: Initialized 0.98.3 engine > LibClamAV debug: in cli_cvdload() > LibClamAV debug: cli_cvdverify: Cannot generate hash, out of memory > LibClamAV debug: Cleaning up phishcheck > LibClamAV debug: Phishcheck cleaned up > ERROR: Verification: Can't allocate memory > > There is enough memory and up to version 0.98 there was never any memory > problem or similar messages. How can one resolve this ? > > Regards, > Martin > Hey Martin, Is there a way you can get to me main.cvd.broken? I'm wondering if the change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on big-endian machines running Solaris. I thoroughly tested the code on a sparc64 machine (an old SunFire 280r) running FreeBSD 9.2 successfully. To help me debug the issue: what version of OpenSSL do you have installed? Can you give me the output of the clamdconf command (preferably to a pastebin service)? Can you give me (again, pastebin) the output of your config.log? I can install Solaris on this sparc64 machine as early as next week. Thanks, Shawn ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Version 0.98.3 compile failure on Solaris
On Thu, May 8, 2014 at 11:04 AM, Lars Hecking < lheck...@users.sourceforge.net> wrote: > > The configure code checking for the newly required openssl library is > broken. > > [...] > configure:16590: checking for OpenSSL installation > configure:16632: checking for SSL_library_init in -lssl > configure:16657: gcc -o conftest -I/tmp/ssl/ssl/include > -L/tmp/ssl/ssl/lib -lss > l -lcrypto conftest.c -lssl -lnsl -lsocket >&5 > Undefined first referenced > symbol in file > ERR_clear_error /tmp/ssl/ssl/lib/libssl.a(ssl_cert.o) > SHA512_Transform/tmp/ssl/ssl/lib/libssl.a(s3_cbc.o) > [many more deleted] > > The reason for the failure is the second instance of -lssl, which just > like > the first instance requires augmentation with -lcrypto. Checking where it > comes from, I figured that the following patch to > m4/reorganization/libs/openssl.m4 > works around the failure, but I haven't the time to rewrite the test > properly. > > --%<-- > --- openssl.m4.dist 2014-05-06 19:39:56.0 +0100 > +++ openssl.m4 2014-05-08 15:23:22.520238757 +0100 > @@ -35,7 +35,7 @@ > have_ssl="no" > have_crypto="no" > > -AC_CHECK_LIB([ssl], [SSL_library_init], [have_ssl="yes"], > [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])]) > +AC_CHECK_LIB([ssl], [SSL_library_init], [have_ssl="yes"], > [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or > missing])],[-lcrypto]) > > AC_CHECK_LIB([crypto], [EVP_EncryptInit], [have_crypto="yes"], > [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])]) > > --%<-- > > This is most likely not a problem on newer platforms with a more > intelligent > linker. > Hey Lars, Thanks for reporting this issue and especially providing a candidate patch. I'll review it and do some additional testing soon. I'll get back to you once testing is done. Thanks, Shawn ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Crash on db reload: 0.98.3 (OS: win32, ARCH: i386
Just a quick report... 0.98.3 crashes... 0.98.1 no issues... Thu May 08 15:29:06 2014 -> +++ Started at Thu May 08 15:29:06 2014 Thu May 08 15:29:06 2014 -> clamd daemon 0.98.3 (OS: win32, ARCH: i386, CPU: i386) Thu May 08 15:29:06 2014 -> Log file size limited to 104857600 bytes. Thu May 08 15:29:06 2014 -> Reading databases from c:\clamav\database Thu May 08 15:29:06 2014 -> Not loading PUA signatures. Thu May 08 15:29:06 2014 -> Bytecode: Security mode set to "TrustSigned". Thu May 08 15:29:06 2014 -> Disabling URL based phishing detection. Thu May 08 15:29:14 2014 -> Loaded 3449824 signatures. Thu May 08 15:29:15 2014 -> TCP: Bound to address 127.0.0.1 on port 3310 Thu May 08 15:29:15 2014 -> TCP: Setting connection queue length to 200 Thu May 08 15:29:15 2014 -> Limits: Global size limit set to 2097152 bytes. Thu May 08 15:29:15 2014 -> Limits: File size limit set to 26214400 bytes. Thu May 08 15:29:15 2014 -> Limits: Recursion level limit set to 16. Thu May 08 15:29:15 2014 -> Limits: Files limit set to 1. Thu May 08 15:29:15 2014 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Thu May 08 15:29:15 2014 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Thu May 08 15:29:15 2014 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Thu May 08 15:29:15 2014 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Thu May 08 15:29:15 2014 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Thu May 08 15:29:15 2014 -> Limits: MaxPartitions limit set to 50. Thu May 08 15:29:15 2014 -> Limits: MaxIconsPE limit set to 100. Thu May 08 15:29:15 2014 -> Archive support enabled. Thu May 08 15:29:15 2014 -> Algorithmic detection enabled. Thu May 08 15:29:15 2014 -> Portable Executable support enabled. Thu May 08 15:29:15 2014 -> ELF support enabled. Thu May 08 15:29:15 2014 -> Mail files support enabled. Thu May 08 15:29:15 2014 -> OLE2 support enabled. Thu May 08 15:29:15 2014 -> PDF support enabled. Thu May 08 15:29:15 2014 -> SWF support enabled. Thu May 08 15:29:15 2014 -> HTML support enabled. Thu May 08 15:29:15 2014 -> Self checking every 1800 seconds. Thu May 08 15:29:15 2014 -> Listening daemon: PID: 2744 Thu May 08 15:29:15 2014 -> MaxQueue set to: 100 Thu May 08 15:29:15 2014 -> fds_poll_recv: timeout after 1800 seconds This is all the bit just before the win32 error box pops up... Thu May 08 16:30:17 2014 -> mode -> MODE_WAITREPLY Thu May 08 16:30:17 2014 -> Breaking command loop, mode is no longer MODE_COMMAND Thu May 08 16:30:17 2014 -> THRMGR: queue (single) crossed low threshold -> signaling Thu May 08 16:30:17 2014 -> Consumed entire command Thu May 08 16:30:17 2014 -> THRMGR: queue (bulk) crossed low threshold -> signaling Thu May 08 16:30:17 2014 -> Number of file descriptors polled: 0 fds Thu May 08 16:30:17 2014 -> fds_poll_recv: timeout after 1800 seconds Thu May 08 16:30:18 2014 -> Finished scanthread Thu May 08 16:30:18 2014 -> Scanthread: connection shut down (FD 1360) Thu May 08 16:30:18 2014 -> THRMGR: queue (single) crossed low threshold -> signaling Thu May 08 16:30:18 2014 -> THRMGR: queue (bulk) crossed low threshold -> signaling Thu May 08 16:30:18 2014 -> Received POLLIN|POLLHUP on fd 1148 Thu May 08 16:30:18 2014 -> Got new connection, FD 1384 Thu May 08 16:30:18 2014 -> SelfCheck: Database modification detected. Forcing reload. :( Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Version 0.98.3 fails on Solaris
Shawn Webb wrote: On Thu, May 8, 2014 at 11:13 AM, Martin Preen < pr...@informatik.uni-freiburg.de> wrote: Hello, after building 0.98.3 on Solaris 10 (Sparc) I got some error messages from freshclam. The first run: ERROR: Corrupted database file /var/clamav/main.cvd: Can't allocate memory Corrupted database file renamed to /var/clamav/main.cvd.broken ERROR: Corrupted database file /var/clamav/daily.cld: Malformed database Corrupted database file renamed to /var/clamav/daily.cld.broken ERROR: Corrupted database file /var/clamav/bytecode.cld: Malformed database Corrupted database file renamed to /var/clamav/bytecode.cld.broken Any subsequent run: Downloading main.cvd [100%] LibClamAV debug: Initialized 0.98.3 engine LibClamAV debug: in cli_cvdload() LibClamAV debug: cli_cvdverify: Cannot generate hash, out of memory LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Phishcheck cleaned up ERROR: Verification: Can't allocate memory There is enough memory and up to version 0.98 there was never any memory problem or similar messages. How can one resolve this ? Regards, Martin Hey Martin, Is there a way you can get to me main.cvd.broken? I'm wondering if the change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on big-endian machines running Solaris. I thoroughly tested the code on a sparc64 machine (an old SunFire 280r) running FreeBSD 9.2 successfully. To help me debug the issue: what version of OpenSSL do you have installed? Can you give me the output of the clamdconf command (preferably to a pastebin service)? Can you give me (again, pastebin) the output of your config.log? I can install Solaris on this sparc64 machine as early as next week. I'll send you an URL for downloading main.cvd.broken. Martin -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen smime.p7s Description: S/MIME Cryptographic Signature ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Version 0.98.3 fails on Solaris
Shawn Webb wrote: On Thu, May 8, 2014 at 11:13 AM, Martin Preen < pr...@informatik.uni-freiburg.de> wrote: Hello, after building 0.98.3 on Solaris 10 (Sparc) I got some error messages from freshclam. The first run: ERROR: Corrupted database file /var/clamav/main.cvd: Can't allocate memory Corrupted database file renamed to /var/clamav/main.cvd.broken ERROR: Corrupted database file /var/clamav/daily.cld: Malformed database Corrupted database file renamed to /var/clamav/daily.cld.broken ERROR: Corrupted database file /var/clamav/bytecode.cld: Malformed database Corrupted database file renamed to /var/clamav/bytecode.cld.broken Any subsequent run: Downloading main.cvd [100%] LibClamAV debug: Initialized 0.98.3 engine LibClamAV debug: in cli_cvdload() LibClamAV debug: cli_cvdverify: Cannot generate hash, out of memory LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Phishcheck cleaned up ERROR: Verification: Can't allocate memory There is enough memory and up to version 0.98 there was never any memory problem or similar messages. How can one resolve this ? Regards, Martin Hey Martin, Is there a way you can get to me main.cvd.broken? I'm wondering if the change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on big-endian machines running Solaris. I thoroughly tested the code on a sparc64 machine (an old SunFire 280r) running FreeBSD 9.2 successfully. To help me debug the issue: what version of OpenSSL do you have installed? Can you give me the output of the clamdconf command (preferably to a pastebin service)? Can you give me (again, pastebin) the output of your config.log? I can install Solaris on this sparc64 machine as early as next week. It is OpenSSL 1.0.1g and Sun C 5.11 SunOS_sparc 2010/08/13 with CFLAGS='-xtarget=ultra -xO4'. Martin -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen smime.p7s Description: S/MIME Cryptographic Signature ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Crash on db reload: 0.98.3 (OS: win32, ARCH: i386
Hi Steve, We're looking into this. A couple questions: which version of windows? 32bit or 64bit windows? 32bit or 64bit ClamAV? Thanks, Steve On Thu, May 8, 2014 at 11:41 AM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: > Just a quick report... > > 0.98.3 crashes... 0.98.1 no issues... > > Thu May 08 15:29:06 2014 -> +++ Started at Thu May 08 15:29:06 2014 > Thu May 08 15:29:06 2014 -> clamd daemon 0.98.3 (OS: win32, ARCH: i386, > CPU: i386) > Thu May 08 15:29:06 2014 -> Log file size limited to 104857600 bytes. > Thu May 08 15:29:06 2014 -> Reading databases from c:\clamav\database > Thu May 08 15:29:06 2014 -> Not loading PUA signatures. > Thu May 08 15:29:06 2014 -> Bytecode: Security mode set to "TrustSigned". > Thu May 08 15:29:06 2014 -> Disabling URL based phishing detection. > Thu May 08 15:29:14 2014 -> Loaded 3449824 signatures. > Thu May 08 15:29:15 2014 -> TCP: Bound to address 127.0.0.1 on port 3310 > Thu May 08 15:29:15 2014 -> TCP: Setting connection queue length to 200 > Thu May 08 15:29:15 2014 -> Limits: Global size limit set to 2097152 bytes. > Thu May 08 15:29:15 2014 -> Limits: File size limit set to 26214400 bytes. > Thu May 08 15:29:15 2014 -> Limits: Recursion level limit set to 16. > Thu May 08 15:29:15 2014 -> Limits: Files limit set to 1. > Thu May 08 15:29:15 2014 -> Limits: MaxEmbeddedPE limit set to 10485760 > bytes. > Thu May 08 15:29:15 2014 -> Limits: MaxHTMLNormalize limit set to 10485760 > bytes. > Thu May 08 15:29:15 2014 -> Limits: MaxHTMLNoTags limit set to 2097152 > bytes. > Thu May 08 15:29:15 2014 -> Limits: MaxScriptNormalize limit set to > 5242880 bytes. > Thu May 08 15:29:15 2014 -> Limits: MaxZipTypeRcg limit set to 1048576 > bytes. > Thu May 08 15:29:15 2014 -> Limits: MaxPartitions limit set to 50. > Thu May 08 15:29:15 2014 -> Limits: MaxIconsPE limit set to 100. > Thu May 08 15:29:15 2014 -> Archive support enabled. > Thu May 08 15:29:15 2014 -> Algorithmic detection enabled. > Thu May 08 15:29:15 2014 -> Portable Executable support enabled. > Thu May 08 15:29:15 2014 -> ELF support enabled. > Thu May 08 15:29:15 2014 -> Mail files support enabled. > Thu May 08 15:29:15 2014 -> OLE2 support enabled. > Thu May 08 15:29:15 2014 -> PDF support enabled. > Thu May 08 15:29:15 2014 -> SWF support enabled. > Thu May 08 15:29:15 2014 -> HTML support enabled. > Thu May 08 15:29:15 2014 -> Self checking every 1800 seconds. > Thu May 08 15:29:15 2014 -> Listening daemon: PID: 2744 > Thu May 08 15:29:15 2014 -> MaxQueue set to: 100 > Thu May 08 15:29:15 2014 -> fds_poll_recv: timeout after 1800 seconds > > This is all the bit just before the win32 error box pops up... > > > Thu May 08 16:30:17 2014 -> mode -> MODE_WAITREPLY > Thu May 08 16:30:17 2014 -> Breaking command loop, mode is no longer > MODE_COMMAND > Thu May 08 16:30:17 2014 -> THRMGR: queue (single) crossed low threshold > -> signaling > Thu May 08 16:30:17 2014 -> Consumed entire command > Thu May 08 16:30:17 2014 -> THRMGR: queue (bulk) crossed low threshold -> > signaling > Thu May 08 16:30:17 2014 -> Number of file descriptors polled: 0 fds > Thu May 08 16:30:17 2014 -> fds_poll_recv: timeout after 1800 seconds > Thu May 08 16:30:18 2014 -> Finished scanthread > Thu May 08 16:30:18 2014 -> Scanthread: connection shut down (FD 1360) > Thu May 08 16:30:18 2014 -> THRMGR: queue (single) crossed low threshold > -> signaling > Thu May 08 16:30:18 2014 -> THRMGR: queue (bulk) crossed low threshold -> > signaling > Thu May 08 16:30:18 2014 -> Received POLLIN|POLLHUP on fd 1148 > Thu May 08 16:30:18 2014 -> Got new connection, FD 1384 > Thu May 08 16:30:18 2014 -> SelfCheck: Database modification detected. > Forcing reload. > > :( > > Cheers, > > Steve > Sanesecurity > > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Crash on db reload: 0.98.3 (OS: win32, ARCH: i386
Sorry, didn't pay attention to subject line :) On Thu, May 8, 2014 at 11:55 AM, Steven Morgan wrote: > Hi Steve, > > We're looking into this. A couple questions: which version of windows? > 32bit or 64bit windows? 32bit or 64bit ClamAV? > > Thanks, > Steve > > > On Thu, May 8, 2014 at 11:41 AM, Steve Basford < > steveb_cla...@sanesecurity.com> wrote: > >> Just a quick report... >> >> 0.98.3 crashes... 0.98.1 no issues... >> >> Thu May 08 15:29:06 2014 -> +++ Started at Thu May 08 15:29:06 2014 >> Thu May 08 15:29:06 2014 -> clamd daemon 0.98.3 (OS: win32, ARCH: i386, >> CPU: i386) >> Thu May 08 15:29:06 2014 -> Log file size limited to 104857600 bytes. >> Thu May 08 15:29:06 2014 -> Reading databases from c:\clamav\database >> Thu May 08 15:29:06 2014 -> Not loading PUA signatures. >> Thu May 08 15:29:06 2014 -> Bytecode: Security mode set to "TrustSigned". >> Thu May 08 15:29:06 2014 -> Disabling URL based phishing detection. >> Thu May 08 15:29:14 2014 -> Loaded 3449824 signatures. >> Thu May 08 15:29:15 2014 -> TCP: Bound to address 127.0.0.1 on port 3310 >> Thu May 08 15:29:15 2014 -> TCP: Setting connection queue length to 200 >> Thu May 08 15:29:15 2014 -> Limits: Global size limit set to 2097152 >> bytes. >> Thu May 08 15:29:15 2014 -> Limits: File size limit set to 26214400 bytes. >> Thu May 08 15:29:15 2014 -> Limits: Recursion level limit set to 16. >> Thu May 08 15:29:15 2014 -> Limits: Files limit set to 1. >> Thu May 08 15:29:15 2014 -> Limits: MaxEmbeddedPE limit set to 10485760 >> bytes. >> Thu May 08 15:29:15 2014 -> Limits: MaxHTMLNormalize limit set to 10485760 >> bytes. >> Thu May 08 15:29:15 2014 -> Limits: MaxHTMLNoTags limit set to 2097152 >> bytes. >> Thu May 08 15:29:15 2014 -> Limits: MaxScriptNormalize limit set to >> 5242880 bytes. >> Thu May 08 15:29:15 2014 -> Limits: MaxZipTypeRcg limit set to 1048576 >> bytes. >> Thu May 08 15:29:15 2014 -> Limits: MaxPartitions limit set to 50. >> Thu May 08 15:29:15 2014 -> Limits: MaxIconsPE limit set to 100. >> Thu May 08 15:29:15 2014 -> Archive support enabled. >> Thu May 08 15:29:15 2014 -> Algorithmic detection enabled. >> Thu May 08 15:29:15 2014 -> Portable Executable support enabled. >> Thu May 08 15:29:15 2014 -> ELF support enabled. >> Thu May 08 15:29:15 2014 -> Mail files support enabled. >> Thu May 08 15:29:15 2014 -> OLE2 support enabled. >> Thu May 08 15:29:15 2014 -> PDF support enabled. >> Thu May 08 15:29:15 2014 -> SWF support enabled. >> Thu May 08 15:29:15 2014 -> HTML support enabled. >> Thu May 08 15:29:15 2014 -> Self checking every 1800 seconds. >> Thu May 08 15:29:15 2014 -> Listening daemon: PID: 2744 >> Thu May 08 15:29:15 2014 -> MaxQueue set to: 100 >> Thu May 08 15:29:15 2014 -> fds_poll_recv: timeout after 1800 seconds >> >> This is all the bit just before the win32 error box pops up... >> >> >> Thu May 08 16:30:17 2014 -> mode -> MODE_WAITREPLY >> Thu May 08 16:30:17 2014 -> Breaking command loop, mode is no longer >> MODE_COMMAND >> Thu May 08 16:30:17 2014 -> THRMGR: queue (single) crossed low threshold >> -> signaling >> Thu May 08 16:30:17 2014 -> Consumed entire command >> Thu May 08 16:30:17 2014 -> THRMGR: queue (bulk) crossed low threshold -> >> signaling >> Thu May 08 16:30:17 2014 -> Number of file descriptors polled: 0 fds >> Thu May 08 16:30:17 2014 -> fds_poll_recv: timeout after 1800 seconds >> Thu May 08 16:30:18 2014 -> Finished scanthread >> Thu May 08 16:30:18 2014 -> Scanthread: connection shut down (FD 1360) >> Thu May 08 16:30:18 2014 -> THRMGR: queue (single) crossed low threshold >> -> signaling >> Thu May 08 16:30:18 2014 -> THRMGR: queue (bulk) crossed low threshold -> >> signaling >> Thu May 08 16:30:18 2014 -> Received POLLIN|POLLHUP on fd 1148 >> Thu May 08 16:30:18 2014 -> Got new connection, FD 1384 >> Thu May 08 16:30:18 2014 -> SelfCheck: Database modification detected. >> Forcing reload. >> >> :( >> >> Cheers, >> >> Steve >> Sanesecurity >> >> ___ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> http://www.clamav.net/support/ml >> > > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Version 0.98.3 fails on Solaris
On 5/8/14, 8:23 AM, Shawn Webb wrote: Hey Martin, Is there a way you can get to me main.cvd.broken? I'm wondering if the change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on big-endian machines running Solaris. I thoroughly tested the code on a sparc64 machine (an old SunFire 280r) running FreeBSD 9.2 successfully. To help me debug the issue: what version of OpenSSL do you have installed? Can you give me the output of the clamdconf command (preferably to a pastebin service)? Can you give me (again, pastebin) the output of your config.log? I can install Solaris on this sparc64 machine as early as next week. Thanks, Shawn Are we to understand Sourcefire does not have a proper Solaris Sparc environment for testing ClamAV products? dp ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Compiling error: /usr/lib/libxml2.so: error adding symbols: File in wrong format
Alexander, For libxml2, the configure script is finding and running the xml2-config script that is part of a typical xml2 install to get the appropriate CFLAGS and LIBS values to get to libxml2. Your fallback option, if this gets too complicated, is to simply run configure with --disable-xml and avoid the impacted use cases and code paths. If you want to get it working with xml enabled, I will outline some choices you have for getting the proper libs pointed to. The ClamAV configure script is finding the xml2-config script and running it based on these lines in your config.log output: checking for libxml2 installation... /usrchecking xml2-config version... 2.9.1checking for xmlreader.h in /usr... foundchecking for xmlTextReaderRead in -lxml2... yesconfigure: Compiling and linking with libxml2 from /usr In your case, the xml2-config is finding and reporting the 32-bit versions from /usr/lib. You should be able to see what it is reporting by running 'xml2-config --libs'. A little bit more info about that helper script is available here as questions 1 and 2 in their "Developers Corner" section : http://xmlsoft.org/FAQ.html You can work around this, as long as you have an xml2-config script that will report the --libs and --cflags values that correspond to your 64-bit libraries instead of the 32-bit ones. But this is exactly why we need a script like that. Only the CFLAGS and LIBS will be different between the 32-bit & 64-bit builds. This is only tricky because the xml2-config is installed to $XML_HOME/bin ... which for both installations would end up being /usr/bin. After all, both sets of includes would be the same, and be in /usr/include/libxml2. The xml2-config is one shared file collision between the side-by-side libxml2 installations that is not actually 100% shareable (barring an undocumented flag that we don't know about, but I digress). Since the xml2-config script is only used during configure execution, I see two ways to resolve this. (1) Temporary: Switch your current xml2-config with one that will report the 64-bit flags and libs values, switch it back when you need 32-bit. These are supposed to be generated with your 32-bit message. (2) Permanent: Make a second folder (e.g. /usr/xml64) with an xml2-config that will report the 64-bit cflags and libs values, and link an "include" subfolder to your real include path, which appears to be "/usr/include". Then add "--with-xml=/usr/xml64" to your configure command line. This is enough for it to get through configure and get to the real values, which are what it will use for building. Steps summary: - Make /usr/xml64 and /usr/xml64/bin directories - Create /usr/xml64/bin/xml2-config script - Link /usr/xml64/include to /usr/include (used to verify existence of a header file) - Run configure, adding " --with-xml=/usr/xml64 " As far as creating a stub xml2-config script, the three xml2-config commands we run as part of configure are these: (1) xml2-config --version In your case, this should return "2.9.1", same as your base version. (2) xml2-config --cflags In your case, this looks like it needs to return "-I/usr/include/libxml2", again the same as your base version. (3) xml2-config --libs In your case, this looks like it needs to return something like "-L/usr/lib64 -lxml2 ", or whatever values are appropriate for your 64-bit lib path. We might add configure options to a future release that will let you force-set libxml2 CFLAGS and LIBS values directly to workaround this case, but this should let you operate for now. Hope this helps, Dave R. On Thu, May 8, 2014 at 4:00 AM, Shawn Webb wrote: > No worries. Since I'm most familiar with more conventional Linux > distributions, I'm not entirely sure what's going on, but it appears your > compiler/linker is still trying to link against the 32bit libraries rather > than the 64bit ones: -Wl,-rpath -Wl,/usr/lib64/../lib64 -Wl,-rpath > -Wl,/usr/lib64/../lib -Wl,-rpath -Wl,/usr/lib64/../lib64 -Wl,-rpath > -Wl,/usr/lib64/../lib -L/usr/lib /usr/lib/libxml2.so -lz -L/usr/lib64 > > By specifying -L/usr/lib/libxml2.so, that forces the compiler/linker to > attempt link against that library (the 32bit one). Instead, it should be > linking against libxml2 by using -lxml2. I'm the only member of the team > awake at this hour tonight (it's 4am here). I'll bring it up with the team > first thing in the morning and see what they think. I'm sure we can get a > patch out to you soon. > > Thanks, > > Shawn > > > On Thu, May 8, 2014 at 3:49 AM, Alexander Tampermeier < > alexan...@tampermeier.at> wrote: > > > Shawn, > > > > I am very sorry. Obviously I mixed something up totally. > > > > Here is the corrected output of the configure command (now including > > option --disable-silent-rules): http://de.pastebin.de/124760 > > > > And here is the corrected output of the make command: > > http://de.pastebin.de/124761 > > > > Regards > > Alexander > > > > > > Am 08.05.2014 09:29, schrieb Shawn Webb: > > > >> Did you add the
Re: [clamav-users] Version 0.98.3 fails on Solaris
On Thu, May 8, 2014 at 5:23 PM, Shawn Webb wrote: > I can install Solaris on this sparc64 machine as early as next week. OpenCSW provides a complete Solaris build farm if you're interested, we used to host automatic builds for ClamAV before Sourcefire aquired it. http://www.opencsw.org/extend-it/signup/to-upstream-maintainers/ ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Version 0.98.3 fails on Solaris
On 8 May 2014 at 11:23, Shawn Webb wrote: > On Thu, May 8, 2014 at 11:13 AM, Martin Preen < > Is there a way you can get to me main.cvd.broken? I'm wondering if the > change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on > big-endian machines running Solaris. I thoroughly tested the code on a > sparc64 machine (an old SunFire 280r) running FreeBSD 9.2 successfully. To > help me debug the issue: what version of OpenSSL do you have installed? Can > you give me the output of the clamdconf command (preferably to a pastebin > service)? Can you give me (again, pastebin) the output of your config.log? > I can install Solaris on this sparc64 machine as early as next week. If for Solaris 10 it is ok, I'm afraid you won't be able to test Solaris 11 on this machine: you need a sun4v or M-series sun4u, or a 64-bit x86 (machine or virtual machine). Pierre Note: I did not try 0.98.3 yet but I skipped 0.98.1 as well because it did not compile with my usual script neither (on Solaris 10 sparc) and I have had to time to debug the problem yet. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Crash on db reload: 0.98.3 (OS: win32, ARCH: i386
On Thu, May 8, 2014 at 11:41 AM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: > Just a quick report... > > 0.98.3 crashes... 0.98.1 no issues... > > Thu May 08 15:29:06 2014 -> +++ Started at Thu May 08 15:29:06 2014 > Thu May 08 15:29:06 2014 -> clamd daemon 0.98.3 (OS: win32, ARCH: i386, > CPU: i386) > Thu May 08 15:29:06 2014 -> Log file size limited to 104857600 bytes. > Thu May 08 15:29:06 2014 -> Reading databases from c:\clamav\database > Thu May 08 15:29:06 2014 -> Not loading PUA signatures. > Thu May 08 15:29:06 2014 -> Bytecode: Security mode set to "TrustSigned". > Thu May 08 15:29:06 2014 -> Disabling URL based phishing detection. > Thu May 08 15:29:14 2014 -> Loaded 3449824 signatures. > Thu May 08 15:29:15 2014 -> TCP: Bound to address 127.0.0.1 on port 3310 > Thu May 08 15:29:15 2014 -> TCP: Setting connection queue length to 200 > Thu May 08 15:29:15 2014 -> Limits: Global size limit set to 2097152 bytes. > Thu May 08 15:29:15 2014 -> Limits: File size limit set to 26214400 bytes. > Thu May 08 15:29:15 2014 -> Limits: Recursion level limit set to 16. > Thu May 08 15:29:15 2014 -> Limits: Files limit set to 1. > Thu May 08 15:29:15 2014 -> Limits: MaxEmbeddedPE limit set to 10485760 > bytes. > Thu May 08 15:29:15 2014 -> Limits: MaxHTMLNormalize limit set to 10485760 > bytes. > Thu May 08 15:29:15 2014 -> Limits: MaxHTMLNoTags limit set to 2097152 > bytes. > Thu May 08 15:29:15 2014 -> Limits: MaxScriptNormalize limit set to > 5242880 bytes. > Thu May 08 15:29:15 2014 -> Limits: MaxZipTypeRcg limit set to 1048576 > bytes. > Thu May 08 15:29:15 2014 -> Limits: MaxPartitions limit set to 50. > Thu May 08 15:29:15 2014 -> Limits: MaxIconsPE limit set to 100. > Thu May 08 15:29:15 2014 -> Archive support enabled. > Thu May 08 15:29:15 2014 -> Algorithmic detection enabled. > Thu May 08 15:29:15 2014 -> Portable Executable support enabled. > Thu May 08 15:29:15 2014 -> ELF support enabled. > Thu May 08 15:29:15 2014 -> Mail files support enabled. > Thu May 08 15:29:15 2014 -> OLE2 support enabled. > Thu May 08 15:29:15 2014 -> PDF support enabled. > Thu May 08 15:29:15 2014 -> SWF support enabled. > Thu May 08 15:29:15 2014 -> HTML support enabled. > Thu May 08 15:29:15 2014 -> Self checking every 1800 seconds. > Thu May 08 15:29:15 2014 -> Listening daemon: PID: 2744 > Thu May 08 15:29:15 2014 -> MaxQueue set to: 100 > Thu May 08 15:29:15 2014 -> fds_poll_recv: timeout after 1800 seconds > > This is all the bit just before the win32 error box pops up... > > > Thu May 08 16:30:17 2014 -> mode -> MODE_WAITREPLY > Thu May 08 16:30:17 2014 -> Breaking command loop, mode is no longer > MODE_COMMAND > Thu May 08 16:30:17 2014 -> THRMGR: queue (single) crossed low threshold > -> signaling > Thu May 08 16:30:17 2014 -> Consumed entire command > Thu May 08 16:30:17 2014 -> THRMGR: queue (bulk) crossed low threshold -> > signaling > Thu May 08 16:30:17 2014 -> Number of file descriptors polled: 0 fds > Thu May 08 16:30:17 2014 -> fds_poll_recv: timeout after 1800 seconds > Thu May 08 16:30:18 2014 -> Finished scanthread > Thu May 08 16:30:18 2014 -> Scanthread: connection shut down (FD 1360) > Thu May 08 16:30:18 2014 -> THRMGR: queue (single) crossed low threshold > -> signaling > Thu May 08 16:30:18 2014 -> THRMGR: queue (bulk) crossed low threshold -> > signaling > Thu May 08 16:30:18 2014 -> Received POLLIN|POLLHUP on fd 1148 > Thu May 08 16:30:18 2014 -> Got new connection, FD 1384 > Thu May 08 16:30:18 2014 -> SelfCheck: Database modification detected. > Forcing reload. > > :( > > Cheers, > > Steve > Sanesecurity > Hey Steve, Could you send me over a copy of your clamd.conf, please? Thanks, Shawn ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Clamav is not finding any viruses
Thorvald Hallvardsson wrote: > Hi, > > I have got clamav running on the box and recently had a complain from the > customer saying that he is getting viruses. In fact Clamav is finding > phishing messages but any virus (besides eicar) is not being found. Tried > to test it from the command line and it says that the files I'm checking > are not infected when Kaspersky is picking up viruses > (Trojan.Win32.Yakes.elfb) but clamav says OK. > > Tried the latest version of clamav also and the same. I have got databases > up-to-date according to freshclam. Based on local results I'm guessing the viruses slipping past ClamAV are "executable in an archive", which I have now been reporting one a day out of as many as 10+ per day reported by ISP customers. Last time I checked, only one of the files I had archived was detected by ClamAV; as of a few moments ago only 6 of the 200+ archived files were detected with stock signatures. All of these files were, IIRC, flagged by one or more scanners on virustotal.com; commonly 10 or more. I have been adding MD5 signatures, and somewhat more recently, .zmd .zip-content-filename signatures (for doubled-extension files), but I do not have time to dig more deeply and create more general signatures. -kgd ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Version 0.98.3 fails on Solaris
On 5/8/14, 9:00 AM, Dennis Peterson wrote: On 5/8/14, 8:23 AM, Shawn Webb wrote: Hey Martin, Is there a way you can get to me main.cvd.broken? I'm wondering if the change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on big-endian machines running Solaris. I thoroughly tested the code on a sparc64 machine (an old SunFire 280r) running FreeBSD 9.2 successfully. To help me debug the issue: what version of OpenSSL do you have installed? Can you give me the output of the clamdconf command (preferably to a pastebin service)? Can you give me (again, pastebin) the output of your config.log? I can install Solaris on this sparc64 machine as early as next week. Thanks, Shawn Are we to understand Sourcefire does not have a proper Solaris Sparc environment for testing ClamAV products? dp My point is asking is I have three Sparc systems (Ultra 10, Ultra 2 dual proc, and Netra X1) that are going to a landfill if I don't find a home for them. All are in perfect working condition. I'll split the shipping cost (US only) if you're interested. OS not included. dp ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Crash on db reload: 0.98.3 (OS: win32, ARCH: i386
On Thu, May 8, 2014 5:46 pm, Shawn Webb wrote: > Hey Steve > > Could you send me over a copy of your clamd.conf, please? > > > Thanks, > > > Shawn Here you go... http://pastebin.com/EzRLk9iW Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Crash on db reload: 0.98.3 (OS: win32, ARCH: i386
> Hey Steve, > Could you send me over a copy of your clamd.conf, please? Hi Shawn, I can reproduce... Installed a clamav without 3rd party stuff, fresh onto a test XP box I had not doing anything run freshclam run clamd run clamdscan to prove its all working 1) clamdscan --reload to force a db reload All works ok and you get the db re-loaded message. 2) repeat stop 1 db starts to reload and than a win32 crash box appears. So, it's a db reload issue.. but only after the first one works... hope this helps... Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Clamav is not finding any viruses
On Thu, May 8, 2014 5:47 pm, Kris Deugau wrote: > > I have been adding MD5 signatures, and somewhat more recently, .zmd > .zip-content-filename signatures (for doubled-extension files), but I do > not have time to dig more deeply and create more general signatures. > > -kgd Hi, You could add sanesecurity.com signatures phish.ndb: has some simple zip heuristics to block some of these rogue.hdb: updated hourly for malware received Foxhole can be added to block all double extensions in zips *or* all dangerous attachments in Zips/rar/7zip: sanesecurity.com/foxhole-databases/ Just in case it helps.. Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Compiling error: /usr/lib/libxml2.so: error adding symbols: File in wrong format
Dave, thank you for your detailed response. First, I tried to configure with option "--disable-xml" as you suggested but this attempt led to further problems: CC libclamav_internal_utils_la-regerror.lo CC libclamav_internal_utils_la-regexec.lo CC libclamav_internal_utils_la-regfree.lo CCLD libclamav_internal_utils.la CCLD libclamav.la /usr/bin/ld: skipping incompatible /usr/lib/libz.so when searching for -lz /usr/bin/ld: skipping incompatible /usr/lib/libz.a when searching for -lz /usr/bin/ld: skipping incompatible /usr/lib/libbz2.so when searching for -lbz2 /usr/bin/ld: skipping incompatible /usr/lib/libbz2.a when searching for -lbz2 /usr/lib/libltdl.so: error adding symbols: File in wrong format collect2: error: ld returned 1 exit status Makefile:969: recipe for target 'libclamav.la' failed make[4]: *** [libclamav.la] Error 1 make[4]: Leaving directory '/j/development/clamav-0.98.3/libclamav' Makefile:3011: recipe for target 'all-recursive' failed make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory '/j/development/clamav-0.98.3/libclamav' Makefile:893: recipe for target 'all' failed make[2]: *** [all] Error 2 make[2]: Leaving directory '/j/development/clamav-0.98.3/libclamav' Makefile:649: recipe for target 'all-recursive' failed make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory '/j/development/clamav-0.98.3' Makefile:477: recipe for target 'all' failed make: *** [all] Error 2 So, I got into the same "error adding symbols"-trouble as before with libxml2, now with libltdl. First I thought, that this might be a general issue with my libraries. But then I tried to recompile several packages including php (which also uses libxml2) and everything compiled perfectly. This makes me believe that this issue might not be related to my system only. My "Cross-Compiled Linux From Scratch" system relies on a "multiarch-wrapper" script as desribed in http://cross-lfs.org/view/CLFS-2.1.0/x86_64/final-system/multiarch_wrapper.html to switch between 32bit and 64bit. I tested this wrapper script and it definitely can switch between 32bit and 64bit as expected. I also tried to temporarily substitute xml2-config for 32bit with the one used for 64bit as you suggested but that also ends up in a compilation error: CCLD libclamav_internal_utils.la CCLD libclamav.la /usr/lib/libxml2.so: error adding symbols: File in wrong format collect2: error: ld returned 1 exit status Makefile:969: recipe for target 'libclamav.la' failed The permanent workaround you suggested also led to the "error adding symbols"-error as described above. But what definitely is strange: "xml2-config-32 --libs" and "xml2-config-64 --libs" both bring the same result: "-lxml2 -lz -lm -ldl" "./xml2-config-32 --cflags" and "./xml2-config-64 --cflags" both bring the same result: "-I/usr/include/libxml2" So finally, I temporarily changed both scripts (xml2-config-32 and xml2-config-64) to always give back "-L/usr/lib64 -lxml2 -lz -lm -ldl" when calling either script with option "--cflags" directly or by calling the wrapper script "xml2-config". But this still resulted in the same error as described above. Could this mean that the reason for the compilation error might not (only) lie in "xml2-config"? What really is confusing: As clamav v0.98.1 and other packages still compile perfectly I suspect that the issue has also something to do with changes in clamav v0.98.2 and 0.98.3 regarding the way clamav searches for needed libraries. Could you verify such a conclusion? Regards Alexander Am 08.05.2014 18:15, schrieb David Raynor: Alexander, For libxml2, the configure script is finding and running the xml2-config script that is part of a typical xml2 install to get the appropriate CFLAGS and LIBS values to get to libxml2. Your fallback option, if this gets too complicated, is to simply run configure with --disable-xml and avoid the impacted use cases and code paths. If you want to get it working with xml enabled, I will outline some choices you have for getting the proper libs pointed to. The ClamAV configure script is finding the xml2-config script and running it based on these lines in your config.log output: checking for libxml2 installation... /usrchecking xml2-config version... 2.9.1checking for xmlreader.h in /usr... foundchecking for xmlTextReaderRead in -lxml2... yesconfigure: Compiling and linking with libxml2 from /usr In your case, the xml2-config is finding and reporting the 32-bit versions from /usr/lib. You should be able to see what it is reporting by running 'xml2-config --libs'. A little bit more info about that helper script is available here as questions 1 and 2 in their "Developers Corner" section : http://xmlsoft.org/FAQ.html You can work around this, as long as you have an xml2-config script that will report the --libs and --cflags values that correspond to your 64-bit libraries instead of the 32-bit ones. But this is exactly
Re: [clamav-users] Crash on db reload: 0.98.3 (OS: win32, ARCH: i386
On 8 May 2014 at 18:48, Steve Basford wrote: > > > > Hey Steve, > > Could you send me over a copy of your clamd.conf, please? > Hi Shawn, > > I can reproduce... > > Installed a clamav without 3rd party stuff, fresh onto a test XP box I > had not doing anything > > run freshclam > run clamd > run clamdscan to prove its all working > > 1) clamdscan --reload to force a db reload > > All works ok and you get the db re-loaded message. > > 2) repeat stop 1 > db starts to reload and than a win32 crash box appears. > > So, it's a db reload issue.. but only after the first one works... I confirm this is happening with my similar installation as well. paul ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Crash on db reload: 0.98.3 (OS: win32, ARCH: i386
Thanks, we have reproduced the problem as well and will have it fixed shortly. Steve M On Thu, May 8, 2014 at 7:19 PM, Paul Whelan wrote: > On 8 May 2014 at 18:48, Steve Basford wrote: > > > > > > > > Hey Steve, > > > Could you send me over a copy of your clamd.conf, please? > > Hi Shawn, > > > > I can reproduce... > > > > Installed a clamav without 3rd party stuff, fresh onto a test XP box I > > had not doing anything > > > > run freshclam > > run clamd > > run clamdscan to prove its all working > > > > 1) clamdscan --reload to force a db reload > > > > All works ok and you get the db re-loaded message. > > > > 2) repeat stop 1 > > db starts to reload and than a win32 crash box appears. > > > > So, it's a db reload issue.. but only after the first one works... > > I confirm this is happening with my similar installation as well. > > paul > > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Version 0.98.3 hard loops on "clamdscan -V"
Immediately after upgrading from 0.98 to 0.98.3, when "clamdscan --stdout -V" is run (via simscanmk -g), the clamdscan appears to go into a hard loop (eats a lot of cpu endlessly). Here are non-default config settings: [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ LogClean yes LogVerbose yes LocalSocket /tmp/clamd.socket FixStaleSocket yes Foreground yes ScanMail yes Any ideas? Thanks. -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
