Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

2014-05-12 Thread Gary 
Good day,.

On 05/12/14 9:23 PM, "Larry Stone"  wrote:

> 
> On May 12, 2014, at 6:20 PM, Gary  wrote:
> 
>> ./configure --with-openssl=/usr/local/ssl
>> 
>> Well that got me a little bit further - still having issues...
>> 
>> I have already upgraded to the most recent version of SSL (openssl-1.0.1g).
>> 
>> Tried using your configure suggestion above - this is the make error:
>> 
>> ld warning: in ../libclamav/libclamav.map, file is not of required
>> architecture
>> Undefined symbols:
>>  "_EVP_MD_CTX_md", referenced from:
>>  _cl_hash_file_fd_ctx in libclamav_internal_utils_la-crypto.o
>>  _cl_hash_file_fd in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o
>>  "_EVP_MD_block_size", referenced from:
>>  _cl_hash_data in libclamav_internal_utils_la-crypto.o
>>  _cl_hash_data in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
>>  "_BIO_set_flags", referenced from:
>>  _cl_base64_decode in libclamav_internal_utils_la-conv.o
>>  "_X509_VERIFY_PARAM_new", referenced from:
>>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>>  "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1
>> "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1
>> "_X509_STORE_set1_param", referenced from:
>>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>>  "_EVP_MD_size", referenced from:
>>  _cl_sign_data in libclamav_internal_utils_la-crypto.o
>>  _cl_sign_data_keyfile in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature_hash in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature_hash_x509 in libclamav_internal_utils_la-crypto.o
>>  _cl_hash_file_fd_ctx in libclamav_internal_utils_la-crypto.o
>>  _cl_hash_file_fd in libclamav_internal_utils_la-crypto.o
>>  _cl_sign_file_fd in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o
>>  _cl_hash_data in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature_hash_x509_keyfile in
>> libclamav_internal_utils_la-crypto.o
>>  _cl_sign_file_fp in libclamav_internal_utils_la-crypto.o
>>  "_X509_VERIFY_PARAM_free", referenced from:
>>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>>  "_X509_VERIFY_PARAM_set_flags", referenced from:
>>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>> ld: symbol(s) not found
>> collect2: ld returned 1 exit status
>> make[4]: *** [libclamav.la] Error 1
>> make[3]: *** [all-recursive] Error 1
>> make[2]: *** [all] Error 2
>> make[1]: *** [all-recursive] Error 1
>> make: *** [all] Error 2
>> 
>> 
>> I have also tried:
>> export LDFLAGS="-L/opt/local/lib"
>> export CPPFLAGS="-I/usr/local"
>> ./configure --with-openssl=/usr/local/ssl
> 
> Why those FLAGS? If the new version of OpenSSL is in /usr/local/ssl (the
> default), I¹d try:
> export LDFLAGS="-L/usr/local/ssl/lib"
> export CPPFLAGS="-I/usr/local/ssl/include"
> ./configure --with-openssl=/usr/local/ssl
> 
> I¹ve been experimenting with OpenSSL 1.0.1g on an up-to-date Macintosh and
> while I haven¹t tried ClamAV yet, those FLAGS seem to give me a good build of
> Dovecot with the new OpenSSL.

Thanks Larry - ClamAV will compile without issue on Macs 10.6 and greater
without any problems... The systems I have been trying to update are older
10.5.8 systems. 

I had to find the specific build option to get all the OpenSSL linked files
to link correctly. My brain hurts... Haha...

--
Gary


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8 SOLVED

2014-05-12 Thread Gary 
Good day,.

On 05/12/14 8:57 PM, "Charles Swiger"  wrote:

> Hi--
> 
> On May 12, 2014, at 4:20 PM, Gary  wrote:
>> ./configure --with-openssl=/usr/local/ssl
>> 
>> Well that got me a little bit further - still having issues...
>> 
>> I have already upgraded to the most recent version of SSL (openssl-1.0.1g).
> 
> OK, where was that installed?
> 
> If I install 1.0.1g to /usr/local, I see that symbol in:
> 
> % grep -l _EVP_MD_CTX_md /usr/local/ssl/lib/*
> grep: /usr/local/ssl/lib/engines/: Is a directory
> /usr/local/ssl/lib/libcrypto.1.0.0.dylib
> /usr/local/ssl/lib/libcrypto.a
> /usr/local/ssl/lib/libcrypto.dylib
> /usr/local/ssl/lib/libssl.1.0.0.dylib
> /usr/local/ssl/lib/libssl.a
> /usr/local/ssl/lib/libssl.dylib
> 
>> Tried using your configure suggestion above - this is the make error:
>> 
>> ld warning: in ../libclamav/libclamav.map, file is not of required
>> architecture
>> Undefined symbols:
>>  "_EVP_MD_CTX_md", referenced from:
>>  _cl_hash_file_fd_ctx in libclamav_internal_utils_la-crypto.o
>>  _cl_hash_file_fd in libclamav_internal_utils_la-crypto.o
>>  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o
> 
> [ ... ]
> 
> You're probably not linking against the newer version of the OpenSSL
> libraries.
> 
> Unfortunately, the link command being run is probably hidden as CCLD unless
> you
> feed --disable-silent-rules to ./configure.
> 
> Regards,
>-- 
>-Chuck

Chuck... CHUCK!! You sent me on the right path to solving this issue.

You were entirely correct - SSL was not linked correctly even though my
system said I was using the latest version.

To anyone else who is experiencing the same issue using OSX 10.5.8

You must upgrade OpenSSL - and you must use the following configuration:
./config --prefix=/usr --openssldir=/System/Library/OpenSSL shared
- you will get a warning - just wait and the configuration will take place.

This will replace the shared system files and give you the full install of
OpenSSL and link everything correctly.

Once I installed OpenSSL using the above config - all I had to do with the
config of clamav was use ./configure - no flags - installed without issue.

THANK YOU Chuck! I have spent days trying to figure this out...

Awesome. BEER TIME... Yes.. Oh yes it is...

--
Gary


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

2014-05-12 Thread Larry Stone 

On May 12, 2014, at 6:20 PM, Gary  wrote:

> ./configure --with-openssl=/usr/local/ssl
> 
> Well that got me a little bit further - still having issues...
> 
> I have already upgraded to the most recent version of SSL (openssl-1.0.1g).
> 
> Tried using your configure suggestion above - this is the make error:
> 
> ld warning: in ../libclamav/libclamav.map, file is not of required
> architecture
> Undefined symbols:
>  "_EVP_MD_CTX_md", referenced from:
>  _cl_hash_file_fd_ctx in libclamav_internal_utils_la-crypto.o
>  _cl_hash_file_fd in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o
>  "_EVP_MD_block_size", referenced from:
>  _cl_hash_data in libclamav_internal_utils_la-crypto.o
>  _cl_hash_data in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
>  "_BIO_set_flags", referenced from:
>  _cl_base64_decode in libclamav_internal_utils_la-conv.o
>  "_X509_VERIFY_PARAM_new", referenced from:
>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>  "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1
> "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1
> "_X509_STORE_set1_param", referenced from:
>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>  "_EVP_MD_size", referenced from:
>  _cl_sign_data in libclamav_internal_utils_la-crypto.o
>  _cl_sign_data_keyfile in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature_hash in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature_hash_x509 in libclamav_internal_utils_la-crypto.o
>  _cl_hash_file_fd_ctx in libclamav_internal_utils_la-crypto.o
>  _cl_hash_file_fd in libclamav_internal_utils_la-crypto.o
>  _cl_sign_file_fd in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o
>  _cl_hash_data in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature_hash_x509_keyfile in
> libclamav_internal_utils_la-crypto.o
>  _cl_sign_file_fp in libclamav_internal_utils_la-crypto.o
>  "_X509_VERIFY_PARAM_free", referenced from:
>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
>  "_X509_VERIFY_PARAM_set_flags", referenced from:
>  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
> ld: symbol(s) not found
> collect2: ld returned 1 exit status
> make[4]: *** [libclamav.la] Error 1
> make[3]: *** [all-recursive] Error 1
> make[2]: *** [all] Error 2
> make[1]: *** [all-recursive] Error 1
> make: *** [all] Error 2
> 
> 
> I have also tried:
> export LDFLAGS="-L/opt/local/lib"
> export CPPFLAGS="-I/usr/local"
> ./configure --with-openssl=/usr/local/ssl

Why those FLAGS? If the new version of OpenSSL is in /usr/local/ssl (the 
default), I’d try:
export LDFLAGS="-L/usr/local/ssl/lib"
export CPPFLAGS="-I/usr/local/ssl/include"
./configure --with-openssl=/usr/local/ssl

I’ve been experimenting with OpenSSL 1.0.1g on an up-to-date Macintosh and 
while I haven’t tried ClamAV yet, those FLAGS seem to give me a good build of 
Dovecot with the new OpenSSL.

-- 
Larry Stone
lston...@stonejongleux.com
http://www.stonejongleux.com/





smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

2014-05-12 Thread Charles Swiger 
Hi--

On May 12, 2014, at 4:20 PM, Gary  wrote:
> ./configure --with-openssl=/usr/local/ssl
> 
> Well that got me a little bit further - still having issues...
> 
> I have already upgraded to the most recent version of SSL (openssl-1.0.1g).

OK, where was that installed?

If I install 1.0.1g to /usr/local, I see that symbol in:

% grep -l _EVP_MD_CTX_md /usr/local/ssl/lib/*
grep: /usr/local/ssl/lib/engines/: Is a directory
/usr/local/ssl/lib/libcrypto.1.0.0.dylib
/usr/local/ssl/lib/libcrypto.a
/usr/local/ssl/lib/libcrypto.dylib
/usr/local/ssl/lib/libssl.1.0.0.dylib
/usr/local/ssl/lib/libssl.a
/usr/local/ssl/lib/libssl.dylib

> Tried using your configure suggestion above - this is the make error:
> 
> ld warning: in ../libclamav/libclamav.map, file is not of required
> architecture
> Undefined symbols:
>  "_EVP_MD_CTX_md", referenced from:
>  _cl_hash_file_fd_ctx in libclamav_internal_utils_la-crypto.o
>  _cl_hash_file_fd in libclamav_internal_utils_la-crypto.o
>  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o

[ ... ]

You're probably not linking against the newer version of the OpenSSL libraries.

Unfortunately, the link command being run is probably hidden as CCLD unless you
feed --disable-silent-rules to ./configure.

Regards,
-- 
-Chuck

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

2014-05-12 Thread Gary 
Good day Chuck,

On 05/12/14 5:13 PM, "Charles Swiger"  wrote:

> Hi, Gary--
> 
> On May 12, 2014, at 12:08 PM, Gary  wrote:
>> I have been using ClamAV for years and never had any issues!!
>> 
>> Oh well... - a good run indeed.
>> 
>> Mac OSX 10.5.8
>> clamav-0.98.3
>> 
>> It will configure - the make file exits with the following error:
>> 
>> crypto.c: In function 'cl_validate_certificate_chain':
>> crypto.c:834: error: 'X509_VERIFY_PARAM' undeclared (first use in this
>> function)
> 
> I believe MacOS X 10.5.8 had openssl-0.9.7l.
> 
> X509_VERIFY_PARAM seems to have been introduced with openssl-0.9.8; it looks
> like
> ClamAV is using the capability to look for SSL cert revocation.
> 
> [ ... ]
>> I have tested the build on OSX 10.6 - no problem. All systems that are still
>> using 10.5.8 fail with the above error (that I have tested).
>> 
>> Reinstalled clamav-0.98.1 - no issues.
>> 
>> Any suggestions? I can not upgrade these systems to a newer OS - they are
>> located in a colo facility.
> 
> Try building openssl-0.9.8y or openssl-1.0.1g to /usr/local (or /opt/local,
> whatever).
> 
> Invoke "./configure --with-openssl=/usr/local/ssl".
> (You might need to tweak CPPFLAGS and LDFLAGS to match.)


./configure --with-openssl=/usr/local/ssl

Well that got me a little bit further - still having issues...

I have already upgraded to the most recent version of SSL (openssl-1.0.1g).

Tried using your configure suggestion above - this is the make error:

ld warning: in ../libclamav/libclamav.map, file is not of required
architecture
Undefined symbols:
  "_EVP_MD_CTX_md", referenced from:
  _cl_hash_file_fd_ctx in libclamav_internal_utils_la-crypto.o
  _cl_hash_file_fd in libclamav_internal_utils_la-crypto.o
  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o
  "_EVP_MD_block_size", referenced from:
  _cl_hash_data in libclamav_internal_utils_la-crypto.o
  _cl_hash_data in libclamav_internal_utils_la-crypto.o
  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
  "_BIO_set_flags", referenced from:
  _cl_base64_decode in libclamav_internal_utils_la-conv.o
  "_X509_VERIFY_PARAM_new", referenced from:
  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
  "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1
"_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1  "_X509_STORE_set1
"_X509_STORE_set1_param", referenced from:
  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
  "_EVP_MD_size", referenced from:
  _cl_sign_data in libclamav_internal_utils_la-crypto.o
  _cl_sign_data_keyfile in libclamav_internal_utils_la-crypto.o
  _cl_verify_signature_hash in libclamav_internal_utils_la-crypto.o
  _cl_verify_signature_hash_x509 in libclamav_internal_utils_la-crypto.o
  _cl_hash_file_fd_ctx in libclamav_internal_utils_la-crypto.o
  _cl_hash_file_fd in libclamav_internal_utils_la-crypto.o
  _cl_sign_file_fd in libclamav_internal_utils_la-crypto.o
  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o
  _cl_verify_signature_fd in libclamav_internal_utils_la-crypto.o
  _cl_hash_data in libclamav_internal_utils_la-crypto.o
  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
  _cl_verify_signature in libclamav_internal_utils_la-crypto.o
  _cl_verify_signature_hash_x509_keyfile in
libclamav_internal_utils_la-crypto.o
  _cl_sign_file_fp in libclamav_internal_utils_la-crypto.o
  "_X509_VERIFY_PARAM_free", referenced from:
  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
  "_X509_VERIFY_PARAM_set_flags", referenced from:
  _cl_validate_certificate_chain in libclamav_internal_utils_la-crypto.o
ld: symbol(s) not found
collect2: ld returned 1 exit status
make[4]: *** [libclamav.la] Error 1
make[3]: *** [all-recursive] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2


I have also tried:
export LDFLAGS="-L/opt/local/lib"
export CPPFLAGS="-I/usr/local"
./configure --with-openssl=/usr/local/ssl

Not sure where to go from here...

0.98.1 compiles without issue using only ./configure

--
Gary



___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Compiling a minimal version without some of the executables

2014-05-12 Thread Shawn Webb 
On Mon, May 12, 2014 at 6:21 PM, Dennis Waters
wrote:

> I'm trying to find a way to compile clamav, but only compiling
> clamscan and freshclam (and libclamav of course).
>
> I've tried searching, tried the documentation, tried ./configure
> --help. Unfortunately, while I found the parameters to disable
> clamdtop and milter, the closest I can get still includes sigtool,
> clamd, clambc, clamconf, and clamsubmit
>
> Are there any "hidden" ./configure options to disable the compilation
> of those files?


Hey Dennis,

You will need to edit Makefile.am in the root of the project and edit the
SUBDIRS variable. After making your edits, you'll need to run the
autojunk.sh script found in the same directory.

Thanks,

Shawn
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

2014-05-12 Thread Gary 

Good day Joel,

On 05/12/14 6:41 PM, "Joel Esler (jesler)"  wrote:

> On May 12, 2014, at 3:08 PM, Gary mailto:o...@ibsltd.ca>>
> wrote:
> 
> I have been using ClamAV for years and never had any issues!!
> 
> Oh well... - a good run indeed.
> 
> Mac OSX 10.5.8
> 
> You realize that Apple¹s support for that OS ended, probably 4 years ago?
> 
> --
> Joel Esler
> Open Source Manager
> Threat Intelligence Team Lead
> Vulnerability Research Team

- I realize that - as I said I can not upgrade these systems to a newer OS -
they are located in a colo facility... "in another country"...

The issue I am having is related to SSL... Never had a problem with
compiling and installing ClamAV before...

--
Gary


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[clamav-users] Compiling a minimal version without some of the executables

2014-05-12 Thread Dennis Waters 
I'm trying to find a way to compile clamav, but only compiling
clamscan and freshclam (and libclamav of course).

I've tried searching, tried the documentation, tried ./configure
--help. Unfortunately, while I found the parameters to disable
clamdtop and milter, the closest I can get still includes sigtool,
clamd, clambc, clamconf, and clamsubmit

Are there any "hidden" ./configure options to disable the compilation
of those files?
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

2014-05-12 Thread Joel Esler (jesler) 
On May 12, 2014, at 3:08 PM, Gary mailto:o...@ibsltd.ca>> wrote:

I have been using ClamAV for years and never had any issues!!

Oh well... - a good run indeed.

Mac OSX 10.5.8

You realize that Apple’s support for that OS ended, probably 4 years ago?

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Support question.

2014-05-12 Thread Joel Esler (jesler) 
On May 12, 2014, at 2:57 PM, Al Varnell 
mailto:alvarn...@mac.com>> wrote:

On Mon, May 12, 2014 at 11:41 AM, J MCN wrote:

Hello,  I am writing with a question about the EOL policy here:
https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-eol.md

I have a few 0.97.7 instances still out there and the wording in the EOL
has me wondering if they are technically unsupported. Is the 0.97 branch
still supported?

Maybe the question is better asked: Is 0.98 currently the only supported
major branch?

There was an announcement made here on March 28th "ClamAV 0.95 Engine End of 
Life Announcement”
.  I would infer that 0.96 and above are 
still supported.

Don’t forget the last section of the above post:

"We will also be EOL’ing 0.96 in coming months, so if either of those versions 
is currently in use, it is highly suggested that you upgrade to the most 
current version. “

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Version 0.98.3 fails on Solaris

2014-05-12 Thread Lawrence K. Chen, P.Eng. 
So, what's the definitive answer.

I gave up late Friday night on getting it working on Solaris for the weekend
maintenance window.

Though the last thing I tried was to force "-D__EXTENSIONS__" in...and caught
a glimpse of it finally finishing its compile as I was securing my workstation.

I also had to do some massaging, because the openssl we build is installed in
a non-standard location.

Before I had resorted to setting "-D__EXTENSIONS__" from reading the headers
to find out why definitions weren't being seen

I had done some fiddling with some of the source files, but reverting those
changes and trying again with just "-D__EXTENSIONS__" has compiled all the way
through.

Now I suppose its to figure out if I need to test it before deploying into
production.

Had mentioned in the past, that with our Solaris package CM system, I would
often just update clamav project's source and go straight to making a release
package and immediately distribute it.

This is the first time that I'm not sure its release package worthy. Not sure
I have somewhere to install a scratch package anymore

FWIW,

our build server is Solaris/x64 10 Generic_138889-07 (update 6) with gcc
4.1.1, ours is using gnu-as (/usr/sfw/bin/gas) and the system linker
(/usr/ccs/bin/ld).



> On 05/10/14 11:13, James Lee wrote:
>
>> On 10/05/2014 11:22, James Lee wrote:
>>
> 
> Indeed it's the usual brain dead pile-O-rubbish that is configure and 
> friends.
> 
> *** simple workaround:
> CPPFLAGS="... -DHAVE_ATTRIB_PACKED"
> 
> My complete CPPFLAGS are:
> CPPFLAGS="-D__EXTENSIONS__ -DHAVE_ATTRIB_PACKED"


On 05/12/14 06:28, Martin Preen wrote:
> James Lee wrote:
>> On 10/05/2014 17:34, Shawn Webb wrote:
>>
>> Hello,
>>> The attached two patches will make building (with gcc)
>> I'm not but..
>>>   and running on Solaris work.
>>
>> when using gcc configure sets HAVE_ATTRIB_PACKED=1 and the problem doesn't
>> exist, ie, no patch is needed for gcc.
>>
>> In fact no patches need for cc if the value of HAVE_ATTRIB_PACKED is forced
>> post
>> configure. Any patch/fix should be for configure.
> 
> Thats interesting. Without Shawns patches, but with HAVE_ATTRIB_PACKED
> and using Sun-CC it works (freshclam & clamscan tested so far).
> 
> But including the posted patches, the errors are back again.
> 
> So it looks like a problem with the build system and the patch
> is (at least partly) compiler specific.
> 
> Regards,
> Martin
> 
> --
> Martin Preen, Universität Freiburg, Institut für Informatik
> Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany
> 
> phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de
> fax: ++49 761 203-8242  swt.informatik.uni-freiburg.de/staff/preen
> 
> 
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
> 

-- 
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

2014-05-12 Thread Charles Swiger 
Hi, Gary--

On May 12, 2014, at 12:08 PM, Gary  wrote:
> I have been using ClamAV for years and never had any issues!!
> 
> Oh well... - a good run indeed.
> 
> Mac OSX 10.5.8
> clamav-0.98.3
> 
> It will configure - the make file exits with the following error:
> 
> crypto.c: In function 'cl_validate_certificate_chain':
> crypto.c:834: error: 'X509_VERIFY_PARAM' undeclared (first use in this 
> function)

I believe MacOS X 10.5.8 had openssl-0.9.7l.

X509_VERIFY_PARAM seems to have been introduced with openssl-0.9.8; it looks 
like
ClamAV is using the capability to look for SSL cert revocation.

[ ... ]
> I have tested the build on OSX 10.6 - no problem. All systems that are still
> using 10.5.8 fail with the above error (that I have tested).
> 
> Reinstalled clamav-0.98.1 - no issues.
> 
> Any suggestions? I can not upgrade these systems to a newer OS - they are
> located in a colo facility.

Try building openssl-0.9.8y or openssl-1.0.1g to /usr/local (or /opt/local, 
whatever).

Invoke "./configure --with-openssl=/usr/local/ssl".
(You might need to tweak CPPFLAGS and LDFLAGS to match.)

Regards,
-- 
-Chuck

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[clamav-users] clamav-0.98.3 make error Mac OSX 10.5.8

2014-05-12 Thread Gary 
I have been using ClamAV for years and never had any issues!!

Oh well... - a good run indeed.

Mac OSX 10.5.8
clamav-0.98.3

It will configure - the make file exits with the following error:

crypto.c: In function 'cl_validate_certificate_chain':
crypto.c:834: error: 'X509_VERIFY_PARAM' undeclared (first use in this
function)
crypto.c:834: error: (Each undeclared identifier is reported only once
crypto.c:834: error: for each function it appears in.)
crypto.c:834: error: 'param' undeclared (first use in this function)
make[4]: *** [libclamav_internal_utils_la-crypto.lo] Error 1
make[3]: *** [all-recursive] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

I have tested the build on OSX 10.6 - no problem. All systems that are still
using 10.5.8 fail with the above error (that I have tested).

Reinstalled clamav-0.98.1 - no issues.

Any suggestions? I can not upgrade these systems to a newer OS - they are
located in a colo facility.

--
Gary


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Support question.

2014-05-12 Thread Al Varnell 

On Mon, May 12, 2014 at 11:41 AM, J MCN wrote:
> 
> Hello,  I am writing with a question about the EOL policy here:
> https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-eol.md
> 
> I have a few 0.97.7 instances still out there and the wording in the EOL
> has me wondering if they are technically unsupported. Is the 0.97 branch
> still supported?
> 
> Maybe the question is better asked: Is 0.98 currently the only supported
> major branch?

There was an announcement made here on March 28th "ClamAV 0.95 Engine End of 
Life Announcement” 
.  I would infer that 0.96 and above are 
still supported.


-Al-
-- 
Al Varnell
Mountain View, CA




___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[clamav-users] Support question.

2014-05-12 Thread J MCN 
Hello,  I am writing with a question about the EOL policy here:
https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-eol.md

I have a few 0.97.7 instances still out there and the wording in the EOL
has me wondering if they are technically unsupported. Is the 0.97 branch
still supported?

Maybe the question is better asked: Is 0.98 currently the only supported
major branch?

Thanks

John
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[clamav-users] HTML.Exploit.Heap-2 False Positive?

2014-05-12 Thread Al Varnell 
A ClamXav user complained of having a Google Chrome extension “WebGL Inspector” 
which he has used since 2012 was said to be infected with HTML.Exploit.Heap-2.

I was able to obtain a later version of that extension and verified that the 
gli.all.js file in that extension scans as infected.

I was not able to locate when this signature was added on the clamav-virusdb 
list.

I was able to easily confirm that the file contains all elements of the 
signature (four ascii strings separated by “any strings” of varying length.

I haven’t found any clues on what an actual infected file might be.

I submitted it to VirusTotal where only ClamAV® detected it


I successfully uploaded to you using your "Submit a false positive" form.  MD5 
= 6968c0d2ad15e68b33bb30074ddbb7a6


-Al-
-- 
Al Varnell
Mountain View, CA




___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Osx.Trojan.FkCodec-1 False Positives

2014-05-12 Thread Al Varnell 
Alain,

Thanks.  I’m particularly interested in why the "Submit false positive report" 
fails.  I checked back and found the same thing happened with a different file 
and this same infection name a months or so ago.

-Al-


On Mon, May 12, 2014 at 07:41 AM, Alain Zidouemba wrote:
> 
> Thanks for sending this in. We are addressing your reported FP.
> 
> - Alain
> 
> 
> On Sat, May 10, 2014 at 12:24 AM, Al Varnell  wrote:
> 
>> Here’s the VirusTotal analysis (1/52) for Rapport-5.dmg which apparently
>> has an MD5 = efddf96af90be02bcc9e37cbc21c34a6
>> <
>> https://www.virustotal.com/en/file/c3707dd14b766fd5d19daddf19cf57e980ffaa81fec3bec3e4de47bbf7419118/analysis/
>>> .
>> 
>> I asked the OP to upload it to Send a false positive, but not sure they
>> will be able to.
>> 
>> -Al-
>> 
>> On May 9, 2014, at 7:53 PM, Al Varnell  wrote:
>> 
>>> I don’t have all the information on this yet, but I’ve had two ClamXav
>> user complain today of commercial software being identified as infected by
>> Osx.Trojan.FkCode-1. I can’t locate it on the clamav-virusdb list, but
>> perhaps it was just added today.
>>> 
>>> The first is "accordion.1.6.2(83).dmg", downloaded from <
>> http://yourhead.com/accordion/download/index.html> which I verified was
>> identified. It’s a RapidWeaver Plug-in from YourHead.com.
>>> 
>>> I submitted it to VirusTotal with the following 1/51 results:
>>> <
>> https://www.virustotal.com/en/file/ae4258463f9d5d339920da61a381f3dec366cb4598bd3fe1d3a0e9af2f4624ec/analysis/
>>> .
>>> 
>>> So I uploaded it to Send a false positive report, but got the following
>> response:
 Result:
 This file is not detected by ClamAV. Please update your CVD database
>> before reporting false-positives. If you are using third-party
>> databases/unofficial signatures, please contact the author of the
>> signature. We can only process false-positives generated by ClamAV Official
>> signatures.
 
 Please correct the above errors and retry. Thank you for helping the
>> ClamAV project.
>>> 
>>> I updated definitions and it was still detected as infected. ClamXav
>> still using v0.98.1.  I’ve had this happen once before, but have no idea
>> how it could test positive on two Macs and VirusTotal, but not on your site.
>>> 
>>> MD5 = f247e5f45b7a30ce600be34e66d93fa8
>>> 
>>> The second file is named "Rapport-5.dmg” which is an older version of
>> Trusteer Rapport for Mac. The latest version does not test positive, but
>> that’s not surprising to me.  I’ve asked the user to upload his file to
>> VirusTotal and will post the results once I have them.
>>> 
>>> This is yet another example of OS X .dmg files being falsely identified
>> as infected.  All of these signatures follow the same pattern of detecting
>> multiple strings of characters (mostly the letter “a”) contained in an XML
>> section of the .dmg file.  I believe this is provided as overhead
>> information concerning the file and does not contain any data at all to
>> positively identify the contents of the image file.  Since the formats of
>> the XML portion of the .dmg files are all very similar, I suspect it will
>> be extremely difficult to uniquely fingerprint such files by using XML
>> strings.
>>> 
>>> 
>>> -Al-
>>> --
>>> Al Varnell
>>> Mountain View, CA
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

2014-05-12 Thread Bowie Bailey 

On 5/9/2014 7:41 PM, Dennis Peterson wrote:

On 5/9/14, 7:33 AM, Bowie Bailey wrote:

On 5/8/2014 10:35 PM, Eric Shubert wrote:

[root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$

Inefficiency bugs me...  You can do multiple patterns with a single grep using
the -e flag.

grep -v -e ^# -e ^$ clamd.conf


Try (and there are surely others even shorter)

egrep -v '^(#|$)' clamd.*f


That works too, but I was more concerned with the extra grep process 
than anything else.  You also lose a bit of readability that way as you 
have to parse the (admittedly simple) regexp to figure out what it is doing.


--
Bowie
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] 0.98.3, new segfault probably related to email parser

2014-05-12 Thread Steve Basford 

On Mon, May 12, 2014 3:50 pm, Stuart Henderson wrote:

> It also happens for clamscan (I removed all standard db's and
> included only the single signature triggered by this mail so it would start
> quickly).
>
> I have only hit this crash if a signature is matched (i.e.
> I haven't hit it if I remove phish.ndb).

Hi Stuart,

If you can email me off-list with the sig name, sample email etc. I'll
take a peek

samples AT sanesecurity DOT me DOT uk
steveb _ clamav AT sanesecurity DOT com

Cheers,

Steve
Sanesecurity

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] 0.98.3, new segfault probably related to email parser

2014-05-12 Thread Stuart Henderson 
On 2014/05/12 14:57, Steve Basford wrote:
> 
> On Mon, May 12, 2014 2:12 pm, Stuart Henderson wrote:
> > I'm running clamav on OpenBSD/amd64 5.5 (with various sanesecurity
> > hdb's, if that matters). Built from ports (with LLVM 3.3).
> 
> Hi,
> 
> Is is random or only on a certain email?
> 
> Do have a full copy of the email shown in your log?
> If you do, does a clamdscan on the email cause a crash?

I've isolated a certain email which seems particularly likely to
trigger it, but it doesn't happen every time for that message.
>From the last few attempts running clamdscan in a loop, it
took approx 100, 10, 300, 130 attempts to hit the crash.

It also happens for clamscan (I removed all standard db's and
included only the single signature triggered by this mail so it
would start quickly).

I have only hit this crash if a signature is matched (i.e.
I haven't hit it if I remove phish.ndb).

Here's a backtrace from clamscan built with -O0, I can provide
message/sig to attempt to reproduce off-list.

(gdb) bt full
#0  0x08617687540b in boundaryEnd (line=0x8616bbebd81 " ", 
boundary=0x8616ad88b60 "--9305594F5ADCAB39") at mbox.c:2273
len = 26
newline = 0x86169a74000 ""
p = 0x86169a74000 ""
p2 = 0x86169a73fff 
#1  0x086176873baa in parseEmailBody (messageIn=0x861753cd980, textIn=0x0, 
mctx=0x7f7c31a0, recursion_level=0) at mbox.c:1494
line = 0x8616bbebd81 " "
lines = 4
m = (message **) 0x8616bbeb890
old_rc = FAIL
subtype = 5
htmltextPart = 0
inMimeHead = 0
mimeSubtype = 0x8616bbeb000 "mixed"
boundary = 0x8616ad88b60 "--9305594F5ADCAB39"
aMessage = (message *) 0x86169a75080
mimeType = MULTIPART
inhead = 0
i = 0
t_line = (const text *) 0x8616bbeb270
multiparts = 0
messages = (message **) 0x8616bbeb890
rc = OK
aText = (text *) 0x0
mainMessage = (message *) 0x861753cd980
fb = (fileblob *) 0x0
infected = false
engine = (const struct cl_engine *) 0x8617164e800
doPhishingScan = 1
#2  0x086176871e35 in cli_parse_mbox (
dir=0x8616fe80d80 "/tmp//clamav-d32876238e1c0847f3ed68257ceb49c6.tmp", 
ctx=0x7f7c39e0) at mbox.c:508
retcode = 0
body = (message *) 0x861753cd980
buffer = "Return-Path: <>\n\000\000c6", '\0' , 
"÷V.\230\215íÐI\000\000\000\000\000\000\000\000^\016èoa\b\000\000\2205üÿ\177\177\000\000\236dµva\b\000\000\002",
 '\0' , "ÃñÖha\b", '\0' , 
"a\b\000\000\000\000\000\000\000\000\000\000÷V.\230\215íÐI\000\000\000\000\000\000\000\000\200\rèoa\b\000\0002\000\000\000\000\000\000\000âdµva\b\000\000\002",
 '\0' , "d¥Ùha\b", '\0' , 
"\000\000\000\000p2üÿ\177\177\000\000±\rèoa\b\000\000"...
mctx = {
  dir = 0x8616fe80d80 "/tmp//clamav-d32876238e1c0847f3ed68257ceb49c6.tmp", 
  rfc821Table = 0x8616ad986e0, subtypeTable = 0x8616ad88080, 
  ctx = 0x7f7c39e0, files = 0}
at = 21404
map = (fmap_t *) 0x8616796b000
#3  0x086176871845 in cli_mbox (
dir=0x8616fe80d80 "/tmp//clamav-d32876238e1c0847f3ed68257ceb49c6.tmp", 
ctx=0x7f7c39e0) at mbox.c:309
No locals.
#4  0x086176866520 in cli_scanmail (ctx=0x7f7c39e0) at scanners.c:1804
dir = 0x8616fe80d80 "/tmp//clamav-d32876238e1c0847f3ed68257ceb49c6.tmp"
ret = 2145
viruses_found = 0
#5  0x08617686a49c in magic_scandesc (ctx=0x7f7c39e0, 
type=CL_TYPE_MAIL) at scanners.c:2697
ret = 0
dettype = CL_TYPE_ANY
typercg = 1 '\001'
current_container_type = CL_TYPE_ANY
current_container_size = 0
hashed_size = 21404
hash = "uÒ\000\000Qÿ·/\005|ÝÅgB§Æ"
old_hook_lsig_matches = (bitset_t *) 0x8616bbeb780
filetype = 0x86176b1bf94 "CL_TYPE_MAIL"
cache_clean = 0
res = 1
#6  0x08617686c178 in cli_base_scandesc (desc=3, ctx=0x7f7c39e0, 
type=CL_TYPE_ANY) at scanners.c:3007
sb = {st_mode = 33184, st_dev = 9985, st_ino = 45975, st_nlink = 1, 
  st_uid = 1000, st_gid = 0, st_rdev = -1, st_atim = {tv_sec = 1399905336, 
tv_nsec = 495715245}, st_mtim = {tv_sec = 1399904591, tv_nsec = 62550638}, 
  st_ctim = {tv_sec = 1399904591, tv_nsec = 62555667}, st_size = 21404, 
  st_blocks = 48, st_blksize = 4096, st_flags = 0, st_gen = 0, 
  __st_birthtim = {tv_sec = 0, tv_nsec = 0}}
ret = 32639
#7  0x08617686c1fa in cli_magic_scandesc (desc=3, ctx=0x7f7c39e0)
at scanners.c:3016
No locals.
#8  0x08617686cbf6 in scan_common (desc=3, map=0x0, 
virname=0x7f7c3c58, scanned=0x85f672275d8, engine=0x8617164e800, 
---Type  to continue, or q  to quit--- 
scanoptions=4219447, context=0x7f7c3c30) at scanners.c:3233
ctx = {virname = 0x7f7c3c58, num_viruses = 0, size_viruses = 0, 
  scanned = 0x85f672275d8, root = 0x0, engine = 0x8617164e800, 
  scansize = 21404, options = 4219447, recursion = 1, sca

Re: [clamav-users] Osx.Trojan.FkCodec-1 False Positives

2014-05-12 Thread Alain Zidouemba 
Thanks for sending this in. We are addressing your reported FP.

- Alain


On Sat, May 10, 2014 at 12:24 AM, Al Varnell  wrote:

> Here’s the VirusTotal analysis (1/52) for Rapport-5.dmg which apparently
> has an MD5 = efddf96af90be02bcc9e37cbc21c34a6
> <
> https://www.virustotal.com/en/file/c3707dd14b766fd5d19daddf19cf57e980ffaa81fec3bec3e4de47bbf7419118/analysis/
> >.
>
> I asked the OP to upload it to Send a false positive, but not sure they
> will be able to.
>
> -Al-
>
> On May 9, 2014, at 7:53 PM, Al Varnell  wrote:
>
> > I don’t have all the information on this yet, but I’ve had two ClamXav
> user complain today of commercial software being identified as infected by
> Osx.Trojan.FkCode-1. I can’t locate it on the clamav-virusdb list, but
> perhaps it was just added today.
> >
> > The first is "accordion.1.6.2(83).dmg", downloaded from <
> http://yourhead.com/accordion/download/index.html> which I verified was
> identified. It’s a RapidWeaver Plug-in from YourHead.com.
> >
> > I submitted it to VirusTotal with the following 1/51 results:
> > <
> https://www.virustotal.com/en/file/ae4258463f9d5d339920da61a381f3dec366cb4598bd3fe1d3a0e9af2f4624ec/analysis/
> >.
> >
> > So I uploaded it to Send a false positive report, but got the following
> response:
> >> Result:
> >> This file is not detected by ClamAV. Please update your CVD database
> before reporting false-positives. If you are using third-party
> databases/unofficial signatures, please contact the author of the
> signature. We can only process false-positives generated by ClamAV Official
> signatures.
> >>
> >> Please correct the above errors and retry. Thank you for helping the
> ClamAV project.
> >
> > I updated definitions and it was still detected as infected. ClamXav
> still using v0.98.1.  I’ve had this happen once before, but have no idea
> how it could test positive on two Macs and VirusTotal, but not on your site.
> >
> > MD5 = f247e5f45b7a30ce600be34e66d93fa8
> >
> > The second file is named "Rapport-5.dmg” which is an older version of
> Trusteer Rapport for Mac. The latest version does not test positive, but
> that’s not surprising to me.  I’ve asked the user to upload his file to
> VirusTotal and will post the results once I have them.
> >
> > This is yet another example of OS X .dmg files being falsely identified
> as infected.  All of these signatures follow the same pattern of detecting
> multiple strings of characters (mostly the letter “a”) contained in an XML
> section of the .dmg file.  I believe this is provided as overhead
> information concerning the file and does not contain any data at all to
> positively identify the contents of the image file.  Since the formats of
> the XML portion of the .dmg files are all very similar, I suspect it will
> be extremely difficult to uniquely fingerprint such files by using XML
> strings.
> >
> >
> > -Al-
> > --
> > Al Varnell
> > Mountain View, CA
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] 0.98.3, new segfault probably related to email parser

2014-05-12 Thread Steve Basford 

On Mon, May 12, 2014 2:12 pm, Stuart Henderson wrote:
> I'm running clamav on OpenBSD/amd64 5.5 (with various sanesecurity
> hdb's, if that matters). Built from ports (with LLVM 3.3).

Hi,

Is is random or only on a certain email?

Do have a full copy of the email shown in your log?
If you do, does a clamdscan on the email cause a crash?

Cheers,

Steve
Sanesecurity

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[clamav-users] 0.98.3, new segfault probably related to email parser

2014-05-12 Thread Stuart Henderson 
I'm running clamav on OpenBSD/amd64 5.5 (with various sanesecurity
hdb's, if that matters). Built from ports (with LLVM 3.3).

Config is:

LogSyslog true
LogFacility LOG_MAIL
TCPSocket 3310
TCPAddr 127.0.0.1
SelfCheck 600
User _clamav
AllowSupplementaryGroups true

This setup was stable with 0.98.1 but since updating to 0.98.3 I've
seen several segfaults like below (debug, backtrace and a couple of
prints from gdb included). Any ideas? Any requests for further
information next time it happens?


$THRMGR: queue (single) crossed low threshold -> signaling
$THRMGR: queue (bulk) crossed low threshold -> signaling
$Received POLLIN|POLLHUP on fd 8
$Got new connection, FD 13
$Received POLLIN|POLLHUP on fd 9
$fds_poll_recv: timeout after 5 seconds
$Received POLLIN|POLLHUP on fd 13
$got command CONTSCAN 
/var/amavisd/tmp/amavis-20140512T125548-02478-meKXMAUm/parts (69, 7), argument: 
/var/amavisd/tmp/amavis-20140512T125548-02478-meKXMAUm/parts
$mode -> MODE_WAITREPLY
$THRMGR: queue (single) crossed low threshold -> signaling
$Breaking command loop, mode is no longer MODE_COMMAND
$THRMGR: queue (bulk) crossed low threshold -> signaling
$Consumed entire command
$Number of file descriptors polled: 1 fds
$fds_poll_recv: timeout after 600 seconds
LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
LibClamAV debug: Recognized Raw mail file
LibClamAV debug: cache_check: 508dfbcb3a25db9c5b22eaa7ee97081e is negative
LibClamAV debug: Starting cli_scanmail(), recursion = 1
LibClamAV debug: in mbox()
LibClamAV debug: parseEmailFile
LibClamAV debug: parseEmailFile: check 'Received: from localhost (unknown 
[123.16.129.96])' fullline 0x0
LibClamAV debug: parseEmailFile: check 'by [REDACTED] (Postfix) with 
ESMTP id 3gS1nn3QPBz74R3' fullline 0x0
LibClamAV debug: parseEmailFile: check 'for [REDACTED]; Mon, 12 May 
2014 13:35:23 +0100 (BST)' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Received: from [167.39.199.27] 
(helo=jnxfcznftn.fxztsfyhme.info)' fullline 0x0
LibClamAV debug: parseEmailFile: check 'by localhost with esmtpa (Exim 
4.69)' fullline 0x0
LibClamAV debug: parseEmailFile: check '(envelope-from )' fullline 0x0
LibClamAV debug: parseEmailFile: check 'id 1MMK6T-0496yb-WZ' fullline 
0x0
LibClamAV debug: parseEmailFile: check 'for [REDACTED]; Mon, 12 May 
2014 19:35:24 +0700' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Date:   Mon, 12 May 2014 19:35:24 
+0700' fullline 0x0
LibClamAV debug: parseEmailFile: check 'From:   "UPS Quantum View" 
' fullline 0x0
LibClamAV debug: parseEmailFile: check 'X-Mailer: The Bat! (v3.0.0.15) 
Professional' fullline 0x0
LibClamAV debug: parseEmailFile: check 'X-Priority: 3 (Normal)' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Message-ID: 
<2465346162.j7a29kv6581...@moezlge.bpkpejifhl.net>' fullline 0x0
LibClamAV debug: parseEmailFile: check 'To: [REDACTED]' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Cc: [REDACTED]' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Subject: UPS  Notification, Tracking 
Number 1484-527152' fullline 0x0
LibClamAV debug: parseEmailFile: check 'MIME-Version: 1.0' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Content-Type: multipart/mixed;' 
fullline 0x0
LibClamAV debug: parseEmailFile: check '  
boundary="--9305594F5ADCAB39"' fullline 0x443d5bd6ce0
LibClamAV debug: parseEmailHeader 'Content-Type: multipart/mixed;  
boundary="--9305594F5ADCAB39"'
LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' multipart/mixed;  
boundary="--9305594F5ADCAB39"'
LibClamAV debug: messageSetMimeType: 'multipart'
LibClamAV debug: mimeArgs = '  boundary="--9305594F5ADCAB39"'
LibClamAV debug: Add arguments '  boundary="--9305594F5ADCAB39"'
LibClamAV debug: messageAddArgument, arg='boundary=--9305594F5ADCAB39'
LibClamAV debug: parseEmailFile: check '' fullline 0x0
LibClamAV debug: End of header information
LibClamAV debug: newline_in_header, check "9305594F5ADCAB39"
LibClamAV debug: getline_from_mbox: fmap need failed
LibClamAV debug: parseEmailFile: return
LibClamAV debug: in parseEmailBody, 0 files saved so far
LibClamAV debug: Parsing mail file
LibClamAV debug: mimeType = 5
LibClamAV debug: Content-type 'multipart' handler
LibClamAV debug: boundaryStart: found --9305594F5ADCAB39 in 
9305594F5ADCAB39
LibClamAV debug: Now read in part 0
LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type: 
multipart/alternative;  boundary="--7F07E60B2BC74B5"'
LibClamAV debug: parseEmailHeader 'Content-Type: multipart/alternative;  
boundary="--7F07E60B2BC74B5"'
LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' 
multipart/alternative;  boundary="--7F07E60B2BC74B5"'
LibClamAV debug: messageSetMimeType: 'multipart'
LibClamAV debug: mimeArgs = '  boundary="--7F07E60B2BC74B5"'
LibClamAV debug: Add arguments '  boundary="--7F07E60B2BC74B5"'
LibClamAV deb

Re: [clamav-users] Version 0.98.3 fails on Solaris

2014-05-12 Thread Martin Preen 

James Lee wrote:

On 10/05/2014 17:34, Shawn Webb wrote:

Hello,

The attached two patches will make building (with gcc)

I'm not but..

  and running on Solaris work.


when using gcc configure sets HAVE_ATTRIB_PACKED=1 and the problem doesn't
exist, ie, no patch is needed for gcc.

In fact no patches need for cc if the value of HAVE_ATTRIB_PACKED is forced post
configure. Any patch/fix should be for configure.


Thats interesting. Without Shawns patches, but with HAVE_ATTRIB_PACKED
and using Sun-CC it works (freshclam & clamscan tested so far).

But including the posted patches, the errors are back again.

So it looks like a problem with the build system and the patch
is (at least partly) compiler specific.

Regards,
Martin

--
Martin Preen, Universität Freiburg, Institut für Informatik
Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany

phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de
fax: ++49 761 203-8242  swt.informatik.uni-freiburg.de/staff/preen



smime.p7s
Description: S/MIME Cryptographic Signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[clamav-users] Clamav-0.98.3 - compile failed OpenBSD

2014-05-12 Thread Ismail Paruk 
Hi,

Tested compile on OpenBSD 4.8 & 5.1 - same errors:-

In file included from /usr/include/sys/sysctl.h:42,
from stats.c:37:
/usr/include/sys/proc.h:64: error: 'MAXLOGNAME' undeclared here (not in a 
function)
/usr/include/sys/proc.h:91: error: expected ')' before 'int'
/usr/include/sys/proc.h:92: error: expected ';' before 'int'
/usr/include/sys/proc.h:283: error: expected specifier-qualifier-list before 
'sigset_t'
*** Error code 1

Stop in /usr/local/src/clamav-0.98.3/libclamav (line 2152 of Makefile).
*** Error code 1

Stop in /usr/local/src/clamav-0.98.3/libclamav (line 3033 of Makefile).
*** Error code 1

Stop in /usr/local/src/clamav-0.98.3/libclamav (line 893 of Makefile).
*** Error code 1

Stop in /usr/local/src/clamav-0.98.3 (line 671 of Makefile).
*** Error code 1

Stop in /usr/local/src/clamav-0.98.3 (line 477 of Makefile).

Kind Regards,

Ismail Paruk

Email: ismail.pa...@gmail.com



___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml