Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.3 beta has been released!

2017-08-14 Thread Steven Morgan 
Mark,

Thanks for the report. I've opened
https://bugzilla.clamav.net/show_bug.cgi?id=11896 for tracking. Please
attach your "TooManyFilters" file there as well.

Steve

On Sat, Aug 12, 2017 at 4:29 PM, Mark Allan  wrote:

> Hi all
>
> This email is two-part: an FP report and a bug report - both only
> concerning 0.99.3
>
> I just uploaded an FP which is only being detected by 0.99.3 beta 1.  The
> checksum for the submitted file (PDFSigQFormalRep.pdf) is
> 1a29b1f3d6df9f1e47c8a77dde142238
>
> It's part of Adobe Acrobat and is showing up as
> Heuristic.PDF.TooManyFilters.
>
> Now the bug-report part.
>
> I added the relevant line to a local FP file exclude.fp in the clamav
> database directory, and it correctly prevents the file from reporting as
> being infected, however the summary still shows "1 infected file".
>
> $ clamscan  ~/Desktop/temp/PDFSigQFormalRep.pdf
>
> --- SCAN SUMMARY ---
> Known viruses: 7305825
> Engine version: 0.99.3-beta1
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.22 MB
> Data read: 0.45 MB (ratio 0.49:1)
> Time: 21.459 sec (0 m 21 s)
>
> Cheers
> Mark
>
>
> > On 4 Aug 2017, at 12:04 am, Joel Esler (jesler) 
> wrote:
> >
> > http://blog.clamav.net/2017/08/clamav-0993-beta-has-been-released.html
> >
> > ClamAV 0.99.3 beta has been released!
> > Join us as we welcome ClamAV 0.99.3 beta for testing!  Be sure and grab
> the beta release on our official ClamAV download site<
> http://www.clamav.net/downloads>.
> >
> > Welcome to ClamAV 0.99.3. In this release, we have included many code
> > submissions from the ClamAV community:
> >
> >
> >  *   Interfaces to the Prelude SIEM open source package for collecting
> ClamAV virus events.
> >  *   Visual Studio 2015 for building Microsoft Windows binaries.
> >  *   Support libmspack internal code or as a shared object library. The
> internal library is the default and contains additional integrity checks.
> >  *   Linking with openssl 1.1.0.
> >  *   Numerous code patches, typos, and compiler warning fixes.
> >
> >
> > Additionally, we have introduced important changes and new features in
> > ClamAV 0.99.3, including:
> >
> >
> >  *   Deprecating internal LLVM code support. The configure script has
> changed to search the system for an installed instance of the LLVM
> development libraries, and to otherwise use the bytecode interpreter for
> ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for
> executing bytecode signatures, please ensure that the LLVM development
> package at version 3.6 or lower is installed. Using the deprecated LLVM
> code is possible with the command: './configure --with-system-llvm=3Dno',
> but it no longer compile on all platforms.
> >  *   Compute and check PE import table hash (a.k.a. "imphash")
> signatures.
> >  *   Support file property collection and analysis for MHTML files.
> >  *   Raw scanning of PostScript files.
> >  *   Fix clamsubmit to use the new virus and false positive submission
> web interface.
> >  *   Optionally, flag files with the virus "Heuristic.Limits.Exceeded"
> when size limitations are exceeded.
> >  *   Improve decoders for PDF files.
> >
> >
> > The ClamAV community thanks the following individuals for their ClamAV
> 0.99.3 code submissions:
> >
> > Sebastian Andrzej Siewior
> > Keith Jones
> > Bill Parker
> > Chris Miserva
> > Daniel J. Luke
> > Matthew Boedicker
> > Ningirsu
> > Michael Pelletier
> > Anthony Chan
> > Stephen Welker
> >
> > Following are issues discovered during release testing. For additional
> information, please review the corresponding tickets on
> bugzilla.clamav.net:
> >
> > 11879 - cli_scanmscan() Failed to extract 4 in Windows beta when
> scanning cab files
> > 11882 - ./configure does not automatically detect libxml2 on FreeBSD
> 10.3 and 11.0
> > 11884 - 'sudo make install' on FreeBSD 10.3 and 11.0 leaves files owned
> by root, subsequent make command fails
> > 11885 - clamsubmit not building on FreeBSD 10.3 and 11.0
> > 11887 - Failures of 'make check VG=1' on FreeBSD 10.3 and 11.0
> >
> > We ask that feedback be provided via the ClamAV mailing lists<
> http://www.clamav.net/contact#ml>.
> >
> >
> > --
> > Joel Esler | Talos: Manager | jes...@cisco.com
> >
> >
> >
> >
> >
> >
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
>

Re: [clamav-users] Another bug with ClamAV 0.99.3 beta 1

2017-08-14 Thread Steven Morgan 
Mark,

We are in the process of reworking that strndup/strnlen test. The rework
will use feature tests during ./configure to test for the presence of the
system implementations of strndup and strnlen. The operating system test
that is currently in place for when to use the local implementations of
strnlen and strndup will be going away. Thanks for writing a patch. It
should suffice during beta.


Steve


On Mon, Aug 14, 2017 at 9:47 AM, Mark Allan  wrote:

> I just had another look at this today with fresh eyes and I see you've
> already got a static replacement of strndup for Solaris, so I've included a
> patch which uses the same function on macOS 10.6.8 or lower.  It relies on
> the appropriate  (-mmacosx-version-min=10.6) setting on the configure
> phase, but the chances are if anyone's compiling with 10.6 support, they
> probably ain't compiling on 10.6 so it's likely being supplied already.
>
>
>
>
> diff -Naurw clamav-0.99.3-beta1/clamd/localserver.c
> clamav-0.99.3-beta1_patched/clamd/localserver.c
> --- clamav-0.99.3-beta1/clamd/localserver.c 2017-07-31
> 19:34:32.0 +0100
> +++ clamav-0.99.3-beta1_patched/clamd/localserver.c 2017-08-14
> 14:24:08.0 +0100
> @@ -25,7 +25,7 @@
>
>  #include 
>  #include 
> -#if defined(C_SOLARIS)
> +#if defined(C_SOLARIS) || 
> (defined(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__)
> && (__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ <= 1068))
>  size_t strnlen(const char *s, size_t n) __attribute__((weak));
>  size_t strnlen(const char *s, size_t n)
>  {
>
>
>
> Hope that's useful.
>
> Mark
>
>
> > On 13 Aug 2017, at 10:25 pm, Mark Allan  wrote:
> >
> > Hi all,
> >
> > Another issue with 0.99.3 beta 1.
> >
> > The clamd process crashes on macOS 10.6.8 because it can't find the
> strndup symbol.  There are a couple of references to strndup in the source
> for clamd and libclamav - should these be changed to cli_strndup or am I
> better to include a static replacement function of strndup in the
> appropriate files that would only be used on 10.6 or earlier?
> >
> > Thanks
> > Mark
> >
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Another bug with ClamAV 0.99.3 beta 1

2017-08-14 Thread Mark Allan 
I just had another look at this today with fresh eyes and I see you've already 
got a static replacement of strndup for Solaris, so I've included a patch which 
uses the same function on macOS 10.6.8 or lower.  It relies on the appropriate  
(-mmacosx-version-min=10.6) setting on the configure phase, but the chances are 
if anyone's compiling with 10.6 support, they probably ain't compiling on 10.6 
so it's likely being supplied already.




diff -Naurw clamav-0.99.3-beta1/clamd/localserver.c 
clamav-0.99.3-beta1_patched/clamd/localserver.c
--- clamav-0.99.3-beta1/clamd/localserver.c 2017-07-31 19:34:32.0 
+0100
+++ clamav-0.99.3-beta1_patched/clamd/localserver.c 2017-08-14 
14:24:08.0 +0100
@@ -25,7 +25,7 @@
 
 #include 
 #include 
-#if defined(C_SOLARIS)
+#if defined(C_SOLARIS) || 
(defined(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__) && 
(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ <= 1068))
 size_t strnlen(const char *s, size_t n) __attribute__((weak));
 size_t strnlen(const char *s, size_t n)
 {



Hope that's useful.

Mark


> On 13 Aug 2017, at 10:25 pm, Mark Allan  wrote:
> 
> Hi all,
> 
> Another issue with 0.99.3 beta 1.
> 
> The clamd process crashes on macOS 10.6.8 because it can't find the strndup 
> symbol.  There are a couple of references to strndup in the source for clamd 
> and libclamav - should these be changed to cli_strndup or am I better to 
> include a static replacement function of strndup in the appropriate files 
> that would only be used on 10.6 or earlier?
> 
> Thanks
> Mark
> 

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml