Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.1 Patch has been released

[Gary R. Schmidt]

On 11/01/2019 04:34, Micah Snyder (micasnyd) wrote:
[SNIP]
>
Type casting to disable warnings sometimes only masks potential issues 
and should only be done with extreme care.



This!  This!!  So many, many, many times this!!!

Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.1 Patch has been released

[Micah Snyder (micasnyd)]

Hi Alan,

I'm not sure which source files belong to that third party library.
The two non-bogus warnings I got were:

libclamunrar/arcread.cpp:32:3: warning: 'ReadSize' may be used uninitialized in 
this function
libclamunrar/rijndael.cpp:101:21: warning: 'uKeyLenInBytes' may be used 
uninitialized in this function

These seem to assume that an input variable takes on an allowed value;
I don't know if that assumption can always be guaranteed.

libclamunrar is in fact UnRAR 5.6.5 from RARLab with very, very limited changes 
from our team.  I just spoke with a developer from their team and he's happy to 
initialize those variables when they're defined, to appease the compiler, even 
though they do actually get initialized later.  The UnRAR developers are 
extremely responsive and helpful.

The warnings in our own code regarding integers of different
signedness are probably most concerning.  I very much want to take a
stab at cleaning those up as soon as I find time, but it will require
much care and heavy regression testing as it can be very easy to
break things when changing variable types.

Indeed.  On-the-spot typecasting is less invasive but more awkward.

Type casting to disable warnings sometimes only masks potential issues and 
should only be done with extreme care.

-Micah
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file

[Benny Pedersen]

Vijayakumar U skrev den 2019-01-10 15:42:


When a malicious file is inside zip file and if zip file contains some
other corrupted zip file, the malicious file is not filtered as virus.


+1

please start using foxhole 3dr party signatures to stop this malwares 
with double packed archives



Sample link - ZXW2.6-Blackfish2.0.zip -
https://drive.google.com/drive/folders/129LvUWJNnp_P-qzXIxA5nqlyS0lnraQB


ZXW2.6.exe is undetected on gdrive, so it can be downloaded, on 
virustotal.com its detected on 18 out of 68 scanners :)


i have sent this file to http://www.clamav.net/reports/malware as a 
false negative


thanks for reporting and using clamav
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.1 Patch has been released

[Micah Snyder (micasnyd)]

Joel wasn't aware, but we do actually test ClamAV builds on Solaris on a Sparc 
machine before each release because it's the only big-endian machine we have on 
hand. Our testing is limited to a manual cursory build and run-test though. We 
have limited access to the machine (it's in a shared environment) and it is 
incredibly slow.

I also have an x64 Solaris VM in our build-acceptance Jenkins node-set, but not 
our full QA-suite node-set. However, it is presently disabled because getting 
builds working correctly was a fight and I ran out of time the last time I was 
working on it.  I've been meaning to give it another go sometime.

I think you're right about this warning manifesting on only 32bit machines. I 
think we need to add some automated checks for warnings (discounting some 
harmless ones) in our build-acceptance and/or QA test suites to alert on this 
kind of thing.  We don't manually build on 32bit machines often.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jan 9, 2019, at 10:02 PM, Gary R. Schmidt 
mailto:grschm...@acm.org>> wrote:

On 09/01/2019 00:01, Joel Esler (jesler) wrote:
Solaris is definitely not one of the OSs in our build farm.  Just FYI.
Oh, I'm not surprised about that, I can't even attempt to justify you having an 
x64 VM set-up to build clamav, given that the set of Solaris clamav users may 
be no greater than 1!  :-)

That said, I had a bit more of a look at the problem, it appears to be a 32-bit 
build only problem, 64-bit builds do not show this problem, on either Solaris 
or OpenSUSE Tumbleweed.

Getting 64-bit builds working completely on Solaris is a bitch-fight with 
configure, I didn't try to get a 32-bit build working on Tumbleweed.

Given that the problem has also been seen on a Linux system, I expect it will 
be dealt with, in the fullness of time.  ;-)

Cheers,
Gary B-)

On Jan 8, 2019, at 1:05 AM, Gary R. Schmidt 
mailto:grschm...@acm.org>> wrote:

On 08/01/2019 05:33, Joel Esler (jesler) wrote:

https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html 


ClamAV 0.101.1 Patch has been released

ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0 
specifically for developers that depend on libclamav. The issue in 0.101.0 is 
that clamav.h required supporting headers that were not provided on make 
install. To address this issue, the internal cltypes.h header has been replaced 
by a clamav-types.h that is generated on ./configure and will be installed 
alongside clamav.h.

Other changes

Increased the default CommandReadTimeout to reduce the chance of mail loss if 
using clamav-milter with the TCP socket. Contribution by Scott Kitterman. Fixes 
for --with-libjson and --with-libcurl to correctly accept library install path 
arguments.

Acknowledgements

 The ClamAV team thanks the following individuals for their code submissions: 
Scott Kitterman

Known Issues

Some users have observed crashes the first time running freshclam after 
upgrading from 0.100 to 0.101. We haven't yet tracked down the source of the 
issue, but have found that the issue resolves itself and that subsequent calls 
to freshclam work as expected.

Please download and update to 0.101.1 , send 
us your feedback on ClamAV-Users 
.
Building on Solaris 11.3 with GCC/G++ 7.3.0 and I just noticed gives this 
warning.  The warning was also in 0.101.0, and possibly earlier versions, but I 
didn't notice it.

--
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I../libclammspack -I.. 
-I./nsis -I../libltdl -DWARN_DLOPEN_FAIL -I/usr/local/include 
-I/opt/local/include -I../libclammspack/mspack -DHAVE_INTERNAL_MSPACK 
-DHAVE_YARA -DSEARCH_LIBDIR=\"/opt/local/lib\" -I/usr/local/include 
-I/usr/include/json-c -I/usr/local/include -I/usr/local/include 
-I/usr/include/libxml2 -g -O2 -fno-strict-aliasing -D_LARGEFILE_SOURCE 
-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -MT libclamav_la-pdf.lo -MD -MP 
-MF .deps/libclamav_la-pdf.Tpo -c pdf.c  -fPIC -DPIC -o .libs/libclamav_la-pdf.o
pdf.c: In function 'find_length':
pdf.c:947:80: warning: passing argument 5 of 'cli_strntoul_wrap' from 
incompatible pointer type [-Wincompatible-pointer-types]
if (CL_SUCCESS != cli_strntoul_wrap(index, bytes_remaining, 0, 10, 
)) {

   ^
In file included from yara_clam.h:46:0,
from others.h:58,
from matcher.h:29,
from others.h:22,
from pdf.c:56:
str.h:78:12: note: expected 'long unsigned int *' but argument is of type 
'size_t * {aka unsigned int *}'
cl_error_t cli_strntoul_wrap(const char *buf, size_t buf_size, int 
fail_at_nondigit, int base, unsigned long *result);
   ^

[clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file

[Vijayakumar U]

Dear ClamAV Team,

When a malicious file is inside zip file and if zip file contains some
other corrupted zip file, the malicious file is not filtered as virus.

Sample link - ZXW2.6-Blackfish2.0.zip -
https://drive.google.com/drive/folders/129LvUWJNnp_P-qzXIxA5nqlyS0lnraQB

Kindly look into this issue.

Thanks and regards,
Vijay.
-- 
Sent from Gmal for iPad
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml