Re: [clamav-users] clamav preventing CLion from working properly

[Gary R. Schmidt via clamav-users]

On 25/07/2024 01:03, Giacomazzi Gabriele Antonio wrote:

That's the strangest reply i ever received in a community lol.


You're new.


Fortunately my boss is not only paper and stuff, he is very technical.

So are they.


They are not VMs, they are physical PCs.
We are required to get the ISO 27001 certification, so we need to 
install anti-viruses on all employees workstations. The on-access 
feature was something asked by my boss, not by the actual certificate.
Okay, if they're all physically the same, and I presume installed from a 

clone image, then maybe yours isn't quite the same as the others.

Change the cable to the disk, give the NVME a wiggle, maybe the power 
supply is a bit dodgy, change the connection, etcetera.


Cheers,
GaryB-)
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] clamav preventing CLion from working properly

[Gary R. Schmidt via clamav-users]

On 25/07/2024 00:26, Giacomazzi Gabriele Antonio wrote:

Hi, thanks for replying.
The on-access feature it's required by the company i work for.
I don't understand where the problem is since i've done the same 
configuration on all workstations, but in some of them there is this 
problem.



Oh, good, security by stupidity...

Are they VMs?
Are they teeny-tiny VMs?
Are the VMs on an over-subscribed virtual-whatever server??

Is the VM server being hammered by a anti-virus scan at the time(s) you 
are trying to do stuff?


That's for real, the lusers up a few levels at $ORK require the use of 
 - not clamav - on all UNIX and Linux systems, and 
they are moving from bare metal to VMs.
They wonder why the performance of the VMs drops into the gutter when 
the server is periodically scanned.
And I do mean scanned, *every* file is opened and read, virtual disks 
and all.
And sometimes, for no apparent reason, periodically means, "We've 
finished that scan, let's do it again!"

Roll-on demob.

Luckily our systems, which are used to develop the stuff they make money 
from by selling , are invisible to lower beings.  ;-)


Cheers,
GaryB-)

P.S.  I did once suggest that they should move to clamav, being 
oh-so-much-cheaper, but apparently the souls of some people's first-born 
are tied to the continued use of , or the spirits of 
the ancestors decreed that it must be so, or something.

No, they know nothing about how computers work.
Yes, they have tried to move AIX/HP-UX/Solaris workloads to Linux VMs, 
and asked us perplexed questions as to why it does not work.


P.P.S.  Four more years and I qualify for a full pension.  :-)

P.P.P.S.  No, I don't work for the ACM, this is my personal account, I'm 
not that stupid.

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] clamav preventing CLion from working properly

[Gary R. Schmidt via clamav-users]

On 24/07/2024 23:35, Giacomazzi Gabriele Antonio via clamav-users wrote:

Hi everyone,
I'm running into some problems with clamav and CLion.

For context, we are talking about a workstation running fedora 40.
I activated clamonacc and, since I was monitoring /home and every CLion 
project was in that directory, CLion was building very slowly.
I excluded the path where all the projects were stored 
(/home/user/CLionProjects) and it all worked great until I rebooted the pc.
Now clamd process spikes to 100% of cpu (thing that makes me go crazy 
since i don't understand why it does not use more than 1 cpu) every time 
i open any program. This happens with chrome, skype and every other but 
CLion... CLion is prevented from starting for about 10 minutes, then it 
works very slow like i never made any changes.
Let me know if you guys need anything that could help you understand 
what the problem is.


Please help me understand the problem and maybe resolve it in any way.



Well, yes, on-access scanning will chew up io and cpu.

And why do you think you need it?

Cheers,
GaryB-)
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] i have often an error in the scan

[Gary R. Schmidt via clamav-users]

On 18/10/2022 22:05, G.W. Haywood via clamav-users wrote:
[SNIP]


May I suggest that you try to use a translation Website?  I have had
good results from this one, at least for a few languages:

https://www.deepl.com/en/translator
Also, please write your messages in your native language as well as 
English, nuance is often lost when translated, either by the initial 
writer or translation software.


Cheers,
GaryB-)
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV 0.105 release candidate

[Gary R. Schmidt]

On 16/03/2022 20:19, Christoph Moench-Tegeder via clamav-users wrote:

## Joel Esler via clamav-users (clamav-users@lists.clamav.net):


Can’t use wget.


Looks like "can't use anything which doesn't look like a web browser",
as BSD fetch hits the 403, too.
That's a major PITA on the BSD side (just like openSuse), but it
was working just fine at the time of the 0.104.2 release (and all
the time prior to that). Is there any reason behind making the source
(not talking about the database files) inaccessible like that?



Hanlon's Razor: "Never attribute to malice what can be adequately 
explained by neglect, ignorance, or incompetence."


With the added FLOSS variant, "or trying to show just how much smarter 
they are than everybody else."


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Solaris users in a bind

[Gary R. Schmidt]

On 03/11/2021 22:59, G.W. Haywood via clamav-users wrote:

Hi there,

On Wed, 3 Nov 2021, Gary R. Schmidt wrote:


... doesn't answer the question of how to build on Solaris.


True enough.  Perhaps I should have made it more clear that I was
suggesting that there may be alternatives to banging heads on walls.

Not doing it being one of them - and what I'll do now.

The OP (and I (and other Solaris/HP-UX/AIX/non-BSD-UNIX users)) have a 
problem anyway, with ClamAV becoming non-portable in the future, what 
will we do about scanning email?


It seems obvious that we should just bung a supported VM of some recent 
vintage somewhere, or sneak a Pi into a rack, and then do it remotely, 
are there simple recipes out there for how to do it?


I know I could JFGI but a pointer to an accurate one always helps.  :-)

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Solaris users in a bind

[Gary R. Schmidt]

On 03/11/2021 22:17, G.W. Haywood via clamav-users wrote:

Hi there,

On Wed, 3 Nov 2021, Gary R. Schmidt wrote:

On 03/11/2021 20:16, G.W. Haywood via clamav-users wrote:

On Wed, 3 Nov 2021, Liston, Daniel (DLISTON) via clamav-users wrote:


Can anyone offer a instructions for getting the 103/104 source to
compile on Solaris (preferably 11.3) or work-around (that won't get
me fired)?


Why not set up a virtual machine?  You'll need to give it enough RAM,
so depending on your system(s) and how you operate them you might need


(Cough) - SPARC - (Cough).


Sorry?

https://www.oracle.com/solaris/solaris11/downloads/solaris11-vm-templates-downloads.html 

That's for x64 systems.  And I find VirtualBox quite useful on x64 
Solaris systems.



My second question styled differently:

https://www.fujitsu.com/global/products/computing/servers/unix/sparc-enterprise/software/solaris11/ 
Well, yes, there are various VM images available, and if (a) their SPARC 
box(es) are set up using LDOMs, and (b) there is no problem with them 
installing such an image into an LDOM, well, the OP could do that.


But that doesn't answer the question of how to build on Solaris.

Cheers,
GaryB-)

P.S.  I work for Fujitsu, it's always amusing to see one of our links 
quoted.  :-)





___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Solaris users in a bind

[Gary R. Schmidt]

On 03/11/2021 20:16, G.W. Haywood via clamav-users wrote:

Hi there,

On Wed, 3 Nov 2021, Liston, Daniel (DLISTON) via clamav-users wrote:


Can anyone offer a instructions for getting the 103/104 source to
compile on Solaris (preferably 11.3) or work-around (that won't get
me fired)?


Why not set up a virtual machine?  You'll need to give it enough RAM,
so depending on your system(s) and how you operate them you might need


(Cough) - SPARC - (Cough).

Cheers,
GaryB-)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Solaris users in a bind

[Gary R. Schmidt]

On 03/11/2021 18:44, Liston, Daniel (DLISTON) via clamav-users wrote:

I need some help.  The clamav.net site does not offer downloads for Solaris and 
the link for Solaris directs us to the OpenCSW.org site.

Does anyone have a contact at CSW?  ClamAV 0.100.2 is the newest version 
available to Solaris users, and has not been updated in time to prevent a cut 
off from signature update downloads.  I have spent the weekend, and the better 
part of Mon/Tue trying to get userland tools to compile on Solaris 11.3 
(unsuccessfully), which seems to be a prerequisite to compiling clamav from 
source.

Can anyone offer a instructions for getting the 103/104 source to compile on 
Solaris (preferably 11.3) or work-around (that won't get me fired)?


This worked on 11.3 and 11.4 to build 0.103.3.

I had previously built GCC 10 from source, and have Studio as well.

The four shared objects in /usr/local: I like to keep OpenSSL right up 
to date, and I have libiconv for other reasons, the libbz2 may be a 
hang-over from 10.  :-)


Cheers,
GaryB-)

-
#! /bin/bash
#
# Fix PATH...
export 
PATH=/bin:/usr/bin:/sbin:/opt/developerstudio12.6/bin:/usr/local/bin:.

echo $PATH
hash -r
#
# Fix configure files.
echo edit ... find . -name configure replace BDRT with BCDRT

for i in `find . -name configure`
do
sed 's/BDRT/BCDRT/' $i > /tmp/configure.$$
mv /tmp/configure.$$ $i
chmod a+x $i
done

env CONFIG_SHELL=/bin/bash \
/bin/bash ./configure \
CONFIG_SHELL=/bin/bash \
CFLAGS="-m32 -I/usr/local/include" \
CXXFLAGS="-m32 -I/usr/local/include" \
LDFLAGS="-m32 -L/usr/local/lib -R/usr/local/lib" \
--disable-ipv6 \
--disable-silent-rules \
--disable-check \
--prefix=/usr/local


RR=$?
if [ $RR != 0 ]
then
echo "Bad conf!"
exit $RR
fi

exit $?

-


To Install:
sudo svcadm disable svc:/network/postfix:default
sudo /etc/init.d/freshclam stop
sudo /etc/init.d/clamsmtp stop
sudo /etc/init.d/clamd stop

sudo gmake install

sudo /etc/init.d/clamd start
sleep 60
sudo /etc/init.d/freshclam start
sudo /etc/init.d/clamsmtp start
sudo svcadm enable svc:/network/postfix:default

-


/usr/local/lib/libiconv.so.2
/usr/local/lib/libbz2.so.1.0
/usr/local/lib/libssl.so.1.1
/usr/local/lib/libcrypto.so.1.1


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [OT] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Gary R. Schmidt]

On 28/07/2021 21:53, G.W. Haywood via clamav-users wrote:

Hi Paul,

On Wed, 28 Jul 2021, Paul Kosinski via clamav-users wrote:


In my case, I can't simply upgrade to the latest Debian (or any
other distro), as one of the systems is our home firewall and
gateway -- with iptables, multi-LAN routing (with local DNS), a bit
of bridging, encrypted tunnels to elsewhere, etc. This means we
would lose *all* Internet connectivity for who knows how long if I
tried an in-place upgrade.


I'd recommend not using any big distro for your perimiter firewall.
I use one of the purpose-built stripped-down firewall distributions.
The maintenance needed on it is minimal, and it doesn't prevent you
from having firewalls on other machines too.  To get to *any* of our
servers from outside, packets must traverse at least three firewalls.


So the only way to move forward seems to be to rebuild our system on
separate hardware. I have started this on hardware I already mainly
have (being retired, and thus without corporate budget or staff).


One of the slightly unexpected benefits of using things like the
Raspberry Pi is that you can have a few of them kicking around which
are surplus to requirements and just fire one up as and when needed.


I second what Ged is saying here, for firewalls and so on the Raspberry 
Pi and its ilk are a much better choice than a full-on system, they use 
/much/ less power, and keeping a spare or three isn't a board- (or 
wife-) level budget request.  :-)


I still like a full-on machine for handling email, but that's because I 
run Panda-IMAP, which is probably the closest thing to a "reference" 
IMAP implementation we will ever see, and I can do far more clever 
things with disks and SANs when needed.


Cheers,
GaryB-)

P.S.  Yes, I know I said good-bye, but I am interested in the fall-out 
of the recent decisions made about ClamAV.  (And I like to laugh at the, 
"I haven't been able to download...", posts.  :-) )


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamd.log ERROR: reload_th: Database load failed: Malformed

[Gary R. Schmidt]

On 27/07/2021 18:54, G.W. Haywood via clamav-users wrote:

Hi there,

On Tue, 27 Jul 2021, Ashtec Cerenuela via clamav-users wrote:

I've been monitoring the clamd.log for my email server this past few 
weeks and I've seen errors like this everyday.
Sat Jul 24 19:28:27 2021 -> SelfCheck: Database modification detected. 
Forcing reload.
Sat Jul 24 19:28:27 2021 -> Reading databases from 
C:\ProgramData\.clamwin\db
Sat Jul 24 19:28:39 2021 -> ERROR: reload_th: Database load failed: 
Malformed database


Are you sure that you're using an up-to-date clamd version?  Clutching
at straws here, perhaps when you upgraded the daemon wasn't restarted?


...
ClamUpdateLog.txt says:
ClamAV update process started at Sat Jul 24 19:19:00 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.2 Recommended version: 0.103.3


Since you seem to be using ClamWin you will either have to live with
these warnings or use the Windows version from upstream.  Personally
after what I've seen of ClamWin I'd steer clear of it.  See comments
in the list archives for example:

https://lists.clamav.net/pipermail/clamav-users/2021-June/011286.html

daily database available for update (local version: 26241, remote 
version: 26242)
Testing database: 
'C:\ProgramData\.clamwin\db\tmp.5c43b1ecb8\clamav-632317d6ea0ad37e91e81295e905073d.tmp-daily.cld' 
...

Database test passed.
daily.cld updated (version: 26242, sigs: 1963537, f-level: 90, 
builder: raynman)
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 
90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 
63, builder: awillia2)


Your update process seem to be working OK.  Here's my freshclam log
(on Linux!) for about that time, as you see the numbers all match:

Sat Jul 24 20:21:55 2021 -> Received signal: wake up
Sat Jul 24 20:21:55 2021 -> ClamAV update process started at Sat Jul 24 
20:21:55 2021
Sat Jul 24 20:21:56 2021 -> daily.cld database is up-to-date (version: 
26242, sigs: 1963537, f-level: 90, builder: raynman)
Sat Jul 24 20:21:56 2021 -> main.cvd database is up-to-date (version: 
61, sigs: 6607162, f-level: 90, builder: sigmgr)
Sat Jul 24 20:21:56 2021 -> bytecode.cld database is up-to-date 
(version: 333, sigs: 92, f-level: 63, builder: awillia2)



Deleted daily.cld/main.cvd and downloaded with a new copy from
clamwin website.  After 24hrs of monitoring, the error occured again
after the update.  I'm not sure if this is normal or what.


I'm not sure what's normal for ClamWin.  Why not just use the official
sources and CDN?  In case it helps, if you check the MD5sum for the
main database it should be

8192d77d0032163244c7323a80d5f228

and I wouldn't expect that file to change for quite some time since
it's only very recently been updated.

Wasn't ClamWin 0.103.2 a "fake" update where they only changed the 
version number?


Or was that 0.103.3?

Either way, Ged's advice to throw it away and use a proper ClamAV build 
for winderss is correct.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Gary R. Schmidt]

On 25/07/2021 06:17, Micah Snyder (micasnyd) wrote:

Hi Gary, Ged,


[SNIP announcement that ClamAV is effectively going non-portable]

"So long, and thanks for all the fish".

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Gary R. Schmidt]

On 24/07/2021 22:51, G.W. Haywood via clamav-users wrote:

Hi there,

On Sat, 24 Jul 2021, Gary R. Schmidt wrote:


On 24/07/2021 17:01, Gary R. Schmidt wrote:

[SNIP]

Next I will try with GCC/G++, wonder where it will fail...

...
CMake Error at 
/usr/share/cmake-3.15/Modules/FindPackageHandleStandardArgs.cmake:137 
(message):

 Could NOT find Iconv (missing: Iconv_LIBRARY)
Call Stack (most recent call first):
 /usr/share/cmake-3.15/Modules/FindPackageHandleStandardArgs.cmake:378 
(_FPHSA_FAILURE_MESSAGE)


Ouch.  Looks like you're having even more trouble than I did.  Well,
that's what release candidates (and we) are here for. :)  Can't help
much with Solaris, sorry, but doesn't Micah build on it too?

I do recall that it used to be in the build farm, but I think that 
stopped a while ago.



Oh, by the way, how do you tell CMake to wipe out its effects and go
back to a virginal environment, a la "make distclean"???


According to 'man cmake' there's a command line option

--clean-first


That only works if there is a "clean" target available.  :-(

[SNIP]


However I always

rm -rf /home/me/clamav-0

even if I'm using 'make'.

Yes, I've been doing that, but just wondered if there was some logic 
built-in (or added).  :-)


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Gary R. Schmidt]

On 24/07/2021 17:01, Gary R. Schmidt wrote:

[SNIP]

Next I will try with GCC/G++, wonder where it will fail...


-- The C compiler identification is GNU 10.2.0
-- The CXX compiler identification is GNU 10.2.0
-- Check for working C compiler: /bin/gcc
-- Check for working C compiler: /bin/gcc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /bin/c++
-- Check for working CXX compiler: /bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found Git: /bin/git (found version "2.30.2")
-- Found Libcheck: /usr/include
-- Found Python3: /bin/python3.7 (found version "3.7.10") found 
components:  Interpreter
Python 3 package 'pytest' is not installed for /bin/python3.7 and is not 
available in your PATH.

Failed unit tests will be easier to read if you install pytest.
Eg:  python3 -m pip install --user pytest
-- Found Threads: TRUE
-- Found OpenSSL: /opt/local/lib/libcrypto.so
-- Found ZLIB: /usr/lib/64/libz.so (found version "1.2.11")
-- Found BZip2: /usr/lib/64/libbz2.so (found version "1.0.8")
-- Looking for BZ2_bzCompressInit
-- Looking for BZ2_bzCompressInit - found
-- Found LibXml2: /usr/lib/64/libxml2.so (found version "2.9.9")
-- Found PCRE2: /usr/lib/64/libpcre2-8.so
-- Performing Test Iconv_IS_BUILT_IN
-- Performing Test Iconv_IS_BUILT_IN - Failed
CMake Error at 
/usr/share/cmake-3.15/Modules/FindPackageHandleStandardArgs.cmake:137 
(message):

  Could NOT find Iconv (missing: Iconv_LIBRARY)
Call Stack (most recent call first):
  /usr/share/cmake-3.15/Modules/FindPackageHandleStandardArgs.cmake:378 
(_FPHSA_FAILURE_MESSAGE)


Nice and early...

Oh, by the way, how do you tell CMake to wipe out its effects and go 
back to a virginal environment, a la "make distclean"???


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Gary R. Schmidt]

On 23/07/2021 02:18, Joel Esler (jesler) via clamav-users wrote:




https://blog.clamav.net/2021/07/clamav-01040-release-candidate-is-here.html 




  ClamAV 0.104.0 Release Candidate is here!



Well, first try on Solaris 11.4 doesn't want to work.

I had hopes that CMake would be better than autotools, but so far I am 
decidedly unimpressed.


The flags I'm passing are guesses, except where taken from INSTALL.md.

Here we go, sorry for the huge post:
Input:
cmake   -D CMAKE_INSTALL_PREFIX:PATH=/opt/sandbox \
-D PCRE2_INCLUDE_DIR=/opt/local/include \
-D ENABLE_MILTER=OFF \
-D OPENSSL_ROOT_DIR=/opt/local/ssl \
-D OPENSSL_INCLUDE_DIR=/opt/local/include/openssl \
-D OPENSSL_CRYPTO_LIBRARY=/opt/local/lib/libcrypto.so \
-D OPENSSL_SSL_LIBRARY=/opt/local/lib/libssl.so \
-D CFLAGS="-m32 -I/opt/local/include" \
-D CXXFLAGS="-m32 -I/opt/local/include" \
-D LDFLAGS="-m32 -L/opt/local/lib -R/opt/local/lib"

cmake --build . --target install --config Release
Output:

CMake Warning:
  No source or binary directory provided.  Both will be assumed to be the
  same as the current working directory, but note that this warning will
  become a fatal error in future CMake releases.


-- The C compiler identification is SunPro 5.15.0
-- The CXX compiler identification is SunPro 5.15.0
-- Check for working C compiler: /opt/developerstudio12.6/bin/cc
-- Check for working C compiler: /opt/developerstudio12.6/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /opt/developerstudio12.6/bin/CC
-- Check for working CXX compiler: /opt/developerstudio12.6/bin/CC -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found Git: /bin/git (found version "2.30.2")
-- Found Libcheck: /usr/include
-- Found Python3: /bin/python3.7 (found version "3.7.10") found 
components:  Interpreter
Python 3 package 'pytest' is not installed for /bin/python3.7 and is not 
available in your PATH.

Failed unit tests will be easier to read if you install pytest.
Eg:  python3 -m pip install --user pytest
-- Found Threads: TRUE
-- Found OpenSSL: /opt/local/lib/libcrypto.so
-- Found ZLIB: /usr/lib/libz.so (found version "1.2.11")
-- Found BZip2: /usr/lib/libbz2.so (found version "1.0.8")
-- Looking for BZ2_bzCompressInit
-- Looking for BZ2_bzCompressInit - found
-- Found LibXml2: /usr/lib/libxml2.so (found version "2.9.9")
-- Found PCRE2: /usr/lib/libpcre2-8.so
-- Performing Test Iconv_IS_BUILT_IN
-- Performing Test Iconv_IS_BUILT_IN - Success
-- Found Iconv: /usr/lib/libc.so
-- Found JSONC: /usr/lib/libjson-c.so
-- Found CURL: /usr/lib/libcurl.so (found version "7.74.0-DEV")
-- Found CURSES: /usr/lib/libcurses.so
-- Performing Test CXX_FLAG__std_c_14
-- Performing Test CXX_FLAG__std_c_14 - Failed
-- Performing Test CXX_FLAG__std_c_11
-- Performing Test CXX_FLAG__std_c_11 - Failed

[SNIP bunch of stuff...]

-- Performing Test C_FLAG__Wall
-- Performing Test C_FLAG__Wall - Success
-- Performing Test C_FLAG__Wextra
-- Performing Test C_FLAG__Wextra - Success
-- Performing Test C_FLAG__Wformat_security
-- Performing Test C_FLAG__Wformat_security - Success
-- Performing Test CXX_FLAG__Wall
-- Performing Test CXX_FLAG__Wall - Success
-- Performing Test CXX_FLAG__Wformat_security
-- Performing Test CXX_FLAG__Wformat_security - Success
-- Performing Test HAVE_MMAP
-- Performing Test HAVE_MMAP - Success
-- Performing Test HAVE_MMAP_MAP_ANONYMOUS
-- Performing Test HAVE_MMAP_MAP_ANONYMOUS - Success
-- Performing Test HAVE_SYSCONF_SC_PAGESIZE
-- Performing Test HAVE_SYSCONF_SC_PAGESIZE - Success
-- Configuration Options Summary --
[Deleted annoying ANSI escape sequences.]
Package Version:ClamAV 0.104.0-rc
libclamav version:  10:0:1
libfreshclam version:   2:2:0
Install prefix: /opt/sandbox
Install database dir:   /opt/sandbox/share/clamav
Install config dir: /opt/sandbox/etc
Host system:SunOS-5.11
Target system:  SunOS-5.11
Compiler:
Build type: RelWithDebInfo
C compiler: /opt/developerstudio12.6/bin/cc
C++ compiler:   /opt/developerstudio12.6/bin/CC
CFLAGS: -g -xO2
CXXFLAGS:   -g -xO2
WARNCFLAGS:  -Wall -Wextra -Wformat-security
Build Options:
Build apps: ON
Shared library: ON
Static library: OFF
Enable UnRAR:   ON
Examples:   OFF
Tests:  ON
Build man pages:ON
Build doxygen HTML: OFF
Build Extras:
Build milter:   OFF  (toggle with -DENABLE_MILTER=ON/OFF)
-- Engine Options --
 

Re: [clamav-users] Seeking complete Installation guide of clamav-rest

[Gary R. Schmidt]

On 23/07/2021 13:28, Kin Sou via clamav-users wrote:

Hi Team,

Please support us.


Hey, give them at least 24 hours.

Nobody who might know what you are talking about is awake, or currently 
available for dealing with ClamAV stuff.


It's free, don't be snarky when asking for help.

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] New Main & Daily CVD's are incoming

[Gary R. Schmidt]

On 14/07/2021 00:05, Joel Esler (jesler) via clamav-users wrote:
Tomorrow, Wednesday July 14th, we are planning on publishing a brand new 
main.cvd and daily.cvd, as we do periodically to move more of the long 
term signatures into the main.cvd and make the daily.cvd smaller again.


This will have an impact on your downloads of these files (as every 
ClamAV instance will have to re-download both files), so you may see a 
spike in your bandwidth usage.


We will monitor the situation on the mirror side and make any 
adjustments necessary, but we anticipate no issues.


https://blog.clamav.net/2021/07/new-main-daily-cvds-are-incoming.html 





Just thought I would say that the update seems to have finally come 
through.  :-)


About July 15 1200 UTC it updated cleanly, and has been quiet since then.

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] New installation 103.3; failing freshclam

[Gary R. Schmidt]

On 28/06/2021 03:17, Paul Rogers via clamav-users wrote:

So I rebuilt curl-7.50.1 with new config arguments as follows:
That, to me, looks to be too old to work.


I am using cURL 7.67.0, and OpenSSL 1.1.1k, and I vaguely recall having 
certificate problems a while ago that were solved by updating everything 
in sight.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav error

[Gary R. Schmidt]

On 17/06/2021 13:30, Jigar via clamav-users wrote:

Hello,

Suddenly, we are getting the following error in clamd.log file

Thu Jun 17 08:52:49 2021 ->
/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
Can't create new file ERROR
Thu Jun 17 08:52:49 2021 ->
/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002:
Can't open file or directory ERROR

We have checked up all the permission and ownership. There is no change in it.

We still have the old version of clamav - 0.99 on our mail server. We
are in the process of upgrading with a new server. Meanwhile, we need
to run the
server without any issue. We request kind help.

Have you checked that whatever file system contains 
"/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts" has not 
run out of space?


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Manually copy and use local filesystem as DownloadMirror/PrivateMirror

[Gary R. Schmidt]

On 17/05/2021 23:24, ANISH SHETTY via clamav-users wrote:

Hi All,

I needed some clarifications in configuring clamav on our client machines.

We have several client machines and the client machines we have cannot 
contact the official clamav server to fetch the cvd and cdiff files. And 
hosting a private server and setting is up as a DownloadMirror is also 
not possible in our case since we have many clients, and we'll have to 
setup and maintain a server in network of each of these clients.



Why not set up a single proxy accessible by all the clients?

However, we provide these client machines with an update periodically 
(once in a quarter as of now)
Okay, this is a bit of a "Why bother?"  You'll be so out of date that it 
seems hardly worth it.


[SNIP the rest, someone who knows things better can have a go]

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav on rhel 6.7 x32

[Gary R. Schmidt]

On 14/04/2021 08:27, Eero Volotinen wrote:

Hi,

I think that installing following files will fix your problem.

https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-0.100.3-1.el6.i686.rpm 

https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-db-0.100.3-1.el6.i686.rpm 



Please test first on your test system. I only tested on centos 6.7 x32

"if it breaks, you can keep both pieces"
It won't fix his problem, it just postpones it.


When 0.100.3 drops off the planet he would be back, asking the same 
question - unless he managed to get the system updated, but the odds are 
it would just be to another dead version.  (BTDTGTTS)


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Last ClamAV compatible with x32

[Gary R. Schmidt]

On 13/04/2021 01:22, Sorin Petrut Niculae via clamav-users wrote:
newer version of zlib for this version of RHEL 6.7 x32. Newer than the

one for the RHEL repositories.


Any advice?


Build it from source.

As I have said before, it is trivially easy to solve these problems.

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Last ClamAV compatible with x32

[Gary R. Schmidt]

On 12/04/2021 21:39, Sorin Petrut Niculae via clamav-users wrote:

Hello all,


I have one doubt for solve, Is possible to use last ClamAV with rhel 6.7 
x32 and zlib x32?



I hace a critical system with rhel 6.7 x32 and it's impossible to upload 
it to a newer version of rhel and I need to find a solution to install 
ClamAV on that system.



Any possible solution ?


Yes, it's easy.

You need to update all of the dependent libraries: OpenSSL, Zlib, 
libxml2,   From source.


The versions supplied with RHEL 6.7 are too far out of date.

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[Gary R. Schmidt]

On 10/04/2021 23:45, Matus UHLAR - fantomas wrote:

On 10/04/2021 22:59, Matus UHLAR - fantomas wrote:
[SNIP]

it could help if we provided proper reason to upgrade tho.


On 10.04.21 23:08, Gary R. Schmidt wrote:

Isn't, "It's security software", sufficient?


obviously not. There are still question:
1.) what may break if we upgrade?
2.) what may break if we don't upgrade?
3.) why should we upgrade if nothing's broken and we risk 1.) ?

etc


Hmm, must not be too worried, then.

The mob I work for's (enterprise) clients tend to send me queries every 
time an OpenSSL or other CVE comes out, "How long will it take to apply 
the fix?", "When will you have a new release ready?", "Does it affect 
the product(s)?", usually in that order.


And yes, we all know about the problem of, "How much other testing will 
have to be done?"


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[Gary R. Schmidt]

On 10/04/2021 22:59, Matus UHLAR - fantomas wrote:
[SNIP]

it could help if we provided proper reason to upgrade tho.


Isn't, "It's security software", sufficient?

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

[Gary R. Schmidt]

On 05/04/2021 16:20, Vivek Patil via clamav-users wrote:

Eero,

What more details do you want?
I am scanning my system using "clamscan -i -r --cross-fs=no -f 
"$list_file"" using a shell script.

It giving only the warning message as follows:

LibClamAV Warning: PNG: Unexpected early end-of-file.

I just wanted to find the location/name of the file.

On Mon, Apr 5, 2021 at 11:42 AM Eero Volotinen > wrote:


Just add more verbose?

May I suggest that you read the "man" page for clamscan, which would 
have shown you the -v, --verbose Be verbose flag?


Although if you have the clamd daemon running it would be faster to use 
clamdscan, with the same "-v" option.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Blocked IP

[Gary R. Schmidt]

On 22/03/2021 10:42, Du, J. (Jingsong) via clamav-users wrote:

Dear Sir/Madam,

ING Australia External IP was blocked. May I please ask for assistance 
to get it unblocked?


Thanks.

Regards,

Jingsong


Quoting Joel (he'll be along later :-) ):

Hello,

Thank you for your email.  As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010578.html

We’ve been forced to take emergency measures to protect the ClamAV 
environment.


Please Immediately switch to using Freshclam or 
https://github.com/micahsnyder/cvdupdate to update your AV definitions. 
If you are using Qnap or ClamWin, it’s likely that you are using a 
version of ClamAV that has been EOL’ed: 
https://blog.clamav.net/2021/02/clamav-eol-versions-prior-to-0100.html


Sorry for the inconvenience, but we are currently in emergency mode and 
have to make several drastic changes over the last several days.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

[Gary R. Schmidt]

On 21/03/2021 00:21, Joel Esler (jesler) via clamav-users wrote:


Sent from my  iPhone


On Mar 20, 2021, at 00:37, Gary R. Schmidt  wrote:

On 20/03/2021 14:12, Bill Speidel wrote:
[SNIP]

 on the other hand if all of Linode is blocked then there's not much i can 
do...

Well, complaining to them and indicating a willingness to move to a different 
provider if they don't clean up their act /might/ help.

But probably not...

> They aren’t blocked.  They fall into the same rate limit that the 
rest of the planet does


Ah, I just realised that what I wrote may be misinterpreted, it was the 
service provided by Linode I was referring to moving away from, not ClamAV.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

[Gary R. Schmidt]

On 20/03/2021 14:12, Bill Speidel wrote:
[SNIP]
     on the other hand if all of Linode is blocked then there's not much 
i can do...


Well, complaining to them and indicating a willingness to move to a 
different provider if they don't clean up their act /might/ help.


But probably not...

Cheers,
GaryB-)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Re :Re: Re :Re: Offline Updating

[Gary R. Schmidt]

On 18/03/2021 23:08, Rick Cooper wrote:

Just verified if I change chrome's agent string to Internet Explorer 11 can
access the page just fine

That's interesting, Edge uses the Chromium engine, I presume that the 
problem is caused by giggle doing something so incredibly and 
wonderfully clever that anyone else could tell was stupid.


Are other Chromium-based browsers having the problem, I wonder?

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] access denied to website

[Gary R. Schmidt]

On 18/03/2021 22:47, John Pfuntner -X (jpfuntne - EASI LLC at Cisco) via 
clamav-users wrote:
I’m getting a /Access Denied/ nastygram going anywhere at 
https://www.clamav.net/ .  What’s going on?  I 
wish I knew the best place to ask this but… I can’t get to the website 
for more information!




Error 1020 Ray ID: 631e3361eaa12598 • 2021-03-18 11:42:58 UTC

Access denied

What happened?

This website is using a security service to protect itself from online 
attacks.


Cloudflare Ray ID: 631e3361eaa12598 • Your IP: 2001:420:c0c4:1005::22 • 
Performance & security by Cloudflare






Cloudflare seems to be having a bit of a bad day in some places, ClamAV 
is fine for me in Oz, but elsewhere seems to be having trouble.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Re :Re: Re :Re: Offline Updating

[Gary R. Schmidt]

On 18/03/2021 22:39, Paul Smith via clamav-users wrote:

On 18/03/2021 11:28, G.W. Haywood via clamav-users wrote:


Another user on this list says that he sees problems with the ClamAV
Website certificate.  I do not see that - I see that the certificate
is current, valid, and expires at noon (GMT) on 4th August 2021.


I've only just noticed it today (prompted to look by presario's 
message). Now, I'm getting the same response as they are.


I didn't visit the website yesterday, so can't comment on when it started.


I am in England.  Perhaps something is wrong with the geographical
caching by Cloudflare.  If so, to know more about it we may need to
wait until the people in the USA start their working day.


I'm in England also...

At my first message, the certificate was wrong. NOW it is showing as 
valid, expiring on 4th August 2021, but I'm getting the 1020 error - 
this is just going to https://www.clamav.net (not downloading CVDs). 
This IP address is not used for anything else ClamAV related, so it 
shouldn't be hitting rate limiters or anything like that.


I suspect the Cloudflare settings have been tweaked, and have gone badly 
wrong.


My IP address is 82.68.48.206. If I remote into my office PC and try 
from there, I get the same 1020 error, that IP address is 195.224.19.190 
and on a totally different ISP from my home network.




 is fine from Oz at the moment.

Probably, as Ged suggested, something has gone blooie! with Cloudflare.

It happens.

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam: Network is unreachable

[Gary R. Schmidt]

On 15/03/2021 16:39, Vivek Patil via clamav-users wrote:

Hi,


Update to a currently supported version of ClamAV.

You haven't told us which version you are on, so that may not be the 
problem, but it usually is.



Unless, of course, you're one of the naughty sites.

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Restriction of downloads

[Gary R. Schmidt]

On 14/03/2021 00:08, Rémy DODIN via clamav-users wrote:

My synology Clamav is at   "Upgraded ClamAV engine to 0.102.3"
As it is written here and my packets are at latest update level.
https://www.synology.com/fr-fr/releaseNote/AntiVirus?model=DS713%2B

But virus signature is unabled to be refreshed as I wrote it !
It worked until last refresh from 03/06/21 and then, high CPU and 
storage utilisation and no refresh.
It looks like it is going into a loop trying to get virus database 
updates  (If it goes into a loop, then the refresh tool may have 
issue ! and may be you expected abuse due to high freshclam or virus 
database update is into a loop due incorrect process ?


If a loop exist, who's the culprit ? (I'm not a developper and just end 
user with no skills)

synology ? or Clamav ?
I just run again database update option and after more than 4 minutes, 
it was always runing and I have to force a stop to not have it running 
24/24h.
Consuming a lot of CPU, energy (not eco friendly) - It is acting like a 
virus trying to kill a system, strange !



Synology have re-packaged ClamAV, so it is a question for Synology.

We don't know how it's been built or what has been left out (or added in).

Simple guess is that the NAS does not have enough memory.  ClamAV needs 
more than 1 Gigabyte.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAVPlugin

[Gary R. Schmidt]

On 22/02/2021 21:59, G.W. Haywood via clamav-users wrote:
[SNIP]


If you're going to run your own mail server, ALL this stuff needs to
be at your fingertips.  If it isn't, you're just going to be getting
in your own way (and in everyone else's way).


Also wondering in main.cf (postfix) is the only place I need to add
Clamav directives.  master.cf has a spot for Spamassassin as a
"filter" and commented out stuff for amavis.


https://www.oreilly.com/library/view/postfix-the-definitive/0596002122/ch04s05.html 



Don't forget that I don't use Postfix, so check everything I've said
is right for your installation.  There may well be little quirks with
Postfix that I don't know about.  It's all very similar with the MTA
that I do use (Sendmail) but I can't be quite so sure with Postfix as
I can with Sendmail.

Fundamentally you need Postfix to know how to talk to clamav-milter,
clamav-milter to know how to talk to clamd, and the same in the other
direction; clamd needs to know how to talk to clamav-milter, and the
milter needs to know how to talk to Postfix.  That's more or less all
there is to it as far as the communications between the processes is
concerned, but then you have to configure it all to do what you want
it to do of course.  I see that you've started on that already with
things like detecting PUAs.



The canonical information on how to use milters in Postfix is in the 
Postfix source tree: README_FILES/MILTER_README.  There's also an HTML 
version.


And I would also second the Dove book Ged links to above, if you are 
about to start fiddling with Postfix configuration.  It's old, but it's 
probably the most complete, and of course, when in doubt look at the 
source,  has a lot of resources.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAVPlugin

[Gary R. Schmidt]

On 21/02/2021 15:25, Joe Acquisto-j4 wrote:
[SNIP]


I guess I missed how "simple" clamsmtp is to use, as I got the impression
it had to be compiled.  When it gave me errors on make, I put it aside. My
admittedly limited search skill must be deteriorating further as I did not find
much helpful in the way of documentation.

For instance, the links in the README supplied with the package such as
those below seem defunct:

http://memberwebs.com/swalter/software/clamsmtp/postfix.html

http://memberwebs.com/swalter/software/clamsmtp/transparent.html

So, I simply sighed deeply and mournfully  and moved on yet again.

If you have some good links, and docs please feel free to let me know.

It all looks good from here: 
, which is where I got it 
(and where it comes from).  All the links work, and match my memory of 
things.


Just cleaned and re-built it - I'm on Solaris - and it works fine.

./configure CC=cc --prefix=/opt/local

I don't have a SuSE box to hand, but on Centos 7...  No problem, 
configure runs cleanly, make throws a handful of warnings, it Just 
Works(TM).


Cheers,
GaryB-)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAVPlugin

[Gary R. Schmidt]

On 21/02/2021 11:49, Joe Acquisto-j4 wrote:
[SNIP]


For whatever reasons, I am finding it difficult to tease out how to correctly
insert clamav-milter into postfix.  Seems all my internet searches so far
turn up stuff that is suggestive, yet, not confidence inspiring.

I am not certain, for example, where to place the "call" to clamav-milter.  I 
can
see examples of syntax in the Postfix docs on milters, but . . .

This is why I went with clamsmtp, just a simple init script to start it 
up, and a couple of well-documented changes to master.cf and it all worked.


I suspect I would still be faffing around with learning about milters now!

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAVPlugin

[Gary R. Schmidt]

On 20/02/2021 00:52, Rick Cooper wrote:
[SNIP]


I don't run postfix and connecting clamd to exim is trivial requiring
nothing but a functioning clamd daemon.
However I did look at options that might be better at connecting to the
clamd daemon and were it me I would look at clamsmtpd for integration. Looks
pretty straight forward to  me:

http://thewalter.net/stef/software/clamsmtp/

I've been using ClamSMTP with Postfix since 2011, it was trivial to 
configure, and just works.


Cheers,
GaryB-)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] What are all the tmp.xyzuvwpqrs subdirs that keep accumulating

[Gary R. Schmidt]

On 12/02/2021 13:13, Paul Kosinski via clamav-users wrote:

For ClamAV 0.103.0:
   root@ime1:~# grep -i temporary /opt/clamav.d/clamav.0.103.0/etc/clamd.conf
   # Optional path to the global temporary directory.
   TemporaryDirectory /var/clamav/tmp
   # Do not remove temporary files (for debug purposes).
   LeaveTemporaryFiles 0

For ClamAV 0.102.1 it was the same:
   root@ime1:~# grep -i temporary /opt/clamav.d/clamav.0.102.2/etc/clamd.conf
   # Optional path to the global temporary directory.
   TemporaryDirectory /var/clamav/tmp
   # Do not remove temporary files (for debug purposes).
   LeaveTemporaryFiles 0

But the subdirs are in my "/opt/clamav.d/clamav.0.103.0/share/clamav/" directory. (I 
install each new version under opt, "just in case".)

And there's no "temporary". "tmp" or "temp" (except in the word "attempt") in 
my freshclam.conf file.



I just went looking and found "/opt/local/share/clamav/tmp.77a1455e78" 
dated October 30...
$ ll 
/opt/local/share/clamav/tmp.77a1455e78/clamav-37769720ed6dc18131606d4cf7347de0.tmp/

total 23762
  41 -rw-r--r--   1 clamav   clamav 17992 Oct 30 01:21 COPYING
   9 -rw-r--r--   1 clamav   clamav   424 Oct 30 01:21 daily.cfg
  25 -rw-r--r--   1 clamav   clamav  9404 Oct 30 01:22 daily.crb
  57 -rw-r--r--   1 clamav   clamav 26306 Oct 30 01:22 daily.fp
   9 -rw-r--r--   1 clamav   clamav  3530 Oct 30 01:22 daily.hdu
23585 -rw-r--r--   1 clamav   clamav   12058624 Oct 30 07:33 daily.hsb
   9 -rw-r--r--   1 clamav   clamav   195 Oct 30 01:22 daily.hsu
   9 -rw-r--r--   1 clamav   clamav  1245 Oct 30 01:22 daily.ign
   9 -rw-r--r--   1 clamav   clamav   931 Oct 30 01:22 daily.ign2
   9 -rw-r--r--   1 clamav   clamav  2282 Oct 30 01:21 daily.info

Looks like it might be a hangover from something that died unnaturally 
during an update??


Alas I do not recall if I was fiddling with ClamAV back then.

NOTE: Times are AEDT, so +11.

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam logs "DNS record is older than 3 hours."

[Gary R. Schmidt]

On 30/01/2021 01:04, Joel Esler (jesler) via clamav-users wrote:



[SNIP]


For context for the thread, because I may have missed it… what version of 
ClamAV?


Oops!

Clam AntiVirus: Daemon Client 0.103.0


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam logs "DNS record is older than 3 hours."

[Gary R. Schmidt]

On 29/01/2021 21:57, G.W. Haywood via clamav-users wrote:

Hi there,

On Fri, 29 Jan 2021, Gary R. Schmidt wrote:

I've just noticed that freshclam has logged "DNS record is older than 
3 hours." twice in the last few days.


It's not a problem, I just wonder that the underlying cause could be - 
is it just that DNS updates somewhere in there are slow on occasion??


It's probably not a problem for ClamAV, but if it keeps happening it
might indicate there's something which does need your attention.


[SNIP]

If you look at the code in .../libfreshclam/libfreshclam_internal.c at
around lines 1590-1640 in the latest version you'll see that (1) this
part of the code is only compiled under some circumstances, (2) it is
a fallback for when the primary means of getting the database version
fails and (3) the warning is only emitted if the time provided by the
system and the timestamp on the DNS record differ by more than 10800
seconds (a rather nasty hard-coded value in the source).

Yep, been there and had a look, just in case it was a symptom of 
something nasty.



My first check would be that the timestamps on all the log entries at
about the time that the messages were emitted make some sort of sense.


[SNIP]

Hi Ged,

Some background:
Solaris 11.4 Intel server, patched up to date.
It's the local DNS, NTP, SMTP, and so forth server.

The caching DNS talks to OpenDNS first, because I like to get 
correct-ish answers.

NTP talks to the various .au.pool.ntp.org servers.

(I am ancient BOFH, HR will be talking to me about long-term recovery in 
the next few years.  :-) )


It logs pretty much everything, and I'd already had a shufty at them, 
the only thing mentioned around then is freshclam doing its thing.


But!!

Your suggestions made a buried memory surface, for some reason we log 
all the DNS traffic, but under /var/named/log, because who wants all 
that guff flooding your normal logging area.


I went and had a look, at the time of the message there was trouble in 
River City:
26-Jan-2021 18:03:16.094 lame-servers: info: REFUSED unexpected RCODE 
resolving 'play.googleapis.com/TYPE65/IN': 208.67.222.222#53


With variations, for about a second, in the "auth_servers" channel.

So possibly there was a problem with getting to the OpenDNS servers, 
they're only in Sydney, about 10 hops away, but if the network betwixt 
us got clogged or foosled for a moment that may explain it.


It doesn't seem to cause any problems, and it is, after all, only a 
warning, and the databases seem to be updating around midnight here, so 
I'll not worry about it unless it becomes a fixture.


Thanx for the prod that reminded me we have other logs.  :-)

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] freshclam logs "DNS record is older than 3 hours."

[Gary R. Schmidt]

I've just noticed that freshclam has logged "DNS record is older than 3 
hours." twice in the last few days.



It's not a problem, I just wonder that the underlying cause could be - 
is it just that DNS updates somewhere in there are slow on occasion??



    Cheers,

        Gary    B-)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV Scan - Data Read vs Data Scanned

[Gary R. Schmidt]

On 03/11/2020 16:00, Paul Kosinski via clamav-users wrote:

"(don't you love C?)"

I have never understood why the originators of C didn't give integers
explicit widths in bits: their scheme made C code often non-portable.

Because C is intended to be very, very close to the machine 
architecture, only a step or tow above assembler, or doing the 
bit-twiddling by hand.



When I wrote code in the mid 1990s for the DEC Alpha, ints were 32 bits
while longs were 64 (unlike "standard" C). This made Alpha C code not
portable to lesser CPUs. On the other hand, when I wrote C on DOS for
the IBM PC in the late 1980s, ints were only 8 bits! It took some time
to figure out why my C-compliant code failed so badly. In spite of all
that, having started programming before C was invented, I can safely
say that C is better than its predecessors for software like ClamAV.

Uh, not a good example, I've written C code that is still in use on 
everything from 80286s (yes, Virginia, there are people who keep them 
alive, not just because they're cheap, sometimes just because they 
*can*) to DEC Alphas and Power and SPARC64 and PA-RISC, it's just a 
matter of knowing what you are doing, and sticking to it...



P.S. Good code these days tends to use typedefs defining things like
int32, uint64 etc. A shame the original ClamAV coders didn't do that.

And none of this has *anything* to do with the original problem - seeing 
0 when the value is 0.01, or so.


This is a display problem, not a storage problem.  You could declare 
something as PIC(999.99) and you will still only see 0 
if you told it to display two decimal places.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] running freshclam and 3rd party/clamav-unofficial-sigs.sh owner name changes occasionally

[Gary R. Schmidt]

On 10/10/2020 01:10, Robert Kudyba wrote:
Running ClamAV 103.0-1 on Fedora, I have freshclam 
and clamav-unofficial-sigs.sh from 
https://github.com/extremeshok/clamav-unofficial-sigs 



Every few weeks I'll start seeing this error:

ERROR: clam database directory (clam_dbs) not writable /var/lib/clamav

Running this fixes it:
su clamav -s '/usr/local/sbin/clamav-unofficial-sigs.sh'

Here are the files not owned by clamav:
-rw-r--r--  1 clamupdate clamupdate    296388 Sep 19  2019 bytecode.cvd
-rw-r--r--  1 clamupdate clamupdate 112832258 Sep 17 09:53 daily.cvd
-rw-r--r--  1 clamupdate clamupdate 117859675 Nov 25  2019 main.cvd

At first glance it appears someone is running "freshclam" manually as 
clamupdate/clamupdate.


Is there only one "freshclam" binary on the system?

Is it running as a daemon or being invoked by some other method(s)?

Is there another that is set{g,u}id clamupdate?

Oh, what binaries *are* set{g,u}id clamupdate?

And who/what regularly uses the "clamupdate" id?

Cheers,
GaryB-)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.103.0 released!

[Gary R. Schmidt]

On 14/09/2020 23:36, Joel Esler (jesler) wrote:




https://blog.clamav.net/2020/09/clamav-01030-released.html 


ClamAV 0.103.0 released!

Please visit the ClamAV Downloads page  to 
get your copy now!

ClamAV 0.103.0 highlights



Well, that was entertaining.

It initially didn't even want to configure on my Solaris 11.3 system.

Using gcc 9.3.0, freshly built  :-)

$ ./configure \
--disable-ipv6 \
--disable-silent-rules \
--disable-check \
--with-libbz2-prefix=/opt/local \
--prefix=/opt/sandbox

First problem: configure does not recognise 
"--with-libbz2-prefix=/opt/local", it tries to use the system's 
libbz2.so, which is a bit old.


Second problem:
...
checking that structure packing works... no
configure: error: Structure packing seems to be available, but is not 
working with this compiler


Hmm, look at config.log, it can't find libcharset.so.1, sigh, add CFLAGS 
and LDFLAGS...

$ ./configure \
CFLAGS=-I/opt/local/include \
LDFLAGS="-L/opt/local/lib -R/opt/local/lib" \
--disable-ipv6 \
--disable-silent-rules \
--disable-check \
--with-libbz2-prefix=/opt/local \
--prefix=/opt/sandbox

Now configure works, and coincidentally it finds the newer libbz2...

Onward!

$ gmake
...
../libtool: eval: line 1731: syntax error near unexpected token `|'
../libtool: eval: line 1731: `/bin/nm -p  ../libclammspack/mspack/.libs
/libclammspack_la-cabc.o 
../libclammspack/mspack/.libs/libclammspack_la-cabd.o 
../libclammspack/mspack/.libs/libclammspack_la-chmc.o 
../libclammspack/mspack/.libs/libclammspack_la-chmd.o 
../libclammspack/mspack/.libs/libclammspack_la-crc32.o 
../libclammspack/mspack/.libs/libclammspack_la-hlpc.o 
../libclammspack/mspack/.libs/libclammspack_la-hlpd.o 
../libclammspack/mspack/.libs/libclammspack_la-kwajc.o 
../libclammspack/mspack/.libs/libclammspack_la-kwajd.o 
../libclammspack/mspack/.libs/libclammspack_la-litc.o 
../libclammspack/mspack/.libs/libclammspack_la-litd.o 
../libclammspack/mspack/.libs/libclammspack_la-lzssd.o 
../libclammspack/mspack/.libs/libclammspack_la-lzxc.o 
../libclammspack/mspack/.libs/libclammspack_la-lzxd.o 
../libclammspack/mspack/.libs/libclammspack_la-mszipc.o 
../libclammspack/mspack/.libs/libclammspack_la-mszipd.o 
../libclammspack/mspack/.libs/libclammspack_la-oabc.o 
../libclammspack/mspack/.libs/libclammspack_la-oabd.o 
../libclammspack/mspack/.libs/libclammspack_la-qtmd.o 
../libclammspack/mspack/.libs/libclammspack_la-system.o 
../libclammspack/mspack/.libs/libclammspack_la-szddc.o 
../libclammspack/mspack/.libs/libclammspack_la-szddd.o   |  | /bin/gsed 
's/.* //' | sort | uniq > .libs/libclammspack.exp'

gmake[4]: *** [libclammspack.la] Error 2

Ah, munge configure files for Solaris nm post 2010 or so:
$ for i in `find . -name configure`
do
sed 's/BDRT/BCDRT/' $i > /tmp/configure.$$
mv /tmp/configure.$$ $i
chmod a+x $i
done

Rinse, lather, repeat.

It builds!

$ sudo gmake install

And
$ sudo /opt/sandbox/bin/freshclam -f -F
does the right things!  :-)

$ cd clamav-0.103.0/test
$ /opt/sandbox/bin/clamscan -v *
... And lots of "Clamav.Test.File-6 FOUND" messages.

Okay, do I feel lucky, shall I rebuild it and install

Well, if you don't hear back from me, it worked, or else I've been 
drowned in virii  :-)


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] PhishingScanURLs no/yes

[Gary R. Schmidt]

On 11/08/2020 00:53, Paul via clamav-users wrote:



[SNIP]


Further digging has led me to find that when 'PhishingScanURLs no" is 
set the signatures in safebrowsing.cld are not loaded by clamd.


Well, there's a win for plain and simple use of the English language (or 
a close approximation thereof.  ;-) ).


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Server Busy 421 - Debian 9

[Gary R. Schmidt]

On 28/05/2020 14:57, mauri via clamav-users wrote:

Hello

Debian 9, ClamAV and ClamSmtp daemon are running, the port are in listen 
state….. but if try to telnet to this


Appair the messeges « 421 Server busy, too many connections »


Having a gander at the source code, in common/smtppass.c:
#define SMTP_STARTBUSY  "421 Server busy, too many connections" CRLF
...
/* Check to make sure we have a thread */
if(fd != -1)
{
sp_messagex(NULL, LOG_ERR, "too many connections open (max 
%d). sent busy response", g_state.max_threads);

write(fd, SMTP_STARTBUSY, KL(SMTP_STARTBUSY));
shutdown(fd, SHUT_RDWR);
close(fd);
fd = -1;
}

Looks like you've run out of threads, and there should be a message in a 
log somewhere telling you the maximum, in the source the default is 64.


Of course, there is no telling what the Debian maintainers have done to 
the source code, it could be anything.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav website down ?

[Gary R. Schmidt]

On 28/05/2020 17:31, Arnaud Jacques wrote:

Hello,

Is it me of Clamav website is down ?


According to isup.me it's not just you.

Cheers,
GaryB-)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam errors

[Gary R. Schmidt]

On 28/03/2020 05:11, Dieter Raith wrote:
[SNIP log which shows the system is short of memory]


**free -m
   total    used    free  shared 
buff/cache   available

Mem:   2004 504 107  36 1391    1321
Swap: 0  0  0

*Any ideas?*


Add swap, 4 or 8 gig.

If it's a VM, give it 4 or 8 gig of memory, too, or upgrade the system 
to something with 4 or more gig.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam in clamav 0.102.2 stuck in cli_tgzload

[Gary R. Schmidt]

On 22/03/2020 19:57, Pierluigi Frullani via clamav-users wrote:


Gary,
I've installed the libz to 1.2.8 ( via opencsw packages ) but when I 
check for the libz I get:

-bash-3.2# ldd /usr/local/clamav/bin/freshclam | grep libz
         libz.so.1 =>     /opt/csw/lib/libz.so.1
         libz.so.1 =>     /usr/lib/libz.so.1
         libz.so.1 (SUNW_1.1) =>  (version not found)
         libz.so.1 =>     /opt/csw/lib/sparcv8plus+vis/libz.so.1
-bash-3.2#

The config option I've used are:
   $ ./configure --enable-milter --prefix=/usr/local/clamav 
--sysconfdir=/etc --with-openssl=/opt/csw/ --with-pcre=/usr/local 
--with-zlib=/opt/csw --with-libcurl=/opt/csw/


And here the summary from configure:
configure: Summary of detected features follows
               OS          : solaris2.10
               pthreads    : yes (-lpthread)
configure: Summary of miscellaneous features
               check       : no (auto)
               fanotify    : no (disabled)
               fdpassing   : n/a
               IPv6        : yes
               openssl     : /opt/csw/
               libcurl     : /opt/csw/
configure: Summary of optional tools
               clamdtop    : no (missing ncurses / pdcurses) (disabled)
               milter      : yes (-lmilter  -lsocket -lresolv -lpthread)
               clamsubmit  : no (missing libjson-c-dev. Use the website 
to submit FPs/FNs.) (disabled)

               clamonacc   : no (auto)
configure: Summary of engine performance features
               release mode: yes
               llvm        : no (disabled)
               mempool     : yes
configure: Summary of engine detection features
               iconv       : no
               bzip2       : ok
               zlib        : yes (zlib found at /opt/csw/)
               unrar       : yes
               preclass    : no (missing libjson-c-dev) (disabled)
               pcre        : /usr/local
               libmspack   : yes (Internal)
               libxml2     : yes, from /usr
               yara        : yes
               fts         : yes (internal, libc's is not LFS compatible)

-bash-3.2# ls -l /opt/csw/lib/libz.so.1*
lrwxrwxrwx   1 root     root          13 Aug 14  2018 
/opt/csw/lib/libz.so.1 -> libz.so.1.2.8
-rwxr-xr-x   1 root     bin       134060 Sep 23  2013 
/opt/csw/lib/libz.so.1.2.8


I don't understand why it's linking both libz ( from the /opt/csw and 
from /usr/lib which is the solaris default libz )


It's the "libxml2 : yes, from /usr" that is pulling in the system 
libz, grab the OpenCSW libxml2, and keep replacing system libraries, 
libcurl, frex, until it all goes away.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam in clamav 0.102.2 stuck in cli_tgzload

[Gary R. Schmidt]

On 22/03/2020 09:18, Pierluigi Frullani via clamav-users wrote:

Hi Mark
   thanks for your input.
Didn't work though :(
I've put a bit of debug messages to see where it is passing and it 
always pass in the "compr" check:


         pad = size % TAR_BLOCKSIZE ? (TAR_BLOCKSIZE - (size % 
TAR_BLOCKSIZE)) : 0;

         if (compr) {
             if (off == gzseek(dbio->gzs, 0, SEEK_CUR)) {
                 gzsek = gzseek(dbio->gzs, (long)size + pad, SEEK_CUR);
                 printf("gzseek \n");
             }
             else if (pad) {
                 gzseek(dbio->gzs, pad, SEEK_CUR);
                 printf("pad gzseek \n");
             }
Now the loop says:
  LibClamAV debug: cli_tgzload: Loading COPYING, size: 17992
gzseek
LibClamAV debug: cli_tgzload: Loading COPYING, size: 17992
gzseek

so it's in the first part of the "if".
Thinking it could have been a problem with gzseek I've added the "gzsek" 
variable so I can check the return value:

         if ( gzsek == -1 )
            break;

but it stays in loop.
So it could eventually be a problem with the libz library 

I've filed a bug to bugzilla, but try to find also by myself.



Solaris 10 has libz 1.2.3 - you might want to build the latest version 
(1.2.8?) and use that, I have vague memories that some newer source (not 
just clamav) just doesn't work with the older versions.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam in clamav 0.102.2 stuck in cli_tgzload

[Gary R. Schmidt]

On 21/03/2020 05:00, Stefan Bauer via clamav-users wrote:
Just out of curiosity, is Solaris still a thing or are you just playing 
around? No offend, I'm seroiusly interested to get some insight on 
solaris use cases.


I use Solaris - 11.3 on x64 at the moment - for my internet facing 
stuff, as it's a little less script-kiddie attractive.


Plus I am an ancient BOFH who started out on BSD 4.0 (on a VAX called 
munnari :-) ) and all those old 16- and 32-bit systems, PDP-5/8/11, 
VAXen of various ilk, m68K-based system, 16-bit HP MPE systems, la la la 
la la la  :->


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clam installation on Solaris 11

[Gary R. Schmidt]

On 26/02/2020 20:59, Gary R. Schmidt wrote:

On 26/02/2020 20:31, Martin Preen wrote:

On 26.02.20 10:19, Dawit Mesfin wrote:

Dear Clam team;

I am in the process of installing clam AV on one of Solaris 11 server 
for testing purpose . I downloaded the package for silaris  and try 
to install it , unfortunately I couldn't be successful installing it 
on the server


could you please assist me to do the installation if there is any 
workaround


Your prompt response is appreciated


I've had no problems building and installing it on Solaris 10/11.
I used something like

  configure --prefix=... --sysconfdir=/etc --datadir=/var/clamav 
--enable-bigstack
  --enable-strni --disable-rpath --disable-clamuko 
--with-dbdir=/var/clamav

  --with-user=daemon --with-group=other --with-libncurses-prefix=/usr
  --with-openssl=/usr --with-libbz2-prefix=/usr --with-libcurl=/usr 
--with-pcre=/usr


and environment flags MAKE=/usr/bin/gmake, NM=/usr/bin/gnm, CC=gcc,
  CXX=g++, CFLAGS/CXXFLAGS="-O3"

Some ClamAV version failed to build with the Solaris compiler,
Thus I'm using gcc, but I haven't tested it lately.

The current version builds on Solaris 11.3, using GCC/G++ 9.1.0 and the 
following:

=
export 
PATH=/usr/local/bin:/bin:/usr/bin:/sbin:/opt/developerstudio12.6/bin:.

# Fix configure files.
echo edit ... find . -name configure replace BDRT with BCDRT

for i in `find . -name configure`
do
     sed 's/BDRT/BCDRT/' $i > /tmp/configure.$$
     mv /tmp/configure.$$ $i
     chmod a+x $i
done

env CONFIG_SHELL=/bin/bash \
     /bin/bash ./configure \
     CONFIG_SHELL=/bin/bash \
     LDFLAGS=-R/opt/local/lib \
     --enable-unrar \
     --disable-ipv6 \
     --disable-silent-rules \
     --disable-check \
     --with-openssl=/opt/local \
     --with-libbz2-prefix=/opt/local \
     --with-libcurl=/opt/local \
     --prefix=/opt/local
=

This uses latest version of OpenSSL, cURL, bZIP2, and so on.

And, if you are trying to install from the Oracle repository, it is 
probably very, very out of date - it looks like it's 0.99.x from here...


CSW has version 1.100.2, which is old, too.

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamsmtpd does not scan rar files

[Gary R. Schmidt]

On 04/02/2020 11:38, Ntek, SIA Janis wrote:

Hello!

I have Debian 9.7 w/ postfix and ClamAV 0.100.2  I have made custom 
definition file /var/lib/clamav/archive_exe.cdb containing:

Archived_EXE:*:*:.*\.exe:*:*:*:*:*:*
So that every archive packed with exe would be treated as a virus. This 
works with .zip files and .7zip files but not with .rar files. I 
installed unrar package and libclamunrar9, restarted daemons and the 
system but still .rar files containing exe are let through.
I read that at some point unrar code was removed from ClamAV and now it 
only supports rar versions 1-2 but not 3. How to work around this? 
Someone suggested using --unrar option, but where do I put it? Conf file 
syntax doesn't seem to support this.


Just build ClamAV from source, with "--enable-unrar" and anything else 
you need, thus avoiding any reliance on someone else building it with 
what you want.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem to update virus database

[Gary R. Schmidt]

On 24/01/2020 23:40, j...@doc2disk.com wrote:

Hi

Many thanks

Please see a snapshot of the debug freshclam log


[SNIP]
This looks a lot like what I had a problem with, running freshclam 
manually would cause the daemon to fail.


Try stopping all of the clamav daemons, have a cup of tea, and re-start 
them, this cleared up my problem.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Error: cli_gentempfd_with_prefix: Can't create temporary file /var/lib/clamav/tmp/clamav-79a31bb0e183db96d4b7b27484373a6e.tmp: No such file or directory

[Gary R. Schmidt]

On 11/01/2020 23:09, G.W. Haywood via clamav-users wrote:

Hi there,

On Fri, 10 Jan 2020, Chris via clamav-users wrote:


Since upgrading to 0.102.1+dfsg-0ubuntu0.18.04.2 this past Wednesday
I'm seeing the above error in my syslog. I see the same error if I set
the temporary path to /var/tmp

clamd[25154]: LibClamAV Error: cli_gentempfd_with_prefix: Can't create
temporary file /var/tmp/clamav-f297c096fb16292e8547120761d949f3.tmp:
Permission denied

Permissions for /var/tmp are
drwxrwxrwt  13 root root 12288 Jan 10 19:26 tmp

and for /var/lib/clamav
drwxrwxr-x  3 clamav    clamav    4096 Jan 10 18:04 clamav

Any suggestions?


Check the list archives, I think this has been discussed recently.

I had a similar problem show up after I was fiddling around with a 
working freshclam - stopping the various clam* daemons, counting to ten, 
and re-starting them cleared the problem.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] EXT :Re: 0.102.1 and Solaris 11.3...

[Gary R. Schmidt]

On 03/12/2019 06:38, Micah Snyder (micasnyd) via clamav-users wrote:

I believe that building a trust store may be exactly what is needed.

Freshclam in 0.102 relies on openssl to validate certificates.  On Mac & 
Windows, it will import the native system certificate stores, but on all other 
operating systems it relies on openssl's certificate store.  If your machine 
doesn't have one set up, you'll have to build one.

As mentioned earlier, there is no automatic http fallback, but you can manually change the 
DatabaseMirror option in freshclam.conf from "database.clamav.net" to 
"http://database.clamav.net; if you wish.

It helps if you build cURL correctly, so that it can find the root 
certificates. :-)


As I stated earlier, I am an idiot, adding 
"--with-ca-path=/opt/local/ssl/certs" to the cURL build (and dropping a 
bunch of certificates there) made everything work, but the initial error 
message confused things, I am not sure just what mix of cURL and OpenSSL 
were involved in that.


I wonder if there is a simple way to test that cURL has access to a set 
of root certificates that doesn't involve network connectivity?  If the 
configure phase of ClamAV could check that cURL/libcurl works, that 
might be helpful?


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] 0.102.1 and Solaris 11.3...

[Gary R. Schmidt]

On 02/12/2019 16:30, Gary R. Schmidt wrote:

On 2019-12-02 15:24, Gary R. Schmidt wrote:



"wget https://database.clamav.net/daily.cvd; works, dammit!



I am an idiot:
$ curl https://database.clamav.net/daily.cvd
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Okay, I'll go fix it...


I'm now sure this is a curl/openssl problem, nothing to do with clamav.

Sorry for the noise on the channel (but if someone can tell me how to 
make openssl 1.1.1 pick up the root certificates... :-) ).


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] 0.102.1 and Solaris 11.3...

[Gary R. Schmidt]

On 2019-12-02 15:24, Gary R. Schmidt wrote:



"wget https://database.clamav.net/daily.cvd; works, dammit!



I am an idiot:
$ curl https://database.clamav.net/daily.cvd
curl: (60) SSL certificate problem: unable to get local issuer 
certificate

More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could 
not
establish a secure connection to it. To learn more about this situation 
and

how to fix it, please visit the web page mentioned above.

Okay, I'll go fix it...

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] 0.102.1 and Solaris 11.3...

[Gary R. Schmidt]

Combined answer to  "J.R." and "Andrew Watkins":

That pointed me at a few things, first, I updated some tools.

I am now using OpenSSL 1.1.1d, bzip2 1.0.8, curl 7.67.0, and GCC 9.1.0.

Configured thusly:

env CONFIG_SHELL=/bin/bash \
/bin/bash ./configure \
CONFIG_SHELL=/bin/bash \
LDFLAGS=-R/opt/local/lib \
--enable-unrar \
--disable-ipv6 \
--disable-silent-rules \
--disable-check \
--with-openssl=/opt/local \
--with-libbz2-prefix=/opt/local \
--with-libcurl=/opt/local \
--prefix=/opt/local

Now, I get the following:
=
Mon Dec  2 14:58:54 2019 -> ClamAV update process started at Mon Dec  2 
14:58:54 2019
Mon Dec  2 14:58:54 2019 -> *Current working dir is 
/home/grs/src/clamav-0.102.1/NEW/

Mon Dec  2 14:58:54 2019 -> *Querying current.cvd.clamav.net
Mon Dec  2 14:58:54 2019 -> *TTL: 993
Mon Dec  2 14:58:54 2019 -> *fc_dns_query_update_info: Software version 
from DNS: 0.102.1
Mon Dec  2 14:58:54 2019 -> *Current working dir is 
/home/grs/src/clamav-0.102.1/NEW/
Mon Dec  2 14:58:54 2019 -> *check_for_new_database_version: No local 
copy of "daily" database.
Mon Dec  2 14:58:54 2019 -> *query_remote_database_version: daily.cvd 
version from DNS: 25650
Mon Dec  2 14:58:54 2019 -> daily database available for download 
(remote version: 25650)
Mon Dec  2 14:58:54 2019 -> *Retrieving 
https://database.clamav.net/daily.cvd
Mon Dec  2 14:58:54 2019 -> *downloadFile: Download source:  
https://database.clamav.net/daily.cvd
Mon Dec  2 14:58:54 2019 -> *downloadFile: Download destination: 
/home/grs/src/clamav-0.102.1/NEW/tmp/clamav-d7fb545c18f86fcdc39d1bdb45d124e1.tmp

*   Trying 104.16.219.84:443...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* ALPN, offering http/1.1
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
...
repeats a couple of times
...
=

Stepping through the code gets to "curl_easy_perform()," which then 
throws the error.


Google "SSL certificate problem: unable to get local issuer certificate" 
points me at not having new enough root certificate(s).


"wget https://database.clamav.net/daily.cvd; works, dammit!

Q'n'D "cd /opt/local/etc ; ln -s /etc/certs ." didn't fix it.

New root certificates needed?

Or may be cURL isn't finding them??

Might build a debug libcurl...  :->

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] 0.102.1 and Solaris 11.3...

[Gary R. Schmidt]

On 01/12/2019 00:19, Mark Fortescue via clamav-users wrote:

Hi Gary,

How much memory do you have available.

You probably need 8G or more of ram for the latest and greatest as my 
understanding is that may be storing two copies of the databases in ram 
to speed up database reloading delays.


Your SSL library is running out of memory after downloading the daily 
database and then can't connect for downloading all the daily updates.


If you have plenty of memory then the other alternative is that there is 
a buffer overrun during the daily decompression and that is messing up 
the malloc() tables.


Do you have 'valgrind'. That would help find any buffer overruns but it 
does take a bit of getting use to for first time users.


There are more primitive approaches for finding buffer overruns but you 
would need to be vary familiar with the SSL and freshclam source code 
for these.




Hi,

Thanks for that, but this is "freshclam" we are talking about, which 
does not keep two copies of the database(s) in memory, that's "clamd."


And the machine has 8Gb of RAM (and 10Gb of swap), unless there is a 
requirement to build 0.102.x as 64-bit[1] that I missed this shouldn't 
matter.


Cheers,
GaryB-)

1 - If this is necessary, then configure needs to be fixed.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] 0.102.1 and Solaris 11.3...

[Gary R. Schmidt]

Hi Clamav,


0.102.1 builds on Solaris 11.3 x64, but freshclam fails.


Using GCC 9.1.0, not the real compiler.


As auto*** is borked for Solaris, first I have to:

for i in `find . -name configure`
do
    sed 's/BDRT/BCDRT/' $i > /tmp/configure.$$
    mv /tmp/configure.$$ $i
    chmod a+x $i
done

Then:

env CONFIG_SHELL=/bin/bash \
    /bin/bash ./configure \
    CONFIG_SHELL=/bin/bash \
    LDFLAGS=-R/opt/local/lib \
    --enable-unrar \
    --disable-ipv6 \
    --disable-silent-rules \
    --disable-check \
    --prefix=/opt/local

It builds and installs happily, and clamd seems fine, but freshclam does 
not work.



I have reverted to 0.101.5 (configured in the same way) for the 
meantime, it is fine.



Output from "sudo freshclam/.libs/freshclam -v --debug -F":

===

Sat Nov 30 12:50:35 2019 -> ClamAV update process started at Sat Nov 30 
12:50:35 2019

Sat Nov 30 12:50:35 2019 -> *Current working dir is /opt/local/share/clamav/
Sat Nov 30 12:50:35 2019 -> *Querying current.cvd.clamav.net
Sat Nov 30 12:50:35 2019 -> *TTL: 226
Sat Nov 30 12:50:35 2019 -> *fc_dns_query_update_info: Software version 
from DNS: 0.102.1

Sat Nov 30 12:50:35 2019 -> *Current working dir is /opt/local/share/clamav/
Sat Nov 30 12:50:35 2019 -> *check_for_new_database_version: Local copy 
of daily found: daily.cld.
Sat Nov 30 12:50:35 2019 -> *query_remote_database_version: daily.cvd 
version from DNS: 25648
Sat Nov 30 12:50:35 2019 -> daily database available for update (local 
version: 25647, remote version: 25648)

LibClamAV debug: in cli_untgz()
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/COPYING
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.info
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.cfg
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ndb
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.mdu
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.msu
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.fp
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ldu
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.pdb
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.mdb
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ndu
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.sfp
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.msb
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ldb
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.hdb
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.wdb
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ftm
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.hsb
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.cdb
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ign2
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.idb
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ign
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.hdu
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.hsu
LibClamAV debug: cli_untgz: Unpacking 
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.crb

LibClamAV debug: in cli_untgz_cleanup()
Sat Nov 30 12:50:36 2019 -> *Retrieving 
https://database.clamav.net/daily-25648.cdiff
Sat Nov 30 12:50:36 2019 -> *downloadFile: Download source:  
https://database.clamav.net/daily-25648.cdiff
Sat Nov 30 12:50:36 2019 -> *downloadFile: Download 

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.3 security patch release and 0.102.0-beta have been published

[Gary R. Schmidt]

On 06/08/2019 05:32, Joel Esler (jesler) wrote:




https://blog.clamav.net/2019/08/clamav-01013-security-patch-release-and.html 


ClamAV 0.101.3 security patch release and 0.102.0-beta have been published

We are pleased to introduce the ClamAV 0.101.3 security patch release and a 
beta for the upcoming 0.102 feature release.



Hehe!

Aug  6 16:37:46 thisun freshclam[5031]: [ID 702911 local6.info] 
freshclam daemon 0.101.3 (OS: solaris2.11, ARCH: i386, CPU: i386)
Aug  6 16:37:46 thisun freshclam[5031]: [ID 702911 local6.info] ClamAV 
update process started at Tue Aug  6 16:37:46 2019
Aug  6 16:37:46 thisun freshclam[5031]: [ID 702911 local6.warning] Your 
ClamAV installation is OUTDATED!
Aug  6 16:37:46 thisun freshclam[5031]: [ID 702911 local6.warning] Local 
version: 0.101.3 Recommended version: 0.101.2
Aug  6 16:37:46 thisun freshclam[5031]: [ID 702911 local6.info] DON'T 
PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Aug  6 16:37:46 thisun freshclam[5031]: [ID 702911 local6.info] main.cld 
is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Aug  6 16:37:46 thisun freshclam[5031]: [ID 702911 local6.info] 
daily.cld is up to date (version: 25532, sigs: 1700531, f-level: 63, 
builder: raynman)
Aug  6 16:37:46 thisun freshclam[5031]: [ID 702911 local6.info] 
bytecode.cld is up to date (version: 330, sigs: 94, f-level: 63, 
builder: neo)
Aug  6 16:37:46 thisun freshclam[5031]: [ID 702911 local6.info] 
--


Something hasn't been pushed far enough!

This is in Oz, so GMT-10 at the moment...

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Any way to auto-update Clam engine (freshclam or any other tools)

[Gary R. Schmidt]

On 12/03/2019 23:23, Scott Kitterman via clamav-users wrote:



On March 12, 2019 11:22:05 AM UTC, Matus UHLAR - fantomas via clamav-users 
 wrote:

On 12.03.19 13:58, Sunhux G via clamav-users wrote:

I'm on Solaris 10 x86 : we disabled compilers as part of our OS

hardening;

much appreciated if someone can help me make/compile one for our OS.
So far I can't locate any 0.101.1 for Solaris 10 x86,  only for
RHEL/Windows.


it's strange that you disable compiling from source code as part of
hardening, but you are willing to take code compiled by someone else
and run
it locally.

How do you know that the code doesn't contain backdoor?


You are thinking about security.  This seems to be about compliance.  It's only 
distantly related.


True.

Looks more like Standard Auditory Compliance by Incompetence to me (but 
I'm a cynical old BOFH, so much of what goes on these days is 
thinly-disguised incompetence).


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav 0.101.1 dosn't compile on solaris anymore.

[Gary R. Schmidt]

On 21/02/2019 01:37, SCOTT PACKARD wrote:

unixpackages.com uses gcc-3.4.6 and has clamav built, along with 20 dependency 
packages.
Pointing it out because 'severely ancient' compilers aren't necessarily the 
issue here.

I'd completely forgotten about unixpackages - but they've only got 
0.100.2...  (And I remembered why I'd forgotten about them, not enough 
value for money.)


Which is why I've gradually switched back to building anything important 
on the Solaris boxes myself, the real compiler is free (support's 
expensive, but we pay it), and building gcc still works (but when will 
even that succumb to the "works on Ubuntu and Fedora" definition of 
portable).


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav 0.101.1 dosn't compile on solaris anymore.

[Gary R. Schmidt]

On 20/02/2019 17:13, Pierluigi Frullani wrote:

Hi all,
  I was upgrading my clamav installation on solaris 10 but it doesn't 
compile anymore:


[SNIP]

cc1plus: error: unrecognized command line option 
"-Wno-logical-op-parentheses"

cc1plus: error: unrecognized command line option "-Wno-dangling-else"
*** Error code 1
The following command caused the error:
echo "  CXX     " libclamunrar_la-archive.lo;/bin/bash ../libtool 
--silent --tag=CXX   --mode=compile g++ -DHAVE_CONFIG_H -I. -I.. 
-I../libclammspack  -I.. -I./nsis -I../libltdl  -DWARN_DLOPEN_FAIL  -I.. 
-I./nsis -I../libltdl  -DWARN_DLOPEN_FAIL -DRARDLL 
-Wno-logical-op-parentheses -Wno-switch -Wno-dangling-else -g -O2 -MT 
libclamunrar_la-archive.lo -MD -MP -MF .deps/libclamunrar_la-archive.Tpo 
-c -o libclamunrar_la-archive.lo `test -f '../libclamunrar/archive.cpp' 
|| echo './'`../libclamunrar/archive.cpp

make: Fatal error: Command failed for target `libclamunrar_la-archive.lo'
Current working directory /root/develop/clamav-0.101.1/libclamav
*** Error code 1

Any idea on what I can check ?

Here some specs for the environment:
Solaris 10 u11 ( 1/13 ) latest patches.
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)

That is a severely ancient GCC/G++ installation (2004!!), OpenCSW is up 
to 4.9.2/5.5.0 for S10, and I recently built 7.3.0 from source on 
Solaris 10 and 11 for $ORK.


Update your GCC/G++ to something recent, and try again.  FWIW, I've 
built clamav 0.101.1 on S11.3 using my build of GCC 7.3.0.


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.1 Patch has been released

[Gary R. Schmidt]

On 11/01/2019 04:34, Micah Snyder (micasnyd) wrote:
[SNIP]
>
Type casting to disable warnings sometimes only masks potential issues 
and should only be done with extreme care.



This!  This!!  So many, many, many times this!!!

Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.1 Patch has been released

[Gary R. Schmidt]

On 09/01/2019 00:01, Joel Esler (jesler) wrote:

Solaris is definitely not one of the OSs in our build farm.  Just FYI.

Oh, I'm not surprised about that, I can't even attempt to justify you 
having an x64 VM set-up to build clamav, given that the set of Solaris 
clamav users may be no greater than 1!  :-)


That said, I had a bit more of a look at the problem, it appears to be a 
32-bit build only problem, 64-bit builds do not show this problem, on 
either Solaris or OpenSUSE Tumbleweed.


Getting 64-bit builds working completely on Solaris is a bitch-fight 
with configure, I didn't try to get a 32-bit build working on Tumbleweed.


Given that the problem has also been seen on a Linux system, I expect it 
will be dealt with, in the fullness of time.  ;-)


Cheers,
GaryB-)


On Jan 8, 2019, at 1:05 AM, Gary R. Schmidt  wrote:

On 08/01/2019 05:33, Joel Esler (jesler) wrote:


https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html 
<https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html>

ClamAV 0.101.1 Patch has been released

ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0 
specifically for developers that depend on libclamav. The issue in 0.101.0 is 
that clamav.h required supporting headers that were not provided on make 
install. To address this issue, the internal cltypes.h header has been replaced 
by a clamav-types.h that is generated on ./configure and will be installed 
alongside clamav.h.

Other changes

Increased the default CommandReadTimeout to reduce the chance of mail loss if 
using clamav-milter with the TCP socket. Contribution by Scott Kitterman. Fixes 
for --with-libjson and --with-libcurl to correctly accept library install path 
arguments.

Acknowledgements

  The ClamAV team thanks the following individuals for their code submissions: 
Scott Kitterman

Known Issues

Some users have observed crashes the first time running freshclam after 
upgrading from 0.100 to 0.101. We haven't yet tracked down the source of the 
issue, but have found that the issue resolves itself and that subsequent calls 
to freshclam work as expected.

Please download and update to 0.101.1 <http://www.clamav.net/downloads>, send us your 
feedback on ClamAV-Users 
<http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>.

Building on Solaris 11.3 with GCC/G++ 7.3.0 and I just noticed gives this 
warning.  The warning was also in 0.101.0, and possibly earlier versions, but I 
didn't notice it.

--
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I../libclammspack -I.. -I./nsis 
-I../libltdl -DWARN_DLOPEN_FAIL -I/usr/local/include -I/opt/local/include 
-I../libclammspack/mspack -DHAVE_INTERNAL_MSPACK -DHAVE_YARA 
-DSEARCH_LIBDIR=\"/opt/local/lib\" -I/usr/local/include -I/usr/include/json-c 
-I/usr/local/include -I/usr/local/include -I/usr/include/libxml2 -g -O2 
-fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -MT 
libclamav_la-pdf.lo -MD -MP -MF .deps/libclamav_la-pdf.Tpo -c pdf.c  -fPIC -DPIC -o 
.libs/libclamav_la-pdf.o
pdf.c: In function 'find_length':
pdf.c:947:80: warning: passing argument 5 of 'cli_strntoul_wrap' from 
incompatible pointer type [-Wincompatible-pointer-types]
 if (CL_SUCCESS != cli_strntoul_wrap(index, bytes_remaining, 0, 10, 
)) {

^
In file included from yara_clam.h:46:0,
 from others.h:58,
 from matcher.h:29,
 from others.h:22,
 from pdf.c:56:
str.h:78:12: note: expected 'long unsigned int *' but argument is of type 
'size_t * {aka unsigned int *}'
cl_error_t cli_strntoul_wrap(const char *buf, size_t buf_size, int 
fail_at_nondigit, int base, unsigned long *result);
^
--

Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.1 Patch has been released

[Gary R. Schmidt]

On 08/01/2019 05:33, Joel Esler (jesler) wrote:




https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html 


ClamAV 0.101.1 Patch has been released

ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0 
specifically for developers that depend on libclamav. The issue in 0.101.0 is 
that clamav.h required supporting headers that were not provided on make 
install. To address this issue, the internal cltypes.h header has been replaced 
by a clamav-types.h that is generated on ./configure and will be installed 
alongside clamav.h.

Other changes

Increased the default CommandReadTimeout to reduce the chance of mail loss if 
using clamav-milter with the TCP socket. Contribution by Scott Kitterman. Fixes 
for --with-libjson and --with-libcurl to correctly accept library install path 
arguments.

Acknowledgements

  The ClamAV team thanks the following individuals for their code submissions: 
Scott Kitterman

Known Issues

Some users have observed crashes the first time running freshclam after 
upgrading from 0.100 to 0.101. We haven't yet tracked down the source of the 
issue, but have found that the issue resolves itself and that subsequent calls 
to freshclam work as expected.

Please download and update to 0.101.1 , send us your 
feedback on ClamAV-Users 
.


Building on Solaris 11.3 with GCC/G++ 7.3.0 and I just noticed gives 
this warning.  The warning was also in 0.101.0, and possibly earlier 
versions, but I didn't notice it.


--
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I../libclammspack -I.. 
-I./nsis -I../libltdl -DWARN_DLOPEN_FAIL -I/usr/local/include 
-I/opt/local/include -I../libclammspack/mspack -DHAVE_INTERNAL_MSPACK 
-DHAVE_YARA -DSEARCH_LIBDIR=\"/opt/local/lib\" -I/usr/local/include 
-I/usr/include/json-c -I/usr/local/include -I/usr/local/include 
-I/usr/include/libxml2 -g -O2 -fno-strict-aliasing -D_LARGEFILE_SOURCE 
-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -MT libclamav_la-pdf.lo -MD 
-MP -MF .deps/libclamav_la-pdf.Tpo -c pdf.c  -fPIC -DPIC -o 
.libs/libclamav_la-pdf.o

pdf.c: In function 'find_length':
pdf.c:947:80: warning: passing argument 5 of 'cli_strntoul_wrap' from 
incompatible pointer type [-Wincompatible-pointer-types]
 if (CL_SUCCESS != cli_strntoul_wrap(index, 
bytes_remaining, 0, 10, )) {


^
In file included from yara_clam.h:46:0,
 from others.h:58,
 from matcher.h:29,
 from others.h:22,
 from pdf.c:56:
str.h:78:12: note: expected 'long unsigned int *' but argument is of 
type 'size_t * {aka unsigned int *}'
 cl_error_t cli_strntoul_wrap(const char *buf, size_t buf_size, int 
fail_at_nondigit, int base, unsigned long *result);

^
--

Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] One question 

[Gary R. Schmidt]

On 29/12/2018 19:54, Dorian ROSSE wrote:

Hello,


Do an e-mail server without machine learning script hasn't right to your 
last clamav production 0.101.0 instead 0.100.2?


Thank you in advance to answer my question,



Please re-post your questions in your native language (I presume French) 
as they makes no sense in English.


Veuillez republier vos questions dans votre langue maternelle (je 
présume le français) car elles n’ont aucun sens en anglais.


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

[Gary R. Schmidt]

On 11/12/2018 11:46, Dennis Peterson wrote:
Exactly right. We can't be blaming the ClamAV process when we don't use 
the ClamAV process. People that don't use freshclam should have no 
expectation of high reliability. In fact any expectations are baseless 
when the wrong tools are employed.




Sigh.

Does no one actually READ THE MESSAGES???

The OP's problem is:

FRESHCLAM FAILS, REPEATEDLY, UNTIL ALL MIRRORS ARE MARKED AS BAD
AND NO UPDATES CAN OCCUR.

Pissing up a rope about "you shouldn't do various work-arounds" is a 
waste of time and bandwidth.


The OP has shown that different Cloudflare nodes give (him) different 
results, someone should be asking CLoudflare about how this can be 
addressed, not dismissing the very valid and basic problem.


This sort of behaviour just proves that Dunning-Kruger is alive and 
involved in far too many OSS projects.


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Installation problem.

[Gary R. Schmidt]

On 2018-12-07 18:28, nikos wrote:

Hello list.

I'm trying to install the now version of clam and it seems to be
compilation problems.

I run ./configure --sysconfdir=/etc --enable-milter in the programs
folder and I get the error:

checking for g++... no
checking for c++... no
checking for gpp... no
checking for aCC... no
checking for CC... no
checking for cxx... no
checking for cc++... no
checking for cl.exe... no
checking for FCC... no
checking for KCC... no
checking for RCC... no
checking for xlC_r... no
checking for xlC... no
checking whether the C++ compiler works... no
configure: error: in `/home/admin/clamav-0.101.0':
configure: error: C++ compiler cannot create executables
See `config.log' for more details

I always install clam from source, as the previous versions. The funny
thing is, if exctract and run configure in the previous version
clamav-0.100.2 every works fine!

I have a server with latest centos release, full updated.

Any suggestions?

Given that your command line works for me, and that your old version is 
fine, I suspect a problem with what you have downloaded, so try getting 
it again.


Anther thought is that you have run out of space in /home/admin.

And a third is just run configure without any options.

Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV mirrors have gotten worse!

[Gary R. Schmidt]

On 23/11/2018 22:45, Gene Heskett wrote:

On Friday 23 November 2018 03:43:40 Dennis Peterson wrote:


On 11/22/18 8:51 PM, Paul Kosinski wrote:

I wonder how many users of ClamAV actually log their freshclam
updates. Those who don't likely won't notice freshclam temporary
failures due to an out-of-sync condition.


I just checked logs on two systems dating from July 1 and see no
failures. I isolated the signature serial numbers and time tags and
all were received with clock like precision. Freshclam is launched
every three hours from cron.d and incorporates a randomizer to create
a delay to help avoid pileups on common cardinal clock positions. No
serial numbers were missed within the time slot.

dp


I did keep a tail on mine, but it Just Works(TM)  That is what its
supposed to do I believe. :)

As does mine, as it has since I don't know when, and my freshclam.conf 
has logging turned on.


It *didn't* work during the switch over to Cloudflare, but has been fine 
since that stabilised, but when it wasn't working I had a cron job that 
deleted "mirrors.dat" every hour, which reduced the failure rate.


But the OP has refused to consider trying that.

Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Updates from ClamAV blocked by Cloudflare

[Gary R. Schmidt]

On 2018-11-07 13:57, twee...@secmail.pro wrote:

https://notabug.org/themusicgod1/cloudflare-tor/issues/32
http://forums.clamwin.com/viewtopic.php?t=4915

What now? How can I update my computer?

What you should do is find out *why* cloudflare has banned your IP 
address, and get that fixed, because if you are on a ban list then you 
will find that more and more sites will refuse to accept connections.


Short term - use a machine that is not on a blocked IP address to 
download items, and transfer them manually.


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Guide/instructions for installing ClamAV on Solaris 10 x86

[Gary R. Schmidt]

On 01/11/2018 12:37, Givar Go wrote:


http://rsync.opencsw.org/opencsw/testing/i386/5.10/

Above URL is probably the link with the most packages I could find for 
Solaris.


Q1:
Is i386 the right platform for x86?  Could find for Sparc & x86 only.

Q2:
Downloaded from above URL all the dependent & Clam packages.
However, our beginner UNIX admin requires an installation guide 
specifically for Solaris.

Anyone has a copy to share?
What I've got is for Linux which deals mostly with  .tar.gz but the 
packages from above are .pkg.gz.


Q3:
For 2 of the packages, above URL only has it for SunOS 5.8 & 5.9:
   common : only for SunOS5.8
   libbz2_1_0 : only for SunOS5.9
Without building one, does Oracle or any site has a 'ready-to-use' for 
SunOS5.10 for above 2 packages?


You use the "pkgutil" program, from the OpenCSW page: 
 
to install stuff, it takes care of all the dependencies.


That said, OpenCSW is a bit behind the times, it's easier to compile and 
install your own version for Solaris, here's the script I use to fix 
things and build on Solaris:

=Cut=Here
#! /bin/bash
#
# Fix configure files.
echo edit ... find . -name configure replace BDRT with BCDRT

for i in `find . -name configure`
do
sed 's/BDRT/BCDRT/' $i > /tmp/configure.$$
mv /tmp/configure.$$ $i
done

echo edit ...libclamav.map remove cli_strndup
for i in `find . -name libclamav.map`
do
sed '/cli_strndup/d' $i > /tmp/map.$$
mv /tmp/map.$$ $i
done


env CONFIG_SHELL=/bin/bash \
/bin/bash ./configure \
CC=cc \
CONFIG_SHELL=/bin/bash \
--disable-ipv6 \
--prefix=/opt/local
exit $?
=Cut=Here

Of course, this assumes that you have installed Developer Studio to get 
a Compiler, get it here: 



Hope this helps - but you should send your beginner on a training course 
or twenty, it sounds like they really don't have a clue.


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Latest report on update "delays"

[Gary R. Schmidt]

On 23/10/2018 16:17, Paul Kosinski wrote:

Two observations: First, a smoothly working freshclam mechanism
shouldn't require workarounds.
Well, yes, but it works smoothly for a very large number of people, 
myself included.



And I suspect many ClamAV users
wouldn't be able to deal with workarounds like this.
This I disagree with - if they are bright enough to go looking for 
something like ClamAV then they'd be able to handle the trivial task of 
adding a line to a crontab file.



Second, any time freshclam fails due to an out-of-sync problem, there
has been a useless load on the mirrors (although I suppose using cdiffs
would significantly reduce the useless data transfer). Plus there is
useless load on the client machine and its LAN.
There is a load only on the mirrors you are accessing, the rest of them 
keep doing their job.


Have you absolutely ruled out the possibility of someone having set up a 
transparent proxy on your border router(s)?


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Latest report on update "delays"

[Gary R. Schmidt]

On 23/10/2018 13:28, Paul Kosinski wrote:

"I'm convinced that [malware analysis] interval exceeds the delay due to
sync problems by such a margin that the first interval needs as much
focus as can be committed while the distribution issues are handled at
a lower priority."

I mainly agree (and I much appreciate the efforts of the ClamAV team).

What we found, unfortunately, was that after the switch to Cloudflare,
the mirror sync problems observed by "stock" freshclam resulted in all
the mirrors being blacklisted, causing future ClamAV virus updates to
cease. This meant distribution issues became extremely important.

Would just adding a cron job that deletes "mirrors.dat" every so often 
be an acceptable work-around?


It amuses me that my mirrors.dat file contains five entries that all 
point to the same IP address, that's just a bit pointless!


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gary R. Schmidt]

On 02/07/2018 00:35, Reindl Harald wrote:


Am 01.07.2018 um 16:33 schrieb Gary R. Schmidt:

On 01/07/2018 22:37, Reindl Harald wrote:
[SNIP]


do you see any ipv6 address here? the stack is disabled and even in that
cases freshclam comes with ipv6 error messages


Do you know the difference between running an IPv6 stack and doing a
name lookup for an  record?

surely - but where is the point to do so on a ipv4-only setup?

hint: i am for sure the wrong person for such silly questions given what
i maintain and develop over the last 15 years


Ah, you're new.


15 years isn't that long, there's stuff I wrote more than twice that 
long ago still in use.



And yes, doing a lookup for an  record is silly in an IPv4-only 
environment, but if the code is compiled to be IPv6 capable then that is 
what it probably should do.



    Cheers,

        Gary    B-)


P.S. Irrelevant claims of infinite experience don't impress anyone.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gary R. Schmidt]

On 01/07/2018 22:37, Reindl Harald wrote:
[SNIP]

> do you see any ipv6 address here? the stack is disabled and even in that
> cases freshclam comes with ipv6 error messages
>
Do you know the difference between running an IPv6 stack and doing a 
name lookup for an  record?


    Cheers,
        Gary    B-)

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gary R. Schmidt]

On 01/07/2018 23:00, Gene Heskett wrote:

On Sunday 01 July 2018 08:22:03 Gary R. Schmidt wrote:

[SNIP]


Now, testing for IPv6 connectivity might turn a temporary failure into
a permanent one, which is not good,


Needs an explanation. Udev is the only thing that will turn a temp
failure permanent, until you edit the rule at least.

I meant testing inside freshclam and turning a temporary IPv6 failure 
into a permanent one.


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gary R. Schmidt]

On 01/07/2018 21:05, Reindl Harald wrote:


Am 01.07.2018 um 08:17 schrieb Gary R. Schmidt:

On 01/07/2018 10:22, Gene Heskett wrote:

I'm still logging this about every other freshclam run:

Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101:
Network is unreachable
Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)

And I've rm'd mirrors.dat several times.


Do you have an IPv6 network connection to the outside world?

That's what "2400:cb00:2048:1::6810:ba8a" is trying to do.

I noticed the same thing was happening with my freshclam, had a look at
the configure options, reconfigured with "--disable-ipv6", rebuilt and
reinstalled

build from source is not an option for most users and trying ipv6 on a
obvious ipv4-only machine where even the loopback device don#t have a
ipv6 address is a bug - it's that easy


Do any machines *not* have IPv6 stacks installed these days?

They may not have IPv6 connectivity to the outside world, but all my 
Solaris, Linux, and Windows boxes have IPv6 stacks installed by default.


So testing for an IPv6 loopback would still say "go for it."

Now, testing for IPv6 connectivity might turn a temporary failure into a 
permanent one, which is not good, it would probably be better for the 
IPv6 failure message to say "IPv6 connection failed, trying IPv4."



    Cheers,

        Gary    B-)

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gary R. Schmidt]

On 01/07/2018 10:22, Gene Heskett wrote:

I'm still logging this about every other freshclam run:

Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101:
Network is unreachable
Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)

And I've rm'd mirrors.dat several times.


Do you have an IPv6 network connection to the outside world?

That's what "2400:cb00:2048:1::6810:ba8a" is trying to do.

I noticed the same thing was happening with my freshclam, had a look at 
the configure options, reconfigured with "--disable-ipv6", rebuilt and 
reinstalled.


No more noise.

Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Mirror Load + ClamAV Updates

[Gary R. Schmidt]

On 28/06/2018 07:57, Joel Esler (jesler) wrote:

Following up to this email from yesterday.

We've been adjusting over the past 24 hours for different zones 
throughout the world.  Any feedback?



Here in Oz it's currently working:

Jun 28 07:55:21  freshclam: Received signal: wake up
Jun 28 07:55:21  freshclam: ClamAV update process started at Thu Jun 
28 07:55:21 2018
Jun 28 07:55:21  freshclam: main.cld is up to date (version: 58, 
sigs: 4566249, f-level: 60, builder: sigmgr)

Jun 28 07:55:25  freshclam: Downloading daily-24702.cdiff [100%]
Jun 28 07:56:32  freshclam: daily.cld updated (version: 24702, sigs: 
1996049, f-level: 63, builder: neo)
Jun 28 07:56:32  freshclam: bytecode.cld is up to date (version: 
322, sigs: 90, f-level: 63, builder: neo)
Jun 28 07:57:50  freshclam: Database updated (6562388 signatures) 
from db.au.clamav.net (IP: 104.16.186.138)
Jun 28 07:57:50  freshclam: Clamd successfully notified about the 
update.

Jun 28 07:57:50  freshclam: --

Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] error while loading shared libraries

[Gary R. Schmidt]

On 16/04/2018 00:10, Reindl Harald wrote:

Am 15.04.2018 um 16:02 schrieb Gary R. Schmidt:

On 15/04/2018 22:56, Andreas Meyer wrote:

Hello!

[SNIP}

I did not specify any configure options.


[SNIP]


Libraries have been installed in:
     /usr/local/lib64

When I call freshclam I get:
./freshclam: error while loading shared libraries: libclammspack.so.0:
cannot open shared object file: No such file or directory


Hmm, I just built it on an OpenSUSE system (I mainly use Solaris), and
had the same problem.  Which is interesting as /etc/ld.so.conf contains
/usr/local/lib64, so it should find libclammspack.so.0 there.

and youd did call "ldconfig"?
No, the OpenSUSE system is basically as it came out of the box, and 
given that /etc/ld.so.conf contains /usr/local/lib64 by default I am 
surprised that ldconfig would be needed.



a common problem with running make outside a proper environment
producing packages where a proper spec-file either calls ldconfig
explicit or the environment does when libraries are installed in the
transaction
What do you mean by "a proper environment"?  To me that means a shell, 
and an editor, and access to cc, ar, ld, and make, or equivalents.



ldconfig creates  the  necessary  links  and  cache  to  the  most
recent  shared  libraries  found  in  the  directories specified on the
command line, in the file /etc/ld.so.conf, and in the trusted
directories, /lib and /usr/lib (on some 64-bit architectures such as
x86-64, lib and /usr/lib  are  the  trusted  directories  for 32-bit
libraries, while /lib64 and /usr/lib64 are used for 64-bit libraries).

Does this mean that it is no longer possible to produce and install 
binaries on Linux systems with having to create spec files and generate 
installation packages for them?


    Cheers,
        Gary    B-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] error while loading shared libraries

[Gary R. Schmidt]

On 15/04/2018 22:56, Andreas Meyer wrote:

Hello!

[SNIP}


I did not specify any configure options.


[SNIP]


Libraries have been installed in:
/usr/local/lib64

When I call freshclam I get:
./freshclam: error while loading shared libraries: libclammspack.so.0: cannot 
open shared object file: No such file or directory

Hmm, I just built it on an OpenSUSE system (I mainly use Solaris), and 
had the same problem.  Which is interesting as /etc/ld.so.conf contains 
/usr/local/lib64, so it should find libclammspack.so.0 there.


Of course, specifying "LD_LIBRARY_PATH=/usr/local/lib64" fixes things, 
but it shouldn't be needed...


I'm guessing that configure is doing something weird, like setting bogus 
elements in libtool, and will leave it for those who know what they did, 
and why, to look into this.


Cheers,
GaryB-)

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] error while loading shared libraries

[Gary R. Schmidt]

On 15/04/2018 21:43, Andreas Meyer wrote:

Hello!

Since the upgrade to version 0.100.0 of clamav I get
usr/local/sbin/clamd: error while loading shared libraries: libclammspack.so.0: 
cannot open shared object file: No such file or directory
after compiling and installing.

libclammspack is not available on my system. configure and make went through.

Is clamav now unusable from now on?


Immediate thought - did "make install" succeed?

More information, what configure options did you specify, and have you 
checked every line of output from the make process?  Sometimes things 
don't cause the make to fail, but cab create files that don't do the 
Right Thing(TM).


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.100.0 has been released!

[Gary R. Schmidt]

On 10/04/2018 04:48, Joel Esler (jesler) wrote:



https://blog.clamav.net/2018/04/clamav-01000-has-been-released.html

ClamAV 0.100.0 has been released!
Join us as we welcome ClamAV 0.100.0 to the family officially.  You can grab it, as 
always, from the downloads page on ClamAV.net.

ClamAV 0.100.0 is a feature release which includes many code submissions from 
the ClamAV community.  Some of the more prominent submissions include:


And doesn't build on Solaris 11.3 using Developer Studio 12.5.

$ cc -V
cc: Studio 12.5 Sun C 5.14 SunOS_i386 Patch 152236-01 2017/08/14

$ env CONFIG_SHELL=/bin/bash \
/bin/bash ./configure \
CC=cc \
CONFIG_SHELL=/bin/bash \
--prefix=/opt/local
$ gmake
...
gmake[5]: Entering directory 
`/home/grs/src/clamav-0.100.0/libclamav/libmspack-0.5alpha'

...
  CCLD libclammspack.la
./libtool: eval: line 1083: syntax error near unexpected token `|'
./libtool: eval: line 1083: `/bin/nm -p  .libs/system.o .libs/cabc.o 
.libs/cabd.o .libs/chmc.o .libs/chmd.o .libs/hlpc.o .libs/hlpd.o 
.libs/litc.o .libs/litd.o .libs/kwajc.o .libs/kwajd.o .libs/szddc.o 
.libs/szddd.o .libs/oabc.o .libs/oabd.o .libs/lzxc.o .libs/lzxd.o 
.libs/mszipc.o .libs/mszipd.o .libs/qtmd.o .libs/lzssd.o .libs/crc32.o | 
 | /bin/gsed 's/.* //' | sort | uniq > .libs/libclammspack.exp'

gmake[5]: *** [libclammspack.la] Error 2

Note the cheeky "|  |" in there.

After far too much fiddling around on my part I worked out that it is a 
fault in the configure scripts when they are trying to work out how to 
parse the output of nm.

Currently it looks like this:
solaris*)
  symcode='[BDRT]'
  ;;
It should be:
solaris*)
  symcode='[BCDRT]'
  ;;

Next!
Why is cli_strndup undefined?
gmake[4]: Entering directory `/home/grs/src/clamav-0.100.0/libclamav'
...
  CCLD libclamav.la
Undefined   first referenced
 symbol in file
cli_strndup ../libclamav/libclamav.map
ld: warning: symbol referencing errors

Which leads to:
gmake[2]: Entering directory `/home/grs/src/clamav-0.100.0/clamscan'
...
  CCLD clamscan
Undefined   first referenced
 symbol in file
cli_strndup ../libclamav/.libs/libclamav.so
ld: fatal: symbol referencing errors
collect2: error: ld returned 1 exit status

Okay, just delete the line containing "cli_strndup" from libclamav.map. 
It would be better to generate this file, rather than having names 
hard-coded in it.


Next!
It doesn't like my libcurl, oh, it's not libcurl, it's that configure 
wants libidn2 when it checks libcurl, add a libidn2, and all is copacetic.


And installed and seems to be working.

Cheers,
GaryB-)


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml