Re: [clamav-users] Version 0.98.3 fails on Solaris
So, what's the definitive answer. I gave up late Friday night on getting it working on Solaris for the weekend maintenance window. Though the last thing I tried was to force "-D__EXTENSIONS__" in...and caught a glimpse of it finally finishing its compile as I was securing my workstation. I also had to do some massaging, because the openssl we build is installed in a non-standard location. Before I had resorted to setting "-D__EXTENSIONS__" from reading the headers to find out why definitions weren't being seen I had done some fiddling with some of the source files, but reverting those changes and trying again with just "-D__EXTENSIONS__" has compiled all the way through. Now I suppose its to figure out if I need to test it before deploying into production. Had mentioned in the past, that with our Solaris package CM system, I would often just update clamav project's source and go straight to making a release package and immediately distribute it. This is the first time that I'm not sure its release package worthy. Not sure I have somewhere to install a scratch package anymore FWIW, our build server is Solaris/x64 10 Generic_138889-07 (update 6) with gcc 4.1.1, ours is using gnu-as (/usr/sfw/bin/gas) and the system linker (/usr/ccs/bin/ld). > On 05/10/14 11:13, James Lee wrote: > >> On 10/05/2014 11:22, James Lee wrote: >> > > Indeed it's the usual brain dead pile-O-rubbish that is configure and > friends. > > *** simple workaround: > CPPFLAGS="... -DHAVE_ATTRIB_PACKED" > > My complete CPPFLAGS are: > CPPFLAGS="-D__EXTENSIONS__ -DHAVE_ATTRIB_PACKED" On 05/12/14 06:28, Martin Preen wrote: > James Lee wrote: >> On 10/05/2014 17:34, Shawn Webb wrote: >> >> Hello, >>> The attached two patches will make building (with gcc) >> I'm not but.. >>> and running on Solaris work. >> >> when using gcc configure sets HAVE_ATTRIB_PACKED=1 and the problem doesn't >> exist, ie, no patch is needed for gcc. >> >> In fact no patches need for cc if the value of HAVE_ATTRIB_PACKED is forced >> post >> configure. Any patch/fix should be for configure. > > Thats interesting. Without Shawns patches, but with HAVE_ATTRIB_PACKED > and using Sun-CC it works (freshclam & clamscan tested so far). > > But including the posted patches, the errors are back again. > > So it looks like a problem with the build system and the patch > is (at least partly) compiler specific. > > Regards, > Martin > > -- > Martin Preen, Universität Freiburg, Institut für Informatik > Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany > > phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de > fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen > > > > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Planned Addition Of OpenSSL Dependency
On 03/12/14 14:13, Scott Kitterman wrote: > http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependency-to-clamav/ > > I just noticed this. I do the clamav packages for Debian/Ubuntu. Adding the > dependency is fine from a technical perspective, but there is, at least > currently, a licensing concern. The OpenSSL license is not GPL compatible > and > the policy in Debian/Ubuntu is that OpenSSL is not covered by the GPL system > library exception. > > There is a good discussion of it here: > > https://people.gnome.org/~markmc/openssl-and-the-gpl.html > > Sounds funny to me that it says "A much safer option is to use either the GNU TLS or Mozilla NSS library." Recently there was an update to gnutls3, which has a new dependency for libunbound.so. Where to install the unbound package, there is a dependency for OpenSSL-1.0.1f. Which I don't want getting installed on my system, so I deleted the (one) package that had introduced gnutls3 All the other packages that want gnutls use the 2.x version. -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Introducing OpenSSL as a dependency to ClamAV
On 02/27/14 02:34, Steve Basford wrote: > > >> OpenSSL will be required to both compile and run ClamAV. > > Out of interest what Cipher: > > http://zombe.es/post/4078724716/openssl-cipher-selection > > http://security.stackexchange.com/questions/35036/different-performance-of-openssl-speed-on-the-same-hardware-with-aes-256-evp-an > > Cheers, > > Steve > Sanesecurity > So, will it build/run with openssl 0.9.8* or require openssl 1.0.* We only have openssl 0.9.8* in our environment (with some ancient boxes using 0.9.7*) Currently, the latest available is 0.9.8y, since I have DNS only VMs where I don't have to worry about the newer version causing problems for other automated (through CFEngine) sun package installs. And, my clamav instances are also dedicated VMs (well, semi...but hopefully there won't be a problem with having older 0.9.8 openssl 32-bit libraries with the latest 0.9.8 64-bit libraries :) -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] configure error with clamav-0.98
- Original Message -
> Been struggling with configure complaining that it can't find -lz
> (and later not figuring out how to make a shared library correctly.)
>
> Turns out there's two spots in configure that use
> "-Wl,-rpath=$ZLIB_HOME/lib", ignoring that configure had determined
> that ld is not gnu.
>
> In the previous versions this was -L$ZLIB_HOME/lib
>
> While the correct form would be "-Wl,-R$ZLIB_HOME/lib" this doesn't
> on its own make clamav build on, as the library it needs is in
> $ZLIB_HOME/lib/amd64 (building 64-bit on Solaris x64) Which I've
> been doing by setting LDFLAGS in my build environment.
>
> --
> Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems
> Administrator
> For: Enterprise Server Technologies (EST) -- & SafeZone Ally
> ___
> Help us build a comprehensive ClamAV guide: visit
> http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
For completeness, what I did was patch configure, like so (make it like it was
in previous releases)
--- configure 19 Sep 2013 20:05:30 - 1.1.1.22
+++ configure 20 Sep 2013 21:39:57 - 1.2
@@ -15952,7 +15952,7 @@
if test "$ZLIB_HOME" != "/usr"; then
CPPFLAGS="$CPPFLAGS -I$ZLIB_HOME/include"
save_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS -Wl,-rpath=$ZLIB_HOME/lib"
+ LDFLAGS="$LDFLAGS -L$ZLIB_HOME/lib"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in
-lz" >&5
$as_echo_n "checking for inflateEnd in -lz... " >&6; }
if ${ac_cv_lib_z_inflateEnd+:} false; then :
@@ -15990,7 +15990,7 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5
$as_echo "$ac_cv_lib_z_inflateEnd" >&6; }
if test "x$ac_cv_lib_z_inflateEnd" = xyes; then :
- LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS -Wl,-rpath=$ZLIB_HOME/lib -lz";
FRESHCLAM_LIBS="$FRESHCLAM_LIBS -Wl,-rpath=$ZLIB_HOME/lib -lz"
+ LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS -L$ZLIB_HOME/lib -lz";
FRESHCLAM_LIBS="$FRESHCLAM_LIBS -L$ZLIB_HOME/lib -lz"
else
as_fn_error $? "Please install zlib and zlib-devel packages" "$LINENO" 5
fi
Then in my build config.mk, I have something like this:
...
ifeq "$(_CHROOT_OS_ARCH)" "sparc"
CM_CONFIG_ENV=LDFLAGS="-Wl,-R/usr/local/lib/sparcv9
-L/usr/local/lib/sparcv9 -Wl,-R/usr/local/lib -L/usr/local/lib" CFLAGS="-O0
-m64"
else
CM_CONFIG_ENV=LDFLAGS="-Wl,-R/usr/local/lib/amd64 -L/usr/local/lib/amd64
-Wl,-R/usr/local/lib -L/usr/local/lib" CFLAGS="-O0 -m64"
endif
Where _CHROOT_OS_ARCH is `uname -p`
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
[clamav-users] configure error with clamav-0.98
Been struggling with configure complaining that it can't find -lz (and later not figuring out how to make a shared library correctly.) Turns out there's two spots in configure that use "-Wl,-rpath=$ZLIB_HOME/lib", ignoring that configure had determined that ld is not gnu. In the previous versions this was -L$ZLIB_HOME/lib While the correct form would be "-Wl,-R$ZLIB_HOME/lib" this doesn't on its own make clamav build on, as the library it needs is in $ZLIB_HOME/lib/amd64 (building 64-bit on Solaris x64) Which I've been doing by setting LDFLAGS in my build environment. -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] clamd socket permissions
- Original Message - > Hi there, > > On Fri, 2 Aug 2013, Bob Miller wrote: > > > Were you expecting something different? > > Not necessarily, but it tells me something. :) > > > Or more likely, am I missing something obvious here? > > You might be. Please look at the permissions of the parent > directory. > You might then want to make changes to those permissions and once > more > repeat your tests. Note: In a *n[iu]x system you can delete a file > in > a directory to which you can write, even if you can't write (nor even > read) the said file. That's because a directory is effectively just > a > file, and putting a new file in a directory or removing a file from > it > is just making a modification to the content of the file that you > know > as the directory. Of course the OS makes its own modifications to > the > directory too (things like access times and file sizes) and the OS > can > do what it likes, but the directory's permissions are about what > users > (or more correctly processes with given user's permissions) can do to > them. When the parent directory permits both your users to write to > it I think you will see results from your tests that you don't > expect. > > > Thank you again for your time... > > I appreciate it, but we're all learning from this. :) > Well, since its /tmp, hopefully its something reasonable like 0777 or 1777, the latter is more common which means files in /tmp can only be removed by its owner (or root). I don't know anything about simscan, since we run sendmail But, since most of the testing, has clamd restarting and it announcing that its removing the socket file > a. srw-rw 1 clamav simscan0 Aug 1 13:39 clamd.socket >-clam restart: Socket file removed. >-simscan: ERROR: Can't connect to clamd: Permission denied > b. srw-rw 1 root simscan0 Aug 1 13:42 clamd.socket >-clam restart: ERROR: Can't unlink the socket file /tmp/clamd.socket >-simscan: ERROR: Can't connect to clamd: Permission denied ...would suggest that FixStaleSocket (which defaults to yes) is seeing the socket as stale when clamd starts again. So, what does the socket look like after clam restarts? Hmm, > Permissions and ClamAntiVirus > > To get ClamAV to play nicely with simscan's permissions you have two > options: > > * run clamd as root > * Add clamav to simscan's group. > > Then clamav will have access to the working directory and it's files. > > 1. The /var/qmail/simscan directory defaults to ownership to > simscan.root. So change the group to 'simscan'. > > 2. Set the sticky bit on the directory so when simscan creates it's > temporary directories and files they are group owned simscan as well. > > 3. Add the clamav user to the simscan group. > > On Linux like systems: > > 1. chgrp simscan /var/qmail/simscan > > 2. chmod g+s /var/qmail/simscan > > 3. usermod -G simscan clamav > > Also make sure AllowSupplementaryGroups is set in your clamd.conf file > so that the clamd daemon knows about the simscan group. from: http://www.qmailwiki.org/Simscan/README taking a look at one of our clamav VMs, I see srw-rw-rw- 1 clamav clamav 0 Jul 27 03:10 /var/tmp/clamd.socket= Guess that's because neither LocalSocketGroup nor LocalSocketMode are set in our config. Of course, the only thing that should be connecting to the socket is clamav-milter ... we then have 4 of these VMs in a pool behind our F5 where in theory anybody on campus could use it, but nothing official (what most do is list our MX's at lower priority than their MX, but their MX is firewalled so that inbound mail has to come through our MX first...) Lawrence ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] ClamAV 0.97.7 available?
- Original Message - > On Mar 14, 2013, at 12:42 PM, "Lawrence K. Chen, P.Eng." > wrote: > > > This is annoying. > > > > There was no announcement on clamav-announce of 0.97.6 > > <http://blog.clamav.net/2012/09/clamav-0976-has-been-released.html>. > > > Sent from Janet's iPad > > -Al- > -- > Al Varnell I didn't get that email. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] ClamAV 0.97.7 available?
This is annoying. There was no announcement on clamav-announce of 0.97.6, so I only just found out about it last night. But, then I'm updating my servers and its telling me my newly installed 0.97.6 is OUTDATED! already? I didn't get any announcement of 0.97.7 on the announce list either. -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally Snail: Computing and Telecommunications Services (CTS) Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102 Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkc...@ksu.edu Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
