Re: [clamav-users] ERROR: Can't create temporary directory

[Mark Fortescue]

Hi Nozomi,

Check that the /var/lib filing system has > 2G of free space to allow  
for the fully unpacked databases. Without this free space you will get  
lots of odd almost unexplainable issues at random intervals.


If it dose have the free space then the issue is most likely not a  
clamav issue but an apparmor/isolinux issue.


My experience of sorting out apparmor issues is that it is painful.

You need to look in the logs to find out what is actually going on.  
Start by taking a look at /var/log/auth.log, /var/log/kern.log and  
/var/log/syslog.


It is usually simple to fix having found the issue. A single entry into  
a file and restart the protection program that has been blocking access.


Regards
Mark.

On 09/08/2023 03:42, Tachibanaki Nozomi (橘木 希美) wrote:

Hi Mark,

thank you for your reply.

I checked the environment with the command you suggested.

The error message that is output is as follows.
# ClamAV update process started at Tue Aug  8 15:47:54 2023
# ERROR: Can't create temporary directory /var/lib/clamav/tmp.fa0a69ba96
# Hint: The database directory must be writable for UID 1000 or GID 1000
# ERROR: Update failed.

Default DatabaseOwner in freshclam.conf.
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
# DatabaseOwner clamav

I checked the UID and GID in the error message.
# grep ":1000:" /etc/passwd
clamav:x:1000:1000:Clam Antivirus:/home/clamav:/bin/false
# grep ":1000:" /etc/group
clamav:x:1000:

Changed directory permissions for /var/lib/clamav.
# chmod 775 /var/lib/clamav
# ls -ld /var/lib/clamav
drwxrwxr-x 1 clamav clamav 4096  8月  8 15:27 /var/lib/clamav

After doing the above, I tried running freshclam again, but the error message 
did not change.
This error only occurred when running on AWS ECS.

Please let me know if there is anything else I should check.

Thank you and regards,
Nozomi Tachibanaki

-Original Message-
From: Mark Fortescue 
Sent: Monday, August 7, 2023 6:24 PM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] ERROR: Can't create temporary directory

Hi Nozomi,

The following commands will tell you the user/group information for user=1000, 
group=1000 (as per the error message):

grep ":1000:" /etc/passwd
grep ":1000:" /etc/group

This will give you text name of the user/group that /var/lib/clamav should be 
set to.

You can change the user/group to the correct versions using 'chown' or 'chgrp' 
commands without using the names:

Both:
sudo chown 1000:1000 /var/lib/clamav

User Only:
sudo chown 1000 /var/lib/clamav

Group Only:
sudo chgrp  1000 /var/lib/clamav

Set the permissions to 0775:
sudo chmod 775 /var/lib/clamav

Get information on the directory owner/group and permissions:
ls -ld /var/lib/clamav

I hope this helps you get further.

Regards
Mark.

On 07/08/2023 08:40, Tachibanaki Nozomi (橘木 希美) wrote:

Thank you for your reply.

I tried creating a vscan service account and changing the owner as you
suggested, The result of running freshclam did not change.

# ls -l /var/lib/
drwxr-xr-x 1 vscan vscan 4096 Aug 7 15:59 clamav

# freshclam
ClamAV update process started at Mon Aug 7 16:09:30 2023.
ERROR: Cannot create temporary directory /var/lib/clamav/tmp.9f3f4fab8d.
TIP: Database directory must be writable with UID 1000 or GID 1000.
ERROR: Update failed.

Please let us know if there are other possible causes.

Thank you and regards,
Nozomi Tachibanaki

-Original Message-
From: Masaru Nomiya 
Sent: Wednesday, August 2, 2023 7:29 PM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] ERROR: Can't create temporary directory

Hello,

In the Message;

Subject: Re: [clamav-users] ERROR: Can't create temporary directory
Message-ID : <87bkfq7xvx.wl-nom...@lake.dti.ne.jp>
Date & Time: Wed, 02 Aug 2023 15:37:38 +0900

[MN] == Masaru Nomiya via clamav-users  has 
written:

MN> Hello,

MN> In the Message;

MN>   Subject: [clamav-users] ERROR: Can't create temporary directory
MN>   Message-ID : 

MN>   Date & Time: Wed, 2 Aug 2023 06:00:24 +

MN> [NT] == Tachibanaki Nozomi (橘木 希美)  has 
written:

MN> [...]
NT>  ClamAV update process started at Wed Aug 2 14:10:27 2023
NT>  ERROR: Can't create temporary directory
NT> /var/lib/clamav/tmp.463bd76e97
NT>  Hint: The database directory must be writable for UID 1000 or GID
NT> 1000
NT>  ERROR: Update failed.

NT>  1. The owner of /var/lib/clamav is as follows.
NT>  drwxr-xr-x 1 clamav clamav 4096 Aug 2 13:51 clamav
MN> [...]

MN> In my case;

MN>drwxr-xr-x  3 vscan  vscan  4096  8月  2 15:13 clamav

MN> I thought File Ownership could not be calmav?

MN> Just like this;
   
MN> # chown clamav /var/lib/clamav

Re: [clamav-users] ERROR: Can't create temporary directory

[Mark Fortescue]

Hi Nozomi,

The following commands will tell you the user/group information for  
user=1000, group=1000 (as per the error message):


grep ":1000:" /etc/passwd
grep ":1000:" /etc/group

This will give you text name of the user/group that /var/lib/clamav  
should be set to.


You can change the user/group to the correct versions using 'chown' or  
'chgrp' commands without using the names:


Both:
sudo chown 1000:1000 /var/lib/clamav

User Only:
sudo chown 1000 /var/lib/clamav

Group Only:
sudo chgrp  1000 /var/lib/clamav

Set the permissions to 0775:
sudo chmod 775 /var/lib/clamav

Get information on the directory owner/group and permissions:
ls -ld /var/lib/clamav

I hope this helps you get further.

Regards
Mark.

On 07/08/2023 08:40, Tachibanaki Nozomi (橘木 希美) wrote:

Thank you for your reply.

I tried creating a vscan service account and changing the owner as you 
suggested,
The result of running freshclam did not change.

# ls -l /var/lib/
drwxr-xr-x 1 vscan vscan 4096 Aug 7 15:59 clamav

# freshclam
ClamAV update process started at Mon Aug 7 16:09:30 2023.
ERROR: Cannot create temporary directory /var/lib/clamav/tmp.9f3f4fab8d.
TIP: Database directory must be writable with UID 1000 or GID 1000.
ERROR: Update failed.

Please let us know if there are other possible causes.

Thank you and regards,
Nozomi Tachibanaki

-Original Message-
From: Masaru Nomiya 
Sent: Wednesday, August 2, 2023 7:29 PM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] ERROR: Can't create temporary directory

Hello,

In the Message;

   Subject: Re: [clamav-users] ERROR: Can't create temporary directory
   Message-ID : <87bkfq7xvx.wl-nom...@lake.dti.ne.jp>
   Date & Time: Wed, 02 Aug 2023 15:37:38 +0900

[MN] == Masaru Nomiya via clamav-users  has 
written:

MN> Hello,

MN> In the Message;

MN>   Subject: [clamav-users] ERROR: Can't create temporary directory
MN>   Message-ID : 

MN>   Date & Time: Wed, 2 Aug 2023 06:00:24 +

MN> [NT] == Tachibanaki Nozomi (橘木 希美)  has 
written:

MN> [...]
NT>  ClamAV update process started at Wed Aug 2 14:10:27 2023
NT>  ERROR: Can't create temporary directory /var/lib/clamav/tmp.463bd76e97
NT>  Hint: The database directory must be writable for UID 1000 or GID 1000
NT>  ERROR: Update failed.

NT>  1. The owner of /var/lib/clamav is as follows.
NT>  drwxr-xr-x 1 clamav clamav 4096 Aug 2 13:51 clamav
MN> [...]

MN> In my case;

MN>drwxr-xr-x  3 vscan  vscan  4096  8月  2 15:13 clamav

MN> I thought File Ownership could not be calmav?

MN> Just like this;
  
MN> # chown clamav /var/lib/clamav

MN> chown: invalid user: ‘clamav’

Sorry, this is not an answer.

How about this?

   # chown vscan /var/lib/clamav

The only problem is the permissions.

Regards.

---
┏━━┓彡 野宮  賢 mail-to: nomiya @ lake.dti.ne.jp
┃＼／彡
┗━━┛   " Hassabis says that no one really knows for sure that AI will
   become a major danger. But he is certain that if progress
   continues at its current pace, there isn’t much time to develop
   safeguards. "I can see the kinds of things we're building into
   the Gemini series right, and we have no reason to believe that
   they won't work," he says."

-- "Google DeepMind's CEO Says Its Next Algorithm Will Eclipse ChatGPT" --

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Scanning a zip file fails, extract it, scan with the same options and it passes

[Mark Fortescue via clamav-users]

Hi Max,

Please be aware that at present, ClamAV can't scan files above 2G 
because of internal variable limitations.


If your ZIP files are around 2G then this may be the limit you are 
encountering.


Regards
Mark.

On 04/10/2021 09:37, Max Allan via clamav-users wrote:

Thanks Laurent,

The results say : "Infected files: 1". Therefore our automated systems
cannot differentiate between this file being infected and not. And if
the AV scanner has stopped scanning before everything was scanned, it
MAY be infected and I cannot allow the file in.

If it went above a limit, which limit do I need to increase to make it
scan. There is only one extra level of zip nesting and none of the
files are large. So I can presumably increase one of those limits by
"1" to count for the extra level of nesting perhaps. But I increased
the limits related to recursion massively and it still fails. All of
those limits are far, far bigger than the content (mostly 2GB and
hundreds of thousands of files). And content that it CAN scan when
extracted, so clearly there is nothing there that is beyond a limit.

I do not want files beyond a limit to remain unscanned, I want them
all to be scanned. And I can achieve that manually by extracting the
.zip. But it fails to scan when the zip still compressed. It is not
feasible to have an automated AV system uncompress every zip file it
finds outside of the scan solution and feed in all found zip files as
exclusions from the scan.

So I ask again, why does it hit a limit when in a .zip file but not
when the zip is expanded, when all the limits are clearly much higher
than anything it will encounter?

Max

On Fri, 1 Oct 2021 at 18:06, Laurent S. via clamav-users
 wrote:


Dear Max Allan,

Heuristics.Limits.Exceeded doesn't mean the file is infected, but it's
only a warning telling you that something went above the limits you set.
It give the warning this way because of --alert-exceeds-max=yes

ClamAV managed to go search into those files in each case as you can see
from the scan summaries. It will count the zip as a single file.

I would recommend against copy-pasting all those parameters without
having given proper thought into what you are doing.

Best regards,
Laurent

On 01.10.21 18:09, Max Allan via clamav-users wrote:

Hi,
I have a requirement (from the business) to AV scan all docker
containers we create.
I started experimenting with tomcat:latest, which is handy because you
can follow along at home easily!
Someone else has already recommended a scan command :

clamscan  \
--infected \
--recursive=yes \
--alert-exceeds-max=yes \
--max-recursion=200 \
--max-dir-recur

sion=200 \

--max-files=200 \
--max-filesize=2000M \
--max-scansize=2000M \
--max-embeddedpe=2000M \
--max-htmlnormalize=2000M \
--max-htmlnotags=2000M \
--max-scriptnormalize=2000M \
--max-ziptypercg=2000M \
--max-partitions=200 \
--max-iconspe=200 \
--max-rechwp3=200 \
--pcre-match-limit=200 \
--pcre-recmatch-limit=200 \
--pcre-max-filesize=2000M -a

So, if you run the tomcat:latest container, apt update, apt install
clamav, freshclam and run that scan command against
/usr/local/openjdk-11/lib/src.zip you will probably get a failure :

/usr/local/openjdk-11/lib/src.zip: Heuristics.Limits.Exceeded FOUND
/usr/local/openjdk-11/lib/src.zip!(0)ZIP:jdk.zipfs/jdk/nio/zipfs/ZipInfo.java:
Heuristics.Limits.Exceeded FOUND
-- SCAN SUMMARY ---
Known viruses: 8570214
Engine version: 0.103.3
Scanned directories: 0
Scanned files: 1


Infected files: 1

Data scanned: 290.07 MB
Data read: 55.52 MB (ratio 5.22:1)
Time: 260.438 sec (4 m 20 s)
Start Date: 2021:10:01 13:39:47
End Date:   2021:10:01 13:44:07


However, if I extract that zip file to /src and then run clamscan on
/src then it passes without a problem :

--- SCAN SUMMARY ---
Known viruses: 8570214
Engine version: 0.103.3
Scanned directories: 2076
Scanned files: 18415
Infected files: 0
Data scanned: 333.04 MB
Data read: 170.92 MB (ratio 1.95:1)
Time: 320.573 sec (5 m 20 s)
Start Date: 2021:10:01 13:23:39
End Date:   2021:10:01 13:29:00

(There are indeed 18415 files in that .zip according to unzip -l)

Or even scan the single file :

clamscan ZipInfo.java   --infected   --recursive=yes
--alert-exceeds-max=yes   --max-recursion=200
--max-dir-recursion=200   --max-files=200
--max-filesize=2000M   --max-scansize=2000M   --max-embeddedpe=2000M
-

-max-htmlnormalize=2000M   --max-htmlnotags=2000M

--max-scriptnormalize=2000M   --max-ziptypercg=2000M
--max-partitions=200   --max-iconspe=200
--max-rechwp3=200   --pcre-match-limit=200
--pcre-recmatch-limit=200   --pcre-max-filesize=2000M -a

--- SCAN SUMMARY ---
Known viruses: 8570214
Engine version: 0.103.3
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.01 MB
Data read: 0.01 MB (ratio 1.50:1)
Time: 68.326 sec (1 m 8 

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi Andrew,

I have placed two patches on the user list that I believe may fix the 
issue you are seeing. I was seeing a similar issue hence the 
investigation and resulting patches.


https://www.mail-archive.com/clamav-users@lists.clamav.net/msg50910.html

and

ttps://www.mail-archive.com/clamav-users@lists.clamav.net/msg50957.html

Regards
Mark.

On 06/08/2021 10:14, Andrew Watkins via clamav-users wrote:


On 05/08/2021 10:53, Henrik K wrote:
On Sat, Jul 24, 2021 at 08:17:19PM +, Micah Snyder (micasnyd) via 
clamav-users wrote:


No problems on Solaris 11.4.32.0.1.88.3 (SPARC) here with latest fixes,
0.104 actually works stable and fast so far.  Some more ancient versions
just kept crashing and were sloow (then again older Solaris versions had
ancient gcc etc).

Oracle DOES maintain Solaris, current 11.4 has quite recent GCC (10.2) 
and

other libraries (curl 7.71 etc).  All requirements except libcheck are OS
provided, just pkg install them.

Only thing that needed some manual fixing was some curses paths.

mkdir build
cd build
cmake .. \
   -D CMAKE_BUILD_TYPE="Release" \
   -D ENABLE_TESTS=OFF \
   -D PCRE2_INCLUDE_DIR=/usr/include/pcre \
   -D NCURSES_INCLUDE_DIR=/usr/include/ncurses \
   -D CURSES_LIBRARY=/usr/lib/64/libncurses.so

# Seems NCURSES_INCLUDE_DIR isn't used here..
sed -i 's###' clamav-config.h


Thanks I tried the above it worked, but failed to build. Any ideas?

$ cmake --build .  --config Release
[ 13%] Linking CXX shared library libclamunrar.so
[ 13%] Built target clamunrar
Scanning dependencies of target unrar_iface_obj
[ 14%] Building CXX object 
libclamunrar_iface/CMakeFiles/unrar_iface_obj.dir/unrar_iface.cpp.o
/export/home/defang/clamav-0.104.0-rc/libclamunrar_iface/unrar_iface.cpp: In 
function 'cl_unrar_error_t libceader(void*, unrar_metadata_t*)':
/export/home/defang/clamav-0.104.0-rc/libclamunrar_iface/unrar_iface.cpp:349:62: 
error: expected ')' before
   349 | unrar_dbgmsg("unrar_peek_file_header:   Packed Size: %" 
PRIu64 "\n", file_metadata->pack_size)

   | ~    ^
|  )
/export/home/defang/clamav-0.104.0-rc/libclamunrar_iface/unrar_iface.cpp:350:62: 
error: expected ')' before
   350 | unrar_dbgmsg("unrar_peek_file_header:   Unpacked Size: %" 
PRIu64 "\n", file_metadata->unpack_siz

   | ~    ^
|  )
gmake[2]: *** 
[libclamunrar_iface/CMakeFiles/unrar_iface_obj.dir/build.make:63: 
libclamunrar_iface/CMakeFilep.o] Error 1
gmake[1]: *** [CMakeFiles/Makefile2:1062: 
libclamunrar_iface/CMakeFiles/unrar_iface_obj.dir/all] Error 2

gmake: *** [Makefile:163: all] Error 2

Thanks



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] PATCH[2]: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi Micah,

Having picked up on one set of unset substitution variables I cheated 
and used 'find'. 'grep'. 'sed'. 'cut' and 'sort -u' to go through and 
find all the substitution variables and check that they were set :).


Please note that the CLAMAV_USER changes or setting CLAMAVUSER in the 
documentation are also needed for 0.103.x.


Regards
Mark.

On 05/08/2021 03:07, Micah Snyder (micasnyd) wrote:
Thanks for patch #2.  Very good eye catching the CLAMAV_USER and CONFDIR 
variable issues.
I've updated the PR with the change: 
https://github.com/Cisco-Talos/clamav/pull/231

<https://github.com/Cisco-Talos/clamav/pull/231>

CMake: Fix build on systems lacking inttypes format string macros by 
micahsnyder · Pull Request #231 · Cisco-Talos/clamav 
<https://github.com/Cisco-Talos/clamav/pull/231>
Define _SF64_PREFIX and _SF32_PREFIX on systems that do not have these 
macros: PRIu64, PRIx64, PRIi64, PRIu32, PRIi32, PRIx32 This logic is the 
same as in the previous build system, here: https://g...

github.com

If you see any problems please let me know. Else, if all goes well with 
testing on my side I'll merge it.



Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
----
*From:* Mark Fortescue 
*Sent:* Friday, July 30, 2021 6:36 AM
*To:* Micah Snyder (micasnyd) ; ClamAV users ML 

*Subject:* PATCH[2]: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate 
is here!

Hi Micah,

Please find attached patch #2 to clean up patch #1 'if' statements and
fix some other issues fond (mostly documentation).

The outstanding variable is LIBCLAMAV_LIBS.

It is used by clamav-config.in and libclamav.pc.in.

Not sure about the logic required for this one. On my OS, it is set to
'-lbz2' for autotools but I don't know why it is being set and no other
dependent libraries are there.

I would expect it to be a list of all dependent libraries used when
linking with libclamav.

Regards
     Mark.

On 29/07/2021 00:54, Micah Snyder (micasnyd) wrote:

How's this? https://github.com/Cisco-Talos/clamav/pull/231








___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Opinion wanted: Change default config directory usr/clamav

[Mark Fortescue via clamav-users]

Hi Micah,

On my uBuntu distributions the config files have been in /etc/clamav at 
least since uBuntu 10.04 LTS so I see no issue with the change.


It makes /usr/local/etc consistent with /etc which is always a good 
thing when you are trying to debug/find/compare things when something 
has gone wrong.


Regards
Mark.

On 31/07/2021 13:03, Micah Snyder (micasnyd) via clamav-users wrote:

Hi all,

I could use your opinion about a change we'd planned to make in 0.104. 
By request, I'd made this pull request to change the default directory 
for the config files from /etc to /etc/clamav. The 
purpose being to de-clutter /usr/local/etc: 
https://github.com/Cisco-Talos/clamav/pull/182


I procrastinated merging it for a long time because while it feels like 
a good change it will require a change to our test framework and would 
likely break scripts for other users as well. Some justification for the 
change at this time is that with the build system change to cmake, users 
will likely have to change the same scripts anyhow so we don't have any 
better time.


Unfortunately, I procrastinated it so hard I forgot to merge it before 
the first release candidate. Now, I can't decide if it's right to merge 
it before the second release candidate or throw it away. I would like 
your opinion.


Regards,
Micah


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] PATCH[2]: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi Micah,

Please find attached patch #2 to clean up patch #1 'if' statements and 
fix some other issues fond (mostly documentation).


The outstanding variable is LIBCLAMAV_LIBS.

It is used by clamav-config.in and libclamav.pc.in.

Not sure about the logic required for this one. On my OS, it is set to 
'-lbz2' for autotools but I don't know why it is being set and no other 
dependent libraries are there.


I would expect it to be a list of all dependent libraries used when 
linking with libclamav.


Regards
Mark.

On 29/07/2021 00:54, Micah Snyder (micasnyd) wrote:

How's this? https://github.com/Cisco-Talos/clamav/pull/231





diff -rupd clamav-0.104.0-rc.231/CMakeLists.txt clamav.work/CMakeLists.txt
--- clamav.work.14.cmake/CMakeLists.txt	2021-07-28 20:04:14.0 +0100
+++ clamav.work/CMakeLists.txt	2021-07-30 00:43:00.535042945 +0100
@@ -532,7 +532,7 @@ else()
 if(SIZEOF_INT EQUAL 2)
 set(INT16_DEF "typedef signed int int16_t;")
 set(UINT16_DEF "typedef unsigned int uint16_t;")
-elif(SIZEOF_SHORT EQUAL 2)
+elseif(SIZEOF_SHORT EQUAL 2)
 set(INT16_DEF "typedef signed short int16_t;")
 set(UINT16_DEF "typedef unsigned short uint16_t;")
 endif()
@@ -540,7 +540,7 @@ else()
 if(SIZEOF_INT EQUAL 4)
 set(INT32_DEF "typedef signed int int32_t;")
 set(UINT32_DEF "typedef unsigned int uint32_t;")
-elif(SIZEOF_LONG EQUAL 4)
+elseif(SIZEOF_LONG EQUAL 4)
 set(INT32_DEF "typedef signed long int32_t;")
 set(UINT32_DEF "typedef unsigned long uint32_t;")
 endif()
@@ -548,7 +548,7 @@ else()
 if(SIZEOF_LONG EQUAL 8)
 set(INT64_DEF "typedef signed long int64_t;")
 set(UINT64_DEF "typedef unsigned long uint64_t;")
-elif(SIZEOF_LONG_LONG EQUAL 8)
+elseif(SIZEOF_LONG_LONG EQUAL 8)
 set(INT64_DEF "typedef signed long long int64_t;")
 set(UINT64_DEF "typedef unsigned long long uint64_t;")
 endif()
@@ -557,17 +557,13 @@ endif()
 # Always do this
 if(SIZEOF_INT EQUAL 4)
 set(DEFINE_SF32_PREFIX "#define _SF32_PREFIX \"\"")
-else()
-if(SIZEOF_LONG EQUAL 4)
-set(DEFINE_SF32_PREFIX "#define _SF32_PREFIX \"l\"")
-endif()
+elseif(SIZEOF_LONG EQUAL 4)
+set(DEFINE_SF32_PREFIX "#define _SF32_PREFIX \"l\"")
 endif()
 if(SIZEOF_LONG EQUAL 8)
 set(DEFINE_SF64_PREFIX "#define _SF64_PREFIX \"l\"")
-else()
-if(SIZEOF_LONG_LONG EQUAL 8)
-set(DEFINE_SF64_PREFIX "#define _SF64_PREFIX \"ll\"")
-endif()
+elseif(SIZEOF_LONG_LONG EQUAL 8)
+set(DEFINE_SF64_PREFIX "#define _SF64_PREFIX \"ll\"")
 endif()
 
 # Check for restrict keyword
diff -rupd clamav-0.104.0-rc.231/docs/man/clamav-milter.8.in clamav.work/docs/man/clamav-milter.8.in
--- clamav.work.14.cmake/docs/man/clamav-milter.8.in	2021-07-21 18:19:22.0 +0100
+++ clamav.work/docs/man/clamav-milter.8.in	2021-07-30 10:48:34.811048415 +0100
@@ -27,7 +27,7 @@ Print the version number and exit.
 Read configuration from FILE.
 .SH "FILES"
 .LP 
-@CFGDIR@/clamav-milter.conf
+@CONFDIR@/clamav-milter.conf
 .SH "AUTHOR"
 .LP 
 aCaB 
diff -rupd clamav-0.104.0-rc.231/docs/man/clamav-milter.conf.5.in clamav.work/docs/man/clamav-milter.conf.5.in
--- clamav.work.14.cmake/docs/man/clamav-milter.conf.5.in	2021-07-21 18:19:22.0 +0100
+++ clamav.work/docs/man/clamav-milter.conf.5.in	2021-07-30 10:48:34.811048415 +0100
@@ -239,7 +239,7 @@ Default: no
 All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
 .SH "FILES"
 .LP
-@CFGDIR@/clamav-milter.conf
+@CONFDIR@/clamav-milter.conf
 .SH "AUTHOR"
 .LP
 aCaB 
diff -rupd clamav-0.104.0-rc.231/docs/man/clamd.8.in clamav.work/docs/man/clamd.8.in
--- clamav.work.14.cmake/docs/man/clamd.8.in	2021-07-21 18:19:22.0 +0100
+++ clamav.work/docs/man/clamd.8.in	2021-07-30 10:48:34.815048464 +0100
@@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon
 clamd [options]
 .SH "DESCRIPTION"
 .LP 
-The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf
+The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.conf
 .SH "COMMANDS"
 .LP 
 It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.
@@ -125,7 +125,7 @@ Reload the signature databases.
 Perform a clean exit.
 .SH "FILES"
 .LP 
-@CFGDIR@/clamd.conf
+@CONFDIR@/clamd.conf
 .SH "CREDITS"
 Please check t

Re: [clamav-users] Long Term Support (LTS) program proposal

[Mark Fortescue via clamav-users]

Hi All,

In my world, 5 years is short. It use to take me 3 years to get a stable 
enough uBuntu kernel to patch in my changes. The 14.0x LTS 4.4.x kernel 
never became stable enough.


I will be looking to the industrial Linux at 10 to 25 years for kernels 
for the future.


For most of the software I would be looking at no less than 5 years long 
term support where longer term support (10+ years) is not available.


In my experience, most industry considers 5 years far too short. That is 
why Windows XP was such a success. Its longevity.


Where I work they still run AT bus PCs with 2.4 series kernel because 
the upgrade cost is considered prohibitive. It is not just the PC and 
bespoke software. It is all the bespoke hardware that goes with it. When 
the hardware becomes totally unsupportable there will be a long loss of 
service as totally new software and hardware will be needed. There are 
no budgeted funds for obsolescence.


Please reconsider the 3 years you proposing. 5 years should be the norm 
and extra years for those prepared to pay for the privilege.


Release years. Every two years works OK. Beware of 2037. In 2037 
everyone will be updating things and by 2038 it will be a mess (unix 
time). Like last time (Y2K) management will, if possible, leave it to 
the lasts microsecond. I suspect that most 32bit systems will be fine as 
they will just ignore the sign bit. It will be all these new 64bit 
systems that will fail miserably (sign extending their filing system 
time stamps).


Regards
Mark.

On 29/07/2021 00:53, Micah Snyder (micasnyd) via clamav-users wrote:

Hi All,

For the past couple of months I’ve been promoting the idea of having 
Long Term Support (LTS) feature releases for ClamAV within internal 
Talos communications.


For the purposes of this discussion:

  * A “feature release” is a version starting with MAJOR.MINOR.0 to
include all PATCH versions. I.e. ClamAV 0.103.0, 0.103.1, 0.103.2,
and 0.103.3 are all within the same “feature release”.
  * A “patch version” is a specific MAJOR.MINOR.PATCH version. E.g.
0.103.4 would be the next “patch version” in the 0.103 “feature
release”.

My interest in starting an LTS program came about because we have been 
getting (understandable) pressure from management to have shorter 
development times for feature versions with more targeted feature sets.  
What this means is that you would see more frequent feature releases, 
possibly as many as ~5 per year.  Some of the features in a given 
feature release would be things the community cares about, while others 
may be by request of a different team within Talos or Cisco.


But I couldn’t in good conscience start pumping out new feature releases 
every 2-4 months and expect everyone to keep up. And at that rate it 
would not be possible for us to make critical patch versions for every 
feature release within the two years, or even one year.  So in order to 
get features out faster it became clear to me that we will need to 
define /specific feature release/ for which we promise to backport 
security fixes for /some amount of time/.


This raised a few obvious questions:

  * Which feature release do we start with?
  * Do we have to continue serving signature database content to every
patch version in an LTS release?
  * How often should we select a new feature release for LTS?
  * How long is “long term support” anyways?

We’ve been talking about this off and on for the past couple of month. 
  This is what I came up with….


*/Which feature version do we start with?/*

We /had/ initially settled on 0.104 as the first LTS version, for 
basically two reasons:


-Joel really wants to make sure people have the latest freshclam 
features, particularly those found in 0.103.2 and 0.103.3, to reduce 
bandwidth cost.


-I don’t want to keep fixing glitchy autotools package detection issues 
for years to come.


But after seeing the (very much unexpected) reaction to the switch 
CMake… it’s clear to me now that *we need to start the LTS program with 
**0.103*.


*/Do we have to continue serving database content to every patch version 
in an LTS release?/*


No.

LTS means that we will promise to continue providing patch versions for 
a given feature release.


I.e. you will get critical fixes in 0.103.4, 0.103.5, 0.103.6, etc. as 
needed until End of Life (EOL) for the 0.103 feature release.


*I need to stress* *that* it doesn’t mean people should /or will be 
allowed/ to continue using vulnerable or otherwise problematic versions 
such as 0.103.0 and 0.103.1 just because they belong to an LTS feature 
release. /We will reserve the right to at some point begin to block 
older patch versions like 0.103.0 from downloading databases to force 
people to use newer patch versions./**


//

*/How often should we select a new feature release for LTS?/*

Some products, like Ubuntu, do a new LTS ever 2 years with support for 5 
years.  2 years feels like a long time but, as much as

Re: [clamav-users] [SUSPICIOUS] PATCH: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Please do.

On 28/07/2021 22:02, Micah Snyder (micasnyd) wrote:

Will do.  Thanks for the fix.  Ok if I add you to the acknowledgements section 
of the news?


-Original Message-
From: Mark Fortescue 
Sent: Wednesday, July 28, 2021 1:59 PM
To: Micah Snyder (micasnyd) ; ClamAV users ML

Subject: Re: [SUSPICIOUS] [clamav-users] PATCH: Re: ClamAV® blog: ClamAV
0.104.0 Release Candidate is here!

Hi Micah,

Please can you submit it for me - I don't have an account.

Regards
Mark.

On 28/07/2021 21:55, Micah Snyder (micasnyd) wrote:

Mark,

This is amazing!  Thanks!
If you have an account on GitHub, can you submit this as a PR?  If not, I can

submit one for you.


Regards,
Micah


-Original Message-
From: clamav-users  On Behalf
Of Mark Fortescue via clamav-users
Sent: Wednesday, July 28, 2021 12:02 PM
To: clamav-users@lists.clamav.net
Cc: Mark Fortescue 
Subject: [SUSPICIOUS] [clamav-users] PATCH: Re: ClamAV® blog: ClamAV
0.104.0 Release Candidate is here!

Hi again,

After a bit of digging around, I have updated CMakeLists.txt to fix
this issue and another minor issue.

See attached patch.

This may not be the correct solution but at least it generated the
correct entries on clamav-types.h.

Regards
Mark.

On 28/07/21 19:10, Mark Fortescue via clamav-users wrote:

Hi All,

I have found a bug that will cause issues for 32bit builds and maybe
some 64bit builds.

On all three of my OS (2 x x86_64 and one x86) tested, CMake is not
setting DEFINE_SF64_PREFIX used in clamav-types.h.in.
This breaks the build on one x86_64 OS and may cause issues on the
x86 OS with 64bit numbers.

Any ideas on how to implement a quick fix ?

Regards
   Mark.

On 28/07/21 01:14, Mark Fortescue wrote:

Hi again,

I needed to read all of the INSTALL.md file not just the top bit.

Got the cmake build to work and the binaries test OK.

Not as user friendly as configure scripts when you are doing
something different. The big advantage of the configure script is
that it can be tweaked when it gets something wrong or at least
opened in an editor to see what it is actually doing. Not sure
where to start if cmake does not do what it is meant to do.

Regards
   Mark.

On 28/07/2021 00:14, Mark Fortescue via clamav-users wrote:

Hi all,

I have two curl installations. One is not suitable for clamav (the
system installed version).

How do I force cmake to pick up the correct library as it is
always picking up the system library not the one in /usr/local/clamav/lib.

In order to move to cmake it would be useful to have a conversion
from all the configure script options to there cmake equivalents.
Is there a way of getting cmake to display all the variables that
can be set (equivalent to ./configure --help) ?

Regards
   Mark.

On 22/07/2021 17:18, Joel Esler (jesler) via clamav-users wrote:




https://secure-web.cisco.com/1cmlGx40jvT3oAaTf3i8ikZAjk4aEjaSDXQ
SZ
Mg5ke_-Dy48p-POE-

Z9m8rXptWDwmvMwvy5cFnDwlE9CN6EgVFbrj59u2-yB3VUtwv

zep_UQT9pdBkfhtUOUMwzYbtTewuX83b1x5j-

9Zn67Ct7DFdxidmVuOxe4pp8SSZLd





U6JNDXGqYuKEMpC4PW3eGHH7l9YGIXfwreFyTU5jj_pbjWiXg9RMPR3d3z2pjZs

Dzp





r5A86DCAnWx522Id2QB3Z8iJp65qqhjS6bkhfcxuKyeMqf_WhKqi8M2Bsy4MP9u

q8g





F_qWm2kBGr5MD75u78WO/https%3A%2F%2Fblog.clamav.net%2F2021%2F07

%2Fc

lamav-01040-release-candidate-is-here.html




ClamAV 0.104.0 Release Candidate is here!

We are pleased to announce the ClamAV 0.104.0 release candidate
<https://secure-



web.cisco.com/12UIwCp1BAMpH6Fx3yfMTvQAEgdYScrSJe_5OywxiP8Qs9bOOa

J39Zlob4FMEdQLnCv6gInXqnDtBiIp9VQG14-
mGqQA5GuygbEndzhjfP0yd0iGz_onhbbMt-


aR2lsTOlVM8EicbLjgVX60DpxW4ZDt9Z6Tw0F7Rg0Dm_79drjYlGcspBOO7wt5LU



QoMD5mTDkFgT1VNRFI9dqhcw5AfrHNud7x6009GE9Zz6sq2cG3dCUJZ4hPzmZc

VriBLepl4VZTzrwXXDNyHv7Id4J-


to6_a3GrqsKK1oz0wVVbcXe3SEV5aCBjVTyEoSmScH6xA/https%3A%2F%2Fwww

.clamav.net%2Fdownloads>.


Please help us validate this release. We need your feedback, so
let us know what you find and join us on the ClamAV mailing list
<https://secure-

web.cisco.com/1zQTp4uqEnanQWlVscXyXOj74GH4GE7zlmez





nwGWWCDJMBsiUdz9vytLXDnxLgoschPJMXZwNDl0v373w0oZdfnL7_iJw5EzjBB



u29zVBCxQhvDhamOwVwrm6jmNPZt1m1EAq1RcRbbmwGJyM9GFBrD2pG2i0z

Z48MmzgivQZ_Ni_csMzfQp2-


Yfc4LZZPvh7mUNfQ1jRvTmboyjv8ryVjTTLhDG5JRn3FIUMQtTjpxHwieAD9M5p4

vK3v9gz0f2mtNhFc6fpJEAReVJMqVOArhQykdQ66j7-


0n7oSwMMOGNu5yP6syYWUBF9_Wfdc96D/https%3A%2F%2Flists.clamav.net

%2Fmailman%2Flistinfo%2Fclamav-users>, or on our Discord
<https://secure-
web.cisco.com/1iq6L1amM4vjXjsy2PrXnFl6InWCEUQGxYRA5z7y-

O80ey9bg1N-

9mojg-


4hdthAYMTWmJ1wsoyeQXwPatWxoogY0klJr4saQ8znd4uhw5GY5i1VsBiD7cda

QMm-
BcgeUTC3DAR22ovZpqi0tOrRLBJsl7qFggvVLeq1qVhu5qQuCehrfrE9h5eGhEF-
ma2XrZjgGkIfFA3ymlOdqevpYpIRvJ3hoLeTA8DH4RDzXB-


fsm_W01YpJWrR651nnFJjQS_RgDJdPkM1hI6v6sAINOJtgy36N6El1jdxBmwV7u0

8RZGtk72Tknh2y4Zh6pGGB/https%3A%2F%2Fdiscord.gg%2FsGaxA5Q>,

which is

bridged with our IRC.


This release candidate phase is only expected to last about two
to four weeks be

Re: [clamav-users] [SUSPICIOUS] PATCH: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi Micah,

Please can you submit it for me - I don't have an account.

Regards
Mark.

On 28/07/2021 21:55, Micah Snyder (micasnyd) wrote:

Mark,

This is amazing!  Thanks!
If you have an account on GitHub, can you submit this as a PR?  If not, I can 
submit one for you.

Regards,
Micah


-Original Message-
From: clamav-users  On Behalf Of
Mark Fortescue via clamav-users
Sent: Wednesday, July 28, 2021 12:02 PM
To: clamav-users@lists.clamav.net
Cc: Mark Fortescue 
Subject: [SUSPICIOUS] [clamav-users] PATCH: Re: ClamAV® blog: ClamAV
0.104.0 Release Candidate is here!

Hi again,

After a bit of digging around, I have updated CMakeLists.txt to fix this issue 
and
another minor issue.

See attached patch.

This may not be the correct solution but at least it generated the correct
entries on clamav-types.h.

Regards
Mark.

On 28/07/21 19:10, Mark Fortescue via clamav-users wrote:

Hi All,

I have found a bug that will cause issues for 32bit builds and maybe
some 64bit builds.

On all three of my OS (2 x x86_64 and one x86) tested, CMake is not
setting DEFINE_SF64_PREFIX used in clamav-types.h.in.
This breaks the build on one x86_64 OS and may cause issues on the x86
OS with 64bit numbers.

Any ideas on how to implement a quick fix ?

Regards
  Mark.

On 28/07/21 01:14, Mark Fortescue wrote:

Hi again,

I needed to read all of the INSTALL.md file not just the top bit.

Got the cmake build to work and the binaries test OK.

Not as user friendly as configure scripts when you are doing
something different. The big advantage of the configure script is
that it can be tweaked when it gets something wrong or at least
opened in an editor to see what it is actually doing. Not sure where
to start if cmake does not do what it is meant to do.

Regards
  Mark.

On 28/07/2021 00:14, Mark Fortescue via clamav-users wrote:

Hi all,

I have two curl installations. One is not suitable for clamav (the
system installed version).

How do I force cmake to pick up the correct library as it is always
picking up the system library not the one in /usr/local/clamav/lib.

In order to move to cmake it would be useful to have a conversion
from all the configure script options to there cmake equivalents. Is
there a way of getting cmake to display all the variables that can
be set (equivalent to ./configure --help) ?

Regards
  Mark.

On 22/07/2021 17:18, Joel Esler (jesler) via clamav-users wrote:




https://secure-web.cisco.com/1cmlGx40jvT3oAaTf3i8ikZAjk4aEjaSDXQSZ
Mg5ke_-Dy48p-POE-

Z9m8rXptWDwmvMwvy5cFnDwlE9CN6EgVFbrj59u2-yB3VUtwv

zep_UQT9pdBkfhtUOUMwzYbtTewuX83b1x5j-

9Zn67Ct7DFdxidmVuOxe4pp8SSZLd



U6JNDXGqYuKEMpC4PW3eGHH7l9YGIXfwreFyTU5jj_pbjWiXg9RMPR3d3z2pjZs
Dzp



r5A86DCAnWx522Id2QB3Z8iJp65qqhjS6bkhfcxuKyeMqf_WhKqi8M2Bsy4MP9u
q8g



F_qWm2kBGr5MD75u78WO/https%3A%2F%2Fblog.clamav.net%2F2021%2F07
%2Fc

lamav-01040-release-candidate-is-here.html




   ClamAV 0.104.0 Release Candidate is here!

We are pleased to announce the ClamAV 0.104.0 release candidate
<https://secure-

web.cisco.com/12UIwCp1BAMpH6Fx3yfMTvQAEgdYScrSJe_5OywxiP8Qs9bOOa
J39Zlob4FMEdQLnCv6gInXqnDtBiIp9VQG14-
mGqQA5GuygbEndzhjfP0yd0iGz_onhbbMt-
aR2lsTOlVM8EicbLjgVX60DpxW4ZDt9Z6Tw0F7Rg0Dm_79drjYlGcspBOO7wt5LU
QoMD5mTDkFgT1VNRFI9dqhcw5AfrHNud7x6009GE9Zz6sq2cG3dCUJZ4hPzmZc
VriBLepl4VZTzrwXXDNyHv7Id4J-
to6_a3GrqsKK1oz0wVVbcXe3SEV5aCBjVTyEoSmScH6xA/https%3A%2F%2Fwww
.clamav.net%2Fdownloads>.


Please help us validate this release. We need your feedback, so
let us know what you find and join us on the ClamAV mailing list
<https://secure-

web.cisco.com/1zQTp4uqEnanQWlVscXyXOj74GH4GE7zlmez



nwGWWCDJMBsiUdz9vytLXDnxLgoschPJMXZwNDl0v373w0oZdfnL7_iJw5EzjBB
u29zVBCxQhvDhamOwVwrm6jmNPZt1m1EAq1RcRbbmwGJyM9GFBrD2pG2i0z
Z48MmzgivQZ_Ni_csMzfQp2-
Yfc4LZZPvh7mUNfQ1jRvTmboyjv8ryVjTTLhDG5JRn3FIUMQtTjpxHwieAD9M5p4
vK3v9gz0f2mtNhFc6fpJEAReVJMqVOArhQykdQ66j7-
0n7oSwMMOGNu5yP6syYWUBF9_Wfdc96D/https%3A%2F%2Flists.clamav.net
%2Fmailman%2Flistinfo%2Fclamav-users>, or on our Discord <https://secure-
web.cisco.com/1iq6L1amM4vjXjsy2PrXnFl6InWCEUQGxYRA5z7y-O80ey9bg1N-
9mojg-
4hdthAYMTWmJ1wsoyeQXwPatWxoogY0klJr4saQ8znd4uhw5GY5i1VsBiD7cda
QMm-
BcgeUTC3DAR22ovZpqi0tOrRLBJsl7qFggvVLeq1qVhu5qQuCehrfrE9h5eGhEF-
ma2XrZjgGkIfFA3ymlOdqevpYpIRvJ3hoLeTA8DH4RDzXB-
fsm_W01YpJWrR651nnFJjQS_RgDJdPkM1hI6v6sAINOJtgy36N6El1jdxBmwV7u0
8RZGtk72Tknh2y4Zh6pGGB/https%3A%2F%2Fdiscord.gg%2FsGaxA5Q>, which
is bridged with our IRC.


This release candidate phase is only expected to last about two to
four weeks before the 0.104.0 Stable version will be published.
Take this opportunity to verify that you 0.104.0 can build and run
in your environment.

Please submit bug reports to the ClamAV project GitHub Issues
<https://secure-web.cisco.com/1vhhocVku-B4Cg3bVfVfUsvYUfeTz18UP-

Tc5dPv-VRUw0lX2nT4h2qsE8I4dY4Ky4mPwis856KuidZc-
geqj_DUbyIUL4_NkzWSu0viTbahbbPJIBnwwT6LmAtGJwLBfTb7bDzjqeWmN5CY
L9v3P4i6U7gzPnt3r_yv0MToTRF48yJ71Bt

[clamav-users] PATCH: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi again,

After a bit of digging around, I have updated CMakeLists.txt to fix this 
issue and another minor issue.


See attached patch.

This may not be the correct solution but at least it generated the 
correct entries on clamav-types.h.


Regards
Mark.

On 28/07/21 19:10, Mark Fortescue via clamav-users wrote:

Hi All,

I have found a bug that will cause issues for 32bit builds and maybe
some 64bit builds.

On all three of my OS (2 x x86_64 and one x86) tested, CMake is not
setting DEFINE_SF64_PREFIX used in clamav-types.h.in.
This breaks the build on one x86_64 OS and may cause issues on the x86
OS with 64bit numbers.

Any ideas on how to implement a quick fix ?

Regards
 Mark.

On 28/07/21 01:14, Mark Fortescue wrote:

Hi again,

I needed to read all of the INSTALL.md file not just the top bit.

Got the cmake build to work and the binaries test OK.

Not as user friendly as configure scripts when you are doing something
different. The big advantage of the configure script is that it can be
tweaked when it gets something wrong or at least opened in an editor to
see what it is actually doing. Not sure where to start if cmake does not
do what it is meant to do.

Regards
 Mark.

On 28/07/2021 00:14, Mark Fortescue via clamav-users wrote:

Hi all,

I have two curl installations. One is not suitable for clamav (the
system installed version).

How do I force cmake to pick up the correct library as it is always
picking up the system library not the one in /usr/local/clamav/lib.

In order to move to cmake it would be useful to have a conversion from
all the configure script options to there cmake equivalents. Is there
a way of getting cmake to display all the variables that can be set
(equivalent to ./configure --help) ?

Regards
 Mark.

On 22/07/2021 17:18, Joel Esler (jesler) via clamav-users wrote:




https://blog.clamav.net/2021/07/clamav-01040-release-candidate-is-here.html




  ClamAV 0.104.0 Release Candidate is here!

We are pleased to announce the ClamAV 0.104.0 release candidate
<https://www.clamav.net/downloads>.

Please help us validate this release. We need your feedback, so let
us know what you find and join us on the ClamAV mailing list
<https://lists.clamav.net/mailman/listinfo/clamav-users>, or on our
Discord <https://discord.gg/sGaxA5Q>, which is bridged with our IRC.

This release candidate phase is only expected to last about two to
four weeks before the 0.104.0 Stable version will be published. Take
this opportunity to verify that you 0.104.0 can build and run in
your environment.

Please submit bug reports to the ClamAV project GitHub Issues
<https://github.com/Cisco-Talos/clamav/issues>.

ClamAV 0.104.0 includes the following improvements and changes.


<https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#new-requirements>




  New Requirements

 *

As of ClamAV 0.104, CMake is required to build ClamAV.

  * We have added comprehensive build instructions for using CMake to
the new |INSTALL.md| file. The online documentation will also be
updated to include CMake build instructions.
  * The Autotools and the Visual Studio build systems have been
removed.


<https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#major-changes>




  Major changes

 *

The built-in LLVM for the bytecode runtime has been removed.

  * The bytecode interpreter is the default runtime for bytecode
signatures just as it was in ClamAV 0.103.
  * We wished to add support for newer versions of LLVM, but ran out
of time. If you're building ClamAV from source and you wish to use
LLVM instead of the bytecode interpreter, you will need to supply
the development libraries for LLVM version 3.6.2. See |INSTALL.md|
to learn more.
 *

There are now official ClamAV images on Docker Hub.

  o /Note/: Until ClamAV 0.104.0 is released, these images are
limited to "unstable" versions, which are updated daily with
the latest changes in the default branch on GitHub.

You can find the images on Docker Hub under |clamav|
<https://hub.docker.com/r/clamav/clamav>.

Docker Hub ClamAV tags:

 *

|clamav/clamav:|: A release preloaded with signature
databases.

Using this container will save the ClamAV project some bandwidth.
Use this if you will keep the image around so that you don't
download the entire database set every time you start a new
container. Updating with FreshClam from the existing databases set
does not use much data.

 *

|clamav/clamav:_base|: A release with no signature
databases.

Use this container *only* if you mount a volume in your container
under |/var/lib/clamav| to persist your signature database
databases. This method is the best option because it will reduce
data costs for ClamAV and for the Docker registry, but it does
require advanced familiarity with Linux and Docker.

/Caution/: 

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi All,

I have found a bug that will cause issues for 32bit builds and maybe 
some 64bit builds.


On all three of my OS (2 x x86_64 and one x86) tested, CMake is not 
setting DEFINE_SF64_PREFIX used in clamav-types.h.in.
This breaks the build on one x86_64 OS and may cause issues on the x86 
OS with 64bit numbers.


Any ideas on how to implement a quick fix ?

Regards
Mark.

On 28/07/21 01:14, Mark Fortescue wrote:

Hi again,

I needed to read all of the INSTALL.md file not just the top bit.

Got the cmake build to work and the binaries test OK.

Not as user friendly as configure scripts when you are doing something
different. The big advantage of the configure script is that it can be
tweaked when it gets something wrong or at least opened in an editor to
see what it is actually doing. Not sure where to start if cmake does not
do what it is meant to do.

Regards
 Mark.

On 28/07/2021 00:14, Mark Fortescue via clamav-users wrote:

Hi all,

I have two curl installations. One is not suitable for clamav (the
system installed version).

How do I force cmake to pick up the correct library as it is always
picking up the system library not the one in /usr/local/clamav/lib.

In order to move to cmake it would be useful to have a conversion from
all the configure script options to there cmake equivalents. Is there
a way of getting cmake to display all the variables that can be set
(equivalent to ./configure --help) ?

Regards
 Mark.

On 22/07/2021 17:18, Joel Esler (jesler) via clamav-users wrote:




https://blog.clamav.net/2021/07/clamav-01040-release-candidate-is-here.html



  ClamAV 0.104.0 Release Candidate is here!

We are pleased to announce the ClamAV 0.104.0 release candidate
<https://www.clamav.net/downloads>.

Please help us validate this release. We need your feedback, so let
us know what you find and join us on the ClamAV mailing list
<https://lists.clamav.net/mailman/listinfo/clamav-users>, or on our
Discord <https://discord.gg/sGaxA5Q>, which is bridged with our IRC.

This release candidate phase is only expected to last about two to
four weeks before the 0.104.0 Stable version will be published. Take
this opportunity to verify that you 0.104.0 can build and run in
your environment.

Please submit bug reports to the ClamAV project GitHub Issues
<https://github.com/Cisco-Talos/clamav/issues>.

ClamAV 0.104.0 includes the following improvements and changes.


<https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#new-requirements>



  New Requirements

 *

As of ClamAV 0.104, CMake is required to build ClamAV.

  * We have added comprehensive build instructions for using CMake to
the new |INSTALL.md| file. The online documentation will also be
updated to include CMake build instructions.
  * The Autotools and the Visual Studio build systems have been
removed.


<https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#major-changes>



  Major changes

 *

The built-in LLVM for the bytecode runtime has been removed.

  * The bytecode interpreter is the default runtime for bytecode
signatures just as it was in ClamAV 0.103.
  * We wished to add support for newer versions of LLVM, but ran out
of time. If you're building ClamAV from source and you wish to use
LLVM instead of the bytecode interpreter, you will need to supply
the development libraries for LLVM version 3.6.2. See |INSTALL.md|
to learn more.
 *

There are now official ClamAV images on Docker Hub.

  o /Note/: Until ClamAV 0.104.0 is released, these images are
limited to "unstable" versions, which are updated daily with
the latest changes in the default branch on GitHub.

You can find the images on Docker Hub under |clamav|
<https://hub.docker.com/r/clamav/clamav>.

Docker Hub ClamAV tags:

 *

|clamav/clamav:|: A release preloaded with signature
databases.

Using this container will save the ClamAV project some bandwidth.
Use this if you will keep the image around so that you don't
download the entire database set every time you start a new
container. Updating with FreshClam from the existing databases set
does not use much data.

 *

|clamav/clamav:_base|: A release with no signature
databases.

Use this container *only* if you mount a volume in your container
under |/var/lib/clamav| to persist your signature database
databases. This method is the best option because it will reduce
data costs for ClamAV and for the Docker registry, but it does
require advanced familiarity with Linux and Docker.

/Caution/: Using this image without mounting an existing
database directory will cause FreshClam to download the entire
database set each time you start a new container.

You can use the |unstable| version (i.e. |clamav/clamav:unstable| or
|clamav/clamav:unstable_base|) to try the latest from our
development bran

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi again,

I needed to read all of the INSTALL.md file not just the top bit.

Got the cmake build to work and the binaries test OK.

Not as user friendly as configure scripts when you are doing something 
different. The big advantage of the configure script is that it can be 
tweaked when it gets something wrong or at least opened in an editor to 
see what it is actually doing. Not sure where to start if cmake does not 
do what it is meant to do.


Regards
Mark.

On 28/07/2021 00:14, Mark Fortescue via clamav-users wrote:

Hi all,

I have two curl installations. One is not suitable for clamav (the 
system installed version).


How do I force cmake to pick up the correct library as it is always 
picking up the system library not the one in /usr/local/clamav/lib.


In order to move to cmake it would be useful to have a conversion from 
all the configure script options to there cmake equivalents. Is there a 
way of getting cmake to display all the variables that can be set 
(equivalent to ./configure --help) ?


Regards
 Mark.

On 22/07/2021 17:18, Joel Esler (jesler) via clamav-users wrote:




https://blog.clamav.net/2021/07/clamav-01040-release-candidate-is-here.html 




  ClamAV 0.104.0 Release Candidate is here!

We are pleased to announce the ClamAV 0.104.0 release candidate 
<https://www.clamav.net/downloads>.


Please help us validate this release. We need your feedback, so let 
us know what you find and join us on the ClamAV mailing list 
<https://lists.clamav.net/mailman/listinfo/clamav-users>, or on our 
Discord <https://discord.gg/sGaxA5Q>, which is bridged with our IRC.


This release candidate phase is only expected to last about two to 
four weeks before the 0.104.0 Stable version will be published. Take 
this opportunity to verify that you 0.104.0 can build and run in your 
environment.


Please submit bug reports to the ClamAV project GitHub Issues 
<https://github.com/Cisco-Talos/clamav/issues>.


ClamAV 0.104.0 includes the following improvements and changes.


  
<https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#new-requirements> 




  New Requirements

 *

    As of ClamAV 0.104, CMake is required to build ClamAV.

  * We have added comprehensive build instructions for using CMake to
    the new |INSTALL.md| file. The online documentation will also be
    updated to include CMake build instructions.
  * The Autotools and the Visual Studio build systems have been removed.


  
<https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#major-changes> 




  Major changes

 *

    The built-in LLVM for the bytecode runtime has been removed.

  * The bytecode interpreter is the default runtime for bytecode
    signatures just as it was in ClamAV 0.103.
  * We wished to add support for newer versions of LLVM, but ran out
    of time. If you're building ClamAV from source and you wish to use
    LLVM instead of the bytecode interpreter, you will need to supply
    the development libraries for LLVM version 3.6.2. See |INSTALL.md|
    to learn more.
 *

    There are now official ClamAV images on Docker Hub.

  o /Note/: Until ClamAV 0.104.0 is released, these images are
    limited to "unstable" versions, which are updated daily with
    the latest changes in the default branch on GitHub.

You can find the images on Docker Hub under |clamav| 
<https://hub.docker.com/r/clamav/clamav>.


Docker Hub ClamAV tags:

 *

    |clamav/clamav:|: A release preloaded with signature
    databases.

    Using this container will save the ClamAV project some bandwidth.
    Use this if you will keep the image around so that you don't
    download the entire database set every time you start a new
    container. Updating with FreshClam from the existing databases set
    does not use much data.

 *

    |clamav/clamav:_base|: A release with no signature 
databases.


    Use this container *only* if you mount a volume in your container
    under |/var/lib/clamav| to persist your signature database
    databases. This method is the best option because it will reduce
    data costs for ClamAV and for the Docker registry, but it does
    require advanced familiarity with Linux and Docker.

    /Caution/: Using this image without mounting an existing
    database directory will cause FreshClam to download the entire
    database set each time you start a new container.

You can use the |unstable| version (i.e. |clamav/clamav:unstable| or 
|clamav/clamav:unstable_base|) to try the latest from our development 
branch.


Please, be kind when using "free" bandwidth for the virus databases 
and Docker registry. Try not to download the entire database set or 
the larger ClamAV database images on a regular basis.


For more details, see the ClamAV Docker documentation 
<https://docs.clamav.net/manual/Installing/Docker.html>.


Special thanks to Olliver Schinagl for his

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi all,

I have two curl installations. One is not suitable for clamav (the 
system installed version).


How do I force cmake to pick up the correct library as it is always 
picking up the system library not the one in /usr/local/clamav/lib.


In order to move to cmake it would be useful to have a conversion from 
all the configure script options to there cmake equivalents. Is there a 
way of getting cmake to display all the variables that can be set 
(equivalent to ./configure --help) ?


Regards
Mark.

On 22/07/2021 17:18, Joel Esler (jesler) via clamav-users wrote:




https://blog.clamav.net/2021/07/clamav-01040-release-candidate-is-here.html


  ClamAV 0.104.0 Release Candidate is here!

We are pleased to announce the ClamAV 0.104.0 release candidate 
.


Please help us validate this release. We need your feedback, so let us 
know what you find and join us on the ClamAV mailing list 
, or on our 
Discord , which is bridged with our IRC.


This release candidate phase is only expected to last about two to 
four weeks before the 0.104.0 Stable version will be published. Take 
this opportunity to verify that you 0.104.0 can build and run in your 
environment.


Please submit bug reports to the ClamAV project GitHub Issues 
.


ClamAV 0.104.0 includes the following improvements and changes.


  



  New Requirements

 *

As of ClamAV 0.104, CMake is required to build ClamAV.

  * We have added comprehensive build instructions for using CMake to
the new |INSTALL.md| file. The online documentation will also be
updated to include CMake build instructions.
  * The Autotools and the Visual Studio build systems have been removed.


  



  Major changes

 *

The built-in LLVM for the bytecode runtime has been removed.

  * The bytecode interpreter is the default runtime for bytecode
signatures just as it was in ClamAV 0.103.
  * We wished to add support for newer versions of LLVM, but ran out
of time. If you're building ClamAV from source and you wish to use
LLVM instead of the bytecode interpreter, you will need to supply
the development libraries for LLVM version 3.6.2. See |INSTALL.md|
to learn more.
 *

There are now official ClamAV images on Docker Hub.

  o /Note/: Until ClamAV 0.104.0 is released, these images are
limited to "unstable" versions, which are updated daily with
the latest changes in the default branch on GitHub.

You can find the images on Docker Hub under |clamav| 
.


Docker Hub ClamAV tags:

 *

|clamav/clamav:|: A release preloaded with signature
databases.

Using this container will save the ClamAV project some bandwidth.
Use this if you will keep the image around so that you don't
download the entire database set every time you start a new
container. Updating with FreshClam from the existing databases set
does not use much data.

 *

|clamav/clamav:_base|: A release with no signature databases.

Use this container *only* if you mount a volume in your container
under |/var/lib/clamav| to persist your signature database
databases. This method is the best option because it will reduce
data costs for ClamAV and for the Docker registry, but it does
require advanced familiarity with Linux and Docker.

/Caution/: Using this image without mounting an existing
database directory will cause FreshClam to download the entire
database set each time you start a new container.

You can use the |unstable| version (i.e. |clamav/clamav:unstable| or 
|clamav/clamav:unstable_base|) to try the latest from our development 
branch.


Please, be kind when using "free" bandwidth for the virus databases 
and Docker registry. Try not to download the entire database set or 
the larger ClamAV database images on a regular basis.


For more details, see the ClamAV Docker documentation 
.


Special thanks to Olliver Schinagl for his excellent work creating 
ClamAV's new Docker files, image database deployment tooling, and user 
documentation.


 *

|clamd| and |freshclam| are now available as Windows services. To
install and run them, use the |--install-service| option and |net
start [name]| command.

Special thanks to Gianluigi Tiesi for his original work on this
feature.


  



  Notable changes

We added these features in 0.103.1 but wanted to re-post them here, as 
patch versions do not generally introduce new options:


 *

Added a new s

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi Joel,

One quick answer to why people do not upgrade the OS is that the 
hardware does not support the upgrade (mostly due to memory and x86_64).


I work with embedded systems where the code is very specific to the 
hardware so new hardware is not an option.


For others it may just be the hassle of starting setting up a new OS and 
fixing all the distribution bugs/annoyances that get installed with each 
new OS all over again.


Regards
Mark.

On 27/07/2021 16:30, Joel Esler (jesler) via clamav-users wrote:



On Jul 27, 2021, at 11:27 AM, Paul Kosinski via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


On Mon, 26 Jul 2021 11:35:29 -0400
"Rick Cooper" mailto:rcoo...@dwford.com>> wrote:


And what, exactly, is the reason for moving to cmake? I am sure you know
it's going to be problematic for thousands of people so I am curious what
tremendous gain of speed, size, memory usage or seciurity the other users
get from this change, or if it's just a convenience thing for the
developers?



I get the impression that *all* recent software development (at least 
in Open Source) has given up any notion of backward compatibility. For 
example, Firefox (even ESR) has been a disaster in the past few years, 
changing the UI with every major release, once totally blowing away 
users' bookmarks, and of course, completely invalidating many, many 
years of add-on development by many people due to switching from XUL 
to the less powerful WebExtensions.


Now I wonder what will happen when I next try to build ClamAV on my 
three different Debian systems (7, 8 & 10).


You can’t support everything, forever.  You have to push forward with 
new tools and technology that make securing your customers easier and 
better and provide more functionality to us (the authors of the ruleset) 
to better protect people (you).


If you’re using security software to protect yourself, why would you not 
do the most basic things and upgrade the OS of the systems underneath? 
  I never understood this.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi Andrew,

My reading of this small section of the log is that the tests failed 
because the response was not as expected:


  'Wrong reply for command'

The error seems to be due to the use of a symlink /home/frans/tw/data to 
/mnt/data/fdb-data.


The tests scripts need to do more work if they are to work properly in 
the presence of symlinks.


It should be reported as a test suite bug.

Regards
Mark.

On 26/07/2021 09:43, Andrew C Aitchison via clamav-users wrote:

On Mon, 26 Jul 2021, Frans de Boer wrote:


Here's your problem:

8<--
[DEBUG]: Exit code: 1
[DEBUG]: stdout: Running suite(s): clamd
90%: Checks: 77, Failures: 7, Errors: 0
/home/frans/tw/data/projects/linux/security/clamav/clamav-0.104.0-rc-org/unit_tests/check_clamd.c:303:F:clamd 
commands:test_basic_commands:15: Wrong reply for command nSCAN 
/home/frans/tw/data/projects/linux/security/clamav/cla

.
Received: 
/mnt/data/fdb-data/projects/linux/security/clamav/clamav-build/unit_tests/accdenied: 
Access denied. ERROR


Expected: 
/home/frans/tw/data/projects/linux/security/clamav/clamav-build/unit_tests/accdenied: 
Access denied. ERROR



/home/frans/tw/data/projects/linux/security/clamav/clamav-0.104.0-rc-org/unit_tests/check_clamd.c:303:F:clamd 
commands:test_basic_commands:16: Wrong reply for command nCONTSCAN 
/home/frans/tw/data/projects/linux/security/clamav

.
Received: 
/mnt/data/fdb-data/projects/linux/security/clamav/clamav-build/unit_tests/accdenied: 
Access denied. ERROR


Expected: 
/home/frans/tw/data/projects/linux/security/clamav/clamav-build/unit_tests/accdenied: 
Access denied. ERROR

8<--

Are you doing something clever with mount paths, or has the test
script just not noticed?

Nope, nothing 'clever' and doing it already for 20+ years without 
problem.
The accdenied file does have the 'r' flag unset, so the error report 
is correct.


No. IIUC the *test* failed not because the command failed,
but because the error message reported the wrong filename.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Warning: No matches found for: clamav on CentOS Linux release 7.9.2009 (Core)

[Mark Fortescue via clamav-users]

Hi Kaushal,

You have a small configuration error in you systemd/clamd setup.

Not sure if it is the best way but try:

sudo cp -p /etc/clamd.d/scan.conf
 /etc/clamd.d/server.conf

Regards
Mark.

On 19/07/2021 19:47, Matus UHLAR - fantomas wrote:

On 20.07.21 00:08, Kaushal Shriyan via clamav-users wrote:
I am unable to start clamd service on CentOS Linux release 7.9.2009 
(Core).

Details are as follows.

#systemctl start clamd@server.service
Job for clamd@server.service failed because the control process exited 
with

error code. See "systemctl status clamd@server.service" and "journalctl
-xe" for details.



Jul 20 00:01:57 testdeveloperportal systemd: Starting clamd scanner

(server) daemon...
Jul 20 00:01:57 testdeveloperportal clamd: ERROR: Can't open/parse the
config file /etc/clamd.d/server.conf


Isn't
"Can't open/parse the config file /etc/clamd.d/server.conf"
explanatory enough?


# ls -l /etc/clamd.d/
total 68
-rw-r--r-- 1 root root 12110 Feb 27  2020 clamsmtp.conf
-rw-r--r-- 1 root root 26647 Jul 19 23:58 scan.conf
-rw-r--r-- 1 root root 26648 Jul 19 23:57 scan.conf.2021-07-19


it's not there...
I guess it's what "clamd.conf" is on other systems.




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] New installation 103.3; failing freshclam

[Mark Fortescue via clamav-users]

Hi Paul,

Check out what SSL groups are set in /etc/groups.
On my uBuntu, the SSL directories are (edited out dates/size):

drwxr-xr-x 3 root root /etc/ssl/certs/
drwx--x--- 2 root ssl-cert /etc/ssl/private/

SSL/Curl will complain about these if not set correctly so 'private' and 
'certs' will need to be set up properly:


chgrp ssl-cert /etc/ssl/private
chmod 710  /etc/ssl/private
chmod 755  /etc/ssl/certs

You should have an ssl-cert or something similar in your /etc/groups file.

The only private key I have is ssl-cert-snakeoil so what freshclam will 
need will be something in 'certs'.


Ged/others may know which specific pem/crt files are needed to get 
freshclam to play ball. I don't.


I am sorry that I can't help much further as my x86 LFS dist is not 
available at the moment so I can't replicate the issues.


I hope this helps a bit.

Regards
Mark.

On 19/07/2021 18:07, Paul Rogers via clamav-users wrote:

ClamAV is relying on curl, and if you intend to carry on digging then
like Micah I think that's where you need to be looking.  So the extra
logging that I suggested should be in curl, not in ClamAV.  See e.g.

https://curl.se/libcurl/c/CURLOPT_VERBOSE.html


I'm afraid this is no help to me.  My programming experience long predates C, 
FORTRAN II was my native tongue.  I'm now so old my short-term memory is shot; 
I CAN'T learn it now.  A somewhat competent sysadmin is all I can manage.  I 
did a little grepping, but found no place I was confident to set it.  But it 
configure says it was built in (note march=i686!):

configure: Configured to build curl/libcurl:

   Host setup:   i686-pc-linux-gnu
   Install prefix:   /usr/local
   Compiler: gcc
CFLAGS:  -march=i686 -Werror-implicit-function-declaration -O2 
-Wno-system-headers -pthreadsystem /usr/local/include
LDFLAGS: -L/usr/lib -L/usr/local/lib
LIBS:-lnettle -lgnutls -lssl -lcrypto -lssl -lcrypto -lz

   curl version: 7.77.0
   SSL:  enabled (OpenSSL, GnuTLS)
   SSH:  no  (--with-{libssh,libssh2})
   zlib: enabled
   brotli:   no  (--with-brotli)
   zstd: no  (--with-zstd)
   GSS-API:  no  (--with-gssapi)
   GSASL:no  (libgsasl not found)
   TLS-SRP:  enabled
   resolver: POSIX threaded
   IPv6: no  (--enable-ipv6)
   Unix sockets: enabled
   IDN:  no  (--with-{libidn2,winidn})
   Build libcurl:Shared=yes, Static=no
   Built-in manual:  enabled
   --libcurl option: enabled (--disable-libcurl-option)
   Verbose errors:   enabled (--disable-verbose)
   Code coverage:disabled
   SSPI: no  (--enable-sspi)
   ca cert bundle:   /etc/ssl/ca-bundle.crt
   ca cert path: /etc/ssl/certs
   ca fallback:  no
   LDAP: no  (--enable-ldap / --with-ldap-lib / --with-lber-lib)
   LDAPS:no  (--enable-ldaps)
   RTSP: enabled
   RTMP: no  (--with-librtmp)
Metalink: no  (--with-libmetalink)
   PSL:  no  (libpsl not found)
   Alt-svc:  enabled (--disable-alt-svc)
   HSTS: enabled (--disable-hsts)
   HTTP1:enabled (internal)
   HTTP2:no  (--with-nghttp2, --with-hyper)
   HTTP3:no  (--with-ngtcp2, --with-quiche)
   ECH:  no  (--enable-ech)
   Protocols:DICT FILE FTP FTPS GOPHER GOPHERS HTTP HTTPS IMAP IMAPS 
MQTT POP3 POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP
   Features: AsynchDNS HSTS HTTPS-proxy Largefile MultiSSL NTLM NTLM_WB 
SSL TLS-SRP UnixSockets alt-svc libz
  

But why didn't you just spin up a VM like I suggested?  With a little
bit of effort you'd have had it up and running nearly three weeks ago.


Because this old system built to run on legacy 32-bit hardware only has llvm 
installed and that because it's a Mesa dependency, nothing higher.  This is not 
a kitchen-sink distro.


drwxr-xr-x 2 root root4096 Jul  7 22:42 private



Those permissions look wrong to me.


It's empty anyhow.  What should it be?  (I was running freshclam as root.)



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to make freshclam to update existing files?

[Mark Fortescue via clamav-users]

Hi Michael,

How much free user disk space do you have ?

I had this sort of problem when I ran out of disk space.

The database files need to be uncompressed to apply the daily diffs so 
you need at least 3 Gig of user disk space free in the database directory.


Regards
Mark.

On 08/07/2021 14:31, Michael Wang wrote:

I am running the freshclam.exe like this:

PS C:\Users\m.wang> \\xxx\clamav\bin\freshclam.exe --datadir 
\\xxx\clamav\bin\database


and I got the following error:

ERROR: updatedb: *Can't rename* 
\\xxx\clamav\bin\database\tmp.78a757d3cf\clamav-57fd2bf1f4d6d423e4896f0ef3e97c52.tmp-daily.cvd 
to daily.cv 

d: *File exists*

I am thinking of removing the *.cvd files before running freshclam, but 
is there an option to make freshclam to override the existing old *.cvd 
files? Thanks.


Full log:

PS C:\Users\m.wang> \\xxx\clamav\bin\freshclam.exe --datadir 
\\xxx\clamav\bin\database

ClamAV update process started at Wed Jul  7 18:40:18 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.2 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
daily database available for download (remote version: 26224)
Time:   12.4s, ETA:    0.0s [>]  102.41MiB/102.41MiB
Testing database: 
'\\xxx\clamav\bin\database\tmp.78a757d3cf\clamav-57fd2bf1f4d6d423e4896f0ef3e97c52.tmp-daily.cvd' 
...

Database test passed.
ERROR: updatedb: Can't rename 
\\xxx\clamav\bin\database\tmp.78a757d3cf\clamav-57fd2bf1f4d6d423e4896f0ef3e97c52.tmp-daily.cvd 
to daily.cv 

d: File exists
ERROR: Unexpected error when attempting to update daily: Failed to 
read/write file to database directory
ERROR: Database update process failed: Failed to read/write file to 
database directory

ERROR: Update failed.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam getfile failed - and clamav links Cloudfare 1020 error.

[Mark Fortescue via clamav-users]

Hi Rémy,

This is not a cloudflare issue. This is an EOL issue.

You need to update to the latest version of clamav. If the latest 
pre-built version is 0.99 then you will probably have to learn to build 
from source.


Regards
Mark.

On 10/03/2021 16:49, Rémy DODIN via clamav-users wrote:

Hi,

Since several weeks (may be since clamav migrated to cloudflare), 
Freshclam is no more able to get updates and fails not been able to get 
any databases (main, daily etc..) - It stopped to work sudently making 
me think it could be a cloudflare issue.

- Environment ArcaOS
- latest available build 0.99
- Trying to go to www.clamav.net, I have a cloudflare error message 1020 
showing my ip@ !

( doing the same under a windows session using the same ip@, it works )

Any idea how to resolve this ?
Is the OS not recognized by Cloudflare ?  (ArcaOS - same as OS/2)

Regards
R.D


"Ce message et toutes ses pièces jointes sont établis à l'intention 
exclusive de son/ses destinataire(s) et sont confidentiels. Si vous 
recevez ce message par erreur, merci de le détruire et d'en avertir 
immédiatement l'expéditeur. Toute utilisation de ce message et/ou de son 
contenu par une personne autre qu'un destinataire, et toute diffusion ou 
publication ultérieure du contenu de ce message, en totalité ou en 
partie, est interdite sauf autorisation préalable et écrite de l'émetteur"




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV Scan - Data Read vs Data Scanned

[Mark Fortescue via clamav-users]

Yes.

On 04/11/2020 17:49, Micah Snyder (micasnyd) via clamav-users wrote:

Do you reckon folks will be less confused if it rounds up?

-Micah

On 11/3/20, 1:37 PM, "clamav-users on behalf of Paul Kosinski via clamav-users" 
 wrote:

 If ClamAV always rounded up when counting the number of 16kb blocks,
 then it should be counting at least 0.016384 MB (or 0.015625 MiB) for
 tiny files. By normal rounding rules this should display as 0.02 MB/MiB.


 On Tue, 3 Nov 2020 17:50:18 +
 Mark Fortescue via clamav-users  wrote:

 > Hi all,
 >
 > I would call this a bug. Scanning 1 byte is the same as scanning 1 block.
 >
 > When storing things in blocks is is always important to round up or you
 > get a false impression of reality.
 >
 > You can't store 100 bytes in 0 disk sectors of 128 bytes. It is always 1
 > disk sector.
 >
 > Can you not just round up by adding (BlockSize - 1) bytes when setting
 > the block variables ?
 >
 > Regards
 >   Mark.
 >
 > On 03/11/2020 16:07, Paul Kosinski via clamav-users wrote:
 > > "This is a display problem, not a storage problem."
 > >
 > > I disagree. When the counts in info.blocks and info.rblocks are counts
 > > of 16kb *blocks*, keeping precise track of the reading and scanning of
 > > small files is impossible, no matter how clever the display code is.
 > >
 > >
 > >
 > > On Tue, 3 Nov 2020 17:44:18 +1100
 > > "Gary R. Schmidt"  wrote:
 > >
 > >> On 03/11/2020 16:00, Paul Kosinski via clamav-users wrote:
 > >>> "(don't you love C?)"
 > >>>
 > >>> I have never understood why the originators of C didn't give integers
 > >>> explicit widths in bits: their scheme made C code often non-portable.
 > >>>
 > >> Because C is intended to be very, very close to the machine
 > >> architecture, only a step or tow above assembler, or doing the
 > >> bit-twiddling by hand.
 > >>
 > >>> When I wrote code in the mid 1990s for the DEC Alpha, ints were 32 
bits
 > >>> while longs were 64 (unlike "standard" C). This made Alpha C code not
 > >>> portable to lesser CPUs. On the other hand, when I wrote C on DOS for
 > >>> the IBM PC in the late 1980s, ints were only 8 bits! It took some 
time
 > >>> to figure out why my C-compliant code failed so badly. In spite of 
all
 > >>> that, having started programming before C was invented, I can safely
 > >>> say that C is better than its predecessors for software like ClamAV.
 > >>>
 > >> Uh, not a good example, I've written C code that is still in use on
 > >> everything from 80286s (yes, Virginia, there are people who keep them
 > >> alive, not just because they're cheap, sometimes just because they
 > >> *can*) to DEC Alphas and Power and SPARC64 and PA-RISC, it's just a
 > >> matter of knowing what you are doing, and sticking to it...
 > >>
 > >>> P.S. Good code these days tends to use typedefs defining things like
 > >>> int32, uint64 etc. A shame the original ClamAV coders didn't do that.
 > >>>
 > >> And none of this has *anything* to do with the original problem - 
seeing
 > >> 0 when the value is 0.01, or so.
 > >>
 > >> This is a display problem, not a storage problem.  You could declare
 > >> something as PIC(999.99) and you will still only see 0
 > >> if you told it to display two decimal places.
 > >>
 > >>  Cheers,
 > >>  GaryB-)
 >

 ___

 clamav-users mailing list
 clamav-users@lists.clamav.net
 https://lists.clamav.net/mailman/listinfo/clamav-users


 Help us build a comprehensive ClamAV guide:
 https://github.com/vrtadmin/clamav-faq

 http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV Scan - Data Read vs Data Scanned

[Mark Fortescue via clamav-users]

Hi all,

I would call this a bug. Scanning 1 byte is the same as scanning 1 block.

When storing things in blocks is is always important to round up or you 
get a false impression of reality.


You can't store 100 bytes in 0 disk sectors of 128 bytes. It is always 1 
disk sector.


Can you not just round up by adding (BlockSize - 1) bytes when setting 
the block variables ?


Regards
Mark.

On 03/11/2020 16:07, Paul Kosinski via clamav-users wrote:

"This is a display problem, not a storage problem."

I disagree. When the counts in info.blocks and info.rblocks are counts
of 16kb *blocks*, keeping precise track of the reading and scanning of
small files is impossible, no matter how clever the display code is.



On Tue, 3 Nov 2020 17:44:18 +1100
"Gary R. Schmidt"  wrote:


On 03/11/2020 16:00, Paul Kosinski via clamav-users wrote:

"(don't you love C?)"

I have never understood why the originators of C didn't give integers
explicit widths in bits: their scheme made C code often non-portable.
   

Because C is intended to be very, very close to the machine
architecture, only a step or tow above assembler, or doing the
bit-twiddling by hand.


When I wrote code in the mid 1990s for the DEC Alpha, ints were 32 bits
while longs were 64 (unlike "standard" C). This made Alpha C code not
portable to lesser CPUs. On the other hand, when I wrote C on DOS for
the IBM PC in the late 1980s, ints were only 8 bits! It took some time
to figure out why my C-compliant code failed so badly. In spite of all
that, having started programming before C was invented, I can safely
say that C is better than its predecessors for software like ClamAV.
   

Uh, not a good example, I've written C code that is still in use on
everything from 80286s (yes, Virginia, there are people who keep them
alive, not just because they're cheap, sometimes just because they
*can*) to DEC Alphas and Power and SPARC64 and PA-RISC, it's just a
matter of knowing what you are doing, and sticking to it...


P.S. Good code these days tends to use typedefs defining things like
int32, uint64 etc. A shame the original ClamAV coders didn't do that.
   

And none of this has *anything* to do with the original problem - seeing
0 when the value is 0.01, or so.

This is a display problem, not a storage problem.  You could declare
something as PIC(999.99) and you will still only see 0
if you told it to display two decimal places.

Cheers,
GaryB-)



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamd scan problem

[Mark Fortescue via clamav-users]

Hi Tsutomu,

How much memory is available on your AIX system ?

Recommendations vary but I think the general rule will be you need 
4GBytes or more for any server that has to do more than just run Clamd. 
Anything less that 2GBytes is going to be very slow or fail.


Regards
Mark.

On 31/10/2020 13:26, Tsutomu Oyamada wrote:

Hi, all.

Scanning certain files will result in a memory error in clamd version 0.101.5.
The platform is AIX.
This behavior does not occur in CVD version 25904, but does occur in CVD 
version 25973. (I don't know which version came to happen.)

I think the CVD signature is affected. The reason is that the CVD version is 
new and occurred.

File: com.ibm.tws.panels_9.2.0.201402121518.jar

Error: Can't Allocate Memory ERROR

Can you give me some advice on how to resolve this situation?



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamd.exe

[Mark Fortescue via clamav-users]

Hi,

Have you tried C:\\Windows or C:/Windows.

Just a thought.

Regards
 Mark.

On 23/10/2020 19:46, Marcy Rogers via clamav-users wrote:

Ged

Thank you for the advice.

When I installed Clamav for Windows, the install places the Clamav in 
the c:\program files.
I followed the instructions for installing Clamav for Windows and placed 
the clamd.conf file in the c:\program files\clamav.
I ran powershell as an admin and edited the clamd.conf file.  I will 
attach the config file that I am using.

In the config file, you will see this.
# Don't scan files and directories matching regex
# This directive can be used multiple times
# Default: scan all
#ExcludePath "C:\temp"
ExcludePath "C:\Windows"

I have removed the # sign in front of the "c:\windows" because I want to 
exclude it from being scanned.
The C:Windows is still being scanned even though I have told Clamd.exe 
not to scan that directory.

But
# Perform a database check.
# Default: 600 (10 min)
SelfCheck 3600

This was set at 600 before I changed it to 3600 minutes.  Clamd.exe is 
reading to do a selfcheck every 3600 minutes but it is not reading to 
excludepath "c:\windows"


I have tried to force it to read the clamd.conf and it still scans the 
c:\windows directory even if it is excluded.




Added my config file as a text file hoping someone can help me out.  I 
have been working on this for 4 months now.  I am scanning but it is 
taking over 5 hours to scan and I would like to cut that down by not 
scanning the Window directory.


Thanks,

Marcy

On Fri, Oct 23, 2020 at 2:26 PM G.W. Haywood via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


Hi there,

On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:

 > Good Morning,

Good evening. :)

 > I have Clamav on Windows Servers.  I am running clamd.exe in
powershell
 > with this command, .\clamd.exe
 >
 > Do you need to put the config file in there for clamd.exe to read
it?  I
 > understood that just running clamd.exe should read the config file.

Most tools which use a configuration file will have a 'default'
location (often more than one location) where they will look for a
configuration file if they aren't told where to look for it in the
command itself.  The clamd daemon has such a default but I don't know
what it is for your system, you should be able to find documentation
which tells you.  The same documentation will tell you how to specify
the location of the file on the command line.

 > I am asking because the clamd.exe is not reading my config file
because I
 > have excluded c:windows but it is still scanning c:\windows folder.

To be clear, are we talking about the 'ExcludePath' directive?

Sometimes tools are fussy about the precise syntax of configration
options.  If your clamd is reading the configuration file which you
think it is reading and you have properly set the exclusion in the
configuration then you may need to experiment with the syntax.  As I
don't use clamd on Windows I have no experience to offer but I'm sure
that someone else here will.

The clamd daemon does not itself scan things from the command line.
Another tool such as clamdscan (which uses clamd to do the scan) or
clamscan (which doesn't) will do that.  So if you run clamd.exe from
the command line would not expect a scan to take place immediately,
all that I'd expect to happen is that the daemon would be started.

-- 


73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net 
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Thousands of log entries for real filename

[Mark Fortescue via clamav-users]

Hi Royce,

There may be an issue with the way you are running clamonacc.

Scanning the hole filing system can cause recursion as the system may 
try to re-scan the log every time it is updated generating a new log 
entry or may try to scan special files that are not suitable for scanning.


Stop the clamonacc process.

Sort out a much smaller subset of directories that you need to scan and 
you will avoid filling the log file due to user error while you learn 
the pitfalls.


Read up on what files and parts of the filing system are suitable for 
scanning as not all parts of a Linux filing system are suitable for 
scanning.


Regards
Mark.


On 11/09/2020 17:39, Royce Souther via clamav-users wrote:
I setup *clamd* running as the clamscan user. I have *clamonacc* running 
as root.


I was not able to get *clarmonacc* to use syslog so I pass it a log file 
path argument. It is logging but for each file on the scan mount of */* 
it has a log entry for not having the real file name.



Failed to determine real filename of 
/tmp/clamav-da9a1749ec60ae0db9e40b6fc02c141b.tmp.
Failed to determine real filename of 
/tmp/clamav-797cf8cc9c779ee67d5f1a6a21224219.tmp.
Failed to determine real filename of 
/tmp/clamav-5f74481b1a4c0d6a8c8f83f7b87267ee.tmp.
Failed to determine real filename of 
/tmp/clamav-61c5d757a61ec1df46badf46003b7214.tmp.
Failed to determine real filename of 
/tmp/clamav-8b7e55b8d7d431f8a96b72c1c8958a45.tmp.
Failed to determine real filename of 
/tmp/clamav-8b7e55b8d7d431f8a96b72c1c8958a45.tmp.
Failed to determine real filename of 
/tmp/clamav-dfafeb1a7b735fcf9820565661c0089f.tmp.
Failed to determine real filename of 
/tmp/clamav-985a118f2faed2e563d3a21c8df88450.tmp.
Failed to determine real filename of 
/tmp/clamav-985a118f2faed2e563d3a21c8df88450.tmp.


This is the config file I am using with *clamonacc*
TCPAddr localhost
TCPSocket 3310
OnAccessMountPath /

The only references I can find from Google is to three code repositories 
that show the source code for the file that contains the message " 
Failed to determine real filename of"


It is still making these logs after an hour.
Will it stop?
Does it start over when the service is restarted?
Is there a config option I could add that would allow it to get the real 
filename?

Is there a config option I could add that would suppress this message?


--
Easy, fast GUI development.
http://PerlQt.wikidot.com


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problems compiling 0.102.4 on OLD system

[Mark Fortescue via clamav-users]

Hi Kevin,

It looks like you will have to create/enable private versions of the 
openat(), ranameat() and unlinkat() functions.


These can be simulated using regular C functions open(), unlink(), 
rename(), stat() and readdir().


You will need to get manual pages for openat(), ranameat() and 
unlinkat() functions to understand the differences with the regular 
versions.


Parsing paths is not always the easiest thing to do but the learning 
curve can be useful.


Regards
Mark.

On 16/07/2020 22:22, Kevin A. McGrail via clamav-users wrote:

Hi, I have an old system I'm compiling.

I have 0.102.3 working on it.

Here's the config line:

CC=/usr/local/gcc4.2.4/bin/gcc ./configure --prefix=/usr/local/clamav
--with-user=defang --with-group=defang --enable-llvm=no
--with-openssl=/usr/local/ssl --with-pcre=/usr/local/pcre2
--with-zlib=/usr/local/zlib --with-xml=/usr/local/libxml2
--disable-clamonacc --disable-unrar

I believe the relevant error info is below if anyone has advice.  It's
an old system and just trying to keep it limping a few more weeks.

make[2]: Entering directory `/usr/src/clamav-0.102.4/libfreshclam'
   CC   output.lo
   CC   optparser.lo
   CC   getopt.lo
   CC   misc.lo
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from ../shared/output.c:56:
../libclamav/pe_structs.h:159:7: warning: no newline at end of file
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from ../shared/optparser.c:48:
../libclamav/pe_structs.h:159:7: warning: no newline at end of file
   CC   cdiff.lo
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from ../shared/misc.c:48:
../libclamav/pe_structs.h:159:7: warning: no newline at end of file
   CC   tar.lo
   CC   cert_util.lo
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from ../shared/cdiff.c:40:
../libclamav/pe_structs.h:159:7: warning: no newline at end of file
   CC   libfreshclam.lo
In file included from ../shared/cert_util.c:30:
../shared/cert_util.h:121:7: warning: no newline at end of file
   CC   libfreshclam_internal.lo
   CC   dns.lo
In file included from libfreshclam.c:61:
../shared/cert_util.h:121:7: warning: no newline at end of file
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from libfreshclam.c:65:
../libclamav/pe_structs.h:159:7: warning: no newline at end of file
   CC   cert_util_linux.lo
In file included from libfreshclam_internal.c:85:
../shared/cert_util.h:121:7: warning: no newline at end of file
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from libfreshclam_internal.c:88:
../libclamav/pe_structs.h:159:7: warning: no newline at end of file
In file included from ../shared/linux/cert_util_linux.c:32:
../shared/cert_util.h:121:7: warning: no newline at end of file
   OBJCLD   libfreshclam.la
make[2]: Leaving directory `/usr/src/clamav-0.102.4/libfreshclam'
Making all in clamscan
make[2]: Entering directory `/usr/src/clamav-0.102.4/clamscan'
   CC   output.o
   CC   optparser.o
   CC   getopt.o
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from ../shared/optparser.c:48:
../libclamav/pe_structs.h:159:7: warning: no newline at end of file
   CC   actions.o
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from ../shared/actions.c:51:
../libclamav/pe_structs.h:159:7: warning: no newline at end of file
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from ../shared/output.c:56:
../libclamav/pe_structs.h:159:7: warning: no newline at end of file
   CC   misc.o
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from ../shared/misc.c:48:
../libclamav/pe_structs.h:159:7: warning: no newline at end of file
   CC   clamscan.o
   CC   manager.o
In file included from ../libclamav/execs.h:28,
  from ../libclamav/matcher.h:30,
  from ../libclamav/others.h:22,
  from clamscan.c:42:
../libclamav/pe_

Re: [clamav-users] freshclam in clamav 0.102.2 stuck in cli_tgzload

[Mark Fortescue via clamav-users]

Hi Pierluigi,

Had a quick look at an older version of the code. It probably has not 
changed too much.


To loop as described, it means that fseek() and ftell() are not working 
properly in libclamav/cvd.c.


Just looking at the definitions of the types, there may be an issue with 
'size' and 'pad' not getting properly passed to fseek().


Try changing the fseek() at the bottom of the loop to cast 'sise' to 
long before adding pad in the fseek() call and see what happens. e.g.


   fseek(dbio->fs, (long)size + pad, SEEK_CUR);

Also change the code to check the value returned by fseek(). It should 
be returning 0.


If the cast works then it would be a good idea to try and make 'size' 
and 'pad' 'unsigned long' instead of 'unsigned int'.


Hope this helps.

Regards
Mark.

On 21/03/2020 13:41, Pierluigi Frullani via clamav-users wrote:

I've tried to understand better where is stuck.

The problem is in cli_tgzload ( and that was the easy part ):

during the while loop I see that it continuously loop on:

LibClamAV debug: cli_tgzload: Loading COPYING, size: 17992
LibClamAV debug: cli_tgzload: Loading COPYING, size: 17992

Any idea ?


On Fri, Mar 20, 2020 at 5:45 PM Pierluigi Frullani 
mailto:pierluigi.frull...@gmail.com>> wrote:


Hi all,
  I've managed to compile clamav 0.102.2 on solaris 10.

clamd and clamav-milter are able to start, but if I run a freshclam
( to get new database definition ) it starts downloading several
files and then it remain stuck on:

LibClamAV debug: Initialized 0.102.2 engine
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = ca37a0074e1887418b1d8fa203f920f3
LibClamAV debug: cli_versig: Decoded signature:
ca37a0074e1887418b1d8fa203f920f3
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()

for ever.

By trussing the process it seems that it is in an endless loop:
19866:  llseek(4, 512, SEEK_SET)                        = 512
19866:  read(4, "1F8B\b\0\0\0\0\00203ECBD".., 8192)     = 8192
19866:  llseek(4, 512, SEEK_SET)                        = 512
19866:  read(4, "1F8B\b\0\0\0\0\00203ECBD".., 8192)     = 8192
19866:  llseek(4, 512, SEEK_SET)                        = 512
19866:  read(4, "1F8B\b\0\0\0\0\00203ECBD".., 8192)     = 8192

( and repeat this forever ).

Any idea ?

thx

Pierluigi



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] 0.102.1 and Solaris 11.3...

[Mark Fortescue via clamav-users]

Hi Gary,

How much memory do you have available.

You probably need 8G or more of ram for the latest and greatest as my 
understanding is that may be storing two copies of the databases in ram 
to speed up database reloading delays.


Your SSL library is running out of memory after downloading the daily 
database and then can't connect for downloading all the daily updates.


If you have plenty of memory then the other alternative is that there is 
a buffer overrun during the daily decompression and that is messing up 
the malloc() tables.


Do you have 'valgrind'. That would help find any buffer overruns but it 
does take a bit of getting use to for first time users.


There are more primitive approaches for finding buffer overruns but you 
would need to be vary familiar with the SSL and freshclam source code 
for these.


Regards
Mark.

On 30/11/19 02:54, Gary R. Schmidt wrote:

Hi Clamav,


0.102.1 builds on Solaris 11.3 x64, but freshclam fails.


Using GCC 9.1.0, not the real compiler.


As auto*** is borked for Solaris, first I have to:

for i in `find . -name configure`
do
 sed 's/BDRT/BCDRT/' $i > /tmp/configure.$$
 mv /tmp/configure.$$ $i
 chmod a+x $i
done

Then:

env CONFIG_SHELL=/bin/bash \
 /bin/bash ./configure \
 CONFIG_SHELL=/bin/bash \
 LDFLAGS=-R/opt/local/lib \
 --enable-unrar \
 --disable-ipv6 \
 --disable-silent-rules \
 --disable-check \
 --prefix=/opt/local

It builds and installs happily, and clamd seems fine, but freshclam does
not work.


I have reverted to 0.101.5 (configured in the same way) for the
meantime, it is fine.


Output from "sudo freshclam/.libs/freshclam -v --debug -F":

===

Sat Nov 30 12:50:35 2019 -> ClamAV update process started at Sat Nov 30
12:50:35 2019
Sat Nov 30 12:50:35 2019 -> *Current working dir is
/opt/local/share/clamav/
Sat Nov 30 12:50:35 2019 -> *Querying current.cvd.clamav.net
Sat Nov 30 12:50:35 2019 -> *TTL: 226
Sat Nov 30 12:50:35 2019 -> *fc_dns_query_update_info: Software version
from DNS: 0.102.1
Sat Nov 30 12:50:35 2019 -> *Current working dir is
/opt/local/share/clamav/
Sat Nov 30 12:50:35 2019 -> *check_for_new_database_version: Local copy
of daily found: daily.cld.
Sat Nov 30 12:50:35 2019 -> *query_remote_database_version: daily.cvd
version from DNS: 25648
Sat Nov 30 12:50:35 2019 -> daily database available for update (local
version: 25647, remote version: 25648)
LibClamAV debug: in cli_untgz()
LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/COPYING

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.info

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.cfg

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ndb

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.mdu

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.msu

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.fp

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ldu

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.pdb

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.mdb

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ndu

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.sfp

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.msb

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ldb

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.hdb

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.wdb

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ftm

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.hsb

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.cdb

LibClamAV debug: cli_untgz: Unpacking
/opt/local/share/clamav/tmp/clamav-cff6c377dfbc4be92a79e2544bfff134.tmp/daily.ign2

LibC

Re: [clamav-users] Stop clamdscan from stepping on itself?

[Mark Fortescue via clamav-users]

Hi,

One point that seems to have been missed is that it is that 'clamdscan' 
is not necessarily creating the files in '/tmp'. It is most likely 
'clamd' which is a separate independent program. Given this, 'clamdscan' 
will not know what files to exclude form '/tmp' unless the 
clamd/clamdscan communications protocol is enhanced to address this. I 
do not think that such an enhancement is justified or desirable given 
the usage cases for 'clamd'.


Put simply, do not scan the directory where 'clamd' has been told to put 
its temporary files as this will is likely to cause issues.


I hope that this helps clarify some of the issues.

Regards
Mark.

On 19/10/19 20:20, Ian via clamav-users wrote:




On Oct 19, 2019, at 10:58 AM, G.W. Haywood via clamav-users 
 wrote:

Hi there,

On Sat, 19 Oct 2019, Ian via clamav-users wrote:


Are you going to address why 'clamscan --tempdir /tmp /tmp' doesn't
produce the same behavior, that 'clamdscan /tmp' does?


The clamd daemon has a man page which you should read.  It is, er, a
daemon, which, when you start it, loads some databases and then sits
and waits for something to send it things to scan against the loaded
databases.  It can do a few other things too, like reload databases
and report statistics, but basically it sits and waits for commands
and data.

The clamd daemon has its own configuration file.  It is usually called
'clamd.conf'.  This has its own man page, which you should also read.

The clamdscan tool has a man page which you should read.  Its use is
generally to send stuff to the clamd daemon for scanning.

The clamscan tool has a man page which you should read - it is about
three times as long as the man page for clamdscan.  This is a stand-
alone command-line tool and it does *not* use the clamd daemon to do
the scanning (and the configuration file for the clamd daemon has no
effect whatsoever on clamscan; you don't even need to have the clamd
daemon installed to be able to use clamscan).

Note carefully the differences between clamscan and clamdscan, which,
although they have names differing only by one letter, behave in very
different ways.

Of course if you'd read the documentation as I've asked you to, you'd
know all that already and you wouldn't be asking the question.




If the man pages answered all the questions, this mailing list wouldn't exist.  
Hell, even the rules for this malling list don't ask people to refer to the man 
pages.

I don't understand why you'd go into great detail about sockets, pipes and so 
forth with Steve in this thread (who didn't even ask for it), but, apparently, 
be so hostile towards answering my question.  Considering the length of time 
you've spent on this thread -- quoting from the man pages you cite seems like 
the lest painful path.

For the record, I've already read through the man pages before I started this 
thread, and have just re-combed the man pages you've cited and could not find 
any advice/warnings about why I would run into problems with clamdscan having 
trouble scanning its own files in the temp directory while clamscan did not 
(This is for 0.100.3, so it could contain stale information or lack new 
additions).  I've seen switches where I can change the temp folder, but there 
are reasons why someone would do this outside of avoiding what I've ran into 
here such as file space limitations or for performance. There is nothing 
inherit in the process being a daemon vs manually ran that explains this 
difference in behavior.  My understanding of why the daemon exists is mainly 
for caching purposes, but that, I assume, is all in-memory and shouldn't 
require a change to file creating in the /tmp folder.

I don't know if my original question came across as smarmy, you're just having 
some bad days, or I'm the current target for misdirected pent-up anger from 
lurking here for as long as you have, but, man, please cut me some slack.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Continuous increase of startup time (is daily.cld broken?)

[Mark Fortescue via clamav-users]

Hi,

You are forgetting things like embedded systems in hospitals that can't 
reasonably be updated.


The NHS got stung by this with XP and Microsoft had to produce a post 
EOL fix.


Outside of the computer industry, software and hardware move forward at 
a snails pace. Many systems still use Windows 2K and DOS. Many systems 
can't reasonably be updated as the company that made them no-longer 
exists. The primary reason for change is that something breaks and the 
equipment has to be scrapped not that the embedded software is not 
supportable, 'out of date' and at risk from malicious software.


Regards
Mark.
On 07/10/19 18:38, J.R. via clamav-users wrote:

Steve Basford:
So, is the above hash still relevant or should it moved into archived.hsb,
which by default doesn't load ?


I would *guess* the ClamAV team would have a *little* more detailed of
a back-end system tracking viruses (though I could be wrong)...


G.W. Haywood:
Well I only run Linux systems and I'd _still_ want to scan for Windows
and Office 2003 malware.  Call it social responsibility.  Just because
my systems are immune to something malicious doesn't mean I'll want to
ignore it when it arrives.  If my systems accepted such a thing from a
correspondent who has a vulnerable system, and then gave it to another
correspondent with yet another vulnerable system then I'd say that I'd
been irresponsible if I could have stopped it in its tracks with a bit
of effort and very little extra resource usage.


That's why I said "optionally disable" as in "enabled by default"...
and Office 2003 was just a random example (as it is 16 years old)...
Would you still feel necessary to scan for DOS viruses? Windows 3.1?
95? 98? 2K? It's sad that some people still today think Windows XP
should be supported (even though EXTENDED support ended in 2014), when
that OS has no business being connected to the internet with all the
out-of-date software on it.

When there's almost 1 MILLION new pieces of malware/viruses created
every DAY, there's a point of diminishing returns if the signature
database was going to contain everything since the dawn of
computing... Granted there aren't nearly that many new signatures
added to clamav, but the explosive growth in MODERN threats just goes
to show the direction things are going...

A logical approach would be to keep definitions in the "main.cvd" as
long as the product is currently supported... After it is declared EOL
and no longer supported by its creator, then move said definitions
into the (default enabled, but optionally disabled) "archived.cvd" or
whatever and give them an extended year before being removed out of
that. For the super-paranoid then maybe create a "historical.cvd" that
can hold all the old bloat and could would be default-disabled but
optionally-enabled.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] fanotify allowed in kernel, clamd running as root, clamd complaining it needs to run as root

[Mark Fortescue via clamav-users]

Hi Jeff,

Looks like Apparmor may be stepping in and preventing access. Have you 
checked that Apparmor has been changed to give clamd the required 
permissions ?


Regards
Mark.

On 03/09/2019 22:01, Jeff Blaine via clamav-users wrote:

Hello all,

I'm experiencing something odd on Ubuntu 18.04. As far as I can tell I
have done everything I am supposed to in order to get OnAccess scanning
working. I've already gotten our RHEL 7 hosts working fine. If anyone
knows what is going wrong here, I would love to hear it. Thank you.

1. The kernel checks out fine for fanotify:

jblaine@ub18test:/etc/clamav$ uname -a
Linux ub18test 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC
2019 x86_64 x86_64 x86_64 GNU/Linux
jblaine@ub18test:/etc/clamav$ cat /boot/config-4.15.0-58-generic | grep
FANOTIFY
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
jblaine@ub18test:/etc/clamav$

2. clamd *is* running as root:

root 55172 1 81 16:33 ?00:00:44 /usr/sbin/clamd
--foreground=true

3. clamd complains that it needs to run as root:

Sep  3 16:33:50 ub18test clamd[55172]: ScanOnAccess: fanotify_init
failed: Operation not permitted
Sep  3 16:33:50 ub18test clamd[55172]: ScanOnAccess: clamd must be
started by root

--Jeff


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav with a samba server ?

[Mark Fortescue via clamav-users]

Hi Edouard,

If you are unsure how it works then it is best to try it out on a stand 
alone set-up that is not in use by other users.


Set up a clean system with samba and clamav and use you own host to 
connect to it so that no other users are involved. You can then try 
various things without risk of upsetting other users.


It is never a good thing to install new software that you are not 
familiar with  on a live system without first trying it out on a test 
system.


Regards
Mark Fortescue

On 26/07/2019 16:29, Edouard Guigné wrote:

Hello again,

I read the docs from the links, but may you please help me to understand 
what 'on access' scanning will do / can do ?


I installed clamav on my centos 7 box, but not yet start the clamav 
service.


I have set in /etc/clamd.d/scan.conf
ScanOnAccess yes
OnAccessIncludePath /home/usertest

When I will start the clamav servce :

Does clamav will scan only /home/usertest ?

What will happen if clamav detect virus or malware already present in 
/home/usertest ?

Will it quarantine the infected files ?

What will happen if the user try to copy an infected files in his 
/home/usertest (via samba) ?

Will it be impossible for him to copy the infected files ?

I would like to reassure before start the clamav service, and avoid any 
users complaints against me.


Best Regards,

EdG


Le 26/07/2019 à 10:30, J.R. via clamav-users a écrit :

What do you mean by "You could enable 'on access' scanning
on the CentOS box" ?
Is there a special to start clamav with mode 'on access' ?

What is this 'on acess' mode ?

https://www.clamav.net/documents/on-access-scanning

https://www.clamav.net/documents/scanning#on-access-scanning

https://blog.clamav.net/2016/03/configuring-on-access-scanning-in-clamav.html 



Hope that helps...

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.100.1 - clamd signal 11, leaves unix domain socket behind?

[Mark Fortescue]

Hi Micah,

Can you not have a two part demon process. Part one fork's the real 
demon and then waits for it to die (with 'wait()').
On death of the child, it cleans up and exits. Yes I know it is not 
quite as simple as that. It will have to have signal handlers etc. to 
kill the child etc. and should also have logging.


It would have to be built into 'clamd' as 'clamd' should already be 
doing things to become a demon process and this additional 'fork' would 
need to be after all that has been done.


Regards
Mark.

On 21/09/18 09:49, Karl Pielorz wrote:



--On 20 September 2018 15:44 + "Micah Snyder (micasnyd)"
 wrote:


Clamd has a FixStaleSocket option that is default on.
FixStaleSocket will unlink the lingering stale socket and bind again if
it failed to bind when restarting clamd.


Hi, yeah - I saw that option.


I all ears if anyone knows of a better way to remove the stale socket on
death instead of on startup. As Ged Haywood suggested, your best option
may be to have an ad-hoc watchdog script monitor clamd and kill the
socket if clamd become unresponsive for too long.


Being simplistic, a sigsegv handler? :) [simplistic as it just fixes my
case ]


That said, if you figure out which file was killing clamd, I'd love to
have a sample so I can try to fix the bug.  It would be very helpful.


I'd love to be able to do that - but the usual 'needle in a haystack',
and that fact it's very intermittent isn't helping us much (nor the fact
it gets delivered if it fails during the scan) - if I find it, you'll be
the 2nd person to know :) - I am still looking. I guess turning on
coredumps might provide some info captured to disk - I'll post anything
I find.

Thanks,

-Kp
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-milter Can't Find Clamd

[Mark Fortescue]

Hi,

Have you checked the directory permissions:

 ls -ld /var/run/clamd.scan /run/clamd.scan

Regards
Mark.

On 07/11/17 19:15, Colony.three wrote:

Trying to make milter see the clam daemon but can't figure out what's wrong. 
CentOS7.


In /etc/clamd.d/clamd.conf:
LocalSocket /var/run/clamd.scan/clamd.sock
LocalSocketGroup virusgroup
LocalSocketMode 660
FixStaleSocket yes

AllowSupplementaryGroups yes

and you need that too in the milter configuration and postfix needs to
be in the same group, at least when you start everything with as less as
possible permissions, hence i made the comments years ago after figure
it out

cat /etc/mail/clamav-milter.conf


Postfix Milter-Konfiguration

Pre-Queue Virenscanner

Postfix muss in die "clamilt"-Usergruppe

usermod -a -G clamilt postfix

usermod -a -G sa-milt postfix

User clamilt
AllowSupplementaryGroups yes


Thanks, but unfortunately 'AllowSupplementaryGroups yes' is enabled in both 
clamd.conf and clamav.conf.  I've now added postfix to the additional groups.


Of course both daemons are running.
# systemctl status clamd\@scan.service
● clamd@scan.service - clamd scanner (scan) daemon
Loaded: loaded (/usr/local/lib/systemd/system/clamd@.service; static; 
vendor preset: disabled)
Active: active (running) since Tue 2017-11-07 10:29:19 PST; 8s ago
Main PID: 49318 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
└─49318 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes

Nov 07 10:29:19 quantum.localdomain systemd[1]: Started clamd scanner (scan) 
daemon.
Nov 07 10:29:19 quantum.localdomain systemd[1]: Starting clamd scanner (scan) 
daemon...

# systemctl status clamav-milter
● clamav-milter.service - Milter module for the Clam Antivirus scanner
Loaded: loaded (/usr/lib/systemd/system/clamav-milter.service; enabled; 
vendor preset: disabled)
Active: active (running) since Tue 2017-11-07 10:29:38 PST; 5s ago
Main PID: 49331 (clamav-milter)
CGroup: /system.slice/clamav-milter.service
└─49331 /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf 
--foreground=yes

Nov 07 10:29:38 quantum.localdomain systemd[1]: Started Milter module for the 
Clam Antivirus scanner.
Nov 07 10:29:38 quantum.localdomain systemd[1]: Starting Milter module for the 
Clam Antivirus scanner...
Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: +++ Started at Tue 
Nov  7 10:29:38 2017
Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: WARNING: No clamd 
server appears to be available
Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: No clamd server 
appears to be available

I am at a loss.  I've tried restarting -milter after clamd has had plenty of 
time up download its database.

Anyone have any ideas?  This is a showstopper.


According to clamd's logfile:  "Tue Nov  7 10:29:31 2017 -> LOCAL: Unix socket file 
/run/clamd.scan/clamd.sock"
... so it seems to be binding fine to the socket.

The -milter log says:
Tue Nov  7 11:09:47 2017 -> connect failed: Permission denied
Tue Nov  7 11:09:47 2017 -> Probe for slot 1 returned: failed
Tue Nov  7 11:09:47 2017 -> WARNING: No clamd server appears to be available

Huh?
# cat /etc/group
virusgroup:x:990:clamupdate,clamilt,postfix
clamilt:x:989:postfix,clamilt

In /etc/mail/clamav-milter.conf
MilterSocketGroup virusgroup
AllowSupplementaryGroups yes

# ll /run/clamd.scan/
srw-rw. 1 root virusgroup 0 Nov  7 10:29 clamd.sock

I thought it might be an selinux problem with my self-created .sock file, but I 
ran a restorecon -r on /run

Baffling.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] daily.cvd: Malformed database

[Mark Fortescue]

Hi Hans,

As you are using SPARC, it may be that someone has changed and/or 
incorrectly compiled something so that a variable is being read using 
the wrong byte alignment. ARM also has byte alignment constraints.


Try running 'gdb --args /usr/local/sbin/clamd --debug' or use an 
equivalent dbx command.


This should help track down the issue.

On x86, there are only performance hits if the alignment is wrong so x86 
developers rarely know that they have messed up the alignment because 
you don't even get a compiler warning. One reason why developers should 
use SPARC and ARM in addition to x86 for testing.


Regards
Mark.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-users] simplest replacement for ancient

[Mark Fortescue]

Hi Parveen,

>Steven,
>
>I have a secured environment which governed by HIPAA regulatory, so I
>can't keep open everything.
>
>Thanks,
>Parveen

The only port you need to get an up to date clamav database is the 
outgoing HTTP port (TCP:80) [ and DNS so you can get an upto date IP for 
the server you are trying to connect to]. There may be complaints in the
log files about falling back to HTTP but it works.

If you need to restrict the outgoing to specific IP's,

Cmd> host db.us.rr.clamav.net
db.us.rr.clamav.net has address 155.98.64.86
db.us.rr.clamav.net has address 199.184.215.2
db.us.rr.clamav.net has address 208.72.56.53
db.us.rr.clamav.net has address 64.142.100.50
db.us.rr.clamav.net has address 65.120.238.5

These are the IP addresses for the indicated host that you need to alow.

Regards
Mark.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] 0.93.1RC1 (libbz issues)

[Mark Fortescue]

Hi Stephen,

The issue here is that clamav configure does not detect that the installed 
libbz is not compatible with clamav (the libbz API has changed changed in 
the latest bzip2 package).

My solution was to download and compile the latest bzip2 package. This my 
not be posible for others so the configure scripts/clamav libbz API need 
to be fixed to detect the issue and either revert to the older libbz API 
or disable the use of libbz.

Regards
Mark Fortescue.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html