Re: [clamav-users] "BZIP2_LIBRARIES" breaks cmake build
This is to confirm that the fix works perfectly. Many thanks for your help. It is particularly crucial for those non-standard systems like ours. Regards, anctop On Tue, 18 Jan 2022, Micah Snyder (micasnyd) wrote: We use CMake's FindBZip2 module. It looks to me like there are two issues: 1. You must specify BZIP2_INCLUDE_DIR= 2. Setting "BZIP2_LIBRARIES" does not work and you must instead set BZIP2_LIBRARY_RELEASE. I found that these options works on my system where I've installed libbz2 to $HOME/.mussels/install/host-static: -D BZIP2_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \ -D BZIP2_LIBRARY_RELEASE="$HOME/.mussels/install/host-static/lib/libbz2_static.a" \ We will have to update the clamav INSTALL.md file to list this variable name instead of BZIP2_LIBRARIES. If anyone wants to volunteer to fix it in CMake's sources, CMake is open source and the module is here: https://github.com/Kitware/CMake/blob/master/Modules/FindBZip2.cmake Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of anctop--- via clamav-users Sent: Saturday, January 15, 2022 10:02 PM To: clamav-users@lists.clamav.net Cc: anc...@gmail.com Subject: [clamav-users] "BZIP2_LIBRARIES" breaks cmake build Hi, I am writing to report that the cmake build method will be broken if the "BZIP2_LIBRARIES" parameter is set. The build is successful with this : | cmake .. \ | -D CMAKE_BUILD_TYPE=Release \ | -D ENABLE_JSON_SHARED=OFF \ | -D JSONC_INCLUDE_DIR=/include/json-c \ | -D JSONC_LIBRARY=/lib/libjson-c.a But it fails when "BZIP2_LIBRARIES" is used : | cmake .. \ | -D CMAKE_BUILD_TYPE=Release \ | -D ENABLE_JSON_SHARED=OFF \ | -D BZIP2_LIBRARIES=/lib/libbz2.a \ | -D JSONC_INCLUDE_DIR=/include/json-c \ | -D JSONC_LIBRARY=/lib/libjson-c.a Between the lines "-- Configuring done" and "-- Generating done", the following block of text is repeated 17 times : | CMake Warning (dev) in CMakeLists.txt: | Policy CMP0111 is not set: An imported target missing its location property | fails during generation. Run "cmake --help-policy CMP0111" for policy | details. Use the cmake_policy command to set the policy and suppress this | warning. | IMPORTED_LOCATION not set for imported target "BZip2::BZip2" configuration | "Release". | This warning is for project developers. Use -Wno-dev to suppress it. If "make" is then invoked, it will stop at 52% of progress : | [ 51%] Built target tgt_clam_IScab_ext.exe | [ 51%] Built target tomsfastmath | libclamav/CMakeFiles/clamav.dir/build.make:2445: *** target pattern contains no '%'. Stop. | make[1]: *** [CMakeFiles/Makefile2:1562: libclamav/CMakeFiles/clamav.dir/all] Error 2 | make[1]: *** Waiting for unfinished jobs | [ 52%] Linking CXX shared library libclamunrar.so | [ 52%] Built target clamunrar | make: *** [Makefile:166: all] Error 2 Parameters for other dependencies (e.g. "OPENSSL_CRYPTO_LIBRARY", "LIBXML2_LIBRARY", etc) have not caused any problem. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] "BZIP2_LIBRARIES" breaks cmake build
Hi, I am writing to report that the cmake build method will be broken if the "BZIP2_LIBRARIES" parameter is set. The build is successful with this : | cmake .. \ | -D CMAKE_BUILD_TYPE=Release \ | -D ENABLE_JSON_SHARED=OFF \ | -D JSONC_INCLUDE_DIR=/include/json-c \ | -D JSONC_LIBRARY=/lib/libjson-c.a But it fails when "BZIP2_LIBRARIES" is used : | cmake .. \ | -D CMAKE_BUILD_TYPE=Release \ | -D ENABLE_JSON_SHARED=OFF \ | -D BZIP2_LIBRARIES=/lib/libbz2.a \ | -D JSONC_INCLUDE_DIR=/include/json-c \ | -D JSONC_LIBRARY=/lib/libjson-c.a Between the lines "-- Configuring done" and "-- Generating done", the following block of text is repeated 17 times : | CMake Warning (dev) in CMakeLists.txt: | Policy CMP0111 is not set: An imported target missing its location property | fails during generation. Run "cmake --help-policy CMP0111" for policy | details. Use the cmake_policy command to set the policy and suppress this | warning. | | IMPORTED_LOCATION not set for imported target "BZip2::BZip2" configuration | "Release". | This warning is for project developers. Use -Wno-dev to suppress it. If "make" is then invoked, it will stop at 52% of progress : | [ 51%] Built target tgt_clam_IScab_ext.exe | [ 51%] Built target tomsfastmath | libclamav/CMakeFiles/clamav.dir/build.make:2445: *** target pattern contains no '%'. Stop. | make[1]: *** [CMakeFiles/Makefile2:1562: libclamav/CMakeFiles/clamav.dir/all] Error 2 | make[1]: *** Waiting for unfinished jobs | [ 52%] Linking CXX shared library libclamunrar.so | [ 52%] Built target clamunrar | make: *** [Makefile:166: all] Error 2 Parameters for other dependencies (e.g. "OPENSSL_CRYPTO_LIBRARY", "LIBXML2_LIBRARY", etc) have not caused any problem. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] how to build release 0.104.1 in non-standard systems
Thank you very much for your advice. We have successfully built ClamAV 0.103.4 and have it working. On Fri, 5 Nov 2021, Andrew C Aitchison wrote: On Fri, 5 Nov 2021, anctop--- via clamav-users wrote: We are using ClamAV on our server for protection against virus. However, the build method (using "cmake") for the new 0.104.1 release has prevented us from upgrading promptly as before. While you are getting cmake to do what you need, version 0.103.4 LTS was released in tandem with 0.104.1 Confusingly it appears on the download page under "Previous Stable Releases". However it should contain all the fixes of 0.104.1 but with the old build system. Might I say that "Previous Stable Releases" is not the right place for the *current* LTS version ? Our system is running "Linux From Scratch", in which most software packages are installed in non-standard locations. For pre-104 releases, we have to build the package via the following steps : tar xf clamav-.tar.gz mkdir clamav-build cd clamav-build sh ../clamav-/configure \ --prefix= \ --sysconfdir= \ --datarootdir= \ --enable-shared --disable-experimental --enable-milter --with-gnu-ld \ --with-xml= \ --with-openssl= \ --with-libjson-static=/lib/libjson-c.a \ --with-pcre= \ --with-zlib= \ --with-user= --with-group= \ --with-libcurl= make make check make DESTDIR= install-strip Please kindly advise how can we build the 0.104.1 release ? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] how to build release 0.104.1 in non-standard systems
Hi, We are using ClamAV on our server for protection against virus. However, the build method (using "cmake") for the new 0.104.1 release has prevented us from upgrading promptly as before. Our system is running "Linux From Scratch", in which most software packages are installed in non-standard locations. For pre-104 releases, we have to build the package via the following steps : tar xf clamav-.tar.gz mkdir clamav-build cd clamav-build sh ../clamav-/configure \ --prefix= \ --sysconfdir= \ --datarootdir= \ --enable-shared --disable-experimental --enable-milter --with-gnu-ld \ --with-xml= \ --with-openssl= \ --with-libjson-static=/lib/libjson-c.a \ --with-pcre= \ --with-zlib= \ --with-user= --with-group= \ --with-libcurl= make make check make DESTDIR= install-strip Please kindly advise how can we build the 0.104.1 release ? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-0.98.3 does not pass vulnerability scan
I've synchronized all the feeds (NVT, SCAP, CERT) to ensure that the scan conditions are identical. Firstly, with clamav-0.98.3, the same high threat was reported : NVT:SMTP antivirus scanner DoS OID:1.3.6.1.4.1.25623.1.0.11036 Threat: High (CVSS: 7.2) Port: smtp (25/tcp) The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it might have crashed. Please check its status right now, as it is not possible to do so remotely Vulnerability Detection Method: Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) The postmaster account got 2 messages, with subject lines OpenVAS antivirus DoS 1: base64 attachment and OpenVAS antivirus DoS 2: uuencoded attachment, each has a copy of 42.zip attached, plus 1 message with subject line OpenVAS test - ignore it. The clamd.log file remained clean. Then revert to clamav-0.98.1 and only a log threat was reported : NVT:SMTP antivirus scanner DoS OID:1.3.6.1.4.1.25623.1.0.11036 Threat: Log (CVSS: 7.2) Port: smtp (25/tcp) For some reason, we could not send the 42.zip file to this MTA Vulnerability Detection Method: Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) The postmaster account got only 1 message with subject line OpenVAS test - ignore it, but the clamd.log files reported 2 alerts : fd[10]: Trojan.ArcBomb-1 FOUND fd[10]: Trojan.ArcBomb-1 FOUND It seems that the difference was because clamav-0.98.3 failed to detect the Trojan.ArcBomb-1. If this is the real cause, then the case is not a false positive, but some definition is missing in clamav-0.98.3. On 25/05/2014, Greg Folkert g...@donor.com wrote: On Sun, 2014-05-25 at 11:37 +0800, anc...@gmail.com wrote: Thank you for your info. I do apt to conclude this as a false positive, but clamav-0.98.1 does not yield high threat warnings under the same scan conditions : And you back-rev'd and installed 0.98.1 and rescanned. I'm wondering if the scanner updated its rules or signatures or plugin used to detect. Sometimes they get a bit overzealous in changes and step over the line... especially with CVSS of 7 or higher. It is worth looking to to figure out when the plugin was updated. NVT:SMTP antivirus scanner DoS OID:1.3.6.1.4.1.25623.1.0.11036 Threat: Log (CVSS: 7.2) Port: smtp (25/tcp) submission (587/tcp) For some reason, we could not send the 42.zip file to this MTA Vulnerability Detection Method: Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) I wish some expert can account for this difference before the false positive conclusion. -- greg folkert - systems administration and support web:donor.com email: g...@donor.com phone: 877-751-3300 x416 direct: 616-328-6449 (direct dial and fax) There is always the need to carry on. -- Marjory Stoneman Douglas ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] clamav-0.98.3 does not pass vulnerability scan
Yes. After each modification, I ran killall -HUP -e clamd to restart clamd. The scan report reads : NVT:SMTP antivirus scanner DoS OID:1.3.6.1.4.1.25623.1.0.11036 Threat: High (CVSS: 7.2) Port: smtp (25/tcp) submission (587/tcp) The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it might have crashed. Please check its status right now, as it is not possible to do so remotely Vulnerability Detection Method: Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) but both clamav-milter and clamd were still working well. On Fri, 23 May 2014, Matus UHLAR - fantomas wrote: On 23.05.14 11:50, anctop wrote: I've tried to change the value of MaxRecursion in clamd.conf to 4 and 44 respectively, but both experiments yield the same result. Did you reload/restart clamd afterwards? What was the result? Can it be a problem with the MTA ? I can't tell you without the information above -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] clamav-0.98.3 does not pass vulnerability scan
Thank you for your info. I do apt to conclude this as a false positive, but clamav-0.98.1 does not yield high threat warnings under the same scan conditions : NVT:SMTP antivirus scanner DoS OID:1.3.6.1.4.1.25623.1.0.11036 Threat: Log (CVSS: 7.2) Port: smtp (25/tcp) submission (587/tcp) For some reason, we could not send the 42.zip file to this MTA Vulnerability Detection Method: Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) I wish some expert can account for this difference before the false positive conclusion. On Sat, 24 May 2014, Greg Folkert wrote: If this is like other assumption based Vulnerability scanning engines (Rapid7 and Nessus and others)... This is a return that is classified as a False Positive. Since you've proven that it isn't doing what it thinks it is doing. If your Scanners works as expected and not as described, then you can file a false positive determination with your scanning vendor. On Sat, 2014-05-24 at 21:42 +0800, anc...@gmail.com wrote: Yes. After each modification, I ran killall -HUP -e clamd to restart clamd. The scan report reads : NVT:SMTP antivirus scanner DoS OID:1.3.6.1.4.1.25623.1.0.11036 Threat: High (CVSS: 7.2) Port: smtp (25/tcp) submission (587/tcp) The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it might have crashed. Please check its status right now, as it is not possible to do so remotely Vulnerability Detection Method: Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) but both clamav-milter and clamd were still working well. On Fri, 23 May 2014, Matus UHLAR - fantomas wrote: On 23.05.14 11:50, anctop wrote: I've tried to change the value of MaxRecursion in clamd.conf to 4 and 44 respectively, but both experiments yield the same result. Did you reload/restart clamd afterwards? What was the result? Can it be a problem with the MTA ? I can't tell you without the information above -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml -- greg folkert - systems administration and support web:donor.com email: g...@donor.com phone: 877-751-3300 x416 direct: 616-328-6449 (direct dial and fax) All sweeping assertions are erroneous. -- Letitia Elizabeth Landon ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] clamav-0.98.3 does not pass vulnerability scan
I've tried to change the value of MaxRecursion in clamd.conf to 4 and 44 respectively, but both experiments yield the same result. Can it be a problem with the MTA ? On 20/05/2014, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 20.05.14 16:22, anctop wrote: Both clamav-milter clamd were still working after the attack by the scan. Our config files assume default values for recursive scanning. I'd like to know if the recursion depth is lowered, will clamd fail to detect those viruses deeply hidden in nested directories ? Well, no idea. The scanning will finish with exit code indicating that it was not able to scan the whole structure. There used to be ArchiveBlockMax option that instructed clamav to report infection (with pseudo virus name) but it was removed and I don't see the replacement for it. I also don't see how should clamav-milter behave here. Maybe I should try to test scanning archive of 16 nested directories to see the results... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] clamav-0.98.3 does not pass vulnerability scan
Both clamav-milter clamd were still working after the attack by the scan. Our config files assume default values for recursive scanning. I'd like to know if the recursion depth is lowered, will clamd fail to detect those viruses deeply hidden in nested directories ? The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it might have crashed. Please check its status right now, as it is not possible to do so remotely Vulnerability Detection Method Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) On 20.05.14 11:22, anctop wrote: But we've verified that ClamAV milter was still running as before. The milter only passes data from milter to clamd. You need to look if the clamd crashed. When using ClamAV-0.98.1, the scan report reads : smtp (25/tcp) / submission (587/tcp) Log (CVSS: 7.2) NVT: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) For some reason, we could not send the 42.zip file to this MTA Vulnerability Detection Method Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) Does it mean that ClamAV-0.98.3 is vulnerable to the said DoS attack ? you can set up archive depth and similar limits in clamd.conf -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] clamav-0.98.3 does not pass vulnerability scan
Our system is running Linux with Sendmail-8.14.6. Last week we upgraded ClamAV from 0.98.1 to 0.98.3 without changing the build options : sh ./configure --prefix=PREFIX --enable-shared --disable-experimental --enable-milter The config files are kept unchanged too. As we perform vulnerability scan using OpenVAS-6, a couple of High risks are reported : smtp (25/tcp) / submission (587/tcp) High (CVSS: 7.2) NVT: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it might have crashed. Please check its status right now, as it is not possible to do so remotely Vulnerability Detection Method Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) But we've verified that ClamAV milter was still running as before. When using ClamAV-0.98.1, the scan report reads : smtp (25/tcp) / submission (587/tcp) Log (CVSS: 7.2) NVT: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) For some reason, we could not send the 42.zip file to this MTA Vulnerability Detection Method Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036) Does it mean that ClamAV-0.98.3 is vulnerable to the said DoS attack ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
