Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7, 0.104.4, 0.105.1 to resolve CVE's
Ged,
Augh indeed! It looks like the clamav-0.105.1.tar.gz (and sig file) were the
only files not correctly hidden. The -2 variant is available right next to it
though. The old one is hidden, now.
As for 0.103.7, the tarball has not changed at all. Only 0.105.1's source
tarball was updated, because of bug fixes in Rust vendored dependencies in that
tarball.
For 0.103.7, only the installer packages (RPM, DEB, PKG, ZIP, MSI) have been
updated. So, there is no need to rebuild the 0.103.7 source tarball unless you
also built ClamAV with using static library dependencies. If you're using
distro-provided shared libraries in your build, they would be updated
separately from ClamAV, and you just want to make sure those are up-to-date
with with their latest package revisions.
> FWIW the problem went away when I used autotools instead of CMake:
Oh! Yes, CMake for 0.103 was experimental. Honestly, I had forgotten it even
existed for 0.103 until you said something. I am not surprised that there is
an issue there. It is much more stable in 0.104 and later.
I'm glad you have everything working again.
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
From: clamav-users on behalf of G.W.
Haywood via clamav-users
Sent: Tuesday, November 1, 2022 4:32 PM
To: Micah Snyder (micasnyd) via clamav-users
Cc: G.W. Haywood
Subject: Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7,
0.104.4, 0.105.1 to resolve CVE's
Hi Micah,
On Tue, 1 Nov 2022, Micah Snyder (micasnyd) via clamav-users wrote:
> On Tue, 1 Nov 2022, G.W. Haywood via clamav-users wrote:
> > On Mon, 31 Oct 2022, Micah Snyder (micasnyd) wrote:
> >
> > > Today we are publishing updated packages for ClamAV 0.103.7 ...
> >
> > Maybe I've done something stupid...
> >
> > Nov 1 17:16:48 mail6 x3[3078]: 2A1HGPGJ007261: xm_clamav_scan( 2425):
> > [74.121.52.251], [AS19795], Response from ClamAV daemon [ENGINE VERSION
> > MISMATCH: devel-11aaa24dd != 0.103.7. ERROR]
>
> It seems that your libclamav is from a different build than your clamd.
Yeah. :) I don't know how, though.
> The number on the right is the version number for clamd. The
> 0.103.7 version is what I would expect.
Ack.
> The number on the left is the version number for libclamav. The
> short-hash represents this git commit:
> https://github.com/cisco-Talos/clamav/commit/11aaa24dd. This is a
> different version string, and even different commit hash, than I
> would expect.
Agh.
> The release materials for 0.103.7-2 were generated from our
> rel/0.103 branch
> https://github.com/Cisco-Talos/clamav/commits/rel/0.103 so I would
> at least think that hash would be 416cd0b78.
Am I using the right tarball?
$ ls -l clamav-0.103.7.tar.gz
-rw-r--r-- 1 ged ged 16501741 Jul 26 22:54 clamav-0.103.7.tar.gz
$ md5sum clamav-0.103.7.tar.gz
9138e4678fabfb39bbe1844001ff4815 clamav-0.103.7.tar.gz
I grabbed it from the download page. Your mail said the old versions
were hidden, but the date there looks wrong and it doesn't have the
suffix -2. It's still the same on the download page as I write.
> Of course, I would actually expect the version to be 0.103.7 for
> both, and not have the hash.
The code in .../clamd/session.c is
if (strcmp(engine_ver, clamd_ver)) {
mdprintf(desc, "ENGINE VERSION MISMATCH: %s != %s. ERROR%c",
engine_ver, clamd_ver, term);
return;
}
so it's going to die anyway for *any* commit hash for engine_ver. :(
> If I remember correctly, the version string showing a commit hash
> means that clamav was built from within a Git clone directory,
> rather than building from an un-tarred source tarball. By chance
> did you build and install libclamav from a git clone?
No, all from source. I don't remember using git to build ClamAV at
any time. There isn't even a git executable on the machine which is
running this clamd. I think last time I built 0.103.x it was with
autotools. This time I tried CMake which seemed to work and then it
all went pear-shaped at runtime. Maybe that's another problem? Or
maybe the main one?
It's an arm7 box, Raspberry Pi 4B. I did try to build 0.105 on there
a few days earlier. That failed, I posted the error at the time.
When I've got more time I'll dig into this but if you can confirm
that the tarball on the download page is wrong that will be a good
place to start.
--
73,
Ged.
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_
Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7, 0.104.4, 0.105.1 to resolve CVE's
Hi there, On Tue, 1 Nov 2022, G.W. Haywood via clamav-users wrote: On Tue, 1 Nov 2022, Micah Snyder (micasnyd) via clamav-users wrote: On Tue, 1 Nov 2022, G.W. Haywood via clamav-users wrote: > On Mon, 31 Oct 2022, Micah Snyder (micasnyd) wrote: > > > Today we are publishing updated packages for ClamAV 0.103.7 ... > > Maybe I've done something stupid... > > Nov 1 17:16:48 mail6 x3[3078]: 2A1HGPGJ007261: xm_clamav_scan( 2425): > [74.121.52.251], [AS19795], Response from ClamAV daemon [ENGINE VERSION > MISMATCH: devel-11aaa24dd != 0.103.7. ERROR] It seems that your libclamav is from a different build than your clamd. Yeah. :) I don't know how, though. ... Am I using the right tarball? $ ls -l clamav-0.103.7.tar.gz -rw-r--r-- 1 ged ged 16501741 Jul 26 22:54 clamav-0.103.7.tar.gz $ md5sum clamav-0.103.7.tar.gz 9138e4678fabfb39bbe1844001ff4815 clamav-0.103.7.tar.gz ... ... last time I built 0.103.x it was with autotools. This time I tried CMake which seemed to work ... ... ... if you can confirm that the tarball on the download page is wrong that will be a good place to start. FWIW the problem went away when I used autotools instead of CMake: Nov 2 10:38:40 mail6 x3[3051]: 2A2AcRf6010225: xm_clamav_scan( 2425): [92.52.217.165], [AS208708], Response from ClamAV daemon [ClamAV 0.103.7/26708/Wed Nov 2 07:51:42 2022] ... I still don't like the look of that tarball. -- 73, Ged. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7, 0.104.4, 0.105.1 to resolve CVE's
Hi Micah,
On Tue, 1 Nov 2022, Micah Snyder (micasnyd) via clamav-users wrote:
On Tue, 1 Nov 2022, G.W. Haywood via clamav-users wrote:
> On Mon, 31 Oct 2022, Micah Snyder (micasnyd) wrote:
>
> > Today we are publishing updated packages for ClamAV 0.103.7 ...
>
> Maybe I've done something stupid...
>
> Nov 1 17:16:48 mail6 x3[3078]: 2A1HGPGJ007261: xm_clamav_scan( 2425):
[74.121.52.251], [AS19795], Response from ClamAV daemon [ENGINE VERSION MISMATCH:
devel-11aaa24dd != 0.103.7. ERROR]
It seems that your libclamav is from a different build than your clamd.
Yeah. :) I don't know how, though.
The number on the right is the version number for clamd. The
0.103.7 version is what I would expect.
Ack.
The number on the left is the version number for libclamav. The
short-hash represents this git commit:
https://github.com/cisco-Talos/clamav/commit/11aaa24dd. This is a
different version string, and even different commit hash, than I
would expect.
Agh.
The release materials for 0.103.7-2 were generated from our
rel/0.103 branch
https://github.com/Cisco-Talos/clamav/commits/rel/0.103 so I would
at least think that hash would be 416cd0b78.
Am I using the right tarball?
$ ls -l clamav-0.103.7.tar.gz
-rw-r--r-- 1 ged ged 16501741 Jul 26 22:54 clamav-0.103.7.tar.gz
$ md5sum clamav-0.103.7.tar.gz
9138e4678fabfb39bbe1844001ff4815 clamav-0.103.7.tar.gz
I grabbed it from the download page. Your mail said the old versions
were hidden, but the date there looks wrong and it doesn't have the
suffix -2. It's still the same on the download page as I write.
Of course, I would actually expect the version to be 0.103.7 for
both, and not have the hash.
The code in .../clamd/session.c is
if (strcmp(engine_ver, clamd_ver)) {
mdprintf(desc, "ENGINE VERSION MISMATCH: %s != %s. ERROR%c",
engine_ver, clamd_ver, term);
return;
}
so it's going to die anyway for *any* commit hash for engine_ver. :(
If I remember correctly, the version string showing a commit hash
means that clamav was built from within a Git clone directory,
rather than building from an un-tarred source tarball. By chance
did you build and install libclamav from a git clone?
No, all from source. I don't remember using git to build ClamAV at
any time. There isn't even a git executable on the machine which is
running this clamd. I think last time I built 0.103.x it was with
autotools. This time I tried CMake which seemed to work and then it
all went pear-shaped at runtime. Maybe that's another problem? Or
maybe the main one?
It's an arm7 box, Raspberry Pi 4B. I did try to build 0.105 on there
a few days earlier. That failed, I posted the error at the time.
When I've got more time I'll dig into this but if you can confirm
that the tarball on the download page is wrong that will be a good
place to start.
--
73,
Ged.
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7, 0.104.4, 0.105.1 to resolve CVE's
It seems that your libclamav is from a different build than your clamd. The number on the right is the version number for clamd. The 0.103.7 version is what I would expect. The number on the left is the version number for libclamav. The short-hash represents this git commit: https://github.com/cisco-Talos/clamav/commit/11aaa24dd. This is a different version string, and even different commit hash, than I would expect. The release materials for 0.103.7-2 were generated from our rel/0.103 branch https://github.com/Cisco-Talos/clamav/commits/rel/0.103 so I would at least think that hash would be 416cd0b78. Of course, I would actually expect the version to be 0.103.7 for both, and not have the hash. If I remember correctly, the version string showing a commit hash means that clamav was built from within a Git clone directory, rather than building from an un-tarred source tarball. By chance did you build and install libclamav from a git clone? Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of G.W. Haywood via clamav-users Sent: Tuesday, November 1, 2022 10:21 AM To: ClamAV users ML Cc: G.W. Haywood Subject: Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7, 0.104.4, 0.105.1 to resolve CVE's Hi there, On Mon, 31 Oct 2022, Micah Snyder (micasnyd) wrote: > Today we are publishing updated packages for ClamAV 0.103.7 ... Maybe I've done something stupid... Nov 1 17:16:48 mail6 x3[3078]: 2A1HGPGJ007261: xm_clamav_scan( 2425): [74.121.52.251], [AS19795], Response from ClamAV daemon [ENGINE VERSION MISMATCH: devel-11aaa24dd != 0.103.7. ERROR] Very pressed at the moment, all observations welcome. -- 73, Ged. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7, 0.104.4, 0.105.1 to resolve CVE's
Hi there, On Mon, 31 Oct 2022, Micah Snyder (micasnyd) wrote: Today we are publishing updated packages for ClamAV 0.103.7 ... Maybe I've done something stupid... Nov 1 17:16:48 mail6 x3[3078]: 2A1HGPGJ007261: xm_clamav_scan( 2425): [74.121.52.251], [AS19795], Response from ClamAV daemon [ENGINE VERSION MISMATCH: devel-11aaa24dd != 0.103.7. ERROR] Very pressed at the moment, all observations welcome. -- 73, Ged. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
