On 03/16/2012 02:35 PM, Andreas Schulze wrote: > Hello, > > 1. > I just compiled the new version in my autobuild system for > multiple version of SuSE Linux Enterprise Servers. > > I noticed this RPMLINT report which I like to forward to you for inforamation: > > RPMLINT report: > =============== > clamav.i586: W: shared-lib-calls-exit /usr/lib/libclamav.so.6.1.13 > exit@GLIBC_2.0 > This library package calls exit() or _exit(), probably in a non-fork() > context. Doing so from a library is strongly discouraged - when a library > function calls exit(), it prevents the calling program from handling the > error, reporting it to the user, closing files properly, and cleaning up any > state that the program has. It is preferred for the library to return an > actual error code and let the calling program decide how to handle the > situation. > > Could it be possible that the _exit() is intentional correct? > Then I would like to add an exeption for my rpmlint...
It is LLVM that uses exit/_exit in Program::Execute for example. We don't call that function though. > > 2. > Avira, a german antivirus vendor, may(*) classify the sourcecode tarball as > malicious: > > clamav-0.97.4/test/.split/split.clam-pespin.exeaa <<< PCK/PESpin ; packer ; > File has been compressed with an unusual runtime compression tool > (PCK/PESpin). Please verify the origin of the file That is part of the test-file for clamav's PESpin unpacker support. Obviously that is clam.exe packed by PESpin, and not malware. > > I informed avira and got the response that their av-envine finds "unusual > runtime compression tool" commonly used by > malware :-( Yeah, thats why ClamAV has a PESpin unpacker (to unpack malware that uses it), and a testfile for it (so we make sure it actually works). Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
