[Clamav-devel] FreeBSD 6.2 ClamAV/zlib problems and solution
Hi, I just had a chat on #clamav with 2 people having problem with ClamAV 0.96 on FreeBSD 6.2. (everything was OK on FreeBSD 6.3) The symptom is that clamscan/clamd never starts, just loops infinitely trying to load the DB, --debug shows: Libclamav debug: in cli_tgzload() The system was using zlib 1.2.3, and gzseek() looked broken (it always returned 0 for gzseek(0, SEEK_CUR), in fact it moved the file position to 0 again). Solution was to use upstream zlib 1.2.3 instead of system one: $ wget http://www.zlib.net/fossils/zlib-1.2.3.tar.gz $ tar xzvf zlib-1.2.3.tar.gz $ cd zlib-1.2.3 $ ./configure --prefix=/usr -s $ make # make install Does FreeBSD 6.2 patch zlib in any way that could cause this error? Best regards, --Edwin ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
[Clamav-devel] VirusDB hashes and CVE
It would be very nice to see hashes and possible CVEs in submissions in virusdb-mailinglist. Every submission should have at least MD5-, SHA1-checksums and possible CVE listed. What do you think? --- Henri Salo ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] VirusDB hashes and CVE
On 04/16/2010 07:15 PM, Henri Salo wrote: It would be very nice to see hashes and possible CVEs in submissions in virusdb-mailinglist. Every submission should have at least MD5-, SHA1-checksums Of the databases? The database itself contains the hash, and it is digitally signed. The public key for that is embedded in clamav, and freshclam checks those digital signatures. You can run sigtool --info on a CVD and find out the MD5 hash, the digital signature. Also the newer databases contain sha256 hashes (in daily/main.info), and their corresponding digital signatures. and possible CVE listed. I'm not sure what you mean by this. Do you mean CVE references for exploits we detect? Best regards, --Edwin ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] VirusDB hashes and CVE
On Fri, 16 Apr 2010 19:18:23 +0300 Török Edwin edwinto...@gmail.com wrote: On 04/16/2010 07:15 PM, Henri Salo wrote: It would be very nice to see hashes and possible CVEs in submissions in virusdb-mailinglist. Every submission should have at least MD5-, SHA1-checksums Of the databases? Nope. Of the files submitted to virusdb and the hashes could be in for example: http://lurker.clamav.net/message/20090116.041716.f1c8d70e.en.html I'm not sure what you mean by this. Do you mean CVE references for exploits we detect? CVE-ID's of the submitted files IF CVE-ID is available. Best regards, --Edwin --- Henri Salo ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] VirusDB hashes and CVE
On 04/16/2010 07:31 PM, Henri Salo wrote: On Fri, 16 Apr 2010 19:18:23 +0300 Török Edwinedwinto...@gmail.com wrote: On 04/16/2010 07:15 PM, Henri Salo wrote: It would be very nice to see hashes and possible CVEs in submissions in virusdb-mailinglist. Every submission should have at least MD5-, SHA1-checksums Of the databases? Nope. Of the files submitted to virusdb and the hashes could be in for example: http://lurker.clamav.net/message/20090116.041716.f1c8d70e.en.html Ah for the samples. That might be doable. Please open an enhancement request on our bugzilla (component website and other services). I'm not sure what you mean by this. Do you mean CVE references for exploits we detect? CVE-ID's of the submitted files IF CVE-ID is available. I'm not sure if people mention CVE IDs, and it would be extra work for sigmakers to lookup if there is a CVE associated. Best regards, --Edwin ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] VirusDB hashes and CVE
On Fri, 16 Apr 2010 19:59:03 +0300 Török Edwin ed...@clamav.net wrote: On 04/16/2010 07:31 PM, Henri Salo wrote: On Fri, 16 Apr 2010 19:18:23 +0300 Török Edwinedwinto...@gmail.com wrote: On 04/16/2010 07:15 PM, Henri Salo wrote: It would be very nice to see hashes and possible CVEs in submissions in virusdb-mailinglist. Every submission should have at least MD5-, SHA1-checksums Of the databases? Nope. Of the files submitted to virusdb and the hashes could be in for example: http://lurker.clamav.net/message/20090116.041716.f1c8d70e.en.html Ah for the samples. That might be doable. Please open an enhancement request on our bugzilla (component website and other services). Done. https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1969 I'm not sure what you mean by this. Do you mean CVE references for exploits we detect? CVE-ID's of the submitted files IF CVE-ID is available. I'm not sure if people mention CVE IDs, and it would be extra work for sigmakers to lookup if there is a CVE associated. Best regards, --Edwin --- Henri Salo ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net