Re: [Clamav-devel] Can I join the Mac dev of clamAV
On Sun, 8 Apr 2012 00:04:55 +0800 boyd yang boyd.y...@gmail.com wrote: I studied the ClamAuth driver code. It's one-way notification now. Yes, Growl can be used for the one-way notification. There maybe the case that the virus file runs for few seconds before the clamd quarantines or deletes it. The Mac's kernel authentication has another advantage which is not used in the driver, the open/execute action of virus file can be refused in the driver before its running, like DazukoFS or fanotify. So a two-way communication is needed, driver get response from user about whether to accept or refuse the file operation. Yes, that's planned for next versions. Please let me know if you're interested in contributing to this driver. Fanotify is one part of Linux kernel (2.6?), which filter file access and refuse or accept it. I once raise a bug of it: http://lkml.indiana.edu/hypermail/linux/kernel/1110.1/00292.html. I think we can use fanotify on Linux too, then it becomes driverless. We'll support fanotify in ClamAV 0.98. -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Apr 10 19:26:06 CEST 2012 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] I would like to contribute as a developer to the Clam-AV project
On Sun, 08 Apr 2012 21:23:42 -0700 Vikram Hegde vikhe...@gmail.com wrote: Hi, I am interested in contributing as a developer to the clam-av project. Some background about me: I have over 14 years of professional (industry) kernel development experience in Unix like operating systems including Solaris and FreeBSD. I was a member of the Solaris kernel team at Sun for over 12 years. I have a lot of experience debugging multi-threaded kernel code with access only to assembly code. I have very good knowledge of Unix kernel internals, C and assembly and very strong Unix user-level programming as well, including Posix threads, POSIX API, generic UNIX API. I have developed kernel drivers on both Solaris and FreeBSD, system libraries and utilities on Solaris. I am willing to work hard and start at the bottom (I.e. contributing bug fixes etc.) I am willing to work outside my area of prior experience (for example Windows or Mac development) Could you please let me know how I can go about becoming a contributor. Hi Vikram, thank you for your interest in contributing to ClamAV. We have a bunch of possible improvements listed here: http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2012 For example the flash (ActionScript 3) disassembly is something that would be very useful for our signature writers. Please let me know if you're interested in working on any of those ideas. Thanks again, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Apr 10 19:30:01 CEST 2012 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] I would like to contribute as a developer to the Clam-AV project
On Tue, 10 Apr 2012 11:04:34 -0700 Vikram Hegde vikhe...@gmail.com wrote: Hi Tomasz, I would be very happy to work on the Flash disassembler. I will get to work on it immediately. Great to hear this. Thanks in advance! -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Apr 10 20:49:01 CEST 2012 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Can I join the Mac dev of clamAV
On Thu, 5 Apr 2012 23:29:53 +0800 boyd yang boyd.y...@gmail.com wrote: Yes, I have been developing on Mac for years. Cool! I built the clamav and examined the ClamAuth on 10.7.3. It works. I think we can add a system tray icon on up-right cormer of Desktop, and pop up window for on-access virus. An installer is also needed. Thu Apr 5 23:21:49 2012 - ClamAuth: /Applications/clam_ISmsi_ext copy.exe: ClamAV-Test-File FOUND Thu Apr 5 23:21:49 2012 - ClamAuth: /Applications/clam_ISmsi_ext copy.exe: ClamAV-Test-File FOUND In clamd.conf you can enable the VirusEvent directive and point it to some shell script. Whenever clamd finds a virus, it'll call that script and set up two environment variables: $CLAM_VIRUSEVENT_FILENAME - path to infected file $CLAM_VIRUSEVENT_VIRUSNAME - virus name I think a script that integrates with Growl would be a good start! Thanks, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Apr 5 18:06:10 CEST 2012 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Question about wildcards ?? and {n} in signatures
On Wed Mar 07 2012 01:21:25 GMT+0100 (CET) Alexandre Dias lexx...@gmail.com wrote: Hello, I am doing my Msc thesis work in pattern matching, and I am using ClamAV's signature database. I've got a question about two specific wildcards that are stated in the signatures.pdf file (titled Creating Signatures for ClamAV). According to the document, the wildcard {n} states that n bytes can be matched. Also, the wildcard ?? states that any one byte can be matched. I have found some {1} wildcards in the database. I assume that by saying match n bytes, the meaning is that we can match any n bytes. If that is the case, what is the difference between ?? and {1} ? There's no difference, ClamAV translates {1} into ??. -TK ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Why the function ac_maketrans defined size of array is 256?
On Fri, 03 Feb 2012 08:18:24 +0700 Chatsiri Ratana chats...@chatsiri.com wrote: - Original message - On 02/02/2012 05:53 AM, chatsiri wrote: Hello All, I debug code of clamav. Aho-Corasick( AC) Algorithms concepts for matching between virus and signature files. Step for AC is build trie ( keyword tree) for inserting signature from virus database files. I have question in step build tire before matching with input information. Why source code in static int ac_maketrans(struct cli_matcher *root) [1] define size of array is 256?. Because the trie matches byte-by-byte, so each node has 256 children, and that includes the root. What's contain in node? My view, Node contains a signature files for matching with virus in files.right? My plan for optimized algorithm code of string matching with GPU. I'd suggest you have a look at the source code - all the information is there. -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Feb 3 16:57:08 CET 2012 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] plz help me!!
On Tue, 31 Jan 2012 14:51:19 +0530 infant deepak deeeps@gmail.com wrote: Hi everyone, I am pursuing masters degree. I am doing my project in enhancing clamav application . can anyone state me, list of enhancement that can be added in clamav . I will be grateful to you if you can help me as early as possible. Thanks in advance. You can find some ideas here: http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2011 -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jan 31 13:33:01 CET 2012 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Hello
On Wed, 21 Sep 2011 14:24:04 +0300 Віктор Михайлович post...@gmail.com wrote: I intend to translate clamAV interface for linux and windows into ukrainian. i also want to translate clamAV website into ukrainian later on if its possible. Hi Віктор, ClamAV is command-line based and doesn't provide a multi-language interface. When it comes to the website, please send a mail to luca at clamav.net and he'll send you the instructions. Thanks in advance, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 21 17:50:05 CEST 2011 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Creating signature excluding part of string
On Fri, 26 Aug 2011 13:07:45 +0200 Asle Skage asle.sk...@online.no wrote: Hi, I am trying to create a signature that match a pattern, but it should not match when a specific pattern is present. From the documentation: . !(aa|bb|cc|..) Match any byte except aa and bb and cc.. (ClamAV 0.96) This only works for single bytes, not for strings. You need to use logical signatures, eg: SigName;Target:0;01=0;pattern0;pattern1 This signature will only be reported if pattern0 gets matched and pattern1 doesn't (1=0 means pattern with ID 1 must be matched 0 times). HTH, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Aug 26 13:08:48 CEST 2011 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Improvement suggestion : Scan Hash to optmize re-scan
On Tue, 12 Jul 2011 11:18:20 +0200 sub phil phil40...@gmail.com wrote: Hello, I propose a possible speed-up scan (as I think that hashing is faster than scanning) The idea comes from security software like WinSonar ( http://www.fewbyte.com/winsonar.html) and file synchronisation. I propose that when a media has been fully scanned, that for each large file (maybe define by a threshold) its hash signature (SHA256, MD5, ...) is stored so that when one re-scan the same media, ClamAV would skip the scan of file if its current signature matches the scanned one. Hi Philippe, we already do this (see libclamav/cache.c). The cache gets purged after a database update. Regards, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jul 12 11:24:18 CEST 2011 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Custom CVD Server question
On Tue, 21 Jun 2011 04:48:44 +0200 Fritz Elfert fr...@fritz-elfert.de wrote: Hi, In a completely isolated network environment, I want to setup my own CVD-Database server and create my own special signatures. If looking at the source of sigtool, it connects to some signing-server using manually supplied credentials, then sends several sign requests and retrieves the results. What I can't figure out: Where is the source of that signing-server resp. which algorithm does it use for signing? Hopefully somebody can shed some light on that... Hi Fritz, you can't create digitally signed CVD files, this can only be done by the ClamAV team. However, with the development version of ClamAV you can create unsigned containers (*.cud files). A quick example on how to create such a file (please keep in mind this will only work with clamav-devel, also only the development version of clamscan/clamd will be able to load such a container): /tmp$ mkdir db /tmp$ cd db /tmp/db$ sigtool --unpack-current daily /tmp/db$ ls COPYINGdaily.db daily.ftm daily.hdu daily.ign daily.info daily.mdb daily.ndb daily.pdb daily.zmd daily.cfg daily.fp daily.hdb daily.idb daily.ign2 daily.ldb daily.mdu daily.ndu daily.wdb /tmp/db$ sigtool-devel --build daily.cud --unsigned WARNING: build: Signatures in daily db files: 126823, loaded by libclamav: 127496 Total sigs: 127496 Builder name: test Created daily.cud /tmp/db$ clamscan -d daily.cud /etc/passwd /etc/passwd: OK --- SCAN SUMMARY --- Known viruses: 126257 Engine version: devel-clamav-0.97-150-g83c82f1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 0.356 sec (0 m 0 s) Then you can distrubute daily.cud via a local web server and point clients to it by adding the following line to freshclam.conf: DatabaseCustomURL http://my.local.server.com/daily.cud Alternatively, you can distrubute it via NFS or so: DatabaseCustomURL file:///mnt/nfs/daily.cud Of course, you can use any name for the db, but all internal files (listed with 'ls' in the example) need to have the same base name as well. Hope this helps, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jun 21 11:15:19 CEST 2011 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] music and video related signatures?
On Fri, 4 Mar 2011 11:15:53 -0500 Liu Yang yangliu...@gmail.com wrote: Does ClamAV have signatures dedicated to scan music and video files in format such as mp3, flv, f4v? Also, why the number of jpeg related signatures in ClamAV is so small? I only found less than 30 in main.ndb. What particular multimedia malware you have in mind? -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 4 17:20:18 CET 2011 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] The upcoming 15 April kill-switch
On Wed Apr 07 2010 22:47:27 GMT+0200 (CET) David F. Skoll d...@roaringpenguin.com wrote: OK. That's bad. Really bad. It's an enormous problem for us. We have some customers (I don't know exactly how many) who are running ClamAV = 0.94.2. When this hits the ether, their mail servers will tempfail all mail because clamd will error out. This might even put us in legal difficulties: some of our customers have contracts with us in which we assert our software has no kill switch that can disable mail delivery. Thanks to the fine ClamAV developers, we've been shipping a kill-switch for years. Do your customers use the public ClamAV mirror infrastructure? If they do, and also use old ClamAV versions, they're (or will be) making harm to our infrastructure and the other users of ClamAV who run the latest releases. This is because the old versions of freshclam fail to apply some incremental updates and need to download entire database files as described in the original announcement: http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.html If they don't and *you* provide them with some private database mirror (what you should really be doing!), then I see no problem - you can simply keep redirecting (with some httpd rule or so) their installations to a specific daily.cvd file which works for them until they get upgraded to some recent release. We can't do that globally because the diversity of software run by our mirrors makes this solution ineffective. Regards, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Apr 7 23:08:57 CEST 2010 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Bytecode interpreter
On Thu, 11 Mar 2010 13:29:16 + (GMT) G.W. Haywood clamav-de...@jubileegroup.co.uk wrote: Hi there, On Thu, 11 Mar 2010 David F. Skoll wrote: I noticed the announcement of the bytecode interpreter in the 0.96-rc1 announcement. ... Why do we need the bytecode interpreter? Can we disable it if we decide the cons outweigh the pros? I was about to write something along these lines when Mr. Skoll's post arrived. The very idea of a bytecode interpreter in ClamAV gives me the creeps. It sounds like a whole bunch of vulnerabilities waiting to happen. Due to security reasons all bytecodes need to be digitally signed, so no 3rd parties will be able to inject any code into your installations. When it comes to vulnerabilities, they will not be that critical as vulnerabilities in the regular code since all bytecodes can be remotely fixed/removed. I'd like to add my voice to those who want an easy way to disable it - I can see nothing in the clamd.conf man page for 0.96-rc1 which offers any solace. As Edwin already described, you just set the Bytecode option to no in freshclam.conf. In the same man page there are a couple of small formatting errors in the bold attributes for LocalSocketGroup and LocalSocketMode. Thanks, this will be fixed in the next release Regards, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 11 15:12:49 CET 2010 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Bytecode interpreter
On Thu, 11 Mar 2010 14:26:07 -0500 David F. Skoll d...@roaringpenguin.com wrote: Tomasz Kojm wrote: Due to security reasons all bytecodes need to be digitally signed, so no 3rd parties will be able to inject any code into your installations. I believe this is the same security model used by Microsoft for Active X. (NOTE: I am in no way implying that your bytecode interpreter is as dangerous. I am implying that anyone can make an honest mistake and sign buggy code, or have his private key compromised.) When it comes to vulnerabilities, they will not be that critical as vulnerabilities in the regular code since all bytecodes can be remotely fixed/removed. OK... here's another question: ClamAV is licensed under the GPL. Your bytecode programs are distributed in object-code format. Will you make the corresponding source code available? yes, the bytecodes will embed the source code and the new tool called clambc shipped with 0.96 can display the corresponding source code with --printsrc What language is the source code written in? In a C-like language -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 11 21:21:59 CET 2010 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] [PATCH] Clamuko: DazukoFS support + fix reload race
On Thu, 10 Sep 2009 22:46:25 +0200 John Ogness dazukoc...@ogness.net wrote: On 2009-09-09, Tomasz Kojm tk...@clamav.net wrote: if possible, please open two bug reports at bugs.clamav.net (for race condition and dazukofs support) and attach your patches there - this will help us to better schedule the changes. Done. https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1691 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1692 Thank you! -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Sep 10 23:21:34 CEST 2009 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] [PATCH] Clamuko: DazukoFS support + fix reload race
On Wed Sep 09 2009 00:37:14 GMT+0200 (CEST) John Ogness dazukoc...@ogness.net wrote: This is a patch against ClamAV 0.95.2 that introduces DazukoFS support for Clamuko. If /dev/dazukofs.ctrl is not found, it falls back to the original Clamuko (Dazuko) code. The following config options do not have any meaning with DazukoFS: ClamukoScanOnOpen, ClamukoScanOnClose, ClamukoScanOnExec, ClamukoIncludePath, ClamukoExcludePath If using DazukoFS with these options specified, a warning is logged. A new config option ClamukoScannerCount is also introduced (only for use with DazukoFS). It specifies how many scanner threads should be started for Clamuko. It defaults to 3. Note that no virus handling is supported with DazukoFS. File access can only be blocked. This is something that may be added later. This patch also fixes a race condition in clamd/server-th.c where Clamuko could scan files while the db was reloaded. This caused the the scanner thread to sit in cl_scandesc() with 100% CPU forever. Now a reload of Clamuko will be done cleanly. This patch has been tested on Linux/ppc 2.6.30.5 together with DazukoFS 3.1.0-rc2. Hi John, if possible, please open two bug reports at bugs.clamav.net (for race condition and dazukofs support) and attach your patches there - this will help us to better schedule the changes. Thanks!! Best regards, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 9 23:19:08 CEST 2009 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] I am uncertain of the meaning of cl_engine_field members
On Wed, 27 May 2009 10:54:46 +0200 (CEST) s...@datanet.hu wrote: Dear list, I have updated my application (using libclamav), but I ran into a problem when I tried to set some limits (used to use 'struct cl_limit'). Unfortunately the meaning of the following variables, see below, is a bit un(der )documented - at least I couldn't find it. So please tell me what is the meaning of the following options: Most of them are self-explanatory, also the source code of clamd and clamscan should clear up any doubts. Which particular fields confuse you? -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed May 27 11:12:05 CEST 2009 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] I am uncertain of the meaning of cl_engine_field members
On Wed, 27 May 2009 12:08:54 +0200 Janos SUTO s...@datanet.hu wrote: Tomasz Kojm wrote: Most of them are self-explanatory, also the source code of clamd and clamscan should clear up any doubts. Which particular fields confuse you? These: CL_ENGINE_MAX_FILESIZE # Files larger than this limit won't be scanned. Affects the input file itself # as well as files contained inside it (when the input file is an archive, a # document or some other kind of container). # Value of 0 disables the limit. CL_ENGINE_MAX_SCANSIZE # This option sets the maximum amount of data to be scanned for each input file. # Archives and other containers are recursively extracted and scanned up to this # value. # Value of 0 disables the limit CL_ENGINE_MIN_CC_COUNT # This option sets the lowest number of Credit Card numbers found in a file # to generate a detect. CL_ENGINE_MIN_SSN_COUNT # This option sets the lowest number of Social Security Numbers found # in a file to generate a detect. -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed May 27 12:34:59 CEST 2009 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Fix clamav-milter bug on FreeBSD ports tree
On Tue, 7 Apr 2009 18:19:42 +0200 Tomasz Kojm tk...@clamav.net wrote: What is the status of this release? Will it happen today? Yes, it will. Well, we will have a small delay - please expect the new release tomorrow. Sorry for the inconvenience. -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Apr 7 22:11:51 CEST 2009 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Help to fix some code with new API
On Wed Mar 25 2009 19:11:36 GMT+0100 (CET) Renato Botelho rbga...@gmail.com wrote: And about the way I did the changes, is it ok? Yes, generally the changes look OK (however without complete source files I can't say there are no memleaks when some exceptions get raised, etc.), but you should make some real world tests of these applications to make sure they're functioning correctly. -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 25 19:15:02 CET 2009 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] API concerns
On Fri, 13 Mar 2009 17:12:06 -0500 Ladar Levison la...@lavabit.com wrote: There currently is no function call available via the public libclamav API to return the total number of signatures in the database directory. To find this number a developer would need to manually pass the file names to the CVD functions. Since there are multiple files stored in the directory, and filenames change, I don't feel that is a stable interface model. Why not store the number as part of the cl_stat structure, and return it with a simple function call: unsigned int cl_statsigtotal(const struct cl_stat *dbstat); Please open a bug report, mark it as enhancement, and we will consider such a feature for one of the future releases. -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 13 23:43:58 CET 2009 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] New 0.95 API concerns
On Thu, 12 Mar 2009 20:01:59 +0300 Eugene Crosser cros...@average.org wrote: Tomasz, thank you for your attention to my concerns. Now I can go ahead and adjust zmscanner's clamav plugin to use the new API ... with confidence! :-) You're welcome! -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 12 19:22:12 CET 2009 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] New 0.95 API concerns
On Thu, 12 Mar 2009 12:47:28 -0300 Renato Botelho rbga...@gmail.com wrote: Since API was chenged one more time, a new RC will be released to 0.95? I'm just asking it because I maintain clamav at FreeBSD ports and I tested all dependant ports with clam 0.95-RC1 and notified maintainers of all ports that doesn't build with new API to fix it. I'm just wondering if with these new changes those ports can or not break again. Hi Renato, due to some changes and Safe Browsing support, we will be publishing a new release candidate on March 16, however I believe these particular changes to the API shouldn't have much impact on the 3rd party applications at this point. Thanks, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 12 19:26:41 CET 2009 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] [fabio....@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp (GPLv2 only linking to LGPLv3 or later)]
On Sat, 24 Jan 2009 01:21:34 + Stephen Gran st...@lobefin.net wrote: I've just received the bug report below via the Debian bug tracking system. There's obviously not a whole lot I can do about it myself, but I just thought I'd bring it to your attention. Yeah, we got this information as well: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1366 Thanks, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat Jan 24 11:16:10 CET 2009 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] installation of 64bit libaries in /usr/lib ?
On Thu, 28 Aug 2008 10:00:01 +0200 Per Jessen [EMAIL PROTECTED] wrote: I've just built 0.93.3 on an AMD64 machine - for some reason, the libraries were installed in /usr/lib, not /usr/lib64. Is that intentional ? Most likely your distribution is not truly 64-bit, otherwise /usr/lib64 would be a symlink to /usr/lib -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Aug 28 10:40:11 CEST 2008 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] installation of 64bit libaries in /usr/lib ?
On Thu, 28 Aug 2008 11:47:43 +0300 Tuomo Soini [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Kojm wrote: | Most likely your distribution is not truly 64-bit, otherwise /usr/lib64 would | be a symlink to /usr/lib That's not true. All fedora based distros have /usr/lib64 for 64-bit libraries and /usr/lib for 32-bit libraries. That's needed for binary compatibility with 32-bit apps. That's debatable. To me OS which uses 32-bit /usr/lib is not truly 64-bit. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Aug 28 10:56:46 CEST 2008 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] chm submodule disabled with daily.cvd
On Thu, 21 Aug 2008 21:45:32 + (UTC) Yuri Dario [EMAIL PROTECTED] wrote: I did same test on my eeepc, with xandros and clamav 0.91.2: also there, the test file clam.chm is marked as ok with daily.cvd, and found infected with main.cvd. Is this a known problem? Hi, the CHM module is currently switched off and will be re-enabled in 0.94-final. Regards, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Aug 22 08:26:45 CEST 2008 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] chm submodule disabled with daily.cvd
On Fri, 22 Aug 2008 07:25:48 + (UTC) Yuri Dario [EMAIL PROTECTED] wrote: Since the test suite in 094rc1 fails because chm was not detected, I never thought about this. 'make check' will not fail because it doesn't depend on daily.cvd (it uses a single .hdb entry for detection) -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Aug 22 09:35:30 CEST 2008 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] chm submodule disabled with daily.cvd
On Fri, 22 Aug 2008 12:44:47 + (UTC) Yuri Dario [EMAIL PROTECTED] wrote: ok, failure was because also OS/2 (as Windows) cannot delete open files. Now this has been fixed. Later I'll update current patch in bug system. OK, thanks for the update on this. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Aug 22 14:52:35 CEST 2008 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Silly code in clamav-0.93.1/shared/cfgparser.c
On Thu, 12 Jun 2008 10:35:11 -0400 David F. Skoll [EMAIL PROTECTED] wrote: Surely you mean: cpy = strdup(arg); At the very least, you need to check the return from calloc(). David, thanks for spotting this glitch, it's now fixed in SVN. If you find any more issues like this, please open a bug report in our bugzilla and report them there. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jun 13 02:06:38 CEST 2008 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] ClamAV stopps working if it's database directory is locked
On Mon, 7 Apr 2008 13:30:01 -0300 Renato Botelho [EMAIL PROTECTED] wrote: A problem report was open on FreeBSD ports about clamav, it's the first time someone report me this bug, could you take a loot at: http://www.freebsd.org/cgi/query-pr.cgi?pr=122534 and let me know if is a known bug and if have a solution? This is a known issue and has been addressed in 0.93rc1 (0.93-final is to be released very soon). -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Apr 7 21:12:34 CEST 2008 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] file descriptor passing
On Sat, 29 Mar 2008 10:34:44 +0100 Marc Balmer [EMAIL PROTECTED] wrote: for quite some time (more than a year) I have a local patch for clamd which makes it accept filedescriptors being passed (the code currently in clamd does _not_ work at all). Hi Mark, due to portability issues and a general lack of interest in this feature (which didn't work correctly anyway) from our users, the code has been dropped a few months ago and currently we have no plans for re-including it. However, feel free to open a bug in our bugzilla and attach your patch so that we may consider it in the near future. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Mar 31 12:32:49 CEST 2008 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] .cld file status
On Mon, 31 Dec 2007 20:45:48 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: Does anyone know the status of the new support for .cld files in the SVN code? I've been playing with the latest SVN code on a development box and I'm having problems with the new .cld container files. Everything's fine until an incremental update occurs then a .cld file appears and clamd exits due to a corrupt database. Hi Andy, support for .cld files is still experimental and not fully finished, but clamd shouldn't have such problems. I couldn't reproduce it on my local box; does it fix the problem if you change this line in readdb.c: ret = cli_cvdload(fs, engine, signo, warn, options | CL_DB_CVDNOTMP, 1); to ret = cli_cvdload(fs, engine, signo, warn, options, 1); Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jan 3 00:01:07 CET 2008 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] License violation in unrar code
On Thu, 25 Oct 2007 03:34:05 +0200 Gianluigi Tiesi [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Kojm wrote: On Fri, 19 Oct 2007 21:04:03 +0200 Enrico Scholz [EMAIL PROTECTED] wrote: Hi, citing from https://bugzilla.redhat.com/show_bug.cgi?id=334371 While investigating the possible inclusion of a GPL'd unrar package (see Bugzilla 319831), it was discovered that clamav contained a RAR v3 implementation that was copied/derived from the RARlabs unrar source code. Eugene Roshal of RARlabs confirmed that they did not give permission for any RAR v3 implementation to be used under the GPL, only under the unrar license (which is GPL incompatible). Therefore: what is the origin of RAR v3 code? Who gave the permissions to license it under GPLv2+? How can we proceed so that clamav can be used legally? ClamAV doesn't include any 3rd party RAR code. The code in 0.9x was written by our developer, in C, but in fact it uses the same decompression algorithms and may be a subject to patents or other intellectual rights. After discussing the matter with Eugene Roshal, we decided 0.92 will not include the rar3 code but instead it will be provided as an additional library (most likely licenced under LGPL + original unrar restrictions) and we will add a special clause to ClamAV's licence to allow linking with this library. I've just looked at svn, and the changes are not enough libclamunrar cannot be built standalone there are circular dependencies It's not prepared for a standalone build yet, it has just been moved outside of libclamav. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Oct 25 13:28:14 CEST 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] License violation in unrar code
On Fri, 19 Oct 2007 21:04:03 +0200 Enrico Scholz [EMAIL PROTECTED] wrote: Hi, citing from https://bugzilla.redhat.com/show_bug.cgi?id=334371 While investigating the possible inclusion of a GPL'd unrar package (see Bugzilla 319831), it was discovered that clamav contained a RAR v3 implementation that was copied/derived from the RARlabs unrar source code. Eugene Roshal of RARlabs confirmed that they did not give permission for any RAR v3 implementation to be used under the GPL, only under the unrar license (which is GPL incompatible). Therefore: what is the origin of RAR v3 code? Who gave the permissions to license it under GPLv2+? How can we proceed so that clamav can be used legally? ClamAV doesn't include any 3rd party RAR code. The code in 0.9x was written by our developer, in C, but in fact it uses the same decompression algorithms and may be a subject to patents or other intellectual rights. After discussing the matter with Eugene Roshal, we decided 0.92 will not include the rar3 code but instead it will be provided as an additional library (most likely licenced under LGPL + original unrar restrictions) and we will add a special clause to ClamAV's licence to allow linking with this library. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 23 10:33:27 EDT 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Problem decompress cab file
On Thu, 7 Jun 2007 16:26:15 -0300 (BRT) [EMAIL PROTECTED] wrote: Hi Tomasz , tanks for regard. I guess the problem is on block: [...] What do you think about it ? Let me repeat myself: there's no problem with libclamav. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jun 7 21:27:08 CEST 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Problem decompress cab file
On Wed, 6 Jun 2007 09:22:30 -0300 (BRT) [EMAIL PROTECTED] wrote: I've tried segregate the code of decompress cab file to use on my Project. The cab_open and cab_free function work but cab_extract generate only zero byte files. I think is a problem in a decompress function. I tried with cab compressed as mszip and lzx, both had the same problem. The project is available to download in http://www.guerradigital.com.br/CABDECOMPRESS.ZIP Do you expect us to fix your code? -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Jun 6 18:31:46 CEST 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] clamd false positive, (Oversized.Zip on small zip files)
On Mon, 14 May 2007 15:01:53 +0200 (CEST) Martin Blapp [EMAIL PROTECTED] wrote: Hi all, While scanning http://antispam.imp.ch/files/testzip.zip clamd (clamdscan) thinks that this file is too big. But it isn't the case at all. All extracted files are only about 1MB in size. We have set 'ArchiveMaxCompressionRatio' to 200, so this can't really be the problem. For some reason, clamscan thinks the archive is ok. Only clamd has this problem. clamd --version ClamAV 0.90.2/3243/Mon May 14 12:49:49 2007 Any ideas ? 60032 / 241 = 249.09544 -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon May 14 15:11:34 CEST 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] clamd false positive, (Oversized.Zip on small zip files)
On Mon, 14 May 2007 16:05:21 +0200 (CEST) Martin Blapp [EMAIL PROTECTED] wrote: Hi, 60032 / 241 = 249.09544 Hmm ? If I extract this Zip file I get 842 Kbytes Data, not 60032, which is only 3 times as much. How do you get 60032 Kbytes ? /tmp$ unzip -lv testzip.zip | head -n 5 | tail -n 1 60032 Defl:X 241 100% 02-16-07 13:15 1c5aa12b Drops von 14V 30s.dpt -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon May 14 16:10:08 CEST 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Patch: freshclam: keep downloaded cdiffs for local distribution
On Thu, 22 Mar 2007 09:45:29 +0200 Aidas Kasparas [EMAIL PROTECTED] wrote: v. 0.90.1 applies downloaded cdiffs and removes them, so there is no way to distribute them to local clients. Attached patch allows to keep them and configure movement to RootDirectory of local web server. There's no need for such a patch, please check the latest version of the FAQ. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 22 11:46:55 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] libclamav - cl_loaddbdir no longer in clamav.h ?
On Tue, 13 Mar 2007 19:17:10 +0100 Per Jessen [EMAIL PROTECTED] wrote: Per Jessen wrote: I have some code that's using cl_loaddbdir() - I am just moving to libclamav.so.2.0.1, and noticed that cl_loaddbdir() is no longer in clamav.h. Should I take this mean don't use it or it's deprecated or not a supported API ? OK, I see the extra options on cl_load() which is cool. I have to say I didn't quite appreciate the new default being not to load the phishing sigs, but I'll survive :-) You should pass CL_DB_STDOPT into cl_load() -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 14 08:50:07 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] One bug in matching algorithm of ClamAV 0.90
On Mon, 5 Mar 2007 17:48:23 +0800 alex [EMAIL PROTECTED] wrote: I have read the source code of clamav 0.90 and found a bug in it's matching algorithm. To test it, I have made one sample file and two pattern files as follows: sample file: a.sam: 111 222 222 333 a.db: pat_a=313131*323232{-5}33 b.db: 313131{-100}323232{-5}33 I scaned the sample file by these two patten files respectively, the pattern b.db detected the sample file, but the pattern a.db missed. I think the sample file should be detected too by the pattern files a.db. To fix it, i modify the line 483 in matcher-ac.c to if (pt-maxdist) mdata-maxshift[pt-sigid - 1] = mdata-partoff[pt-sigid - 1][j] + pt-maxdist - curroff; Can anyone tell me this modification is right or not ? It's not enough. If pt-maxdist == 0 then mdata-maxshift should be reset to -1 to not depend on old values in next iterations. So the proper fix is: if(pt-maxdist) mdata-maxshift[pt-sigid - 1] = mdata-partoff[pt-sigid - 1][j] + pt-maxdist - curroff; else mdata-maxshift[pt-sigid - 1] = -1; -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 8 23:21:47 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] scaning PDFs in 0.90 is slow
On Mon, 05 Mar 2007 17:56:36 +0100 Thomas Steinel [EMAIL PROTECTED] wrote: Hi, for example scanning http://www.clamav.net/doc/latest/clamdoc.pdf with Version 0.88.7 takes 24ms, 0.8x doesn't scan within PDFs. but Version 0.90.1 takes 128ms Do I need special configuration for scanning PDF files? Read the manual. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Mar 5 18:25:29 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] One problem in filetype.c in clamav0.90
On Wed, 28 Feb 2007 11:28:38 +0800 alex [EMAIL PROTECTED] wrote: Dears all: I have read the source code of clamav 0.90 and found a strange code in filetype.c. There is an expressioniIn 233 line of filetype.c : if(!iscntrl(buf[i]) !isprint(buf[i]) !internat[buf[i] 0xff]) and this expression would ALWAYS be false. I want to know if i am wrong ? Hi Alex, you're not wrong. The problem is however not a big issue because from the ClamAV point of view it's much more safe to assume that all files are of the type CL_TYPE_UNKNOWN_TEXT (it will have some performance drawbacks, though). The line 233 should read if(!internat[buf[i]]) however I'm rather in favour of rewriting that check (to not depend on a single character but use some basic statistics instead) or dropping it completely. Otherwise, it may in some cases lead to false negatives or allow attackers to fool ClamAV very easily. Regards, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 28 15:11:49 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] One problem in filetype.c in clamav0.90
On Wed, 28 Feb 2007 16:03:08 +0100 Gianluigi Tiesi [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Kojm wrote: On Wed, 28 Feb 2007 15:21:52 +0100 Gianluigi Tiesi [EMAIL PROTECTED] wrote: I've noticed it too, in my port I have changed it to: if(!(iscntrl(buf[i]) || isprint(buf[i])) || !internat[buf[i] xff]) This one is much worse because it will lead to many false nagatives with HTML and mail files. yes so I've never posted it as official patch, btw I do the check for whole magic buffer (150?) to be more realable also I've noticed the internat table is quite different from the one in file (magic) utility. In your case checking more data will only increase the chance for a false negative. After your change the first condition (i.e. !(iscntrl(buf[i]) || isprint(buf[i]))) will disqualify LOTS (more than 100 for sure) of characters which can be valid international chars. So what we can use for the better (or at least optimal) way to guess the kind of data (rather than having a always true/false check)? isprint First of all, you should drop your change which is erroneous and for now I'd strongly suggest to classify all unknown data as CL_TYPE_UNKNOWN_TEXT. We will address this issue in the near future and depending on the results of regression testing decide which way to go. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 28 16:40:04 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] One problem in filetype.c in clamav0.90
On Wed, 28 Feb 2007 19:04:43 +0100 Gianluigi Tiesi [EMAIL PROTECTED] wrote: There is a reason if we (clamwin) changed this, we still prefer to skip unknown files, and we don't need to care much about html and mail You don't need to care about HTML? files, so I've made some tweaks (not only this one) to save some cpu cycles avoiding scan of unneeded files. I wouldn't call it a tweak, I'd call it an error. Your change introduced much more serious problems. I'm aware that for a mail server scanner it's not the correct approach, so in fact my post was only a comment, it was never intended to be in clamav tree. A scan of a real pc hd can take ages, clamscan without any change scans large avi files in raw mode (there is only a specific check for anim riffs), other media files and e.g. iso files are also scanned in raw mode. 10-20gb of media/iso is not uncommon to find in a user pc, while they are very unlikely to be in a mail. Still there are better ways to deal with big files than breaking important parts of code. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 28 19:14:03 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] One problem in filetype.c in clamav0.90
On Wed, 28 Feb 2007 19:23:32 +0100 aCaB [EMAIL PROTECTED] wrote: Long ago we started implementing a list of types which are always considered not harmful. Unfortunately it seems that no file type is currently safe by default as demonstrated by the gif and jpeg exploits. Maybe we should now handle safe_by_default filetypes via DCONF, so, in case an exploit (for i.e. image/png) comes out we are able to scan it anyway? We could move the whole cli_magic[] from filetypes.c into the database. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 28 19:26:43 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Some programs stop building with clamav-0.90
On Wed, 28 Feb 2007 19:28:40 +0100 Jan ONDREJ (SAL) [EMAIL PROTECTED] wrote: Hello, On Sun, Feb 18, 2007 at 10:19:17PM +0200, Henrik Krohns wrote: On Sun, Feb 18, 2007 at 03:25:41PM -0200, Renato Botelho wrote: After I upgraded clamav to 0.90 on FreeBSD ports, some other programs stop building. Here are them: Is there an easy way to fix it? cl_loaddbdir - cl_load and add CL_DB_STDOPT as new parameter. Why isn't it left as compatibility in 0.90? It's almost the exact same call, I don't get it. Now it's pretty harsh to all the programs out there. Why it is still named libclamav.so.1, if it is not binary and also not source compatible? That's a known issue and will be fixed in the next version. And another question: Why these aliases are good for, if compatibility with older version is broken? /* aliases for backward compatibility */ #define CL_RAW CL_SCAN_RAW #define CL_ARCHIVE CL_SCAN_ARCHIVE #define CL_MAIL CL_SCAN_MAIL #define CL_OLE2 CL_SCAN_OLE2 #define CL_ENCRYPTEDCL_SCAN_BLOCKENCRYPTED #define cl_node cl_engine Please, remove these old aliases or add some other to keep compatibility in source With this one you should be able to compile some old stuff: #define cl_perror cl_strerror However, to take advantage of the new features old software should be updated to use the new API. and binary forms. No, this will not be possible ;-) If it is not possible, is there ability to add my libclamav module for python to clamav sources? It is hard to build proper version of this module, if you don't know which clamav is installed on system. It requires Pyrex and python-devel to build. You should use clamav-config: $ clamav-config --version 0.90 -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 28 19:31:29 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] One problem in filetype.c in clamav0.90
On Wed, 28 Feb 2007 21:07:42 +0100 Gianluigi Tiesi [EMAIL PROTECTED] wrote: It seams you want flame me, I've only expressed my opinions but not asked you to use my decisions. I think you're still missing the point of this discussion. And the point is that changing the line 233 of libclamav/filetypes.c to if(!(iscntrl(buf[i]) || isprint(buf[i])) || !internat[buf[i] xff]) you seriously broke the detection. That's all and the rest is off-topic. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 28 21:15:08 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] One problem in filetype.c in clamav0.90
On Wed, 28 Feb 2007 22:19:50 +0100 Gianluigi Tiesi [EMAIL PROTECTED] wrote: I think you're still missing the point of this discussion. And the point is that changing the line 233 of libclamav/filetypes.c to if(!(iscntrl(buf[i]) || isprint(buf[i])) || !internat[buf[i] xff]) you seriously broke the detection. That's all and the rest is off-topic. I agree with you about the OT, but still not agree about the code, we have scanned 1gb of various malware (all types also non ext) detected by clamav or not, and there was no false negatives in the scan. I've seen in svn it was commented, so yes better to leave it out ;) If you find some serious possible false negative problem, please tell me so I will be happy to remove the code. Any international text that includes character(s) from range [0x80..0xff] will be misclassified as CL_TYPE_UNKNOWN_DATA with your version of the line 233. Please respect our time, I really spent too much time today explaining this issue. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Feb 28 22:20:27 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] ClamAV 0.90 fail to compile on Mac OS on a PowerPC Mac
On Thu, 22 Feb 2007 12:48:53 +0100 Joël Brogniart [EMAIL PROTECTED] wrote: Hi, On a PowerPC Mac the architecture is ppc (-arch ppc for library tools). During the configure step, the configure tool construct the LIBCLAMAV_LIBS variable by appending different lib options. When it append curl needed library it append the following: -L/usr/lib - lcurl -arch i386 -arch ppc -lz -lssl -lcrypto -lz. Make of ClamAV when with -arch i386 -arch ppc. On should remove -arch i386 in all makefiles for make to success. Please post the outputs of: * curl-config --libs * pkg-config --libs openssl -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Feb 22 13:11:18 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Fw: [Clamav-devel] Phishcheck module in clamscan 0.90rc3
Begin forwarded message: Date: Sat, 10 Feb 2007 20:52:01 +0200 From: Török Edwin [EMAIL PROTECTED] To: Tomasz Kojm [EMAIL PROTECTED] Subject: Re: Fw: [Clamav-devel] Phishcheck module in clamscan 0.90rc3 Tomasz Kojm wrote: Hi Edwin, could you have a look at this, thanks. Sorry for the delay, see below for reply. Please forward reply. I have compared clamscan's url-based phishing options of 0.90rc3 with those of 0.90rc2, and as a result, some things are no longer clear to me: Looks like I should document the phishingmodule better, at least on the wiki. I'll try to do that in the next few days. (1) Has the Phishing.Email.HexURL type been dropped in rc3? Not dropped. Its handling changed with images. What has been detected as Phishing.Email.HexURL in rc2, will now be detected as just Phishing.Email: The test here https://wwws.clamav.net/bugzilla/attachment.cgi?id=141 works. If you could send me the 20061007-042145.696587_Html.mbox, I'll investigate further. My guess is that the hexurl was in an image link. (2) The --phishing-cloak option does not seem to work: clamscan-0.90rc3 --phishing-cloak 20061004-110140.185616_Html.mbox 20061004-110140.185616_Html.mbox: OK However: clamscan-0.90rc3 --no-phishing-restrictedscan 20061004-110140.185616_Html.mbox 20061004-110140.185616_Html.mbox: Phishing.Email.Cloaked.NumericIP FOUND --phishing-cloak is for hexurl, %00, and encoded urls. There is no option to turn on numericip alone, it'll get turned on by the no-phishing-restrictedscan option. (3) It seems that the --phishing-ssl and --phishing-cloak options are always activated when --no-phishing-restrictedscan is given, right? Yes. --no-phishing-restrictedscan activates ALL checks, and checks everything regardless of daily.pdb (.wdb still honored). (4) Do you really want to keep the no- within --no-phishing-restrictedscan? This must have been a glitch. Want to keep it. * restrictedscan means the default behaviour, when only domains listed in daily.pdb are checked. The default is RESTRICTED to *.pdb domains. * no-restrictedscan means to check EVERYTHING, regardless of *.pdb . It does more checks, but you're likely to get many false positives. (5) Can we expect another release candidate with these Phishcheck module related issues being fixed before 0.9 final? IMHO only documentation needs to be fixed. But I'll do some tests on the phishing module. Will --enable-experimental still be required at compile time? My question too for Tomasz. Best regards, Edwin -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat Feb 10 21:55:58 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] speed up 'cli_bm_scanbuff()'
On Wed, 10 Jan 2007 22:30:40 +0100 Christophe Jaillet [EMAIL PROTECTED] wrote: II/ Idea of implementation : == 2.1) define a macro and macroize the code (AVOID_BM_SHIFT ???) everywhere needed 2.2) add test like : if (BM_MIN_LENGTH == BM_BLOCK_SIZE) ... where needed and let the compiler determine dead code and optimize it away 2.3) add a new inlined function (int cli_can_avoid_bm_shift() ???) that perform this test 2.4) any other idea ? Personally, I think that 2.3 is the best approach. Hi Christophe, 2.2 looks best to me. Sorry for the late answer. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Feb 9 00:53:57 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] --no-phishing(-scan-urls)?
On Thu, 2 Nov 2006 00:58:22 +0100 Robert Allerstorfer [EMAIL PROTECTED] wrote: Hi, clamscan -h | grep -E --no-phishing(-scan-urls)? on 0.9rc2 with experimental code enabled gives --no-phishingDisable phishing detection --no-phishing-scan-urls Disable url-based phishing detection This would let me think the '--no-phishing' option disables both phishing detection methods, which is not the case. Thus, I would suggest to rename --no-phishing and update its description in the -h output to make that clear, maybe to something like --no-phishing-sigs Disable signature-based phishing detection Hi Robert, both --no-phishing and DetectPhishing have been renamed. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat Jan 6 17:47:59 CET 2007 ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Scan a list of strings (chars array)
On Tue, 7 Nov 2006 20:25:03 +0100 embyte [EMAIL PROTECTED] wrote: Hello, I would want to integrate the clamav engine (libclamav) in a tool that i'm just coding. I would want to scan the data contained in a variable, defined as a linked list of chars array, something like: struct nodei { struct nodei *next; char data_node[1024]; } Where variable=node1-node2-node2-...-nodeN I immagine the scan function to receive an open file-descriptor and not somethink like my list :) But i'm sure it's possible to hack somewhere and implement a sort of custom-version :D yes, you need to hack your own code -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Nov 7 20:48:40 CET 2006 ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Tb extension
On Sun, 05 Nov 2006 20:54:10 +0100 budtse [EMAIL PROTECTED] wrote: Tomasz Kojm wrote: On Sun, 05 Nov 2006 17:09:12 +0100 Gianluigi Tiesi [EMAIL PROTECTED] wrote: I think you can avoid to pick shitty clamav code :P What code are you talking about? I borrowed some of the code of clamscan, to get things up and running a little faster. There's still a lot left to be cleaned up though. It'll take some more time before we can get to a beta release. Anyway, since we're talking about it, i used some of the secure VC++ 2005 functions like strcpy_s in stead of strcpy, now i come to think that it probably makes the code less portable, so i will replace them by the standard functions again. Any other suggestions are very welcome (since i'm not an expert in writing open/portable code, nor an expert in security). budtse WTH? -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Nov 5 21:47:32 CET 2006 ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Tb extension
On Sun, 05 Nov 2006 22:34:53 +0100 budtse [EMAIL PROTECTED] wrote: Tomasz Kojm wrote: Any other suggestions are very welcome (since i'm not an expert in writing open/portable code, nor an expert in security). budtse WTH? I see the confusion now. The TB plugin is in the ClamWin SVN Ah, ClamWin, that answers my question then. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Nov 5 23:18:34 CET 2006 ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] [PATCH] small speed up for 'cli_findpos' in 'libclamav/matcher-ac.c'
On Sun, 5 Nov 2006 20:40:08 +0100 Christophe Jaillet [EMAIL PROTECTED] wrote: Hi, in the function 'cli_findpos' of 'libclamav/matcher-ac.c', a few tests can be avoided by 'breaking' when we have found what we are looking for. Good point. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Nov 6 00:09:28 CET 2006 ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] [PATCH] fix typo
On Wed, 1 Nov 2006 18:42:25 +0100 Christophe Jaillet [EMAIL PROTECTED] wrote: Here is a small patch to correct some typo in error messages. Fixed, thanks. Next time please report patches to http://bugs.clamav.net which helps to coordinate our work much more effectively. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Nov 6 00:14:47 CET 2006 ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] making concurrent freshclam
On Fri, 06 Oct 2006 11:32:52 +0100 Nigel Horne [EMAIL PROTECTED] wrote: Tomasz Kojm wrote: On Fri, 06 Oct 2006 10:59:58 +0100 Nigel Horne [EMAIL PROTECTED] wrote: I have found that starting concurrent copies of freshclam can give logg() errors, but I'm yet to find it resulting in anything crashing. The logg problems are, I suspect, because of issues in the logfile locking code, which it's true should be addressed. What about LogFileUnlock yes? The inference from the comment the lock protects against running clamd multiple times is that one should not use that option. Having said that it doesn't mention about protecting against multiple copies of freshclam. This doesn't answer my question. Does LogFileUnlock yes added to freshclam.conf solve the issue? -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Oct 6 12:41:43 CEST 2006 ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Patch to allow spaces in file and directorynamesin clamd/freshclam config files
On Tue, 5 Sep 2006 06:35:38 -0700 [EMAIL PROTECTED] wrote: On Tuesday, September 05, 2006 at 6:02 AM, Nigel Horne wrote: Mark Pizzolato wrote: On Tuesday, September 05, 2006 at 12:46 AM Nigel Horne wrote: Mark Pizzolato wrote: Attached is a patch which implements OPT_QUOTESTR. OPT_QUOTESTR includes everything between quotes (if present), or for backward compatibility, acts as OPT_STR if the next token doesn't start with a quote character (' or ). OPT_QUOTESTR is then used for file and directory paths as in the prior patch. What happens if there's only one quote character on a line? The patch will tolerate an opening quote without a closing quote and strip the opening quote. It would be better to warn the user and return an error. OK. This version does that. Patch applied in CVS, many thanks! -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Sep 15 00:09:30 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] [patch] workaround for flawed DNS server in Alcatel SpeedTouch 510
On Mon, 04 Sep 2006 14:42:08 +0200 Arnold Metselaar [EMAIL PROTECTED] wrote: Hello, I have sent this patch to [EMAIL PROTECTED] before, but it may have been unnoticed due to the spam sent to that address. I have observed that the DNS server in my Alcatel SpeedTouch 510 modem *can* resolve a TXT record, though it is unable to process a TXT query. The following session shows how it works: $ host -t txt current.cvd.clamav.net current.cvd.clamav.net has no TXT record $ host -t any current.cvd.clamav.net current.cvd.clamav.net descriptive text 0.88.4:40:1672:1155767516:1 The patch I have attached makes freshclam try an ANY-query if the TXT-query has failed. The patch looks OK. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 13 17:16:16 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Memory amd file handle leaks in error paths of shared/cfgparser.c
On Fri, 1 Sep 2006 12:18:08 -0700 Mark Pizzolato [EMAIL PROTECTED] wrote: Granted, the error paths are rarely taken, and when taken usually result in a program exit in short order, however, since attempts are made to clean up some things, it would probably be best if as much as possible were cleaned up correctly. Applied, thanks. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 13 00:51:59 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Freshclam ConnectTimeout patch
On Fri, 4 Aug 2006 18:19:37 -0300 Everton da Silva Marques [EMAIL PROTECTED] wrote: Freshclam Timeout Patch http://nucleo.freeservers.com/freshclam-timeout/ Hi Everton, the patch has been applied to the CVS version. Thank you! -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Aug 27 19:45:10 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Freshclam ConnectTimeout patch
On Wed, 26 Jul 2006 21:27:47 -0300 Everton da Silva Marques [EMAIL PROTECTED] wrote: What do you think? Can we have ConnectTimeout in upcoming freshclam releases? Hi Everton, the patch looks good (but in the future please send patches against the CVS version). The only thing that must be added is a copyright header in nbconnect.[ch] -- please send these files updated and I will apply the patch in CVS. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jul 28 01:19:53 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] segfault in freshclam/manager.c
On Mon, 17 Jul 2006 05:01:55 +0200 Gianluigi Tiesi [EMAIL PROTECTED] wrote: or freshclam will crash if it doesn't have db files Fixed, thanks. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Jul 17 11:44:01 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] clamscan/clamdscan shared patch for Interix
On Wed, 7 Jun 2006 16:50:35 -0400 Brian A. Reiter [EMAIL PROTECTED] wrote: This patch for the shared argument parser will canonicalize Win32 paths strings (eg. C:\foo\bar) to UNIX paths (eg. /dev/fs/C/foo/bar) on Interix. This is important because Interix is the UNIX subsystem for Windows and as such Interix binaries can interact with Windows binaries and the Windows command shell. With this patch, clamscan can automagically make the translation, which makes it easy to call from Windows programs that aren't POSIX-aware. Hi Brian, I've reviewed your patches and have the following comments: - taking into account Interix is a bit exotic platform, the patches are quite large - the path translation code is doubled in clamd/scanner.c and clamscan/options.c, it should be moved to shared/misc.c as a general procedure - some changes are incorrect, especially those marked with (__GNUC__ = 3): first of all, it's up to the configure to check if and how compiler handles structure packing and other features (there's already a code for that); secondly, your changes would result in broken code on some platforms (it's not enough to modify header files, a proper work-around must be also implemented in the code). Best regards, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Jun 19 18:50:25 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Coverity
On Sat, 10 Jun 2006 14:14:50 +0200 Sander Holthaus [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ClamAV is missing from the list at http://scan.coverity.com/ . Seeing that ClamAV is thé free opensource virusscanner, I think ClamAV should be eligible for a free scan from Coverity (funded by the US Homeland Security Department-funded bug hunt). Hello, we have contacted Coverity and hopefully ClamAV will be added to the list in the near future. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jun 13 17:27:32 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] [Patch] freshclam not updating locally corrupted database
On Wed, 31 May 2006 13:23:22 +0200 Peter Vollmer [EMAIL PROTECTED] wrote: Hi, I noticed that freshclam wont update a locally corrupted database, i.e. doing something like the following wont result in a fresh update of the corrupted main.cvd # cd /var/db/bases ; dd if=main.cvd of=main.tmp count=100 bs=1 ; \ rm main.cvd ; mv main.tmp main.cvd; freshclam Hi Peter, that's a feature and not a bug. Freshclam (and all the other tools) will report a problem and refuse to run when a local database gets corrupted. Because it's generally something not usual it should be left to the sysadmin to investigate such an issue (the hard disk may be broken, etc.) and with your patch freshclam would actually hide the problem. This is a problem on our embedded device which may be switched off during an update , thus producing a corrupted database file. Please see applied small patch to current CVS to fix this problem. The patch looks appropriate in your case but not in general. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jun 6 23:33:22 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Re: JS Emulator (Summer of Code)
On Fri, 05 May 2006 13:47:45 +0200 Nikolaus Rath [EMAIL PROTECTED] wrote: So actually the idea is not to write a JS interpreter, but to take an existing one and analyze the parse-tree (or whatever datastructure they use) for suspicious constructions? That's probably the best way but we leave the decision to the student. Am I correct to assume that for this one needs quite some familarity with general virus scanner heuristics Such a knowledge could prove very useful. and is it sensible to start working on this even without prior knowledge in that area? In order to complete this task the student will need to do some research on the topic. But chin up, that's not a rocket science! ;-) -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat May 6 13:49:10 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Patch for (mostly) missing includes
On Sat, 8 Apr 2006 17:26:22 +0100 Stephen Gran [EMAIL PROTECTED] wrote: I noticed that by default, clamav does not build with -Wall. So, today, I gave it a run with CFLAGS=-Wall -Werror to see how things went. Below is patch based on several build failures. Please note, most of it is trivial. The only part that really looks like it might take some thought are the additions to the switch statements: they could probably just be handled with a default block, but I made it explicit so that you could eyeball it and decide how you want to handle them. Implicit function declarations corrected in CVS. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Apr 10 12:04:02 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] FSF has new address
On Mon, 19 Sep 2005 09:28:14 +0100 Stephen Gran [EMAIL PROTECTED] wrote: Hello all, The COPYING file has the old address for the FSF - it is now Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. Could you please update it? All references to the old address have been updated in CVS. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Apr 9 21:59:33 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] more scanners.c issues (html and one typo)
On Sun, 02 Apr 2006 11:12:02 +1000 Alch [EMAIL PROTECTED] wrote: Hi, The latest scanners.c, rev1.175 in anonymous CVS includes a patch for The latest rev is 1.176. if() parentheses for RAR-SFX and ZIP-SFX however 2 other entries in cli_magic_scandesc() were omitted. I noticed sf.net CVS has been down lately so it may be attributed to that. However after applying the full if((ret = cli_scandesc(desc, ctx, 0, 0, NULL)) == CL_VIRUS) patch I started noticing a lot of Unknown Error entires in the logs which I think are caused by this code omitting ret assignement in cli_scanraw(): case CL_TYPE_HTML: if(SCAN_HTML type == CL_TYPE_UNKNOWN_TEXT) if(cli_scanhtml(desc, ctx) == CL_VIRUS) return CL_VIRUS; ret is a filetype before a call to cli_scanhtml and type is returned instead of the cli_scanhtml code if there is no virus. H Starting with rev 1.174: Wed Mar 29 15:45:03 CEST 2006 (tk) -- * libclamav/scanners.c: properly report archive unpacking errors Problem spotted by David F. Skoll dfs*roaringpenguin.com the return value of the second cli_scanraw() call (the one called under normal circumstances) is ignored so you should not experience the problem of unknown errors. Patch with incorrect if() parentheses fix in cli_magic_scandesc() and ret assignment in cli_scanraw() attached. The patch was incorrect (it could break recursion limit balance for mail files, the current code in cli_scanraw() should be more clear about that, though). But you're right cli_scanraw() should not return type values and I will address that when cvs.sf.net is back. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Apr 2 12:31:44 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] why don't write portable code
On Sat, 1 Apr 2006 05:19:35 +0800 梁飞 [EMAIL PROTECTED] wrote: clamav-devel,您好! why don't you write portable code? http://en.wikipedia.org/wiki/POSIX if some function must use dependent platform API, we could implement it using macro at runtime. e.g, visit a directory are difference in Linux and Win32. We could implement a VisitDirectory fuction in LibClamav, and use it. The implement of VisitDirectory fuction depend on macro at runtime. i think engine is pure, and portable. if that, we could easier to portable it in diffent OS. ClamAV was not designed for win32 and to use it effectively on this platform one would need to redesign the whole engine, implement new features and provide specialised signature updates. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 31 23:52:56 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] why don't write portable code
On Sat, 1 Apr 2006 06:21:53 +0800 梁飞 [EMAIL PROTECTED] wrote: Tomasz Kojm,您好! but in fact, engine is pure. Most of commercial AV has Linux and Win32 version. so... the engine could be design the independ OS, why don't you code that? http://www.clamav.net/abstract.html#pagestart Clam AntiVirus is a GPL anti-virus toolkit for UNIX.[...] i know it maybe use some time to write it, but i think it valuealbe. ONE ENGINE IS A CORE OF SOFTWARE. and why don't you design it indepent platform? if possible, the directory maybe plot clearly, the same The engine is POSIX compliant. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat Apr 1 00:54:35 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] parentheses correction in scanners.c
On Thu, 30 Mar 2006 17:35:28 +1100 Alch [EMAIL PROTECTED] wrote: Hi, I've noticed couple of incorrect parentheses in scanners.c like: if((ret = cli_scandesc(desc, ctx, 0, 0, NULL) == CL_VIRUS)) I was sure most of these typos in scanners.c were fixed with the latest update to the SFX code but somehow they were not. Corrected again, thanks. Patch for scanners.c is attached, however there may be other places where the same happens, I only checked scanners.c out of the whole source tree. Please report if you find more of them. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 30 09:46:04 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Clamd Sessions...
On Sat, 28 Jan 2006 12:34:34 -0500 Joseph Benden [EMAIL PROTECTED] wrote: Hello, Inside of Clamd, once a session is established, the timeout is set to 5. May I ask why? The static timeout was probably a remnant of some old development code. Removed in CVS. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Mar 26 22:36:35 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] output.c logg() patch
On Sat, 25 Mar 2006 22:34:42 +1100 Alch [EMAIL PROTECTED] wrote: Hi, I have noticed an error in shared/output.c logg() function (latest cvs code). Basically in a call to mprintf(vbuff, str), vbuff can be a Thanks for pointing that out. The call to mprintf() was both insecure and incorrect (there was no need for passing str with vbuff already after a call to vsnprintf()). Fixed in CVS (the problem was introduced by some recent patch and stable versions were not affected). filename and if it contains % characters they're used as format specifiers. Couple of lines above there was a workaround: while((pt = strchr(vbuff, '%'))) *pt = '_'; Instead of using it I wrote a very simple % sign escaping function and used it in the patch. As David pointed out, the proper way is to use (%s, arg). There were some reasons for overwriting %'s in the past but in the current code the correct approach should be used in syslog() calls (just changed that). Regards, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat Mar 25 20:36:01 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Re: bug in in function mdprintf() fromfileshared/output.c
On Thu, 2 Mar 2006 15:19:29 +0300 Anton Yuzhaninov [EMAIL PROTECTED] wrote: I suggest this code if we have to use vsnprintf() Bug fixed in CVS. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 22 18:59:33 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] possible typo in htmlnorm.c
On Mon, 20 Mar 2006 04:53:47 +0100 Gianluigi Tiesi [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 } else if (*ptr == '\'') { if (!escape (quoted==SINGLE_QUOTED)) { state = HTML_RFC2397_FINISH; ptr++; } else { html_output_c(file_tmp_o1, NULL, *ptr); ptr++; } } else if (*ptr == '\') { if (!escape (quoted=DOUBLE_QUOTED)) { state = HTML_RFC2397_FINISH; ptr++; } else { html_output_c(file_tmp_o1, NULL, *ptr); ptr++; } quoted=DOUBLE_QUOTED --- it shouldn't be == ? Also another typo in freshclamav manager: mprintf(Downloading %s [%i%]\r, dbfile, percentage); should be mprintf(Downloading %s [%i%%]\r, dbfile, percentage); but better mprintf(Downloading %s [%3i%%]\r, dbfile, percentage); Fixed in CVS. Thank you, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 22 19:13:49 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Patch for the configuration file parser
On Sat, 18 Mar 2006 19:30:48 +0100 Fabio Rossi [EMAIL PROTECTED] wrote: Hi, I have read clamd.conf(5) and I have discovered that arguments can't contain blank characters. On my laptop I share the database directory between windows and Linux. The path of this directory has some spaces. I have written a little patch to shared/cfgparser.c to support spaces in the configuration options. There's no need for such a patch, just change OPT_STR to OPT_FULLSTR for DatabaseDirectory in shared/cfgparser.c. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 22 19:21:41 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Patch for the configuration file parser
On Wed, 22 Mar 2006 20:27:12 +0100 Fabio Rossi [EMAIL PROTECTED] wrote: On Wednesday 22 March 2006 19:23, Tomasz Kojm wrote: On Sat, 18 Mar 2006 19:30:48 +0100 There's no need for such a patch, just change OPT_STR to OPT_FULLSTR for DatabaseDirectory in shared/cfgparser.c. Why this setting is not the default (at least for DatabaseDirectory)? I've already changed that in CVS. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 22 20:31:23 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Re: [Patch] Progress Indicator for DB Updates
On Thu, 2 Feb 2006 18:20:19 + Robert Hogan [EMAIL PROTECTED] wrote: On Wednesday 01 February 2006 23:09, Robert Hogan wrote: This feature-request in the form of a very basic patch replaces the rotor with a percentage indicator if the content-length of the db is greater than 0. Would such a feature be acceptable? It would be really handy for front-ends, and might even appeal to other users. thanks, robert looks like the list is still scrubbing attachments that aren't content-type'd text/plain. either that or Mailman knows a dodgy patch when he sees it... Nice thing, patch applied in CVS. Thank you! -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Mar 8 14:28:19 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] patch for various compiler warnings
On Tue, 28 Feb 2006 00:28:29 + Stephen Gran [EMAIL PROTECTED] wrote: Hello all, This patch fixes all compiler warnings on the two architectures I have access to rapidly (amd64 and i386). Note the clamav-milter one doesn't seem like a real problem, but I thought I would try to get them all while I was at it. This patch is against the latest stable, but also applies against the -devel-latest tarball checked out tonight (although there is a fuzz of 4 for the milter part). I am attaching it inline, since my memory is that the list munges attachments. Hi Stephen, changes for zziplib applied in CVS. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 7 11:13:21 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Freshclam User-Agent header
On Mon, 30 Jan 2006 22:01:15 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: On Fri, 27 Jan 2006, Tomasz Kojm wrote: ; On Fri, 27 Jan 2006 14:08:51 + (GMT) ; Andy Fiddaman [EMAIL PROTECTED] wrote: ; ; Does anyone know if this patch has been considered? I haven't heard ; anything since I submitted it. ; ; There must be some telepathy going on here, because I'm implementing ; it right now. The bit of the patch where I stripped newlines from the HTTPUserAgent string didn't make it in. That means that there is an extra newline in the HTTP request headers and that terminates the headers early. The issue has been fixed in the config parser itself. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 7 19:58:53 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Freshclam User-Agent header (fwd)
On Fri, 27 Jan 2006 15:11:19 +0100 Tomasz Kojm [EMAIL PROTECTED] wrote: On Fri, 27 Jan 2006 14:08:51 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: Does anyone know if this patch has been considered? I haven't heard anything since I submitted it. There must be some telepathy going on here, because I'm implementing it right now. Done. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jan 27 16:04:32 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Freshclam User-Agent header (fwd)
On Fri, 27 Jan 2006 19:38:15 + (GMT) Andy Fiddaman [EMAIL PROTECTED] wrote: Somehow I managed to send only part of the patch in. The changes to remote_cvdhead() also need making to get_database(), both do a web request using a User-Agent header. Indeed, updated in CVS. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jan 27 22:37:27 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] broken zip test files
On Thu, 26 Jan 2006 13:35:06 +0200 Amir Goldor [EMAIL PROTECTED] wrote: Hi, from clamav 0.88 release notes: - libclamav/zziplib: improve handling of incorrectly created/handcrafted zip archives. Test file provided by Christoph Cordes (tk) - libclamav/zziplib: improve handling of multi-part/broken zip archives (tk) Test files provided by Tomasz Papszun is there any way I can get my hands on those test files? The mentioned files are real malware and because of our policy we cannot provide them to you. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jan 26 12:37:46 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Regression in ClamAV 0.88?
On Wed, 11 Jan 2006 22:04:08 -0500 David F. Skoll [EMAIL PROTECTED] wrote: Hi, The file http://www.roaringpenguin.com/msg-1212-47.zip is an EICAR test virus in a deflate64-compressed zip file. I know that the built-in zip decompressor doesn't handle this format, but the standard InfoZip UNIX zip command does. So: With ClamAV 0.87.1, the command: clamscan --unzip msg-1212-47.zip finds the EICAR, but with 0.88 it does not. I believe I found the problem; below is a patch than makes 0.88 work. If Clam developers could check it out to make sure there are no bad side effects, I'd appreciate it. Hi David, the patch is not correct because of the too early return() call. Due to the bug's nature it should not cause any significant problems, though. D. Gueluy's approach seems more correct, btw. Regards, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Jan 15 20:11:33 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Regression in ClamAV 0.88?
On Sun, 15 Jan 2006 13:15:44 + Stephen Gran [EMAIL PROTECTED] wrote: On Sun, Jan 15, 2006 at 02:49:08AM -0600, Damian Menscher said: [...] Is a new release (0.88.1) forthcoming to correct this regression? The lead developers have been silent There my guess is as good as yours. The problem is of lower priority and we don't plan a special release addressing it. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Jan 15 20:52:47 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] 0.88
On Tue, 10 Jan 2006 13:44:50 +0100 Krištof Petr [EMAIL PROTECTED] wrote: Hello all, the last stable version 0.88 comes without changes done on long time in CVS and tagged MAIN. It is strange. I think the clamav-milter rev.3 and clamd rev.4 should be included in stable version. The CVS version and 0.88 are two different things. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jan 10 13:48:06 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] patch: start-from option
On Sun, 8 Jan 2006 13:04:36 + Robert Hogan [EMAIL PROTECTED] wrote: This patch allows the user to skip over a specified number of files before scanning begins. This would allow front-ends to 'pause' and 'resume' scans. Does POSIX specify that for two different handles readdir() must report the directory entries in the same order? I suspect that some special filesystems (based on sophisticated data structures) may give different results for different directory streams if they're using some data/disk access optimisations. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Jan 8 14:40:03 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] patch: fix some warnings
On Fri, 9 Dec 2005 03:01:18 +0100 Stefan Huehner [EMAIL PROTECTED] wrote: Hi, attached patch fixes some compiler warning, by: Applied in CVS. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat Dec 10 19:48:38 CET 2005 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] libclamav alignment problem
On Sat, 13 Aug 2005 13:36:57 -0400 Stephen Gran [EMAIL PROTECTED] wrote: Background: The zip routines generate a SIGBUS on sparc64 due to alignment problems. The patch below fixes it, although not portably enough. Can you all review the discussion at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322396 and let me know how you would like to fix it? I have implemented the fix in CVS. Thanks, -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Nov 21 22:39:30 CET 2005 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] clamscan: --exclude dirs/files before descending/scanning them
On Thu, 15 Sep 2005 14:32:25 -0700 Eric Berggren [EMAIL PROTECTED] wrote: The current implementation of --exclude (and --exclude-dir) performs the pruning AFTER descending/scanning those files. That's not true for --exclude-dir. The problem for us is that one of the areas we scan is via NFS on a NetApp filer, and upon finding the built-in .snapshot directory (which holds daily read-only snapshots of this hiearchy), spends the next week traversing 30+ copies of the same files. --exclude (and --exclude-dir) doesn't help us as implemented. Attached is a patch we've been using since 0.75 (this one against 0.86.2) that uses --exclude to prevent traversing into treewalk() if the regexp is on the list. Thus if we specify --exclude=.snapshot, that directory (regardless where) is completely skipped, as well as our quarantine area. That's exactly what --exclude-dir does. (BTW: there was a bug in --exclude-dir when it was used multiple times, now fixed in CVS) Don't understand why --exclude-dir is needed at all The two options --exclude and --exclude-dir were seperated for safety reasons. As you can see in the changelog, the first change was to use --exclude both for files and directories. Unfortunately, using --exclude in the both cases is not always safe because a too generic regular expression for excluding some files could also block many directories. Tue Mar 1 02:29:54 CET 2005 (tk) - * clamscan: use --include-dir/exclude-dir for directories instead of --include/exclude Tue Mar 1 02:16:15 CET 2005 (tk) - * clamscan: respect --exclude/include when entering directories (requested by Dean Plant dean.plant*roke.co.uk) -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Nov 15 21:14:49 CET 2005 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] prob:rar and cab module failure
On Sun, 30 Oct 2005 12:47:05 +0530 ankit [EMAIL PROTECTED] wrote: Hello to all I ported the libclamav to run on windows and uses Visual Studio vc++ up to Version .83 it was working that is shows virus for clam.rar But when i changed it to .84 0.84? -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Oct 30 11:53:37 CET 2005 pgpUXbpEeJZ1n.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Re: prob:rar and cab module failure
On Sun, 30 Oct 2005 18:26:23 +0530 ankit [EMAIL PROTECTED] wrote: Please don't top-post. .84? yes i upgrade it to .84 by comparing with source code available on clamav.net Why to 0.84? -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Oct 30 13:50:58 CET 2005 pgprk2BlndjGH.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] Disable false positiv check
On Mon, 15 Aug 2005 13:42:42 +0200 [EMAIL PROTECTED] wrote: Hello, clamav as a false positiv check. Would you accept a patch to disable this feature. No. False positive elimination is a very important process and should never be disabled. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat Aug 20 23:31:45 CEST 2005 pgp9NvWnouveq.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html
Re: [Clamav-devel] RE: Clamd STREAM instability
On Fri, 22 Jul 2005 10:04:34 -0400 Brian A. Reiter [EMAIL PROTECTED] wrote: That pretty much says to me that the code that causes the instability is the call to gethostbyname(3) to get the sin_addr for binding the STREAM socket because the alternate execution path of binding to INADDR_ANY is trouble-free. Please try this fix: Sun Aug 21 01:06:54 CEST 2005 (tk) -- * clamd: use reentrant version of gethostbyname when available -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Aug 21 01:10:25 CEST 2005 pgprpmSF1f1YP.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-devel.html