[Clamav-devel] Do I really have to upgrade to 0.95 ?...
1. Can I keep using code that is older than 0.95 with the future CVD files (those that will be distributed starting from May 2010) if I do not use sigtool and cdiff? 2. Are those the only places in the code where the long signatures in the daily file cause a problem? 3. Is the signature length the only incompatibility issue? 4. Can I choose to ignore the special signature which disables all clamd installations older than 0.95? ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Do I really have to upgrade to 0.95 ?...
On 03/02/2010 02:00 PM, Limor Tal wrote: 1. Can I keep using code that is older than 0.95 with the future CVD files Why? What prevents you from upgrading? What version are you running now? (those that will be distributed starting from May 2010) if I do not use sigtool and cdiff? If you somehow workaround the special signature (your question 4), then the CVD will load. It may, or may not work; it may, or may not crash. There is also bug #1331 (which got fixed in 0.95) affecting libclamav with logical signatures. All signatures can specify a functionality level to say what is the minimum engine version needed to load them. When we release a signature that makes use of these new features, we usually set the minimum functionality level (so old engines will skip the signature). However due to bug #1331, ClamAV 0.95 which tries to load a logical signature with a functionality level specified, it will either read uninitialized memory, or crash. So even if we wanted to add functionality level to the new ldbs, so that older engines (than 0.95) can load it, we can't since adding the functionality level would cause a crash for them. If we don't add the functionality level, libclamav won't crash, but will probably fail to load the signature with a syntax error. 2. Are those the only places in the code where the long signatures in the daily file cause a problem? cdiff is the only problem with long signatures, which affects freshclam. But as I've shown above there are other bugs with 0.95 that may cause problems. 3. Is the signature length the only incompatibility issue? No, see above for an example. 4. Can I choose to ignore the special signature which disables all clamd installations older than 0.95? Nothing prevents you from removing that signature with a script, or modifying the code to skip it. But if you go through all that trouble, you might as well just upgrade. You are: - spending time to implement something to workaround the special signature, possibly more time than what an upgrade would need - running a ClamAV installation that has known bugs (including security bugs) that got fixed in later versions - depending on how old your ClamAV engine is, you could be missing lots of signatures. Look at the number of Known viruses reported by clamscan, and compare it to the one on clamav.net - there is no support for bugs in clamav 0.94.x or older, you should run the latest stable to get all the security fixes [1] Considering all this, you could simply install clamav-0.95.3 using a package from your distro, or compile it from source. Then you would have something that you know that loads all signatures, and works. [1] distributions may backport security fixes to older fixes. They may or may not backport all the fixes that affect signature loading. Best regards, --Edwin ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Do I really have to upgrade to 0.95 ?...
I can understand that on some legacy production systems, it would be easier to work around than upgrade. I have run into FC3 production machines, and just compiling clamav or such wouldn't just work. Limor, can you give us a reason why it's an issue? 2010/3/2 Török Edwin edwinto...@gmail.com On 03/02/2010 02:00 PM, Limor Tal wrote: 1. Can I keep using code that is older than 0.95 with the future CVD files Why? What prevents you from upgrading? What version are you running now? (those that will be distributed starting from May 2010) if I do not use sigtool and cdiff? If you somehow workaround the special signature (your question 4), then the CVD will load. It may, or may not work; it may, or may not crash. There is also bug #1331 (which got fixed in 0.95) affecting libclamav with logical signatures. All signatures can specify a functionality level to say what is the minimum engine version needed to load them. When we release a signature that makes use of these new features, we usually set the minimum functionality level (so old engines will skip the signature). However due to bug #1331, ClamAV 0.95 which tries to load a logical signature with a functionality level specified, it will either read uninitialized memory, or crash. So even if we wanted to add functionality level to the new ldbs, so that older engines (than 0.95) can load it, we can't since adding the functionality level would cause a crash for them. If we don't add the functionality level, libclamav won't crash, but will probably fail to load the signature with a syntax error. 2. Are those the only places in the code where the long signatures in the daily file cause a problem? cdiff is the only problem with long signatures, which affects freshclam. But as I've shown above there are other bugs with 0.95 that may cause problems. 3. Is the signature length the only incompatibility issue? No, see above for an example. 4. Can I choose to ignore the special signature which disables all clamd installations older than 0.95? Nothing prevents you from removing that signature with a script, or modifying the code to skip it. But if you go through all that trouble, you might as well just upgrade. You are: - spending time to implement something to workaround the special signature, possibly more time than what an upgrade would need - running a ClamAV installation that has known bugs (including security bugs) that got fixed in later versions - depending on how old your ClamAV engine is, you could be missing lots of signatures. Look at the number of Known viruses reported by clamscan, and compare it to the one on clamav.net - there is no support for bugs in clamav 0.94.x or older, you should run the latest stable to get all the security fixes [1] Considering all this, you could simply install clamav-0.95.3 using a package from your distro, or compile it from source. Then you would have something that you know that loads all signatures, and works. [1] distributions may backport security fixes to older fixes. They may or may not backport all the fixes that affect signature loading. Best regards, --Edwin ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net -- http://www.volatileminds.net ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
