Re: [Clamav-users] can´t compile 0.96.3
On 20:59, Török Edwin wrote: On Tue, 21 Sep 2010 08:26:01 +0200 Florian Schaalsys...@ra-schaal.de wrote: when running configure it hangs at checking for CVE-2008-1372... ok checking for CVE-2010-0405... i think, waiting for 10 minutes should be enough, so i interupt configure at this stage. anyone having the same problem? That test should either crash or go on, within1s. I wasn't aware that it can cause an infinite loop too. You can try upgrading your system's libbz2 to 1.0.6 (or your distros backported version), that fixes CVE-2010-0405. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml I have the same problem with not being able to compiling 0.96.3 due to the checking for CVE-2010-0405. The cpu goes up to 100% when I try to compile it on SLES 10sp3 and stays there. So far, today, there is no upgrade for libbz2. I have a test server with SLES 9sp4 where the compilation went fine. Best Regards Gabriele -- Gabriele Kalus, Ph.D. IT-Manager/Intendent Lund University, Physics Department Box 118 SE-22100 Lund, SWEDEN Phone: +46-462229675 Mobil: 0702-901227 Fax:+46-462224709 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] VirusAction Question
On 9/21/10 9:55 PM, Nathan Gibbs wrote: * Nathan Gibbs wrote: I won't say that my implementation is the best way, it certainly isn't pretty, but it works. Now will the REAL C CODERS PLEASE STAND UP! Do it right and show me how its done. Better yet, just do it right the first time, and I won't say a thing. Got your ECR submitted? Has change board seen it, approved it, and slotted it in the priorities chart? Is it at the top of the chart? Got your design documents done, identified your metrics for success? Got your functional tests designed and approved? You've coded it so we assume the above is completed. What are the chances you've done regression testing in all supported environments using all supported compilers? Subjected your code for peer review? Has QA signed off on it? Is your confidence level sufficiently high that you are willing to put your code out for the public's consumption and you are ready to support it if it breaks stuff? If coding were easy anyone could do it, and you've shown it is and anyone can for very simple projects. That's just the beginning. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Success: clamav-096.3
It builds and runs without weirdness on Solaris 9, Sparc, gcc 3.3.2, Solaris 10, Sparc, gcc 3.4.2, Apple OS X Snow Leopard 32-bit, gcc 4.2.1, Snow Leopard Server 64-bit, gcc 4.2.1, and Red Hat Linux 5.4, gcc 4.1.2. I'm happy here. And yes, 3.3.2 is getting pretty old and tired. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam OnOutdated fails to execute
On Tue, 21 Sep 2010 13:12:39 -0400 Nathan Gibbs nat...@cmpublishers.com wrote: It appears that if an OnErrorExecute Event can fire, that an OnOutdatedExecute Event won't fire even if it could. For instance a Clamav Installation with Engine0.96.2 DB Version11991 1. I cycle the freshclam service. 2. It tries to update the DB's and fails. 3. I get the OnErrorExecute Message. 4. I don't get the OnOutdatedExecute Message. Both apply, why do I just get one? However, if 1. I cycle the freshclam service. 2. It tries to update the DB's and succeeds. 3. I'll get the OnUpdateExecute Message and the OnOutdatedExecute Message. As I'd expect to. Is this a bug or a feature? This is by design. When the db update process terminates with an error, freshclam only calls OnErrorExecute. There's no guarantee the TXT record was parsed (some problems could occur before even making the DNS query), therefore to be consistent OnOutdatedExecute never gets called on error conditions. -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 11:53:36 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] can?t compile 0.96.3
Hello, Message: 5 Date: Tue, 21 Sep 2010 10:03:44 +0300 From: T?r?k Edwin edwinto...@gmail.com Subject: Re: [Clamav-users] can?t compile 0.96.3 To: clamav-users@lists.clamav.net Message-ID: 20100921100344.133d4...@deb0 Content-Type: text/plain; charset=US-ASCII On Tue, 21 Sep 2010 08:26:01 +0200 Florian Schaal sys...@ra-schaal.de wrote: when running configure it hangs at checking for CVE-2008-1372... ok checking for CVE-2010-0405... i think, waiting for 10 minutes should be enough, so i interupt configure at this stage. anyone having the same problem? That test should either crash or go on, within 1s. I wasn't aware that it can cause an infinite loop too. You can try upgrading your system's libbz2 to 1.0.6 (or your distros backported version), that fixes CVE-2010-0405. same problem here. checking for CVE-2010-0405... conftest ist running infinite at 100%cpu there is no newer bzip2 then 1.0.5 in my distro but anyway, configure should be able to tell Vulnerability within infiniteness Thanks, Hajo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] cannot establish tcp connection with clamd
Hello, I have resolved the situation ... your note to set debugging helped to see that the last install did work correctly. Some observations: I downloaded from the SourceForge site, the download that came labeled 0.96.3 is the one that gave me the bzip2 message, even though it seemed like it was working. The message about bzip2 made me believe something was wrong with the installation. Further changes in my application made this erroneous assumption seem correct. So, maybe the message about bzip2 should be posted somewhere on the web site. The corrective action I took, to use an earlier download resulted in a successful build, but oddly deployed in a dir labeled 0.96.3. I disabled the clamav user, so this was not a setting I specified, but I like the result -- it is cleaner for me having only installed this once before and sadly finding the /etc/, /sbin and /share all in my usr/local after the initial install (0.96.2). Well, I'm on four installs now so maybe soon I'll be an expert ;-) ..\wendy Wendy Bossons Web Developer MIT Libraries Technology Research Development Building E25-131 77 Massachusetts Ave. Cambridge, MA 02141-4307 Phone 617-253-0770 Fax 617-253-4462 wboss...@mit.edumailto:wboss...@mit.edu http://libraries.mit.edu On Sep 22, 2010, at 2:34 AM, Török Edwin wrote: On Tue, 21 Sep 2010 17:28:55 -0400 Wendy J Bossons wboss...@mit.edumailto:wboss...@mit.edu wrote: Note: after the last reinstallation, I cannot run the scan tests, contrary to what I said below. ;-( ..\Wendy Wendy Bossons Web Developer MIT Libraries Technology Research and Development 77 Masachusetts Avenue Cambridge, MA 02139-4307 617-253-0770 wboss...@mit.edumailto:wboss...@mit.edu On Sep 21, 2010, at 5:20 PM, Wendy J Bossons wrote: Hi, Until yesterday, I was running the clam daemon (0.96.2) and able to establish a tcp socket connection. Then I updated the database and started seeing duplicate start messages Can you paste those messages here? and a warning to update. So I updated to 0.96.3. Now I cannot establish a tcp connection. I can run the scan tests, but no joy from my GUI or command line client. So clamscan works, but clamd + clamdscan doesn't? Or clamscan doesn't work either? Set 'Foreground yes', and 'Debug yes' in clamd.conf, and try starting it again. Also did you run 'ldconfig' after installing the new (or reinstalling the old) version? on my machine from an earlier installation. The 0.96.3 source installation would continue to behave badly, not able to make /lib dirs and even trying to put a Microsoft dir on there. What directory? The source has a win32/ directory, but that is not installed. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] VirusAction Question
* Dennis Peterson wrote: On 9/21/10 9:55 PM, Nathan Gibbs wrote: Now will the REAL C CODERS PLEASE STAND UP! Do it right and show me how its done. Better yet, just do it right the first time, and I won't say a thing. Got your ECR submitted? Has change board seen it, approved it, and slotted it in the priorities chart? Is it at the top of the chart? Got your design documents done, identified your metrics for success? Got your functional tests designed and approved? Very good points, all of them, which is why I have said and continue to say that I don't know what I'm doing. You've coded it so we assume the above is completed. What are the chances you've done regression testing in all supported environments using all supported compilers? As stated, I don't know what I'm doing. Subjected your code for peer review? Done last night. http://www.cmpublishers.com/oss/clamfi.c Has QA signed off on it? That would be amazing, but I highly doubt that the Quality of my butcher work would stand. Is your confidence level sufficiently high that you are willing to put your code out for the public's consumption As stated, Already did. and you are ready to support it if it breaks stuff? 0.94.x thats all I'm going to say there. I understand the why, but will never agree with how it was done. If sourcefire can blow up ClamAV installations all over the world, why should I worry about my code doing the same thing? Breakage is a long way off, due to the skill required to get my code into your clamav source. Some people could do it, but not everybody. If coding were easy anyone could do it, and you've shown it is and anyone can for very simple projects. That's just the beginning. Precisely my point. Should I be doing these mods? NO, Absolutely not! Are they that difficult to implement? Apparently not. They should be implemented by someone with far more experience than myself. Last night when I decided to just for fun see if I could get the milter to do what I wanted. I thought it would end with me erasing my mangled and nonworking source and unpacking a fresh source from the tarball. I thought I would fail miserably. Imagine my surprise when it worked, especially when you consider that I don't understand half of that code. Now imagine my thoughts about a development team backed by a company that won't implement this. Those guys could do this better than me any day of the week. They could code circles around me, but so far they won't. what does that tell you? -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] VirusAction Question
On 9/22/10 6:58 AM, Nathan Gibbs wrote: Those guys could do this better than me any day of the week. They could code circles around me, but so far they won't. what does that tell you? They have higher priorities. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] What ever happened to the Release Candidate for 0.96.3??
All I can ask after messing with 50+ boxes here to get 0.96.3 running is hat ever happened to the RELEASE CANDIDATE for 0.96.3it would have sure helped to see that announcement and get a trial run at it. This is NOT the first time we've had bumpy releases in the last year and we're donating cycles on 4 machines here to run the nightly build cycles for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic Caldera Linus based boxwith this many issues on RHEL4/RHEL5 and Fedora core 13 on our end why are we bothering to do thisit seems like we're running tests, submitting results and no-one is even looking at the output. Just my 2 cents from out here ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: Nathan Gibbs nat...@cmpublishers.com To: ClamAV users ML clamav-users@lists.clamav.net Date: 09/22/2010 09:03 Subject: Re: [Clamav-users] VirusAction Question Sent by: clamav-users-boun...@lists.clamav.net * Dennis Peterson wrote: On 9/21/10 9:55 PM, Nathan Gibbs wrote: Now will the REAL C CODERS PLEASE STAND UP! Do it right and show me how its done. Better yet, just do it right the first time, and I won't say a thing. Got your ECR submitted? Has change board seen it, approved it, and slotted it in the priorities chart? Is it at the top of the chart? Got your design documents done, identified your metrics for success? Got your functional tests designed and approved? Very good points, all of them, which is why I have said and continue to say that I don't know what I'm doing. You've coded it so we assume the above is completed. What are the chances you've done regression testing in all supported environments using all supported compilers? As stated, I don't know what I'm doing. Subjected your code for peer review? Done last night. http://www.cmpublishers.com/oss/clamfi.c Has QA signed off on it? That would be amazing, but I highly doubt that the Quality of my butcher work would stand. Is your confidence level sufficiently high that you are willing to put your code out for the public's consumption As stated, Already did. and you are ready to support it if it breaks stuff? 0.94.x thats all I'm going to say there. I understand the why, but will never agree with how it was done. If sourcefire can blow up ClamAV installations all over the world, why should I worry about my code doing the same thing? Breakage is a long way off, due to the skill required to get my code into your clamav source. Some people could do it, but not everybody. If coding were easy anyone could do it, and you've shown it is and anyone can for very simple projects. That's just the beginning. Precisely my point. Should I be doing these mods? NO, Absolutely not! Are they that difficult to implement? Apparently not. They should be implemented by someone with far more experience than myself. Last night when I decided to just for fun see if I could get the milter to do what I wanted. I thought it would end with me erasing my mangled and nonworking source and unpacking a fresh source from the tarball. I thought I would fail miserably. Imagine my surprise when it worked, especially when you consider that I don't understand half of that code. Now imagine my thoughts about a development team backed by a company that won't implement this. Those guys could do this better than me any day of the week. They could code circles around me, but so far they won't. what does that tell you? -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com [attachment signature.asc deleted by George Kasica/MGIC] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
On Wed, 22 Sep 2010 09:56:18 -0500 George Kasica george_kas...@mgic.com wrote: All I can ask after messing with 50+ boxes here to get 0.96.3 running is hat ever happened to the RELEASE CANDIDATE for 0.96.3it would have sure helped to see that announcement and get a trial run at it. This is NOT the first time we've had bumpy releases in the last year and we're donating cycles on 4 machines here to run the nightly build cycles for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic Caldera Linus based boxwith this many issues on RHEL4/RHEL5 and Fedora core 13 on our end why are we bothering to do thisit seems like we're running tests, submitting results and no-one is even looking at the output. Just my 2 cents from out here Could you elaborate more on the problems you were facing with 0.96.3? -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 16:57:02 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] VirusAction Question
* Nathan Gibbs wrote: In Conclusion I can think of at least three more CLmaAV events that it would be nice to be notified on. However, I feel that it is important to decide how to do one common task before covering new ground. Final opinion about how to do the common task. Use execle to call the script directly, and hand it a common Environment. Do this for all external events. Here is my working test implementation for clamd http://www.cmpublishers.com/oss/others.c -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
On Wed, 22 Sep 2010 09:56:18 -0500 George Kasica george_kas...@mgic.com wrote: All I can ask after messing with 50+ boxes here to get 0.96.3 running is hat ever happened to the RELEASE CANDIDATE for 0.96.3it would have sure helped to see that announcement and get a trial run at it. This is NOT the first time we've had bumpy releases in the last year and we're donating cycles on 4 machines here to run the nightly build cycles for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic Caldera Linus based boxwith this many issues on RHEL4/RHEL5 and Fedora core 13 on our end why are we bothering to do thisit seems like we're running tests, submitting results and no-one is even looking at the output. What kind of issues did you encounter? If it is something that can be automatically detected, we should add it to our testsuite. All the farm reports I see from author == georgek for september are green. We'll probably have to add more tests to detect the issues you encountered. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2, and STILL no fix to bzip2 RPMs for the Fedora Core 13 platform (we had to compile from a tar.gz for the others) except RHEL4/5 that have RPMs out (AFTER 0.96.3 released), the ULIMIT issue that I still don't fully grasp here and am still not clear if its something we need to deal withthings seem to run so for now we haven't gone in and touched it(again, this wasn't an issue in 0.96.2 why is it an issue in 0.96.3 which appears to be a minor release 0.0.1) In our environment we have certain time-frames where we need to apply code once its released depending on what and why it was put out so we don't always have the luxury to let it sit for days...getting code that is not labeled as RC and is supposedly prod quality and ready to go and having these issues is not good...we've spend a good portion of the week on this so far and seem to be finally OK, but it could have been much smoother (again)brings me back to the point of why are we running these 4 test harness boxes for Torok if no-one is looking at what is coming back from them. George ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: Tomasz Kojm tk...@clamav.net To: ClamAV users ML clamav-users@lists.clamav.net Date: 09/22/2010 09:57 Subject: Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3?? Sent by: clamav-users-boun...@lists.clamav.net On Wed, 22 Sep 2010 09:56:18 -0500 George Kasica george_kas...@mgic.com wrote: All I can ask after messing with 50+ boxes here to get 0.96.3 running is hat ever happened to the RELEASE CANDIDATE for 0.96.3it would have sure helped to see that announcement and get a trial run at it. This is NOT the first time we've had bumpy releases in the last year and we're donating cycles on 4 machines here to run the nightly build cycles for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic Caldera Linus based boxwith this many issues on RHEL4/RHEL5 and Fedora core 13 on our end why are we bothering to do thisit seems like we're running tests, submitting results and no-one is even looking at the output. Just my 2 cents from out here Could you elaborate more on the problems you were facing with 0.96.3? -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 16:57:02 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
Edwin: Then you need to look at the tests, something isn't making it...the stuff build but there were errors/warnings at the end of configure about bzip2 and Don't rely on this build, etc. Also ULIMIT complaints. If you're just looking at little green lights on a web page we have a serious problem ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: Török Edwin edwinto...@gmail.com To: ClamAV users ML clamav-users@lists.clamav.net Cc: george_kas...@mgic.com Date: 09/22/2010 10:13 Subject: Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3?? Sent by: clamav-users-boun...@lists.clamav.net On Wed, 22 Sep 2010 09:56:18 -0500 George Kasica george_kas...@mgic.com wrote: All I can ask after messing with 50+ boxes here to get 0.96.3 running is hat ever happened to the RELEASE CANDIDATE for 0.96.3it would have sure helped to see that announcement and get a trial run at it. This is NOT the first time we've had bumpy releases in the last year and we're donating cycles on 4 machines here to run the nightly build cycles for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic Caldera Linus based boxwith this many issues on RHEL4/RHEL5 and Fedora core 13 on our end why are we bothering to do thisit seems like we're running tests, submitting results and no-one is even looking at the output. What kind of issues did you encounter? If it is something that can be automatically detected, we should add it to our testsuite. All the farm reports I see from author == georgek for september are green. We'll probably have to add more tests to detect the issues you encountered. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
On Wed, 22 Sep 2010 10:18:09 -0500 George Kasica george_kas...@mgic.com wrote: Then you need to look at the tests, something isn't making it...the stuff build but there were errors/warnings at the end of configure about bzip2 and These warnings inform you that your bzip2 library has security bugs and can be exploited. Don't rely on this build, etc. It actually says DO NOT REPORT BUGS BASED ON THIS BUILD !!!. We want to avoid reports from users who linked against a buggy libbz2 and their clamd is constantly crashing. Also ULIMIT complaints. This warning can be ignored, it actually only applies to FreeBSD users. It will be disabled for other OSes with the next release. Regards, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 17:32:13 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
On Wed, 22 Sep 2010 10:14:57 -0500 George Kasica george_kas...@mgic.com wrote: Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2, 0.96.3 is a security release, which fixes an integer overflow in the bzip2 library (we use a modified version of this lib in the NSIS unpacker). It also detects whether or not your local libbz2 (which we use to handle .bz2 files) is affected by this problem and prints a warning if needed. and STILL no fix to bzip2 RPMs for the Fedora Core 13 platform Well, we have no control over those RPMs.. (we had to compile from a tar.gz for the others) except RHEL4/5 that have RPMs out (AFTER 0.96.3 released), So you did the right job. Your bzip2 lib can no longer be exploited. the ULIMIT issue that I still don't fully grasp here and am still not clear if its something we need to deal withthings seem to run so for now we haven't gone in and touched it(again, this wasn't an issue in 0.96.2 why is it an issue in 0.96.3 which appears to be a minor release 0.0.1) This issue was recently described on the ml. The warning can be safely ignored on Linux. In our environment we have certain time-frames where we need to apply code once its released depending on what and why it was put out so we don't always have the luxury to let it sit for days...getting code that is not labeled as RC and is supposedly prod quality and ready to go and having these issues is not good...we've spend a good portion of the week on this so far and seem to be finally OK, but it could have been much smoother (again)brings me back to the point of why are we running these 4 test harness boxes for Torok if no-one is looking at what is coming back from them. Thanks for your support. The 0.96.3 was tested on your boxes and confirmed to work fine before we released it. Since the tests are fully automated, we missed the ULIMIT warning issue but as I wrote above, it can just be ignored. Cheers, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 17:38:15 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
I am running clamav on my dev laptop which is Snow Leopard, running FreeBSD. The bzip2 warning if I don't have to worry about it -- that's fine. But if I wanted to fix the issue, I don't think it's obvious how to go about it. I would rather ran the software without the warning -- warnings are there to put up flags to the developer. I am not doing my job if I ignore it, nor if I have to jump through all kinds of hoops otherwise -- it's a time burner. Wendy Bossons Web Developer MIT Libraries Technology Research Development Building E25-131 77 Massachusetts Ave. Cambridge, MA 02141-4307 Phone 617-253-0770 Fax 617-253-4462 wboss...@mit.edumailto:wboss...@mit.edu http://libraries.mit.edu On Sep 22, 2010, at 11:48 AM, Tomasz Kojm wrote: On Wed, 22 Sep 2010 10:14:57 -0500 George Kasica george_kas...@mgic.commailto:george_kas...@mgic.com wrote: Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2, 0.96.3 is a security release, which fixes an integer overflow in the bzip2 library (we use a modified version of this lib in the NSIS unpacker). It also detects whether or not your local libbz2 (which we use to handle .bz2 files) is affected by this problem and prints a warning if needed. and STILL no fix to bzip2 RPMs for the Fedora Core 13 platform Well, we have no control over those RPMs.. (we had to compile from a tar.gz for the others) except RHEL4/5 that have RPMs out (AFTER 0.96.3 released), So you did the right job. Your bzip2 lib can no longer be exploited. the ULIMIT issue that I still don't fully grasp here and am still not clear if its something we need to deal withthings seem to run so for now we haven't gone in and touched it(again, this wasn't an issue in 0.96.2 why is it an issue in 0.96.3 which appears to be a minor release 0.0.1) This issue was recently described on the ml. The warning can be safely ignored on Linux. In our environment we have certain time-frames where we need to apply code once its released depending on what and why it was put out so we don't always have the luxury to let it sit for days...getting code that is not labeled as RC and is supposedly prod quality and ready to go and having these issues is not good...we've spend a good portion of the week on this so far and seem to be finally OK, but it could have been much smoother (again)brings me back to the point of why are we running these 4 test harness boxes for Torok if no-one is looking at what is coming back from them. Thanks for your support. The 0.96.3 was tested on your boxes and confirmed to work fine before we released it. Since the tests are fully automated, we missed the ULIMIT warning issue but as I wrote above, it can just be ignored. Cheers, -- oo. Tomasz Kojm tk...@clamav.netmailto:tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 17:38:15 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
Wendy Download the bzip2 security release and compile. I have to go back to my office to check what compile settings are necessary as the dedault make file is nor good enough. Tom On Sep 22, 2010, at 11:59 AM, Wendy J Bossons wrote: I am running clamav on my dev laptop which is Snow Leopard, running FreeBSD. The bzip2 warning if I don't have to worry about it -- that's fine. But if I wanted to fix the issue, I don't think it's obvious how to go about it. I would rather ran the software without the warning -- warnings are there to put up flags to the developer. I am not doing my job if I ignore it, nor if I have to jump through all kinds of hoops otherwise -- it's a time burner. Wendy Bossons Web Developer MIT Libraries Technology Research Development Building E25-131 77 Massachusetts Ave. Cambridge, MA 02141-4307 Phone 617-253-0770 Fax 617-253-4462 wboss...@mit.edumailto:wboss...@mit.edu http://libraries.mit.edu On Sep 22, 2010, at 11:48 AM, Tomasz Kojm wrote: On Wed, 22 Sep 2010 10:14:57 -0500 George Kasica george_kas...@mgic.commailto:george_kas...@mgic.com wrote: Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2, 0.96.3 is a security release, which fixes an integer overflow in the bzip2 library (we use a modified version of this lib in the NSIS unpacker). It also detects whether or not your local libbz2 (which we use to handle .bz2 files) is affected by this problem and prints a warning if needed. and STILL no fix to bzip2 RPMs for the Fedora Core 13 platform Well, we have no control over those RPMs.. (we had to compile from a tar.gz for the others) except RHEL4/5 that have RPMs out (AFTER 0.96.3 released), So you did the right job. Your bzip2 lib can no longer be exploited. the ULIMIT issue that I still don't fully grasp here and am still not clear if its something we need to deal withthings seem to run so for now we haven't gone in and touched it(again, this wasn't an issue in 0.96.2 why is it an issue in 0.96.3 which appears to be a minor release 0.0.1) This issue was recently described on the ml. The warning can be safely ignored on Linux. In our environment we have certain time-frames where we need to apply code once its released depending on what and why it was put out so we don't always have the luxury to let it sit for days...getting code that is not labeled as RC and is supposedly prod quality and ready to go and having these issues is not good...we've spend a good portion of the week on this so far and seem to be finally OK, but it could have been much smoother (again)brings me back to the point of why are we running these 4 test harness boxes for Torok if no-one is looking at what is coming back from them. Thanks for your support. The 0.96.3 was tested on your boxes and confirmed to work fine before we released it. Since the tests are fully automated, we missed the ULIMIT warning issue but as I wrote above, it can just be ignored. Cheers, -- oo. Tomasz Kojm tk...@clamav.netmailto:tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 17:38:15 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
On Wed, 22 Sep 2010 11:59:48 -0400 Wendy J Bossons wboss...@mit.edu wrote: I am running clamav on my dev laptop which is Snow Leopard, running FreeBSD. The bzip2 warning if I don't have to worry about it -- that's fine. You don't have to worry about the ulimit warning. You do have to worry about the bzip2 warning: if you scan a file that exploits CVE-2010-0405 then your clamd/clamscan will crash if you did not upgrade your system's bzip2 library (look for an update from your OS vendor). This happens of course if you don't upgrade ClamAV as well: then you are vulnerable to both an exploit via a .bz2 file, and an nsis file. The only way to avoid being vulnerable is to upgrade both ClamAV and libbz2. But if I wanted to fix the issue, I don't think it's obvious how to go about it. I would rather ran the software without the warning -- warnings are there to put up flags to the developer. I am not doing my job if I ignore it, nor if I have to jump through all kinds of hoops otherwise -- it's a time burner. We could embed a copy of bzip2, and use that if your system one is too old, or if you explicitly request it. Not sure if that would solve more problems than it would create. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
On Wed, 22 Sep 2010 10:14:57 -0500 George Kasica george_kas...@mgic.com wrote: Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2 There is a problem with security updates and release candidates (or announcements): - we can release only after the vulnerability is disclosed (in case of 3rdparty libraries) - we were watching upstream bzip2 to release, and released soon after that, we didn't have a reliable release date in advance - we could have told you that we are preparing a new version to fix the bzip2 vulnerability, but we couldn't release an RC with the bzip2 fix included (since that would've disclosed the vulnerability prior to upstream having a fix) - even if we were able to provide an RC, it would have told you that your bzip2 is buggy and you need to upgrade. That would have caused even more confusion, since there was no new upstream bzip2 version with the fix. Considering all this, do you think it would be useful to provide advance warning about a new security fix release in the future? Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] VirusAction Question
* Nathan Gibbs wrote: In Conclusion I can think of at least three more CLmaAV events that it would be nice to be notified on. However, I feel that it is important to decide how to do one common task before covering new ground. Final opinion about how to do the common task. Use execle to call the script directly, and hand it a common Environment. Do this for all external events. Here is my working test implementation for freshclam http://www.cmpublishers.com/oss/execute.c -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
On Wed, 22 Sep 2010, TR Shaw wrote: Wendy Download the bzip2 security release and compile. I have to go back to my office to check what compile settings are necessary as the dedault make file is nor good enough. There is, of course, more than one way to get to the same result. But first I'm a little confused by Wendy where she says Snow Leopard (which is Mac OS X 10.6) but then says FreeBSD. My understanding is OS X incorporates some stuff from FreeBSD but is not 100% FreeBSD. In any event, on my Snow Leopard system (running the client version of OS X even though I use it as a server), I downloaded the latest bzip2 tarball and did build it with a simple make; make install. This puts the files in /usr/local/... The Apple provided files are in /usr/... Assuming an Apple Security update is forthcoming, I did not want to touch the Apple proviced versions as that can cause problems with their updates. Where Tom says the default makefile is not good enough, I suspect he means to put the latest bzip2 files in /usr/... rather than the default /usr/local/... To then get ClamAV to use the version in /usr/local/, all that was needed was to run ClamAV's configure with the option --with-libbz2-prefix=/usr/local -- Larry Stone lston...@stonejongleux.com Tom On Sep 22, 2010, at 11:59 AM, Wendy J Bossons wrote: I am running clamav on my dev laptop which is Snow Leopard, running FreeBSD. The bzip2 warning if I don't have to worry about it -- that's fine. But if I wanted to fix the issue, I don't think it's obvious how to go about it. I would rather ran the software without the warning -- warnings are there to put up flags to the developer. I am not doing my job if I ignore it, nor if I have to jump through all kinds of hoops otherwise -- it's a time burner. Wendy Bossons Web Developer MIT Libraries Technology Research Development Building E25-131 77 Massachusetts Ave. Cambridge, MA 02141-4307 Phone 617-253-0770 Fax 617-253-4462 wboss...@mit.edumailto:wboss...@mit.edu http://libraries.mit.edu On Sep 22, 2010, at 11:48 AM, Tomasz Kojm wrote: On Wed, 22 Sep 2010 10:14:57 -0500 George Kasica george_kas...@mgic.commailto:george_kas...@mgic.com wrote: Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2, 0.96.3 is a security release, which fixes an integer overflow in the bzip2 library (we use a modified version of this lib in the NSIS unpacker). It also detects whether or not your local libbz2 (which we use to handle .bz2 files) is affected by this problem and prints a warning if needed. and STILL no fix to bzip2 RPMs for the Fedora Core 13 platform Well, we have no control over those RPMs.. (we had to compile from a tar.gz for the others) except RHEL4/5 that have RPMs out (AFTER 0.96.3 released), So you did the right job. Your bzip2 lib can no longer be exploited. the ULIMIT issue that I still don't fully grasp here and am still not clear if its something we need to deal withthings seem to run so for now we haven't gone in and touched it(again, this wasn't an issue in 0.96.2 why is it an issue in 0.96.3 which appears to be a minor release 0.0.1) This issue was recently described on the ml. The warning can be safely ignored on Linux. In our environment we have certain time-frames where we need to apply code once its released depending on what and why it was put out so we don't always have the luxury to let it sit for days...getting code that is not labeled as RC and is supposedly prod quality and ready to go and having these issues is not good...we've spend a good portion of the week on this so far and seem to be finally OK, but it could have been much smoother (again)brings me back to the point of why are we running these 4 test harness boxes for Torok if no-one is looking at what is coming back from them. Thanks for your support. The 0.96.3 was tested on your boxes and confirmed to work fine before we released it. Since the tests are fully automated, we missed the ULIMIT warning issue but as I wrote above, it can just be ignored. Cheers, -- oo. Tomasz Kojm tk...@clamav.netmailto:tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 17:38:15 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide:
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
Edwin: I've been around the 'net quite some time (1983), please excuse me if I'm expecting too much. I think releasing the clamav item before there were bzip2 libraries out there to compile against for major distros (Fedora Core 13, RHEL4 and RHEL5 are not small install bases) and many if not most run the RPM builds (not tar.gz compiles) in a business setting for control in a large environment was probably not a great idea - though I understand you can't control the distro vendors I do know you can work with them on security issues, its done by other vendors all the time and they can get RPMs out quickly in cases like this. For example the bzip2 RPMs for Red Hat came out about 430pm (you released 0.96.3 at 17:09 CEST about 11am Chicago time USA) leaving alot of folks wondering what to do about bzip2 RPMs on the day you released clamav...if you had waited even 6 hours or so or contacted Red Hat alot of pain would have been avoided(similar story for other vendors I'm sure they all have security areas and contacts and most are pretty eager to assist). And as far as upgrade notes on the web site there's nothing out there at all about upgrading/updating bzip2 components...I just looked it says under 0.96.3 Upgrade Notes Known Issues and Workarounds - None yet. Guys, I'm not trying to pick a fight here, but this isn't the first time a release of clamav has gone a little sideways in the last 12 months or soand I realize that there is a free vs. commercial product provided by Sourcefire. We would be happy to go with the latter but its not available for the platform we're on and we were told if you are willing to help out by running a test build platform on the OS you need it to run on things will go smoother after the last set of issues that occurred, so we have been. Yet, here we are again with the last 2 releases having issues either with JIT copiler/llvm or now this type of thing(bzip libraries, etc). I'll admit our info security folks are picky but we have to live with that here. We're not running a home based server here, this is a production environment that serves near to over 1 million emails a day and clamav is running in the core of that process as well as on near 50 other linux hosts to scan for virus issues on a routine basis as well. What can we on a sytem admin end do to help this process in the future because frankly I'm at a loss, I'm not (and have no desire to be) a programmer hacking code. In any case its a past event and something to keep in mind next time probably. Thanks for the fish, George ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: Török Edwin edwinto...@gmail.com To: ClamAV users ML clamav-users@lists.clamav.net Cc: george_kas...@mgic.com Date: 09/22/2010 11:23 Subject: Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3?? Sent by: clamav-users-boun...@lists.clamav.net On Wed, 22 Sep 2010 10:14:57 -0500 George Kasica george_kas...@mgic.com wrote: Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2 There is a problem with security updates and release candidates (or announcements): - we can release only after the vulnerability is disclosed (in case of 3rdparty libraries) - we were watching upstream bzip2 to release, and released soon after that, we didn't have a reliable release date in advance - we could have told you that we are preparing a new version to fix the bzip2 vulnerability, but we couldn't release an RC with the bzip2 fix included (since that would've disclosed the vulnerability prior to upstream having a fix) - even if we were able to provide an RC, it would have told you that your bzip2 is buggy and you need to upgrade. That would have caused even more confusion, since there was no new upstream bzip2 version with the fix. Considering all this, do you think it would be useful to provide advance warning about a new security fix release in the future? Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
Hi, all-- On Sep 22, 2010, at 9:40 AM, Larry Stone wrote: Download the bzip2 security release and compile. I have to go back to my office to check what compile settings are necessary as the dedault make file is nor good enough. There is, of course, more than one way to get to the same result. But first I'm a little confused by Wendy where she says Snow Leopard (which is Mac OS X 10.6) but then says FreeBSD. My understanding is OS X incorporates some stuff from FreeBSD but is not 100% FreeBSD. Yes; while MacOS X incorporates a bunch of userland stuff from NetBSD and FreeBSD, they are not identical. In any event, on my Snow Leopard system (running the client version of OS X even though I use it as a server), I downloaded the latest bzip2 tarball and did build it with a simple make; make install. This puts the files in /usr/local/... The Apple provided files are in /usr/... Assuming an Apple Security update is forthcoming, I did not want to touch the Apple proviced versions as that can cause problems with their updates. Where Tom says the default makefile is not good enough, I suspect he means to put the latest bzip2 files in /usr/... rather than the default /usr/local/... One issue is that the Makefile doesn't build shared libraries/dylibs OK for MacOS X, and also doesn't build them for the multiple supported architectures. Please consider the following diff to bzip2-1.0.6's Makefiles: --- Makefile~ 2010-09-22 10:00:28.0 -0700 +++ Makefile2010-09-22 10:06:50.0 -0700 @@ -21,7 +21,7 @@ LDFLAGS= BIGFILES=-D_FILE_OFFSET_BITS=64 -CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) +CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) -arch x86_64 -arch i386 -arch ppc # Where you want it installed when you do 'make install' PREFIX=/usr/local --- Makefile-libbz2_so~ 2010-09-22 10:00:35.0 -0700 +++ Makefile-libbz2_so 2010-09-22 10:06:16.0 -0700 @@ -24,7 +24,7 @@ SHELL=/bin/sh CC=gcc BIGFILES=-D_FILE_OFFSET_BITS=64 -CFLAGS=-fpic -fPIC -Wall -Winline -O2 -g $(BIGFILES) +CFLAGS=-fpic -fPIC -Wall -Winline -O2 -g $(BIGFILES) -arch x86_64 -arch i386 -arch ppc OBJS= blocksort.o \ huffman.o\ @@ -35,11 +35,21 @@ bzlib.o all: $(OBJS) - $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS) + $(CC) $(CFLAGS) -shared -Wl,-dylib -o libbz2.so.1.0.6 $(OBJS) $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 rm -f libbz2.so.1.0 ln -s libbz2.so.1.0.6 libbz2.so.1.0 +# Where you want it installed when you do 'make install' +PREFIX=/usr/local + +install: libbz2.so.1.0.6 + if ( test ! -d $(PREFIX)/lib ) ; then mkdir -p $(PREFIX)/lib ; fi + cp -f libbz2.so.1.0.6 $(PREFIX)/lib/libbz2.1.0.6.dylib + chmod a+r $(PREFIX)/lib/libbz2.1.0.6.dylib + ln -s -f $(PREFIX)/lib/libbz2.1.0.6.dylib $(PREFIX)/lib/libbz2.1.0.dylib + ln -s -f $(PREFIX)/lib/libbz2.1.0.6.dylib $(PREFIX)/lib/libbz2.1.dylib + clean: rm -f $(OBJS) bzip2.o libbz2.so.1.0.6 libbz2.so.1.0 bzip2-shared Regards, -- -Chuck ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] VirusAction Question
* Dennis Peterson wrote: On 9/22/10 6:58 AM, Nathan Gibbs wrote: Those guys could do this better than me any day of the week. They could code circles around me, but so far they won't. what does that tell you? They have higher priorities. Obviously, which leaves me with the choice. 1. Whine on the ML and hope I get what I need. Hasn't happened yet, isn't going to. ( the getting what I need part. ) :-) 2. Do brain surgery with a chainsaw, to get what I need. Because the REAL SURGEONS have higher priorities. Here's the complete butchers bill. Clamav-milter http://www.cmpublishers.com/oss/clamfi.c Clamd http://www.cmpublishers.com/oss/others.c Freshclam http://www.cmpublishers.com/oss/execute.c So, what did I gain? 1. A ClamAV installation that doesn't use the shell to handle external events. Which aCaB pointed out is more secure. 2. A common execution environment. Which I have wanted since bug 1754. So, what did I lose? 1. %v functionality Which I'll fire up my chainsaw and fix if the real surgeons don't show up. In summary, I'm not the person to be doing this job, but somebody needs to. -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] VirusAction Question
Just my 2 cents but since this is Open Source software, what you did is the correct thing. You wanted a feature added, the ability to have commandline arguments on virusaction script. Since this is a feature request, it almost always gets low priority if it gets scheduled for implementation at all. (I am taking a short-cut here declaring this a 'feature request' as I have not read the design documents to see if cmd-line arguments were ever intended for this function). As a feature request you have basically three options: 1. Wait for the development team to implement the feature request with the understanding it may be way off in the future. 2. Implement the feature request yourself, which you have done. 3. Have some third party implement the feature for you. This is still an option. Saying that you are 'disgusted' with the development team because they do not see this feature request as a make/break scenario for the project is in MY opinion not an acceptable option. Having worked for a software development company in the past, I have seen that some feature requests never get implemented and that the number of different people requesting a particular feature does have an influence on the implementation schedule. Jim On Sep 22, 2010, at 10:18 AM, Nathan Gibbs wrote: * Dennis Peterson wrote: On 9/22/10 6:58 AM, Nathan Gibbs wrote: Those guys could do this better than me any day of the week. They could code circles around me, but so far they won't. what does that tell you? They have higher priorities. Obviously, which leaves me with the choice. 1. Whine on the ML and hope I get what I need. Hasn't happened yet, isn't going to. ( the getting what I need part. ) :-) 2. Do brain surgery with a chainsaw, to get what I need. Because the REAL SURGEONS have higher priorities. Here's the complete butchers bill. Clamav-milter http://www.cmpublishers.com/oss/clamfi.c Clamd http://www.cmpublishers.com/oss/others.c Freshclam http://www.cmpublishers.com/oss/execute.c So, what did I gain? 1. A ClamAV installation that doesn't use the shell to handle external events. Which aCaB pointed out is more secure. 2. A common execution environment. Which I have wanted since bug 1754. So, what did I lose? 1. %v functionality Which I'll fire up my chainsaw and fix if the real surgeons don't show up. In summary, I'm not the person to be doing this job, but somebody needs to. -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] VirusAction Question
snip So, what did I lose? 1. %v functionality Which I'll fire up my chainsaw and fix if the real surgeons don't show up. In summary, I'm not the person to be doing this job, but somebody needs to. -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml Sorry for top posting, my company's policy is to top post and sometimes I forget this list is a bottom post list Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
George Kasica wrote: In any case its a past event and something to keep in mind next time probably. Hi George, thanks for sharing your thoughts and sorry for any trouble we might have caused. There are just a copuple of things I'd like to add. The bzip bug was circulating among all the involved parties for a month or more. Additionally the original disclosure date was shifted ahead by two weeks. In such a scenario, I'd personally expect that distro packages are all ready but kept on hold until the disclosure date. Now, even if that wasn't the case, I think it's quite unreasonable to suggest that we (3 developers) hunt down each and every distro maintainer to ack their schedules. As I see it the process is the other way around. In fact there is a clamav mailing list explicitly dedicated to package maintainers where we post the to-be-released tarball some (admittedly small) time in advance. Anyone willing to coordinate or ask for a delay can certainly do through this channel. If it wasn't a security release we would certainly have gone with an RC... which certainly would have mitigated most of the issues. Cheers, -aCaB ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
On Wed, 22 Sep 2010 12:08:32 -0500 George Kasica george_kas...@mgic.com wrote: Edwin: I've been around the 'net quite some time (1983), please excuse me if I'm expecting too much. I think releasing the clamav item before there were bzip2 libraries out there to compile against for major distros (Fedora Core 13, RHEL4 and RHEL5 are not small install bases) and many if not most run the RPM builds (not tar.gz compiles) in a business setting for control in a large environment was probably not a great idea - though I understand you can't control the distro vendors I do know you can work with them on security issues, its done by other vendors all the time and they can get RPMs out quickly in cases like this. We released ClamAV 0.96.3 ~8 hours after the new version of bzip2 was published on http://www.bzip.org/ and which disclosed the integer overflow bug at the same time. The aim of this release was to fix the INTERNAL bzip2 library shipped with our package (it's a modified version used by the NSIS unpacker - we can't rely on the system library in this case). We also added a check to INFORM YOU, whether or not your system's own bzip2 library (which ClamAV uses to process .bz2 files) is affected. If you decided to type make after running configure, the final build was still dynamically linked against it and you could upgrade this library later. There was no point in waiting for the distros to provide new packages for bzip2. -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 20:09:50 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] freshclam reports incorrect version
I am running clamav 0.96.3. I checked and I do not have any old executables around. I ran all relevant binaries with -V option and they all report correct version. Yet this is what I have in my log: freshclam: ClamAV update process started at Wed Sep 22 14:26:03 2010 freshclam: Your ClamAV installation is OUTDATED! freshclam: Local version: 0.96.2 Recommended version: 0.96.3 What gives? Thanks Frank -- f...@chem.toronto.edu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] VirusAction Question
* Jim Preston wrote: Just my 2 cents but since this is Open Source software, what you did is the correct thing. You wanted a feature added, the ability to have commandline arguments on virusaction script. Actually aCaB adjusted my opinion on that. I came around to seeing it his way, but still wanted more than he gave me. Since this is a feature request, it almost always gets low priority if it gets scheduled for implementation at all. You aren't kidding there. This whole thing started as bug 1754, although I will admit at the time exactly what I wanted wasn't very clear. As a feature request you have basically three options: 1. Wait for the development team to implement the feature request with the understanding it may be way off in the future. In my case never, see bug 1754. My intent was to let those smarter than me figure out the best way, but what I got was wontfix. Which I thought meant user wants us to move the world with a toothpick, no way! 2. Implement the feature request yourself, which you have done. It was fairly easy, and I don't understand half of what I did. I'm sure someone who knew what they were doing could do a better job in a quarter of the time. So wontfix now means cant be bothered, screw off! 3. Have some third party implement the feature for you. This is still an option. Precisely why I'm pitching a fit here. :-) I don't want to do this, but I'll do it if it gets me the features that I need. I have tried hinting, asking, explaining, all of which got me nothing. Now I'm butchering the code with a chainsaw. Saying that you are 'disgusted' with the development team because they do not see this feature request as a make/break scenario for the project is in MY opinion not an acceptable option. Your right. I'm not disgusted with aCaB at all, he tries. This isn't about make or break. ClamAV is an awesome Anti virus toolkit. Its about how this awesome toolkit calls outside programs. Its something that, if the effort were put into it, the payoff would be great. The required effort didn't turn out to be all that much either. I waited 6 months for one of them to do it, then took half a day to bang it out myself, and it doesn't completely work. One of them could have done it in a couple of hours and it would have worked. Why should I not be disgusted? :-) -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] VirusAction Question
* aCaB wrote: Nathan Gibbs wrote: Here is my working test implementation for the milter http://www.cmpublishers.com/oss/clamfi.c Hi Nathan, awsome spirit! I'd love to say awesome code too but I haven't had a chance to look at it yet. You probably won't say that even after you looked at it. I might hear the scream of horror over here. :-) I'll certainly do that before monday. Great. I've also put my test versions of others.c and execute.c up on my site. The %v processing is currently broken in them. However, I am not sure how to make them work again. -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
Wendy, Download the source from bzip, open the make file and insert CFLAGS=-Os -arch i386 -arch x86_64 $(BIGFILES) or CFLAGS=-Os -arch ppc $(BIGFILES) depending on which processor you need and then sudo make install Tom On Sep 22, 2010, at 11:59 AM, Wendy J Bossons wrote: I am running clamav on my dev laptop which is Snow Leopard, running FreeBSD. The bzip2 warning if I don't have to worry about it -- that's fine. But if I wanted to fix the issue, I don't think it's obvious how to go about it. I would rather ran the software without the warning -- warnings are there to put up flags to the developer. I am not doing my job if I ignore it, nor if I have to jump through all kinds of hoops otherwise -- it's a time burner. Wendy Bossons Web Developer MIT Libraries Technology Research Development Building E25-131 77 Massachusetts Ave. Cambridge, MA 02141-4307 Phone 617-253-0770 Fax 617-253-4462 wboss...@mit.edumailto:wboss...@mit.edu http://libraries.mit.edu On Sep 22, 2010, at 11:48 AM, Tomasz Kojm wrote: On Wed, 22 Sep 2010 10:14:57 -0500 George Kasica george_kas...@mgic.commailto:george_kas...@mgic.com wrote: Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2, 0.96.3 is a security release, which fixes an integer overflow in the bzip2 library (we use a modified version of this lib in the NSIS unpacker). It also detects whether or not your local libbz2 (which we use to handle .bz2 files) is affected by this problem and prints a warning if needed. and STILL no fix to bzip2 RPMs for the Fedora Core 13 platform Well, we have no control over those RPMs.. (we had to compile from a tar.gz for the others) except RHEL4/5 that have RPMs out (AFTER 0.96.3 released), So you did the right job. Your bzip2 lib can no longer be exploited. the ULIMIT issue that I still don't fully grasp here and am still not clear if its something we need to deal withthings seem to run so for now we haven't gone in and touched it(again, this wasn't an issue in 0.96.2 why is it an issue in 0.96.3 which appears to be a minor release 0.0.1) This issue was recently described on the ml. The warning can be safely ignored on Linux. In our environment we have certain time-frames where we need to apply code once its released depending on what and why it was put out so we don't always have the luxury to let it sit for days...getting code that is not labeled as RC and is supposedly prod quality and ready to go and having these issues is not good...we've spend a good portion of the week on this so far and seem to be finally OK, but it could have been much smoother (again)brings me back to the point of why are we running these 4 test harness boxes for Torok if no-one is looking at what is coming back from them. Thanks for your support. The 0.96.3 was tested on your boxes and confirmed to work fine before we released it. Since the tests are fully automated, we missed the ULIMIT warning issue but as I wrote above, it can just be ignored. Cheers, -- oo. Tomasz Kojm tk...@clamav.netmailto:tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 17:38:15 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
