Re: [clamav-users] False positive
http://www.clamav.net/lang/en/sendvirus/submit-fp/ is the correct URL to use to send in FP reports. The FP report you submitted has been handled and this will be reflected in an upcoming signatures DB release. Thanks, - Alain ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] libclamav could not verify database (SPARCv8 cpu)
UPDATE Hello, I tried to start a directory scan with client used clamav-0.97.7.tar.gz and fresh databases and get the following errors (actually not from stderr but using strace): LibClamAV Warning: Cannot dlopen libclamunrar_iface: file not found - unrar support unavailable LibClamAV Warning: ** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ** LibClamAV Error: cli_loadinfo: Incorrect digital signature LibClamAV Error: cli_loadinfo: Problem parsing database at line 20 LibClamAV Error: Can\'t load daily.info: Malformed database LibClamAV Error: cli_tgzload: Can\'t load daily.info LibClamAV Error: Can\'t load /path/to/daily.cvd: Malformed database I do not know where it gets daily.info, assumed it's somehow packed in daily.cvd and then it failed when tried to verify checksum in cli_versig2() at libclamav/readdb.c. It turns out that daily.cvd just a .tar.gz file with a 512 byte header. How to convert: dd if=daily.cvd ibs=1b skip=1 daily.tgz Line 20 from log above correspond to the last line from daily.info (packed in daily.cvd) which started from DSIG: mark. Note that clamav was compiled for SPARCv8 compatible processor so for me it looks like a byte-order problem. Actually it is not a SPARC, but a VLIW processor binary compatible with x86. At least standart byte-order check in C shows little-endian. So my question: is clamav database byte-order dependent? Apparently nope :). Now I assume it is a gzip or a signature/checksum code problem. Investigation continues. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
I have also hit this compilation issue, also on an old RedHat system. Looking in the sources for the file libclamav/7z/Types.h for 0.97.8 there are some edits that seem to be working around this issue which don't appear in the corresponding Types.h file for 0.98. The diff output is a bit long so here are the relevant bits... at line 13 /* aCaB -- lame workaround for Byte refef */ #include zconf.h at line 46 /* aCaB -- use Byte defined in zconf.h typedef unsigned char Byte; */ making these changes to the Types.h file with 0.98 enables the compile to complete. I have compiled 0.98 on CentOS6.4 without issues so this is probably related to the gcc version or some such. FAS Bob Cobb wrote: Richard, I'm using RH8 because it's the one production server that needs to stay online. Unfortunately I can't take it offline to upgrade to CentOS. Shawn, Tried configure without --with-zlib=/usr/local and I got the same error. B. Date: Fri, 20 Sep 2013 11:24:26 -0400 From: sw...@sourcefire.com To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte' On Fri, Sep 20, 2013 at 10:38 AM, Bob Cobb bobcob...@hotmail.com wrote: After downloading ClamAV 0.98 I tried to compile it, but I got this error, In file included from 7z/LzmaDec.h:7, from lzma_iface.h:26, from upx.c:59: 7z/Types.h:58: redefinition of `Byte' /usr/local/include/zconf.h:368: `Byte' previously declared here make[4]: *** [libclamav_la-upx.lo] Error 1 make[4]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/clamav/clamav-0.98' make: *** [all] Error 2 Here's what I'm using, gcc version 3.2 20020903 (Red Hat Linux 8.0 3.2-7) ./configure --enable-bigstack --enable-readdir_r --with-zlib=/usr/local --with-libcurl --enable-no-cache --enable-milter --enable-dns-fix --enable-clamdtop I tried this work around, which allowed me to compile it, (in clamav-0.98/libclamav/7z/Types.h line 59) replaced this, typedef unsigned char Byte; with this, #define Byte unsigned char I don't know if it's safe to use, so I held off installing it. Also, I didn't have any problems compiling the previous version of ClamAV (0.97.8). Any help would be appreciated. Thanks, B. Hey Bob, Is there a reason why you're specifying --with-zlib? Can you give it a try without that? Thanks, Shawn ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
On Mon, Sep 23, 2013 at 10:33 AM, Francis Stevens
francis.stev...@bristow.co.uk wrote:
I have also hit this compilation issue, also on an old RedHat system.
Looking in the sources for the file libclamav/7z/Types.h for 0.97.8 there
are some edits that seem to be working around this issue which don't appear
in the corresponding Types.h file for 0.98. The diff output is a bit long
so here are the relevant bits...
at line 13
/* aCaB -- lame workaround for Byte refef */
#include zconf.h
at line 46
/* aCaB -- use Byte defined in zconf.h
typedef unsigned char Byte;
*/
making these changes to the Types.h file with 0.98 enables the compile to
complete.
I have compiled 0.98 on CentOS6.4 without issues so this is probably
related to the gcc version or some such.
FAS
This is due to a change I had made in November 2012 to how the zlib linking
checks are done in the configure script. If you have a few extra moments,
can you apply the below-pasted patchfile and re-run configure? If your
compile works with just this patch (and without the changes you made to
zconf.h), we will better know how to proceed from here. The diff is in
unified diff format. If you need me to convert the diff from unified to
traditional, let me know.
Thanks,
Shawn
The patch:
diff --git a/configure b/configure
index 0158088..4109375 100755
--- a/configure
+++ b/configure
@@ -15952,7 +15952,7 @@ $as_echo $as_me: WARNING: ** stability
problems to the ClamAV developers!
if test $ZLIB_HOME != /usr; then
CPPFLAGS=$CPPFLAGS -I$ZLIB_HOME/include
save_LDFLAGS=$LDFLAGS
- LDFLAGS=$LDFLAGS -Wl,-rpath=$ZLIB_HOME/lib
+ LDFLAGS=$LDFLAGS -L$ZLIB_HOME/lib
{ $as_echo $as_me:${as_lineno-$LINENO}: checking for inflateEnd in
-lz 5
$as_echo_n checking for inflateEnd in -lz... 6; }
if ${ac_cv_lib_z_inflateEnd+:} false; then :
@@ -15990,7 +15990,7 @@ fi
{ $as_echo $as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd
5
$as_echo $ac_cv_lib_z_inflateEnd 6; }
if test x$ac_cv_lib_z_inflateEnd = xyes; then :
- LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS -Wl,-rpath=$ZLIB_HOME/lib -lz;
FRESHCLAM_LIBS=$FRESHCLAM_LIBS -Wl,-rpath=$ZLIB_HOME/lib -lz
+ LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS -L$ZLIB_HOME/lib -lz;
FRESHCLAM_LIBS=$FRESHCLAM_LIBS -L$ZLIB_HOME/lib -lz
else
as_fn_error $? Please install zlib and zlib-devel packages $LINENO 5
fi
diff --git a/configure.ac b/configure.ac
index 1287602..b769f5d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -557,8 +557,8 @@ else
if test $ZLIB_HOME != /usr; then
CPPFLAGS=$CPPFLAGS -I$ZLIB_HOME/include
save_LDFLAGS=$LDFLAGS
- LDFLAGS=$LDFLAGS -Wl,-rpath=$ZLIB_HOME/lib
- AC_CHECK_LIB([z], [inflateEnd], [LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS
-Wl,-rpath=$ZLIB_HOME/lib -lz; FRESHCLAM_LIBS=$FRESHCLAM_LIBS
-Wl,-rpath=$ZLIB_HOME/lib -lz], AC_MSG_ERROR([Please install zlib and
zlib-devel packages]))
+ LDFLAGS=$LDFLAGS -L$ZLIB_HOME/lib
+ AC_CHECK_LIB([z], [inflateEnd], [LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS
-L$ZLIB_HOME/lib -lz; FRESHCLAM_LIBS=$FRESHCLAM_LIBS -L$ZLIB_HOME/lib
-lz], AC_MSG_ERROR([Please install zlib and zlib-devel packages]))
AC_CHECK_LIB([z], [gzopen], [], AC_MSG_ERROR([Your zlib is missing
gzopen()]))
LDFLAGS=$save_LDFLAGS
else
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
Shawn Webb wrote:
On Mon, Sep 23, 2013 at 10:33 AM, Francis Stevens
francis.stev...@bristow.co.uk wrote:
I have also hit this compilation issue, also on an old RedHat system.
Looking in the sources for the file libclamav/7z/Types.h for 0.97.8 there
are some edits that seem to be working around this issue which don't appear
in the corresponding Types.h file for 0.98. The diff output is a bit long
so here are the relevant bits...
at line 13
/* aCaB -- lame workaround for Byte refef */
#include zconf.h
at line 46
/* aCaB -- use Byte defined in zconf.h
typedef unsigned char Byte;
*/
making these changes to the Types.h file with 0.98 enables the compile to
complete.
I have compiled 0.98 on CentOS6.4 without issues so this is probably
related to the gcc version or some such.
FAS
This is due to a change I had made in November 2012 to how the zlib linking
checks are done in the configure script. If you have a few extra moments,
can you apply the below-pasted patchfile and re-run configure? If your
compile works with just this patch (and without the changes you made to
zconf.h), we will better know how to proceed from here. The diff is in
unified diff format. If you need me to convert the diff from unified to
traditional, let me know.
Thanks,
Shawn
The patch:
diff --git a/configure b/configure
index 0158088..4109375 100755
--- a/configure
+++ b/configure
@@ -15952,7 +15952,7 @@ $as_echo $as_me: WARNING: ** stability
problems to the ClamAV developers!
if test $ZLIB_HOME != /usr; then
CPPFLAGS=$CPPFLAGS -I$ZLIB_HOME/include
save_LDFLAGS=$LDFLAGS
- LDFLAGS=$LDFLAGS -Wl,-rpath=$ZLIB_HOME/lib
+ LDFLAGS=$LDFLAGS -L$ZLIB_HOME/lib
{ $as_echo $as_me:${as_lineno-$LINENO}: checking for inflateEnd in
-lz 5
$as_echo_n checking for inflateEnd in -lz... 6; }
if ${ac_cv_lib_z_inflateEnd+:} false; then :
@@ -15990,7 +15990,7 @@ fi
{ $as_echo $as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd
5
$as_echo $ac_cv_lib_z_inflateEnd 6; }
if test x$ac_cv_lib_z_inflateEnd = xyes; then :
- LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS -Wl,-rpath=$ZLIB_HOME/lib -lz;
FRESHCLAM_LIBS=$FRESHCLAM_LIBS -Wl,-rpath=$ZLIB_HOME/lib -lz
+ LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS -L$ZLIB_HOME/lib -lz;
FRESHCLAM_LIBS=$FRESHCLAM_LIBS -L$ZLIB_HOME/lib -lz
else
as_fn_error $? Please install zlib and zlib-devel packages $LINENO 5
fi
diff --git a/configure.ac b/configure.ac
index 1287602..b769f5d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -557,8 +557,8 @@ else
if test $ZLIB_HOME != /usr; then
CPPFLAGS=$CPPFLAGS -I$ZLIB_HOME/include
save_LDFLAGS=$LDFLAGS
- LDFLAGS=$LDFLAGS -Wl,-rpath=$ZLIB_HOME/lib
- AC_CHECK_LIB([z], [inflateEnd], [LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS
-Wl,-rpath=$ZLIB_HOME/lib -lz; FRESHCLAM_LIBS=$FRESHCLAM_LIBS
-Wl,-rpath=$ZLIB_HOME/lib -lz], AC_MSG_ERROR([Please install zlib and
zlib-devel packages]))
+ LDFLAGS=$LDFLAGS -L$ZLIB_HOME/lib
+ AC_CHECK_LIB([z], [inflateEnd], [LIBCLAMAV_LIBS=$LIBCLAMAV_LIBS
-L$ZLIB_HOME/lib -lz; FRESHCLAM_LIBS=$FRESHCLAM_LIBS -L$ZLIB_HOME/lib
-lz], AC_MSG_ERROR([Please install zlib and zlib-devel packages]))
AC_CHECK_LIB([z], [gzopen], [], AC_MSG_ERROR([Your zlib is missing
gzopen()]))
LDFLAGS=$save_LDFLAGS
else
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Shawn,
The patch has wrapped in the post, can you post as an attachment or
email to me direct. If you could include the required patch command it
would speed things up - I don't use patch often enough to be that
familiar with it.
FAS
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [clamav-users] filename ignore uppercase
On 17/09/2013 20:05, Alejandro Rodriguez wrote: How I can ignore uppercase in a filename. Right now i´m using foxhole_all.cdb to block .exe files inside .zip archives However if the zip contain archive.EXE (in uppercase) the scan miss. Hi, Sorry for the delay, been away for a few days. I've now updated foxhole_all.cdb to cover the case issue, thanks for pointing it out. If you need any additional dangerous extensions added (in malware you are seeing) let me know off-list. Cheers, Steve Sanesecurity.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
On 09/23/2013 05:45 PM, Shawn Webb wrote: This is due to a change I had made in November 2012 to how the zlib linking checks are done in the configure script. If you have a few extra moments, can you apply the below-pasted patchfile and re-run configure? If your compile works with just this patch (and without the changes you made to zconf.h), we will better know how to proceed from here. The diff is in unified diff format. If you need me to convert the diff from unified to traditional, let me know. Thanks, Shawn The patch: diff --git a/configure b/configure index 0158088..4109375 100755 [..snip..] As it's just a few lines I applied the patch manually because of wrapping. I believe I did it right, but I get the same error: CC libclamav_la-pe.lo CC libclamav_la-pe_icons.lo CC libclamav_la-disasm.lo CC libclamav_la-upx.lo In file included from 7z/LzmaDec.h:7, from lzma_iface.h:26, from upx.c:59: 7z/Types.h:58: error: redefinition of typedef 'Byte' /usr/local/zlib/include/zconf.h:368: error: previous declaration of 'Byte' was here make[4]: *** [libclamav_la-upx.lo] Error 1 make[4]: Leaving directory `/usr/local/src/clamav/clamav-0.98/libclamav' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/usr/local/src/clamav/clamav-0.98/libclamav' make[2]: *** [all] Error 2 make[2]: Leaving directory `/usr/local/src/clamav/clamav-0.98/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/clamav/clamav-0.98' make: *** [all] Error 2 This is on CentOS 5.5. However, I'm using --with-zlib=/usr/local/zlib which contains zlib-1.2.8. When I use --with-zlib=/usr or not use --with-zlib=... at all (configure will then find /usr which contains zlib-1.2.3), then clamav will compile successfully. Other software compiles and works just fine when using zlib from /usr/local/zlib. CentOS 5 zlib = 1.2.3-7 (mine is) CentOS 6 zlib = 1.2.3-29 (according to the CentOS packages website) -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
On Mon, Sep 23, 2013 at 12:18 PM, Francis Stevens francis.stev...@bristow.co.uk wrote: Shawn, The patch has wrapped in the post, can you post as an attachment or email to me direct. If you could include the required patch command it would speed things up - I don't use patch often enough to be that familiar with it. FAS Hey Francis, Attached is the patch. You can apply it by performing the following steps (and replacing the pathnames, of course): 1) cd /path/to/clamav/0.98/source 2) make clean distclean 3) patch -p1 /path/to/downloaded/patchfile 4) ./configure [all your configure args] 5) do your normal stuff If you have any questions or problems, please let me know. Thanks, Shawn ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
On Mon, Sep 23, 2013 at 4:59 PM, Shawn Webb sw...@sourcefire.com wrote: On Mon, Sep 23, 2013 at 12:18 PM, Francis Stevens francis.stev...@bristow.co.uk wrote: Shawn, The patch has wrapped in the post, can you post as an attachment or email to me direct. If you could include the required patch command it would speed things up - I don't use patch often enough to be that familiar with it. FAS Hey Francis, Attached is the patch. You can apply it by performing the following steps (and replacing the pathnames, of course): 1) cd /path/to/clamav/0.98/source 2) make clean distclean 3) patch -p1 /path/to/downloaded/patchfile 4) ./configure [all your configure args] 5) do your normal stuff If you have any questions or problems, please let me know. Thanks, Shawn Maybe this time I'll actually attach the patch. ;) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
On 9/23/13 1:59:42PM, Shawn Webb wrote: Maybe this time I'll actually attach the patch. ;) I believe the list server discourages attachments. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
