Re: [clamav-users] ***UNCHECKED*** Re: Malformed database issue

[Jay Hart]

Micah,

It never worked...

The freshclam -v command output (previously posted) is what i got after I 
installed the 1.2.4.5
libs.  The last line: LibClamAV debug: in cli_tgzload()

just sat there for 10-15 mins until I killed the process.

I had manually downloaded main.cvd and daily.cvd prior to testing freshclam, 
but not bytecode.cvd.

I posted the full boot.log on the reboot at the bottom of this reply.  Its 
long.  Bottom line,
malformed database...  I have error logging turned on in clamav.

Should I delete all files in /var/lib/clamav PRIOR to a reboot and try again.

Jay

> Wait... so it worked ok after upgrading to 1.2.4.5 before you rebooted but 
> then afterwards you're
> having the same error or a different error?   I'm a little confused, sorry.
>
> Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 17, 2018, at 8:21 PM, Jay Hart 
> mailto:jh...@kevla.org>> wrote:
>
> Micah,
>
> I installed zlib 1.2.4.5 (should I use an older version), replaced 
> libz.so.1.2.3 with
> libz.so.1.2.4.5 (and renamed it) and copied libz.a to /lib.
>
> Running freshclam without rebooting box got this:
> root@centos zlib-1.2.4.5]# freshclam -v
> Current working dir is /var/lib/clamav
> Max retries == 3
> ClamAV update process started at Tue Jul 17 19:47:02 2018
> Using IPv6 aware code
> Querying current.cvd.clamav.net
> TTL: 279
> Software version from DNS: 0.100.1
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.100.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd 
> version from DNS: 58
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
> sigmgr) daily.cvd
> version from DNS: 24760
> daily.cld is up to date (version: 24760, sigs: 2015700, f-level: 63, builder: 
> neo) Retrieving
> http://db.us.clamav.net/bytecode.cvd
> Ignoring mirror 104.16.186.138 (due to previous errors)
> Ignoring mirror 104.16.187.138 (due to previous errors)
> Ignoring mirror 104.16.188.138 (due to previous errors)
> Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors) Ignoring 
> mirror
> 2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download
> http://db.us.clamav.net/bytecode.cvd (IP: 104.16.189.138) Downloading 
> bytecode.cvd [100%]
> LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = c85d81eb538b70e60ca59c5100526a26
> LibClamAV debug: cli_versig: Decoded signature: 
> c85d81eb538b70e60ca59c5100526a26 LibClamAV debug:
> cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
>
After box was rebooted, this is boot.log:
[root@centos zlib-1.2.4.5]# more /var/log/boot.log
Welcome to CentOS
Starting udev: [  OK  ]
Setting hostname centos.kevla.org: [  OK  ]
Setting up Logical Volume Management:  [  OK  ]
Checking filesystems
/dev/sda1: clean, 22544/1281120 files, 416774/512 blocks
/dev/sda7: clean, 78/1921360 files, 183619/768 blocks
/dev/sdb1: clean, 73008/3203072 files, 2314462/1280 blocks
/dev/sdb2: clean, 55/3203072 files, 371865/1280 blocks
/dev/sda3: clean, 54/640848 files, 119449/256 blocks
/dev/sda2: clean, 103791/1602496 files, 794335/640 blocks
/dev/sda5: clean, 6599/640848 files, 356212/256 blocks
   [  OK  ]
Remounting root filesystem in read-write mode: [  OK  ]
Mounting local filesystems:[  OK  ]
Enabling local filesystem quotas:  [  OK  ]
Enabling /etc/fstab swaps: [  OK  ]
Entering non-interactive startup
Calling the system activity data collector (sadc)...
ipset: Loaded with no configuration
iptables: Applying firewall rules: [  OK  ]
Bringing up loopback interface:[  OK  ]
Bringing up interface eth0:  Determining if ip address 192.168.X.X is already 
in use for device
eth0... ** I modified this line to hide [actual] address
   [  OK  ]
Starting auditd:   [  OK  ]
Starting portreserve:  [  OK  ]
Starting system logger:[  OK  ]
Starting irqbalance:   [  OK  ]
Starting rpcbind:  [  OK  ]
Starting NFS statd:[  OK  ]
Starting system message bus:   [  OK  ]

Starting cups: [  OK  ]
Mounting filesystems:  [  OK  ]
Starting acpi daemon:  [  OK  ]
Starting HAL daemon: 

Re: [clamav-users] ***UNCHECKED*** Re: Re: Malformed database issue

[Micah Snyder (micasnyd)]

Wait... so it worked ok after upgrading to 1.2.4.5 before you rebooted but then 
afterwards you're having the same error or a different error?   I'm a little 
confused, sorry.

Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 17, 2018, at 8:21 PM, Jay Hart mailto:jh...@kevla.org>> 
wrote:

Micah,

I installed zlib 1.2.4.5 (should I use an older version), replaced 
libz.so.1.2.3 with
libz.so.1.2.4.5 (and renamed it) and copied libz.a to /lib.

Running freshclam without rebooting box got this:
root@centos zlib-1.2.4.5]# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Tue Jul 17 19:47:02 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 279
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd 
version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
sigmgr) daily.cvd
version from DNS: 24760
daily.cld is up to date (version: 24760, sigs: 2015700, f-level: 63, builder: 
neo) Retrieving
http://db.us.clamav.net/bytecode.cvd
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors) Ignoring 
mirror
2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download
http://db.us.clamav.net/bytecode.cvd (IP: 104.16.189.138) Downloading 
bytecode.cvd [100%]
LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = c85d81eb538b70e60ca59c5100526a26
LibClamAV debug: cli_versig: Decoded signature: 
c85d81eb538b70e60ca59c5100526a26 LibClamAV debug:
cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()

Once box rebooted, Clamav failed to start, the error log is extension, is it 
worth posting?

Jay



Is zlib 1.2.4 really significantly more processor intensive than 1.2.3?  It is 
rather trivial to
install from http://www.zlib.net/fossils/
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Jul 16, 2018, at 11:37 PM, Al Varnell 
mailto:alvarn...@mac.com>> wrote:
Micah said earlier that 1.2.3 cannot be used with ClamAV 100.x and I suspect 
your hardware won't
support using zlib 1.2.4 or above, so you will either need that new box or roll 
ClamAV back to an
earlier version.
-Al-
On Mon, Jul 16, 2018 at 07:19 PM, Jay Hart wrote:
I do have zlib installed:
root@centos include]# yum info zlib
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ewr.edge.kernel.org
* epel: mirror.cs.princeton.edu * extras:
mirror.cs.vt.edu
* updates: mirror.umd.edu
Installed Packages
Name: zlib
Arch: i686
Version : 1.2.3
Release : 29.el6
Size: 136 k
Repo: installed
>From repo   : base
Summary : The zlib compression and decompression library
URL : http://www.gzip.org/zlib/
License : zlib and Boost
Description : Zlib is a general-purpose, patent-free, lossless data compression
  : library which is used by many different programs.
File location:
[root@centos include]# repoquery -l zlib
/lib/libz.so.1
/lib/libz.so.1.2.3
/usr/share/doc/zlib-1.2.3
/usr/share/doc/zlib-1.2.3/ChangeLog
/usr/share/doc/zlib-1.2.3/FAQ
/usr/share/doc/zlib-1.2.3/README
Jay
Two things (each item is a bit long), with two questions/comments at the 
bottom: 1. I don't
think zlib-devel is installed:
[root@centos tmp]# yum info zlib-devel
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
epel/metalink  |  
15 kB 00:00 *
base: ewr.edge.kernel.org
* epel: mirror.cogentco.com
* extras: mirror.cs.vt.edu
* updates: mirror.vcu.edu
base   | 
3.7 kB 00:00
epel   | 
3.2 kB 00:00
extras | 
3.3 kB 00:00
updates| 
3.4 kB 00:00
Available Packages
Name: zlib-devel
Arch: i686
Version : 1.2.3
Release : 29.el6
Size: 44 k
Repo: base
Summary : Header files and libraries for Zlib development
URL : http://www.gzip.org/zlib/
License : zlib and Boost
Description : The zlib-devel package contains the header files and libraries 

[clamav-users] ***UNCHECKED*** Re: Re: Malformed database issue

[Jay Hart]

Micah,

I installed zlib 1.2.4.5 (should I use an older version), replaced 
libz.so.1.2.3 with
libz.so.1.2.4.5 (and renamed it) and copied libz.a to /lib.

Running freshclam without rebooting box got this:
root@centos zlib-1.2.4.5]# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Tue Jul 17 19:47:02 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 279
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd 
version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
sigmgr) daily.cvd
version from DNS: 24760
daily.cld is up to date (version: 24760, sigs: 2015700, f-level: 63, builder: 
neo) Retrieving
http://db.us.clamav.net/bytecode.cvd
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors) Ignoring 
mirror
2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download
http://db.us.clamav.net/bytecode.cvd (IP: 104.16.189.138) Downloading 
bytecode.cvd [100%]
LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = c85d81eb538b70e60ca59c5100526a26
LibClamAV debug: cli_versig: Decoded signature: 
c85d81eb538b70e60ca59c5100526a26 LibClamAV debug:
cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()

Once box rebooted, Clamav failed to start, the error log is extension, is it 
worth posting?

Jay



> Is zlib 1.2.4 really significantly more processor intensive than 1.2.3?  It 
> is rather trivial to
install from http://www.zlib.net/fossils/
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> On Jul 16, 2018, at 11:37 PM, Al Varnell 
> mailto:alvarn...@mac.com>> wrote:
Micah said earlier that 1.2.3 cannot be used with ClamAV 100.x and I suspect 
your hardware won't
support using zlib 1.2.4 or above, so you will either need that new box or roll 
ClamAV back to an
> earlier version.
> -Al-
> On Mon, Jul 16, 2018 at 07:19 PM, Jay Hart wrote:
> I do have zlib installed:
> root@centos include]# yum info zlib
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> * base: ewr.edge.kernel.org
> * epel: mirror.cs.princeton.edu * extras:
mirror.cs.vt.edu
> * updates: mirror.umd.edu
> Installed Packages
> Name: zlib
> Arch: i686
> Version : 1.2.3
> Release : 29.el6
> Size: 136 k
> Repo: installed
> From repo   : base
> Summary : The zlib compression and decompression library
> URL : http://www.gzip.org/zlib/
> License : zlib and Boost
> Description : Zlib is a general-purpose, patent-free, lossless data 
> compression
>: library which is used by many different programs.
> File location:
> [root@centos include]# repoquery -l zlib
> /lib/libz.so.1
> /lib/libz.so.1.2.3
> /usr/share/doc/zlib-1.2.3
> /usr/share/doc/zlib-1.2.3/ChangeLog
> /usr/share/doc/zlib-1.2.3/FAQ
> /usr/share/doc/zlib-1.2.3/README
> Jay
> Two things (each item is a bit long), with two questions/comments at the 
> bottom: 1. I don't
think zlib-devel is installed:
> [root@centos tmp]# yum info zlib-devel
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> epel/metalink  |  
> 15 kB 00:00 *
base: ewr.edge.kernel.org
> * epel: mirror.cogentco.com
> * extras: mirror.cs.vt.edu
> * updates: mirror.vcu.edu
> base   | 
> 3.7 kB 00:00
epel   | 
3.2 kB 00:00
extras | 
3.3 kB 00:00
updates| 
3.4 kB 00:00
Available Packages
> Name: zlib-devel
> Arch: i686
> Version : 1.2.3
> Release : 29.el6
> Size: 44 k
> Repo: base
> Summary : Header files and libraries for Zlib development
> URL : http://www.gzip.org/zlib/
> License : zlib and Boost
> Description : The zlib-devel package contains the header files and libraries 
> needed
>: to develop programs that use the zlib compression and 
> decompression : library.
> [root@centos tmp]# more  /usr/include/zlib.h |grep VERSION
> /usr/include/zlib.h: No such file or directory
> 

Re: [clamav-users] clamav-milter with sendmail on Fedora 28: init failed to open, to error state, initialization failed, temp failing commands

[Robert Kudyba]

An update, I got clamav-milter to run, from the clamav-milter logs:
Tue Jul 17 15:34:15 2018 -> +++ Started at Tue Jul 17 15:34:15 2018
Tue Jul 17 15:34:15 2018 -> Probe for slot 1 returned: success
Tue Jul 17 15:35:50 2018 -> +++ Started at Tue Jul 17 15:35:50 2018
Tue Jul 17 15:35:50 2018 -> Probe for slot 1 returned: success


ps -auwx | grep clam
clamupd+  2252  0.0  0.0  50740  3832 ?Ss   Jul11   0:45
/usr/bin/freshclam -d -c 4
clamscan 18943  0.0  4.6 1406760 1142296 ? Ssl  15:34   0:00
/usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 19249  0.0  0.0 119104  3080 ?Ss   15:00   0:00 /bin/bash
/usr/share/clamav/freshclam-sleep
clamilt  20686  0.0  0.0 107312   524 ?Ssl  15:35   0:00
/usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf

However I still get these errors in sendmail:
Milter: data, reject=451 4.3.2 Please try again later

The sendmail.mc ClamAV line looks like this:
INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav-milter/clamav-milter.socket,F=T,T=S:4m;R:4m;E:10m')dnl

Some relevant results from clamconf:

ClamdSocket = "unix:/var/run/clamd.scan/clamd.sock"
MilterSocket = "/var/run/clamav-milter/clamav-milter.socket"
MilterSocketGroup = "virusgroup"
[...]
LocalSocket = "/var/run/clamd.scan/clamd.sock"
LocalSocketGroup = "clamscan"
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled





On Mon, Jul 16, 2018 at 12:27 PM, Micah Snyder (micasnyd) <
micas...@cisco.com> wrote:

> What are your current user/group ownership and permissions on:
>  /var/run/clamd.scan/clamd.sock ?
>
> Regards,
> Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 16, 2018, at 12:19 PM, Robert Kudyba  wrote:
>
> I set:
> MilterSocketGroup clamscan
> User clamscan
>
> Still getting the permission denied.
>
> Note the process:
> clamscan 30407  1.4  4.6 1406020 1150544 ? Ssl  10:57   1:08
> /usr/sbin/clamd -c /etc/clamd.d/scan.conf
>
> And I added most of the clamav-related users to the closely name groups:
> clamilt:x:123:clamav,clamscan
> clamav:x:124:clamscan,clamilt
> clamupdate:x:125:
> clamscan:x:126:clamilt,clamav
> virusgroup:x:127:clamupdate,clamscan,clamilt
>
>
> On Mon, Jul 16, 2018 at 11:50 AM, Micah Snyder (micasnyd) <
> micas...@cisco.com> wrote:
>
>> Hi Robert,
>>
>> clamav-milter is a separate process that interacts with clamd.  What user
>> are you running clamav-milter under?  It seems as thought clamav-milter
>> doesn't have permission to access the clamd socket file to interact with
>> clamd.
>>
>> Regarding multiple socket options:
>>
>> You are correct in that the ClamdSocket option in the milter config file
>> may be used multiple times in case you have multiple clamd instances set
>> up.  However, each clamd instance will only listen on 1 socket, so you must
>> select either 1 TCP or 1 Unix/Local.
>>
>> Cheers,
>> Micah
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>>
>>
>> On Jul 16, 2018, at 11:06 AM, Robert Kudyba  wrote:
>>
>> Thanks Micah, now getting a different error:
>> Jul 16 10:59:23 storm clamav-milter[32079]: ClamAV: Unable to remove
>> /var/run/clamd.scan/clamd.sock: Permission denied
>> Jul 16 10:59:23 storm clamav-milter[32079]: ERROR: Failed to create
>> socket /var/run/clamd.scan/clamd.sock
>> Jul 16 10:59:23 storm clamav-milter[32079]: ClamAV: Unable to create
>> listening socket on conn /var/run/clamd.scan/clamd.sock
>>
>> ls -l /var/run/clamd.scan/clamd.sock
>> srw-rw-rw- 1 clamscan clamscan 0 Jul 16 10:57
>> /var/run/clamd.scan/clamd.sock
>>
>> In the /etc/mail/clamav-milter.conf I have:
>> MilterSocket /var/run/clamd.scan/clamd.sock
>> ClamdSocket unix:/var/run/clamd.scan/clamd.sock
>>
>> Clamd is running, note as the user clamscan:
>> ps -auwx | grep clam
>> clamupd+  2252  0.0  0.0  50740  3832 ?Ss   Jul11   0:38
>> /usr/bin/freshclam -d -c 4
>> root 17462  0.0  0.0 119104  3264 ?Ss   09:00   0:00
>> /bin/bash /usr/share/clamav/freshclam-sleep
>> clamscan 30407  0.0  4.6 1406020 1141612 ? Ssl  10:57   0:00
>> /usr/sbin/clamd -c /etc/clamd.d/scan.conf
>>
>> The last few lines of /var/log/clamav-milter.log has:
>> Mon Jul 16 10:30:15 2018 -> Failed to establish a connection to clamd
>> Mon Jul 16 10:30:15 2018 -> Probe for slot 1 returned: failed
>> Mon Jul 16 10:30:15 2018 -> Failed to establish a connection to clamd
>> Mon Jul 16 10:30:15 2018 -> Probe for slot 2 returned: failed
>> Mon Jul 16 10:30:15 2018 -> Probe for slot 3 returned: success
>>
>> You wrote: "You should use only 1 ( TCP _or_ Unix/Local ) socket for
>> clamd"
>> But in the clamav-milter.conf it says:
>> # This option can be repeated several times with different sockets or even
>> # with the same socket: clamd servers will be selected in a round-robin
>> # fashion.
>>
>> Anyways, seems to be a permission problem. Is clamav-milter trying to
>> restart clamd based on the logs above??
>>
>> On Fri, Jul 13, 2018 at 9:06 AM, Micah Snyder 

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Sergey]

On Tuesday 17 July 2018, Micah Snyder (micasnyd) wrote:

> If you don't provide the older LLVM 3.6 for ClamAV, it will use
> it's built-interpreter rather than just-in-time-compile the signatures.  

Thanks.

-- 
Regards,
Sergey
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Sierk Bornemann]

> Am 17.07.2018 um 15:47 schrieb Micah Snyder (micasnyd) :
> 
> You're making an assumption that the LLVM 3.7-3.9 patches are ready-to-take.

Debian seems to use it since a while on all its stable and unstable branches...

> Last time I worked with them I had some issues with the patches on systems 
> other than Debian.

OK. And why not ironed out the concerning glichtes or given them a priority to 
iron that out?

> At the time, we were attempting to wrap up a _very_ long development cycle 
> with final bug fixes and regression testing.  We decided it was more 
> important to get the release out.  The LLVM patches were pushed to the next 
> release (aka 0.101).

OK

> For reference, our Bugzilla ticket to apply the LLVM 3.7, 3.8, 3.9 patches is 
> here.  Please bare in mind if you read the ticket that our product versioning 
> changed. Our previous lead didn't recognize a need for security/patch 
> releases.  0.99.3 and 0.99.4 ended up being security patch releases.  In the 
> ticket, "0.99.3" refers to 0.100, and "0.99.4" refers to 0.101:
> https://bugzilla.clamav.net/show_bug.cgi?id=11869

I know. I am already CC’d to this ticket, which also is provided with LLVM 
3.7/3.8/3.9-patches since 2017-07-07 by Sebastian A. Siewior, which 
unfortunately so far didn’t make it into the upstream sources.


Regards,
Sierk Bornemann

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Micah Snyder (micasnyd)]

You're making an assumption that the LLVM 3.7-3.9 patches are ready-to-take.  
Last time I worked with them I had some issues with the patches on systems 
other than Debian.  At the time, we were attempting to wrap up a _very_ long 
development cycle with final bug fixes and regression testing.  We decided it 
was more important to get the release out.  The LLVM patches were pushed to the 
next release (aka 0.101).

For reference, our Bugzilla ticket to apply the LLVM 3.7, 3.8, 3.9 patches is 
here.  Please bare in mind if you read the ticket that our product versioning 
changed. Our previous lead didn't recognize a need for security/patch releases. 
 0.99.3 and 0.99.4 ended up being security patch releases.  In the ticket, 
"0.99.3" refers to 0.100, and "0.99.4" refers to 0.101:
https://bugzilla.clamav.net/show_bug.cgi?id=11869


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 17, 2018, at 9:15 AM, Sierk Bornemann 
mailto:sie...@gmx.de>> wrote:



Am 17.07.2018 um 14:44 schrieb Micah Snyder (micasnyd) 
mailto:micas...@cisco.com>>:

ClamAV has 3 options for handling bytecode signatures:
• Built-in LLVM (based on LLVM 2.8)
• Built-in bytecode interpreter
• System-installed LLVM (support limited to LLVM 3.6 at this time, although 
Debian has had success with a set of patches that enabled support up to 3.9).

Concerning your last item „Debian has had success with a set of patches that 
enabled support up to 3.9", you mean

https://salsa.debian.org/clamav-team/clamav/blob/stretch/debian/patches/Add-support-for-LLVM-3.7.patch
https://salsa.debian.org/clamav-team/clamav/blob/stretch/debian/patches/Add-support-for-LLVM-3.8.patch
https://salsa.debian.org/clamav-team/clamav/blob/stretch/debian/patches/Add-support-for-LLVM-3.9.patch

from https://salsa.debian.org/clamav-team/clamav/tree/stretch/debian/patches?

And why not _at least_ take these successful and ready-to-take patches and 
merge them by the clamav team into the official clamav upstream sources to _at 
least_ officially support LLVM up to version 3.9?


Regards,
Sierk Bornemann

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Sierk Bornemann]

> Am 17.07.2018 um 14:44 schrieb Micah Snyder (micasnyd) :
> 
> ClamAV has 3 options for handling bytecode signatures:
>   • Built-in LLVM (based on LLVM 2.8)
>   • Built-in bytecode interpreter
>   • System-installed LLVM (support limited to LLVM 3.6 at this time, 
> although Debian has had success with a set of patches that enabled support up 
> to 3.9).

Concerning your last item „Debian has had success with a set of patches that 
enabled support up to 3.9", you mean

https://salsa.debian.org/clamav-team/clamav/blob/stretch/debian/patches/Add-support-for-LLVM-3.7.patch
https://salsa.debian.org/clamav-team/clamav/blob/stretch/debian/patches/Add-support-for-LLVM-3.8.patch
https://salsa.debian.org/clamav-team/clamav/blob/stretch/debian/patches/Add-support-for-LLVM-3.9.patch

from https://salsa.debian.org/clamav-team/clamav/tree/stretch/debian/patches?

And why not _at least_ take these successful and ready-to-take patches and 
merge them by the clamav team into the official clamav upstream sources to _at 
least_ officially support LLVM up to version 3.9?


Regards,
Sierk Bornemann
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Micah Snyder (micasnyd)]

ClamAV has 3 options for handling bytecode signatures:

  1.  Built-in LLVM (based on LLVM 2.8)
  2.  Built-in bytecode interpreter
  3.  System-installed LLVM (support limited to LLVM 3.6 at this time, although 
Debian has had success with a set of patches that enabled support up to 3.9).

With 0.99 the built-in LLVM was preferred over the bytecode interpreter.
With 0.100, the built-in LLVM (2.8) feature was deprecated in favor of either 
the interpreter or system-installed LLVM (when available).  It's still there, 
but we are hoping to remove it in a future version.

If you don't provide the older LLVM 3.6 for ClamAV, it will use it's 
built-interpreter rather than just-in-time-compile the signatures.


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 17, 2018, at 6:05 AM, Sergey mailto:a_...@sama.ru>> wrote:

On Tuesday 17 July 2018, Al Varnell wrote:

It's best to use the bytecode interpreter for ClamAV
bytecode signatures, but if for some reason you feel
you must use LLVM-JIT

I thought it was necessary to use llvm to use bytecode
signatures. Was I wrong? Is ClamAV not lost functionality
without LLVM?

--
Regards, Sergey
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ***UNCHECKED*** Re: Malformed database issue

[Micah Snyder (micasnyd)]

Is zlib 1.2.4 really significantly more processor intensive than 1.2.3?  It is 
rather trivial to install from http://www.zlib.net/fossils/


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 16, 2018, at 11:37 PM, Al Varnell 
mailto:alvarn...@mac.com>> wrote:

Micah said earlier that 1.2.3 cannot be used with ClamAV 100.x and I suspect 
your hardware won't support using zlib 1.2.4 or above, so you will either need 
that new box or roll ClamAV back to an earlier version.

-Al-

On Mon, Jul 16, 2018 at 07:19 PM, Jay Hart wrote:
I do have zlib installed:

root@centos include]# yum info zlib
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ewr.edge.kernel.org
* epel: mirror.cs.princeton.edu
* extras: mirror.cs.vt.edu
* updates: mirror.umd.edu
Installed Packages
Name: zlib
Arch: i686
Version : 1.2.3
Release : 29.el6
Size: 136 k
Repo: installed
>From repo   : base
Summary : The zlib compression and decompression library
URL : http://www.gzip.org/zlib/
License : zlib and Boost
Description : Zlib is a general-purpose, patent-free, lossless data compression
   : library which is used by many different programs.

File location:
[root@centos include]# repoquery -l zlib
/lib/libz.so.1
/lib/libz.so.1.2.3
/usr/share/doc/zlib-1.2.3
/usr/share/doc/zlib-1.2.3/ChangeLog
/usr/share/doc/zlib-1.2.3/FAQ
/usr/share/doc/zlib-1.2.3/README

Jay
Two things (each item is a bit long), with two questions/comments at the bottom:

1. I don't think zlib-devel is installed:

[root@centos tmp]# yum info zlib-devel
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
epel/metalink  |  
15 kB 00:00
* base: ewr.edge.kernel.org
* epel: mirror.cogentco.com
* extras: mirror.cs.vt.edu
* updates: mirror.vcu.edu
base   | 
3.7 kB 00:00
epel   | 
3.2 kB 00:00
extras | 
3.3 kB 00:00
updates| 
3.4 kB 00:00
Available Packages
Name: zlib-devel
Arch: i686
Version : 1.2.3
Release : 29.el6
Size: 44 k
Repo: base
Summary : Header files and libraries for Zlib development
URL : http://www.gzip.org/zlib/
License : zlib and Boost
Description : The zlib-devel package contains the header files and libraries 
needed
   : to develop programs that use the zlib compression and decompression
   : library.

[root@centos tmp]# more  /usr/include/zlib.h |grep VERSION
/usr/include/zlib.h: No such file or directory

[root@centos include]# rpm -ql zlib-devel
package zlib-devel is not installed

2. 32-bit CPU data:
[root@centos include]# lscpu |grep "CPU op-mode"
CPU op-mode(s):32-bit
[root@centos include]# lscpu
Architecture:  i686
CPU op-mode(s):32-bit
Byte Order:Little Endian
CPU(s):4
On-line CPU(s) list:   0-3
Thread(s) per core:2
Core(s) per socket:2
Socket(s): 1
Vendor ID: GenuineIntel
CPU family:6
Model: 54
Model name:Intel(R) Atom(TM) CPU D2700   @ 2.13GHz
Stepping:  1
CPU MHz:   2128.240
BogoMIPS:  4256.48
L1d cache: 24K
L1i cache: 32K
L2 cache:  512K

Could the fact zlib-devel is NOT installed be my issue?

Also, it looks like my hardware will not support Centos 7 so I'm guessing need 
to procure a new
box.

I think this answers all the outstanding queries you asked for Micah.  My 
thanks for the support.

Jay


On CentOS you should be able to check with: `yum info zlib-devel`

Alternatively, take a peek in /usr/include/zlib.h for the line starting with:
#define ZLIB_VERSION

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

Re: [clamav-users] Issue installing Clamav

[Maurizio Caloro]

 

Hello

 

properly you have an old version installed on your machine...

so you need go shure that the old version are uninstalled. i had last week the same error.

 

apt-get remove clamav  = This are only remove the clamav - for me wasnt enought

apt-get remove --purge clamav = this remove clamav and delete also the old DB, for me only this version was help.

 

Please check with

 

dpkg -l | grep clamav  = Everything are CleanUp

 

after that i installed Clamav

 

apt-get update

apt-get install clamav-daemon clamav

 

/etc/clamsmtp.conf    >> config

/etc/clamav/clamd.conf  >> config

 

 

restart service

systemctl restart clamav.daemon

 

finsih.

regards

Mauri

 


 

Gesendet: Dienstag, 17. Juli 2018 um 11:12 Uhr
Von: "Munish Gairola" 
An: clamav-users@lists.clamav.net
Betreff: [clamav-users] Issue installing Clamav


Please let me know how to proceed
See the screen print attached

 

Regards, 

Munish

___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Sergey]

On Tuesday 17 July 2018, Al Varnell wrote:

> It's best to use the bytecode interpreter for ClamAV
> bytecode signatures, but if for some reason you feel
> you must use LLVM-JIT  

I thought it was necessary to use llvm to use bytecode
signatures. Was I wrong? Is ClamAV not lost functionality
without LLVM?

-- 
Regards, Sergey
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Al Varnell]

On Tue, Jul 17, 2018 at 02:03 AM, Sergey wrote:
> On Tuesday 17 July 2018, Al Varnell wrote:
> 
>>> Yes. But LLVM < 3.7 deprecated also.
>> 
>> No, deprecated refers to the use of LLVM greater than 3.6 by
>> ClamAV 0.100.0, not LLVM itself.
> 
> Deprecated refers to use deprecated LLVM 3.6 which can be absent
> in modern distro. Therefore deprecating internal LLVM code support
> is not good idea I think.


Correct. It's not a good idea. It's best to use the bytecode interpreter for 
ClamAV bytecode signatures, but if for some reason you feel you must use 
LLVM-JIT then it has to be v3.6 or below and it still may not comprise on all 
platforms.

-Al-
-- 
Al Varnell
Mountain View, CA





___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Sergey]

On Tuesday 17 July 2018, Al Varnell wrote:

> > Yes. But LLVM < 3.7 deprecated also.
> 
> No, deprecated refers to the use of LLVM greater than 3.6 by
> ClamAV 0.100.0, not LLVM itself.

Deprecated refers to use deprecated LLVM 3.6 which can be absent
in modern distro. Therefore deprecating internal LLVM code support
is not good idea I think.

-- 
Regards, Sergey
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Al Varnell]

On Tue, Jul 17, 2018 at 01:34 AM, Sergey wrote:
> On Tuesday 17 July 2018, tschmidt wrote:
> 
 ClamAV 0.100.0 has been released!
>>> 
  *   Deprecating internal LLVM code support. The configure script has 
 changed to search the system for an installed instance of the LLVM 
 development libraries, and to otherwise use the bytecode interpreter for 
 ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for 
 executing bytecode signatures, please ensure that the LLVM development 
 package at version 3.6 or lower is installed. Using the deprecated LLVM 
 code is possible with the command: ./configure --with-system-llvm=no, but 
 it no longer compiles on all platforms.
>>> 
>>> 
>>> Hm. But 3.x updated to 3.8 about 2 years ago.
>> 
>> That's the meaning of the word "deprecating".
> 
> Yes. But LLVM < 3.7 deprecated also.

No, deprecated refers to the use of LLVM greater than 3.6 by ClamAV 0.100.0, 
not LLVM itself.

-Al-
-- 
Al Varnell
Mountain View, CA





___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Sergey]

On Tuesday 17 July 2018, tschmidt wrote:

> >> ClamAV 0.100.0 has been released!
> > 
> >>   *   Deprecating internal LLVM code support. The configure script has 
> >> changed to search the system for an installed instance of the LLVM 
> >> development libraries, and to otherwise use the bytecode interpreter for 
> >> ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for 
> >> executing bytecode signatures, please ensure that the LLVM development 
> >> package at version 3.6 or lower is installed. Using the deprecated LLVM 
> >> code is possible with the command: ./configure --with-system-llvm=no, but 
> >> it no longer compiles on all platforms.
> > 
> > 
> > Hm. But 3.x updated to 3.8 about 2 years ago.
> 
> That's the meaning of the word "deprecating".

Yes. But LLVM < 3.7 deprecated also.

-- 
Regards, Sergey
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: RWX mapping denied

[tschmidt]

Unsatisfying as it may seem, the problem went away as it came, without
any obvious reason.

For the record, we do have SELinux active on those systems, so it is
(was) very likely an SELinux issue.

Thanks,
Tilman

Am 16.07.2018 um 17:07 schrieb Micah Snyder (micasnyd):
> Hi Tilman,
> 
> Sorry no one has responded to you yet.  I hate seeing questions go
> unanswered, but I truthfully don't know the answer.  
> 
> Did you find a solution?
> 
>  
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
> 
>> On Jul 10, 2018, at 4:46 AM, Tilman Schmidt > > wrote:
>>
>> This morning, a bunch of RHEL6 systems greeted me with mails saying:
>>
>> /etc/cron.daily/freshclam:
>>
>> ERROR: During database load : LibClamAV Warning: RWX mapping denied:
>> Can't allocate RWX Memory: Permission denied
>>
>> I found an old Red Hat Bugzilla entry (Bug 1172774) for Fedora 21 which
>> was closed as fixed by an selinux-policy update on 2015-08-14.
>> However the systems in question have been running for two years with
>> that configuration.
>>
>> This is RHEL6 with the ClamAV packages from EPEL:
>>
>> clamav-0.99.4-1.el6.x86_64
>> clamav-db-0.99.4-1.el6.x86_64
>> clamd-0.99.4-1.el6.x86_64
>>
>> Why would freshclam suddenly trigger that message now?
>>
>> Thanks,
>> Tilman
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net 
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> 
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[tschmidt]

Am 17.07.2018 um 09:47 schrieb Sergey:
> On Monday 09 April 2018, Joel Esler (jesler) wrote:
> 
>> ClamAV 0.100.0 has been released!
> 
>>   *   Deprecating internal LLVM code support. The configure script has 
>> changed to search the system for an installed instance of the LLVM 
>> development libraries, and to otherwise use the bytecode interpreter for 
>> ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for 
>> executing bytecode signatures, please ensure that the LLVM development 
>> package at version 3.6 or lower is installed. Using the deprecated LLVM code 
>> is possible with the command: ./configure --with-system-llvm=no, but it no 
>> longer compiles on all platforms.
> 
> 
> Hm. But 3.x updated to 3.8 about 2 years ago.

That's the meaning of the word "deprecating".

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.100.0 has been released!

[Sergey]

On Monday 09 April 2018, Joel Esler (jesler) wrote:

> ClamAV 0.100.0 has been released!

>   *   Deprecating internal LLVM code support. The configure script has 
> changed to search the system for an installed instance of the LLVM 
> development libraries, and to otherwise use the bytecode interpreter for 
> ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for 
> executing bytecode signatures, please ensure that the LLVM development 
> package at version 3.6 or lower is installed. Using the deprecated LLVM code 
> is possible with the command: ./configure --with-system-llvm=no, but it no 
> longer compiles on all platforms.


Hm. But 3.x updated to 3.8 about 2 years ago.

-- 
Regards, Sergey
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml