Re: [clamav-users] Long Term Support (LTS) program proposal

[G.W. Haywood via clamav-users]

Hi there,

On Tue, 3 Aug 2021, Paul Kosinski via clamav-users wrote:


On Tue, 3 Aug 2021 07:53:24 +0200
Damian via clamav-users  wrote:


The current "stable" Debian is 10/Buster. It has ClamAV 0.103.2, patched by Debian to 
"deb10u1" (whatever that implies)


https://security-tracker.debian.org/tracker/source-package/clamav



Interesting, but *much* more work to figure out how it all relates
to 0.103.3 than simply building 0.103.3 from source.


Quite so.


(Has Debian fixed any problems that the ClamAV team hasn't fixed? If
so, that's scary.)


Nothing serious I think, although this is still uncorrected in 103.3:

https://sources.debian.org/patches/clamav/0.103.2+dfsg-0+deb10u1/0007-unit-tests-Fix-ck_assert_msg-call.patch/

Off their own bat they've done things which weren't done upstream like
making provision for using a 'tomsfastmath' which is provided by the
system instead of it being built into ClamAV; and I guess not fixing
the Windows vulnerability (CVE-2021-1386) was deliberate:

https://sources.debian.org/patches/clamav/0.103.2+dfsg-0+deb10u1/
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-users Digest, Vol 200, Issue 19

[G.W. Haywood via clamav-users]

Hi there,

On Wed, 21 Jul 2021, Paul Rogers via clamav-users wrote:


On a 512MB, 1GHz Pentium III?  I did say "legacy", I believe.  Don't
ask why.  If even possible, isn't that masochism?


Well it's probably masochistic to run a 512MB PIII, but at least you
don't have to worry about running ClamAV on it - because you can't.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam - can't apply latest patch 26246

[G.W. Haywood via clamav-users]

Hi there,

On Tue, 3 Aug 2021, clamav.mbou...@spamgourmet.com wrote:


Unfortunately, it seems the ClamAV package from the Ubuntu 18.04 repositories 
still has a 30 second timeout by default.  Having been bitten by this myself 
when first installing ClamAV a few months ago, and discussed on this list, I 
reported it on Ubuntu's bug tracker 
.  But they 
seem reluctant to remove the timeout as an update to a stable release 
(preferring that pretty much everyone installing the package gets a 
non-functional default configuration?) and don't consider it a problem since 
there's an "easy workaround" (well, it's easy once you figure out that their 
default configuration has a stupidly short timeout!)


The package manager has a feature which can display a warning message
after an update is performed.  Perhaps that could say something like

"The Ubuntu maintainers are unwilling to shoulder the responsibility
for fixing this broken package.  You can fix it yourself by commenting
out the ReceiveTimeout line in the freshclam configuration file." :)

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Long Term Support (LTS) program proposal

[Paul Kosinski via clamav-users]

On Tue, 3 Aug 2021 07:53:24 +0200
Damian via clamav-users  wrote:

> > The current "stable" Debian is 10/Buster. It has ClamAV 0.103.2, patched by 
> > Debian to "deb10u1" (whatever that implies)  
> 
> https://security-tracker.debian.org/tracker/source-package/clamav


Interesting, but *much* more work to figure out how it all relates to 0.103.3 
than simply building 0.103.3 from source. (Has Debian fixed any problems that 
the ClamAV team hasn't fixed? If so, that's scary.)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-users Digest, Vol 200, Issue 19

[Paul Rogers via clamav-users]

> >>> I may be new to clam, but I've been building & running my own LFS
> >>> systems since 2004.
> 
> I guess I got the wrong impression.  Perhaps you should try

You wouldn't be the first.  My career though computing hasn't been academic.  
One doesn't need to know C to install & run LFS, a broad programming background 
will do.  I've done from APL to PL/1 in former decades.

> 
> https://curl.se/mail/
> 
> for help configuring curl's logging.

That's an appropriate suggestion, if it's active.  I'll give it a try.

> ClamAV but wouldn't have much difficulty in using it.  What's the use
> case for ClamAV in your system?  From what you've said I'd think that
> the attackable surface would be so small that ClamAV could contribute
> relatively little to its further reduction.

I hope that's true; it is with intent.  Even so, it's not zero and there are 
entries through webpages.  Malware is intentionally hard to spot, so it helps 
to have all the tools.

> Yes, it's Linux From Scratch.  But you do run X, and some kind of a
> window manager?  Can you not install VirtualBox?

On a 512MB, 1GHz Pentium III?  I did say "legacy", I believe.  Don't ask why.  
If even possible, isn't that masochism?

-- 
Paul Rogers
paulgrog...@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam - can't apply latest patch 26246

[clamav . mbourne]

G.W. Haywood via clamav-users wrote:

Hi there,

On Wed, 28 Jul 2021, Lee, Raymond wrote:

On Wed, Jul 28, 2021 at 11:16 AM Asenova, Elia wrote:


... when running freshclam I get the following errors ...
Downloaded 22 patches for daily, which is fewer than the 37 expected 
patches.

We'll settle for this partial-update, at least for now.
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed


I ran into this same problem and just deleted 
/var/lib/clamav/daily.c[lv]d

and ran freshclam again.


If that doesn't help, check that the timeouts in your configuration
file for freshclam aren't very short.  A long time ago the default was
30 seconds I think, but that's too short now - the default now is to
have no timeout at all.  Until the recent updates to main and daily I
had ReceiveTimeout set to 1800 seconds.  Even that was too short here,
so I've now set it to 3600 seconds.


Unfortunately, it seems the ClamAV package from the Ubuntu 18.04 
repositories still has a 30 second timeout by default.  Having been 
bitten by this myself when first installing ClamAV a few months ago, and 
discussed on this list, I reported it on Ubuntu's bug tracker 
.  But 
they seem reluctant to remove the timeout as an update to a stable 
release (preferring that pretty much everyone installing the package 
gets a non-functional default configuration?) and don't consider it a 
problem since there's an "easy workaround" (well, it's easy once you 
figure out that their default configuration has a stupidly short timeout!)


The ClamAV maintainers can't do much about Ubuntu's update policy, of 
course, but it does seem to have lead to a lot of issues discussed here, 
particularly after the recent update to the main database.


--
Mark.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml