[clamav-users] ClamAV® blog: ClamAV 0.104.0 Second Release Candidate is here!

2021-08-19 Thread Joel Esler (jesler) via clamav-users 

https://blog.clamav.net/2021/08/clamav-01040-second-release-candidate.html

ClamAV 0.104.0 Second Release Candidate is here!

Today we are publishing a second release candidate for 0.104.0. Please help us 
verify that 0.104.0-rc2 works on your systems and that we have resolved the 
concerns you reported with the first release candidate. We need your feedback, 
so let us know what you find and join us on the ClamAV mailing 
list, or on our 
Discord.

In particular, we'd love your feedback on the new Debian and RPM packages (see 
below) and on the install documentation on 
docs.clamav.net.

For details about what is new in the 0.104 feature release, please refer to the 
announcement for the first release 
candidate.

What changed since the first release candidate

First and foremost, we are listening to your concerns about the build system 
change from Autotools to CMake, and about changes coming in a future feature 
release when we add the Rust programming language toolchain into our build 
requirements. We can't bring back Autotools, but we hope that the following 
will help.

  1.  We are introducing a Long Term Support (LTS) program that will begin with 
the 0.103 feature release. Users will be required to stay up to date with the 
latest patch versions (e.g., 0.103.3) within the 0.103 feature series, but will 
have the peace-of-mind that the 0.103 feature release will receive critical 
patch versions with a stable ABI up until End-of-Life in September 2023. Stay 
tuned for a separate blog post introducing the full details of our LTS program. 
We will also add a version-support-matrix to our online documentation in tandem 
with the LTS blog post for easy reference.

  2.  We plan to increase our feature release cadence to make it easier to plan 
and to get new features and efficacy improvements into your hands faster. So, 
to make it easier for you to stay up-to-date with the latest stable release, we 
are introducing new package installers for macOS and for RPM-based and 
Debian-based Linux distributions. These new packages will be available for 
download on the clamav.net Downloads page. 
You can find installation instructions for these packages in our online 
documentation.
 Please note that the Linux packages unfortunately do not include clamav-milter 
at this time, and that we are still working on the signing & notarization 
process for the macOS installer, so it may not work for users on the latest 
macOS version.

In addition to the above, we've resolved the following issues identified during 
the first release candidate:

  *   Increased the functionality level (FLEVEL) for the 0.104 release to make 
space for additional 0.103 (LTS) patch versions. See the Version & FLEVEL 
reference.
  *   Improvements installation instructions in INSTALL.md and in the online 
documentation.
  *   Fixed iconv / libiconv detection in the CMake configuration process when 
-Werror=return-type is enabled, such as in the openSUSE packaging environment. 
See PR-233.
  *   Fixed broken CMake build when RAR support is intentionally disabled and 
test-support is enabled. See 
PR-237.
  *   Fixed broken CMake build on systems that do not provide format string 
macros for standard integer types. See 
PR-231.
  *   Improved long file path support on Windows. (Disclaimer: presently 
requires user to opt-in with a registry key change). See 
PR-229.
  *   Fixed a segfault and socket file descriptor leak in ClamOnAcc. See 
PR-227.
  *   Fixed an error reported by ClamD when scanning directories on Windows. 
See PR-230.
  *   Fixed issue with Freshclam support for Universal Naming Convention (UNC) 
paths on Windows. See PR-226.
  *   Added missing environment variable feature documentation to the manpages. 
See PR-254.
  *   Fixed an assortment of issues identified by Coverity static analysis. See 
PR-221.
  *   Tuned the Valgrind suppression rules for the public test suite to resolve 
a false positive that caused intermittent ClamD test failures. See 
PR-238.
  *

Re: [clamav-users] Yara regular expression finds only first match in ClamAV ?

2021-08-19 Thread G.W. Haywood via clamav-users 

Hi there,

On Thu, 19 Aug 2021, Zvi Kave via clamav-users wrote:


I found that yara strings like this: $re = /[0-9]{9}/

find only first 9-digit match in file.

This spoils my logic ...


After tearing out most of what remains of my hair over Yara rules in
ClamAV, my advice is not to try anything fancy until the Yara engine
is completely replaced.  My list of the faults in it keeps on growing,
and AFAICT there's no prospect of any attention being paid to them in
the foreseeable future.  As you have seen there are reports going back
years.  If I had time I'd do it myself, but I don't.  I've reached the
point where I code Yara rules in as simple a way as I possibly can and
every time I add a new rule or modify an existing one I hope not to
find another fault in the engine.  Sometimes I've spent hours trying
to get it to do a single match correctly and finally given up.  It's a
terrible shame, because (here at least) Yara rules by a very long way
find more spam and malicious mail content than anything else:

$ grep FOUND /var/log/mail.debug | wc -l
60072
$ grep FOUND /var/log/mail.debug | grep -v YARA | wc -l
11530
$ grep FOUND /var/log/mail.debug | grep -v '\(YARA\|MANUAL\)' | wc -l
2876
$ grep FOUND /var/log/mail.debug | grep -v '\(YARA\|MANUAL\|UNOFFICIAL\)' | wc 
-l
20
$

This is a single mail server, approximately 19 days of August 2021.
I'd consider it a low-volume site.  For whatever reasons we see very
little malicious mail, rarely more than two or three items of malware
in a typical day, but quite a lot of spam.  I don't know how this
compares with the experience of other people here on the list.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamInotif failing with "No space left on device" on FUSE mount point

2021-08-19 Thread Steve Huang via clamav-users 
We are currently trying to setup ClamAV on a webserver where the vhost
directories are ObjectiveFS mounts, and ClamInotif is quitting on startup
claiming there's no space left on the device.

If I go one directory deeper into the tree, while still remaining in the
FUSE mount, ClamInotif works - are there any gotchas I'm missing here?  Can
provide more details as needed.


[image: Forumone] 

Steve Huang, IT Operations Director

He/Him

703-894-4355

forumone.com

Turn Ideas Into Impact.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Yara regular expression finds only first match in ClamAV ?

2021-08-19 Thread Zvi Kave via clamav-users 

  
  
Hi,


I found that yara strings like this: $re = /[0-9]{9}/
find only first 9-digit match in file.
This spoils my logic in condition: for 3 i in (1..#re) ...
Only this works: for 1 i in (1..#re) ...
I found that this issue was already reported in 2015.
Is there any way to convince ClamAV to match more as usual ?


Regards,


Zvi

  


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml