Re: [clamav-users] Daily 23161 broke Clam

2017-03-10 Thread Stanislas LEVEAU 

All is ok now


thanks a lot

Stan


Le 08/03/2017 à 22:19, Al Varnell a écrit :

The problem was fixed by the very next signature update (daily - 23162), seven 
hours after 23161 was released.

-Al-

On Wed, Mar 08, 2017 at 12:35 PM, Stanislas LEVEAU wrote:

Hi,

You known when this build is ok for pcre libraries older than 7.0?

Thanks for your help.

Regards.

Stan


Le 03/03/2017 à 22:00, Alain Zidouemba a écrit :

We are coming to the same conclusions.

The issue seem to isolated to using pcre libraries older than 7.0. I does
not affect users of newer versions of pcre or users of pcre2.

A new build with the fix is in progress now.

Apologies for the impact this has caused.

Alain

On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:


On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:

We're pulling the signature causing the issue now, while we investigate
the cause.

- Alain

Hi Alain,

I think the fix is... Replace ? with ?P  when the PCRE library is old

ie.  ?< to ?P<

On...

Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1


--
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-08 Thread Al Varnell 
The problem was fixed by the very next signature update (daily - 23162), seven 
hours after 23161 was released.

-Al-

On Wed, Mar 08, 2017 at 12:35 PM, Stanislas LEVEAU wrote:
> 
> Hi,
> 
> You known when this build is ok for pcre libraries older than 7.0?
> 
> Thanks for your help.
> 
> Regards.
> 
> Stan
> 
> 
> Le 03/03/2017 à 22:00, Alain Zidouemba a écrit :
>> We are coming to the same conclusions.
>> 
>> The issue seem to isolated to using pcre libraries older than 7.0. I does
>> not affect users of newer versions of pcre or users of pcre2.
>> 
>> A new build with the fix is in progress now.
>> 
>> Apologies for the impact this has caused.
>> 
>> Alain
>> 
>> On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
>> steveb_cla...@sanesecurity.com> wrote:
>> 
>>> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
 We're pulling the signature causing the issue now, while we investigate
 the cause.
 
 - Alain
>>> Hi Alain,
>>> 
>>> I think the fix is... Replace ? with ?P  when the PCRE library is old
>>> 
>>> ie.  ?< to ?P<
>>> 
>>> On...
>>> 
>>> Doc.Macro.GenericHeuristic-5901772-0
>>> Doc.Macro.GenericHeuristic-5931846-1
>>> 
>>> 
>>> --
>>> Cheers,
>>> 
>>> Steve
>>> Twitter: @sanesecurity
>>> 
>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>>> 
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA






smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-08 Thread Stanislas LEVEAU 

Hi,

You known when this build is ok for pcre libraries older than 7.0?

Thanks for your help.

Regards.

Stan


Le 03/03/2017 à 22:00, Alain Zidouemba a écrit :

We are coming to the same conclusions.

The issue seem to isolated to using pcre libraries older than 7.0. I does
not affect users of newer versions of pcre or users of pcre2.

A new build with the fix is in progress now.

Apologies for the impact this has caused.

Alain

On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:


On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:

We're pulling the signature causing the issue now, while we investigate
the cause.

- Alain

Hi Alain,

I think the fix is... Replace ? with ?P  when the PCRE library is old

ie.  ?< to ?P<

On...

Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1


--
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-06 Thread Aaron C. Bolch 
On 3/3/17, 2:14 PM, "clamav-users on behalf of Steven Morgan" 
 
wrote:

Hi Aaron and Leonardo,

What are the versions of libpcre on your systems?

Thanks,
Steve
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



I am running CentOS 5.11, PCRE version 6.6-9.  An OS upgrade is in the future.

--Aaron

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-06 Thread Joel Esler (jesler) 
This is why user base feedback is important. 

Regarding lack of detection, this is something I'm having a hard time agreeing 
with.  We are producing more detection now than we ever have and faster. That's 
a tricky think about detection.  Detection is only as good as the last thing 
missed.  

--
Sent from my iPhone

> On Mar 5, 2017, at 22:29, Noel Jones  wrote:
> 
>> On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote:
>> The question here is, do we strive to make a package that is installable on 
>> more machines, (even ones that are going EOL?), or do we strive to make a 
>> package that is the best for security?
>> 
> 
> It's my understanding that the new features in pcre7 are mostly
> about shortcuts and convenience for the programmer, not about pcre6
> inability to match particular content.
> 
> So this isn't really about security, it's about writing the same
> signatures so they work with older pcre.
> 
> This is about not alienating that portion of your user base that for
> whatever reason is unable to upgrade to a new incompatible
> requirement.  Once you lose such a customer, you're probably lost
> them for a long time -- not just until they upgrade, but maybe forever.
> 
> I see clamav slowly sliding towards irrelevance.  Progressively less
> effective, slower to respond to new threats, and now considering a
> decision to reduce their user base.  This makes me sad.
> 
> My systems all meet the proposed requirements, so this doesn't
> affect me directly.  But I feel this reflects a deeper problem
> within the project -- a lack of consideration for the end user.
> 
> 
> 
>  -- Noel Jones
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam (workaround)

2017-03-05 Thread Adam Gibson 
I didn't see any problems on CentOS 7 or CentOS 6 on my systems using
clamav with the 23161 daily update.  Are you saying you had a problem with
them?  The only problem was with CentOS 5 on my systems.  The workaround
would apply to any distribution though that was affected by the regexp not
working on pcre libraries older than 7.0. If the whitelist.ign2 file is put
in the database directory where daily.cvd was updated, it would work around
the problem for those 2 signatures.

The point of my post is that this can be a quick workaround to get clamd
working again if a regexp problem like this pops up.  I was going in all
different directions myself trying to get clamd working (recompiling,
daily.cvd manipulations, etc) until I stumbled onto the much simpler
whitelist.ign2 feature which I was not aware of until a few days ago.  I
really wanted to stick with pre-built rpm packages on the installs.  I am
just trying to spread the info in case others were not aware of the
whitelist feature in clamav/clamd.

On Sun, Mar 5, 2017 at 8:45 PM, Benny Pedersen  wrote:

> Adam Gibson skrev den 2017-03-05 16:29:
>
> This whitelists those patterns so they do not even get processed to cause
>> the crash in the regexp engine that clamd uses.  Clamd started up fine for
>> me with CentOS 5 after doing that.
>>
>
> did you test that this is same problem in centos 7 ?
>
> come on :=)
>
> you have more problems then just clamav with centos 5
>
> i dont care really, but now i sayed it
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-05 Thread Noel Jones 
On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote:
> The question here is, do we strive to make a package that is installable on 
> more machines, (even ones that are going EOL?), or do we strive to make a 
> package that is the best for security?
> 

It's my understanding that the new features in pcre7 are mostly
about shortcuts and convenience for the programmer, not about pcre6
inability to match particular content.

So this isn't really about security, it's about writing the same
signatures so they work with older pcre.

This is about not alienating that portion of your user base that for
whatever reason is unable to upgrade to a new incompatible
requirement.  Once you lose such a customer, you're probably lost
them for a long time -- not just until they upgrade, but maybe forever.

I see clamav slowly sliding towards irrelevance.  Progressively less
effective, slower to respond to new threats, and now considering a
decision to reduce their user base.  This makes me sad.

My systems all meet the proposed requirements, so this doesn't
affect me directly.  But I feel this reflects a deeper problem
within the project -- a lack of consideration for the end user.



  -- Noel Jones
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam (workaround)

2017-03-05 Thread Benny Pedersen 

Adam Gibson skrev den 2017-03-05 16:29:

This whitelists those patterns so they do not even get processed to 
cause
the crash in the regexp engine that clamd uses.  Clamd started up fine 
for

me with CentOS 5 after doing that.


did you test that this is same problem in centos 7 ?

come on :=)

you have more problems then just clamav with centos 5

i dont care really, but now i sayed it
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-05 Thread Paul Kosinski 
I build Linux ClamAV from source, mainly due to distro maintainers
being (quite) behind the latest official ClamAV. Also, I build ClamAV
into /opt, so I can keep previous versions just in case.


On Sun, 5 Mar 2017 12:51:04 +
"Joel Esler (jesler)"  wrote:

> The question here is, do we strive to make a package that is
> installable on more machines, (even ones that are going EOL?), or do
> we strive to make a package that is the best for security?
> 
> If the package maintainers are doing a good job, ClamAV with a higher
> dependency would install the higher pcre.  The user would be fine.  
> 
> The problem with my grand theory is, package maintainers are
> incredibly slow, largely, and most people would have to install from
> source. 
> 
> We have tens of thousands of new users every month, so it's
> definitely something we'll have to think about. 
> 
> I am still interested in people's feedback, as right now, this thread
> seems to be about 50/50 (in requiring pcre 7)
> 
> --
> Sent from my iPhone
> 
> > On Mar 5, 2017, at 06:39, Ned Slider  wrote:
> > 
> >> On 04/03/17 22:54, Joel Esler (jesler) wrote:
> >> We cannot be tied to distribution support problems.
> >> 
> > 
> > That's fine Joel. You obviously know your own target audience. If
> > it's not me I can look elsewhere for solutions :-)
> > 
> > 
> >>> On Mar 4, 2017, at 17:44, Benny Pedersen  wrote:
> >>> 
> >>> Leonardo Rodrigues skrev den 2017-03-04 23:12:
>  is clamav a redhat product ?!?! I don't think so. That being
>  said, i see absolutely no point at all on saying clamav should
>  do this because redhat does that.
> >>> 
> >>> good point
> >>> 
>  Anyone wishing to be updated with a 10+ years rhel install,
>  should call redhat for that :)
> >>> 
> >>> any rpm builded systems are buggy
> >>> 
>  my 0.02 cents ...
> >>> 
> >>> anymore left ?
> >>> 
> >>> i just wish 0.99.3 have clamav-milter supporting
> >>> OnUnOfficiaLsignature accept|quarantine|reject
> >>> 
> >>> that will save me to have need for 2 clamd and 2 clamav-milters
> >>> 
> >>> just my one bitcoin :)
> >>> 
> >>> clamav-owner please stop breaking dkim
> >>> ___
> >>> clamav-users mailing list
> >>> clamav-users@lists.clamav.net
> >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >>> 
> >>> 
> >>> Help us build a comprehensive ClamAV guide:
> >>> https://github.com/vrtadmin/clamav-faq
> >>> 
> >>> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-05 Thread Reindl Harald 



Am 05.03.2017 um 14:07 schrieb Carlos Velasco:

Another option would be to include a "static" internal version of pcre in 
ClamAV. Although this option I like much less...


this is not a good option because you have easily multiple versions of 
the pcre library in the same process when somethink links to libclamav 
and any other library which itself links to the distributions prce libs

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-05 Thread Carlos Velasco 
El 05/03/2017 a las 13:51, Joel Esler (jesler) escribió:
> The question here is, do we strive to make a package that is installable on 
> more machines, (even ones that are going EOL?), or do we strive to make a 
> package that is the best for security?
> 
> If the package maintainers are doing a good job, ClamAV with a higher 
> dependency would install the higher pcre.  The user would be fine.  
> 
> The problem with my grand theory is, package maintainers are incredibly slow, 
> largely, and most people would have to install from source. 
> 
> We have tens of thousands of new users every month, so it's definitely 
> something we'll have to think about. 
> 
> I am still interested in people's feedback, as right now, this thread seems 
> to be about 50/50 (in requiring pcre 7)

IMHO, There is no reason to choose radically between one option or another.

I think you could, for example, separate the signatures requiring specific 
versions (pcre in this case) in different file/s of signatures, and that only 
load if you have that version or greater (make a test in libclamav before 
loading), otherwise, show warning in log that you are using less signatures 
cause older pcre.

Another option would be to include a "static" internal version of pcre in 
ClamAV. Although this option I like much less...

Regards,
Carlos Velasco
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-05 Thread Leonardo Rodrigues 

Em 04/03/17 22:03, Reindl Harald escreveu:


Am 04.03.2017 um 23:54 schrieb Joel Esler (jesler):

We cannot be tied to distribution support problems.


but when you think as long as every other software works on 
RHEL/CentOS and only ClamAV decides to make hard requirements breaking 
that from one day to another i fear ClamAV (as apckage not directly 
maintained by Redhat alt all) won#t win anything


While I still think that clamav should not be tied to any specific 
distribution support, i definitely agree that simply breaking running 
instances was a TERRIBLE idea. Raising up lib version requirements on a 
next version, allowing signatures to be identified as incompatible and 
disabled as already discussed, would have been the only smart way of 
doing that. The way it was done, and quickly corrected it's important to 
say, wasn't intelligent at all !!




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-05 Thread Joel Esler (jesler) 
The question here is, do we strive to make a package that is installable on 
more machines, (even ones that are going EOL?), or do we strive to make a 
package that is the best for security?

If the package maintainers are doing a good job, ClamAV with a higher 
dependency would install the higher pcre.  The user would be fine.  

The problem with my grand theory is, package maintainers are incredibly slow, 
largely, and most people would have to install from source. 

We have tens of thousands of new users every month, so it's definitely 
something we'll have to think about. 

I am still interested in people's feedback, as right now, this thread seems to 
be about 50/50 (in requiring pcre 7)

--
Sent from my iPhone

> On Mar 5, 2017, at 06:39, Ned Slider  wrote:
> 
>> On 04/03/17 22:54, Joel Esler (jesler) wrote:
>> We cannot be tied to distribution support problems.
>> 
> 
> That's fine Joel. You obviously know your own target audience. If it's not me 
> I can look elsewhere for solutions :-)
> 
> 
>>> On Mar 4, 2017, at 17:44, Benny Pedersen  wrote:
>>> 
>>> Leonardo Rodrigues skrev den 2017-03-04 23:12:
 is clamav a redhat product ?!?! I don't think so. That being said, i
 see absolutely no point at all on saying clamav should do this because
 redhat does that.
>>> 
>>> good point
>>> 
 Anyone wishing to be updated with a 10+ years rhel install, should
 call redhat for that :)
>>> 
>>> any rpm builded systems are buggy
>>> 
 my 0.02 cents ...
>>> 
>>> anymore left ?
>>> 
>>> i just wish 0.99.3 have clamav-milter supporting OnUnOfficiaLsignature 
>>> accept|quarantine|reject
>>> 
>>> that will save me to have need for 2 clamd and 2 clamav-milters
>>> 
>>> just my one bitcoin :)
>>> 
>>> clamav-owner please stop breaking dkim
>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-05 Thread Ned Slider 

On 04/03/17 22:54, Joel Esler (jesler) wrote:

We cannot be tied to distribution support problems.



That's fine Joel. You obviously know your own target audience. If it's 
not me I can look elsewhere for solutions :-)




On Mar 4, 2017, at 17:44, Benny Pedersen  wrote:

Leonardo Rodrigues skrev den 2017-03-04 23:12:

is clamav a redhat product ?!?! I don't think so. That being said, i
see absolutely no point at all on saying clamav should do this because
redhat does that.


good point


Anyone wishing to be updated with a 10+ years rhel install, should
call redhat for that :)


any rpm builded systems are buggy


my 0.02 cents ...


anymore left ?

i just wish 0.99.3 have clamav-milter supporting OnUnOfficiaLsignature 
accept|quarantine|reject

that will save me to have need for 2 clamd and 2 clamav-milters

just my one bitcoin :)

clamav-owner please stop breaking dkim
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-04 Thread Reindl Harald 



Am 04.03.2017 um 23:54 schrieb Joel Esler (jesler):

We cannot be tied to distribution support problems.


but when you think as long as every other software works on RHEL/CentOS 
and only ClamAV decides to make hard requirements breaking that from one 
day to another i fear ClamAV (as apckage not directly maintained by 
Redhat alt all) won#t win anything


the ressource usage (memory footprint), signature update frequency and 
hitquote is way too worse for such games :-)

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-04 Thread Reindl Harald 



Am 04.03.2017 um 23:43 schrieb Benny Pedersen:

Leonardo Rodrigues skrev den 2017-03-04 23:12:

is clamav a redhat product ?!?! I don't think so. That being said, i
see absolutely no point at all on saying clamav should do this because
redhat does that.


good point


Anyone wishing to be updated with a 10+ years rhel install, should
call redhat for that :)


any rpm builded systems are buggy


a typical Benny post - please take your "binary problems" somewhere 
where only dilettantes are your audience, everywhere else you will get 
no job if you think you get money for maintaining your Gentoo installations

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-04 Thread Reindl Harald 



Am 04.03.2017 um 23:12 schrieb Leonardo Rodrigues:


is clamav a redhat product ?!?! I don't think so. That being said, i
see absolutely no point at all on saying clamav should do this because
redhat does that.

Anyone wishing to be updated with a 10+ years rhel install, should
call redhat for that :)

my 0.02 cents ...


the question is "does clamav want to stay relevant or not" aka be in in 
the most of relevant repo (EPEL) and since it's not in the RH/CentOS 
main repo it's for sure nothing Redhat itself bothers with



Em 04/03/17 12:32, Ned Slider escreveu:


Red Hat typically now supports each release of RHEL for at least a
decade, and that's not including any additional extended support
periods one may purchase from Red Hat in addition to the standard
production lifespan, so in a Red Hat world, I would say a decade is
the *minimum* period one should support dependent libs if you want
your software used on that platform.

RHEL5 may reach end of production on 31 March 2017 but extended
life-cycle support continues until 30 Nov 2020, so preferably support
for pcre-6 should continue until then.

https://access.redhat.com/support/policy/updates/errata#Life_Cycle_Dates

A huge number of mail admins want to install a RH mail server and
forget about it for 10+ years knowing it is supported and will just
work, and that things aren't going to continually break with each and
every update. I'm currently in the process of installing a new mail
server to replace a RHEL5 server, initially set up in 2007, and only
because RHEL5 is EOL. The same hardware (touch wood) is still going
strong and hasn't missed a beat in 10 years. If I could afford the
extended support from RH I'd probably let it run for another 3 years.

So your opinion on this will be influenced by your perspective. I
would argue that RHEL has a large enough installed userbase to warrant
supporting it for at least it's 10 year production life-cycle.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-04 Thread Benny Pedersen 

Joel Esler (jesler) skrev den 2017-03-04 23:54:

We cannot be tied to distribution support problems.


where did i ask for that ?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-04 Thread Joel Esler (jesler) 
We cannot be tied to distribution support problems. 

--
Sent from my iPhone

> On Mar 4, 2017, at 17:44, Benny Pedersen  wrote:
> 
> Leonardo Rodrigues skrev den 2017-03-04 23:12:
>> is clamav a redhat product ?!?! I don't think so. That being said, i
>> see absolutely no point at all on saying clamav should do this because
>> redhat does that.
> 
> good point
> 
>> Anyone wishing to be updated with a 10+ years rhel install, should
>> call redhat for that :)
> 
> any rpm builded systems are buggy
> 
>> my 0.02 cents ...
> 
> anymore left ?
> 
> i just wish 0.99.3 have clamav-milter supporting OnUnOfficiaLsignature 
> accept|quarantine|reject
> 
> that will save me to have need for 2 clamd and 2 clamav-milters
> 
> just my one bitcoin :)
> 
> clamav-owner please stop breaking dkim
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-04 Thread Benny Pedersen 

Leonardo Rodrigues skrev den 2017-03-04 23:12:

is clamav a redhat product ?!?! I don't think so. That being said, i
see absolutely no point at all on saying clamav should do this because
redhat does that.


good point


Anyone wishing to be updated with a 10+ years rhel install, should
call redhat for that :)


any rpm builded systems are buggy


my 0.02 cents ...


anymore left ?

i just wish 0.99.3 have clamav-milter supporting OnUnOfficiaLsignature 
accept|quarantine|reject


that will save me to have need for 2 clamd and 2 clamav-milters

just my one bitcoin :)

clamav-owner please stop breaking dkim
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-04 Thread Leonardo Rodrigues 


is clamav a redhat product ?!?! I don't think so. That being said, 
i see absolutely no point at all on saying clamav should do this because 
redhat does that.


Anyone wishing to be updated with a 10+ years rhel install, should 
call redhat for that :)


my 0.02 cents ...


Em 04/03/17 12:32, Ned Slider escreveu:


Red Hat typically now supports each release of RHEL for at least a 
decade, and that's not including any additional extended support 
periods one may purchase from Red Hat in addition to the standard 
production lifespan, so in a Red Hat world, I would say a decade is 
the *minimum* period one should support dependent libs if you want 
your software used on that platform.


RHEL5 may reach end of production on 31 March 2017 but extended 
life-cycle support continues until 30 Nov 2020, so preferably support 
for pcre-6 should continue until then.


https://access.redhat.com/support/policy/updates/errata#Life_Cycle_Dates

A huge number of mail admins want to install a RH mail server and 
forget about it for 10+ years knowing it is supported and will just 
work, and that things aren't going to continually break with each and 
every update. I'm currently in the process of installing a new mail 
server to replace a RHEL5 server, initially set up in 2007, and only 
because RHEL5 is EOL. The same hardware (touch wood) is still going 
strong and hasn't missed a beat in 10 years. If I could afford the 
extended support from RH I'd probably let it run for another 3 years.


So your opinion on this will be influenced by your perspective. I 
would argue that RHEL has a large enough installed userbase to warrant 
supporting it for at least it's 10 year production life-cycle.


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-04 Thread Ned Slider 

On 03/03/17 23:53, Scott Kitterman wrote:

As far as I can tell, pcre 7 came out before 2008.  I think a decade is enough
time to insist people upgrade.

Scott K



Red Hat typically now supports each release of RHEL for at least a 
decade, and that's not including any additional extended support periods 
one may purchase from Red Hat in addition to the standard production 
lifespan, so in a Red Hat world, I would say a decade is the *minimum* 
period one should support dependent libs if you want your software used 
on that platform.


RHEL5 may reach end of production on 31 March 2017 but extended 
life-cycle support continues until 30 Nov 2020, so preferably support 
for pcre-6 should continue until then.


https://access.redhat.com/support/policy/updates/errata#Life_Cycle_Dates

A huge number of mail admins want to install a RH mail server and forget 
about it for 10+ years knowing it is supported and will just work, and 
that things aren't going to continually break with each and every 
update. I'm currently in the process of installing a new mail server to 
replace a RHEL5 server, initially set up in 2007, and only because RHEL5 
is EOL. The same hardware (touch wood) is still going strong and hasn't 
missed a beat in 10 years. If I could afford the extended support from 
RH I'd probably let it run for another 3 years.


So your opinion on this will be influenced by your perspective. I would 
argue that RHEL has a large enough installed userbase to warrant 
supporting it for at least it's 10 year production life-cycle.




On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote:

If we required pcre 7, it would allow us to publish this kind of sig in the
future of 99.3 and high versions by requiring a certain "flevel".

--
Sent from my iPhone


On Mar 3, 2017, at 18:18, Chris Conn  wrote:

Hello,

Looks like my off-list email went on the list LOL.  So much for not making
noise.  Woops.

If the 0.99.3 or whatever later version where this would be implemented
requires PCRE 7, would that break database updates for versions that have
not upgraded if this pcre format is re-used in the future, or would it
simply disable pcre support in previous version of clamd that have not
been upgraded?

Thanks,

Chris


On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
A new daily with the Sig dropped.

Probably what we will do to prevent this from happening again, is to have
0.99.3 (the upcoming version) require pcre 7.

How does that sound?

--
Sent from my iPhone


On Mar 3, 2017, at 18:08, Chris Conn  wrote:

Hello,

I hope you don't mind my contact off-list, I don't want to make noise on
it for all.  Apologies.

This new build, are we talking about a daily.cvd (23162?) or a new build
of clam/pcre?

Thanks again in advance for your help,

Chris


On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
We are coming to the same conclusions.

The issue seem to isolated to using pcre libraries older than 7.0. I
does
not affect users of newer versions of pcre or users of pcre2.

A new build with the fix is in progress now.

Apologies for the impact this has caused.

Alain

On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <

steveb_cla...@sanesecurity.com> wrote:

On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
We're pulling the signature causing the issue now, while we
investigate
the cause.

- Alain


Hi Alain,

I think the fix is... Replace ? with ?P  when the PCRE library is old

ie.  ?< to ?P<

On...

Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1


--
Cheers,

Steve
Twitter: @sanesecurity



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Scott Kitterman 
In Debian we back port security fixes the same way, but libraries with 
different SO names are co-installable, so there's generally ways to deal with 
these things. Clamav itself is an exception since not keeping up in 
functionality means you lose the arms race.

Scott K

On March 3, 2017 7:04:03 PM EST, Chris Conn  wrote:
>Hello,
>
>Insist :)  Well, its considered bad practice to upgrade packages 
>independently on a RH-based system where dependancies break. Security 
>fixes are back-ported to older versions to preserve versioning an 
>compatibility.  Thats a Redhat feature I agree, and RHEL5 will be EOL
>in 
>28 days, so perhaps that point will be moot on April 1 2017.
>
>So insisting on upgrading libraries on a .rpm system in a scenario
>where 
>the distro is not EOL'ed is probably not what the general userbase of 
>those distros will be able/willing to perform.   This particular case 
>has less weight since the distro is about to go out of support from the
>
>vendor, however that doesn't mean there won't be anyone still using it.
> 
>I guess once its out of support its not all that hard to start breaking
>
>package dependancies since there will be no upgrades (although, there
>is 
>an additional "extended life phase" that RHEL5 systems can obtain, so 
>the April 1st date is not necessarily accurate).
>
>Your favorite distro probably handles this versioning better than RH
>does.
>
>Chris
>
>On 3/3/2017 6:53 PM, Scott Kitterman wrote:
>> As far as I can tell, pcre 7 came out before 2008.  I think a decade
>is enough
>> time to insist people upgrade.
>>
>> Scott K
>>
>> On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote:
>>> If we required pcre 7, it would allow us to publish this kind of sig
>in the
>>> future of 99.3 and high versions by requiring a certain "flevel".
>>>
>>> --
>>> Sent from my iPhone
>>>
 On Mar 3, 2017, at 18:18, Chris Conn  wrote:

 Hello,

 Looks like my off-list email went on the list LOL.  So much for not
>making
 noise.  Woops.

 If the 0.99.3 or whatever later version where this would be
>implemented
 requires PCRE 7, would that break database updates for versions
>that have
 not upgraded if this pcre format is re-used in the future, or would
>it
 simply disable pcre support in previous version of clamd that have
>not
 been upgraded?

 Thanks,

 Chris

> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
> A new daily with the Sig dropped.
>
> Probably what we will do to prevent this from happening again, is
>to have
> 0.99.3 (the upcoming version) require pcre 7.
>
> How does that sound?
>
> --
> Sent from my iPhone
>
>> On Mar 3, 2017, at 18:08, Chris Conn  wrote:
>>
>> Hello,
>>
>> I hope you don't mind my contact off-list, I don't want to make
>noise on
>> it for all.  Apologies.
>>
>> This new build, are we talking about a daily.cvd (23162?) or a
>new build
>> of clam/pcre?
>>
>> Thanks again in advance for your help,
>>
>> Chris
>>
>>> On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
>>> We are coming to the same conclusions.
>>>
>>> The issue seem to isolated to using pcre libraries older than
>7.0. I
>>> does
>>> not affect users of newer versions of pcre or users of pcre2.
>>>
>>> A new build with the fix is in progress now.
>>>
>>> Apologies for the impact this has caused.
>>>
>>> Alain
>>>
>>> On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
>>>
>>> steveb_cla...@sanesecurity.com> wrote:
> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
> We're pulling the signature causing the issue now, while we
> investigate
> the cause.
>
> - Alain
 Hi Alain,

 I think the fix is... Replace ? with ?P  when the PCRE library
>is old

 ie.  ?< to ?P<

 On...

 Doc.Macro.GenericHeuristic-5901772-0
 Doc.Macro.GenericHeuristic-5931846-1


 --
 Cheers,

 Steve
 Twitter: @sanesecurity

 ___
 clamav-users mailing list
 clamav-users@lists.clamav.net
 http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


 Help us build a comprehensive ClamAV guide:
 https://github.com/vrtadmin/clamav-faq

 http://www.clamav.net/contact.html#ml
>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Chris Conn 

Hello,

Insist :)  Well, its considered bad practice to upgrade packages 
independently on a RH-based system where dependancies break. Security 
fixes are back-ported to older versions to preserve versioning an 
compatibility.  Thats a Redhat feature I agree, and RHEL5 will be EOL in 
28 days, so perhaps that point will be moot on April 1 2017.


So insisting on upgrading libraries on a .rpm system in a scenario where 
the distro is not EOL'ed is probably not what the general userbase of 
those distros will be able/willing to perform.   This particular case 
has less weight since the distro is about to go out of support from the 
vendor, however that doesn't mean there won't be anyone still using it.  
I guess once its out of support its not all that hard to start breaking 
package dependancies since there will be no upgrades (although, there is 
an additional "extended life phase" that RHEL5 systems can obtain, so 
the April 1st date is not necessarily accurate).


Your favorite distro probably handles this versioning better than RH does.

Chris

On 3/3/2017 6:53 PM, Scott Kitterman wrote:

As far as I can tell, pcre 7 came out before 2008.  I think a decade is enough
time to insist people upgrade.

Scott K

On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote:

If we required pcre 7, it would allow us to publish this kind of sig in the
future of 99.3 and high versions by requiring a certain "flevel".

--
Sent from my iPhone


On Mar 3, 2017, at 18:18, Chris Conn  wrote:

Hello,

Looks like my off-list email went on the list LOL.  So much for not making
noise.  Woops.

If the 0.99.3 or whatever later version where this would be implemented
requires PCRE 7, would that break database updates for versions that have
not upgraded if this pcre format is re-used in the future, or would it
simply disable pcre support in previous version of clamd that have not
been upgraded?

Thanks,

Chris


On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
A new daily with the Sig dropped.

Probably what we will do to prevent this from happening again, is to have
0.99.3 (the upcoming version) require pcre 7.

How does that sound?

--
Sent from my iPhone


On Mar 3, 2017, at 18:08, Chris Conn  wrote:

Hello,

I hope you don't mind my contact off-list, I don't want to make noise on
it for all.  Apologies.

This new build, are we talking about a daily.cvd (23162?) or a new build
of clam/pcre?

Thanks again in advance for your help,

Chris


On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
We are coming to the same conclusions.

The issue seem to isolated to using pcre libraries older than 7.0. I
does
not affect users of newer versions of pcre or users of pcre2.

A new build with the fix is in progress now.

Apologies for the impact this has caused.

Alain

On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <

steveb_cla...@sanesecurity.com> wrote:

On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
We're pulling the signature causing the issue now, while we
investigate
the cause.

- Alain

Hi Alain,

I think the fix is... Replace ? with ?P  when the PCRE library is old

ie.  ?< to ?P<

On...

Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1


--
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Scott Kitterman 
As far as I can tell, pcre 7 came out before 2008.  I think a decade is enough 
time to insist people upgrade.

Scott K

On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote:
> If we required pcre 7, it would allow us to publish this kind of sig in the
> future of 99.3 and high versions by requiring a certain "flevel".
> 
> --
> Sent from my iPhone
> 
> > On Mar 3, 2017, at 18:18, Chris Conn  wrote:
> > 
> > Hello,
> > 
> > Looks like my off-list email went on the list LOL.  So much for not making
> > noise.  Woops.
> > 
> > If the 0.99.3 or whatever later version where this would be implemented
> > requires PCRE 7, would that break database updates for versions that have
> > not upgraded if this pcre format is re-used in the future, or would it
> > simply disable pcre support in previous version of clamd that have not
> > been upgraded?
> > 
> > Thanks,
> > 
> > Chris
> > 
> >> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
> >> A new daily with the Sig dropped.
> >> 
> >> Probably what we will do to prevent this from happening again, is to have
> >> 0.99.3 (the upcoming version) require pcre 7.
> >> 
> >> How does that sound?
> >> 
> >> --
> >> Sent from my iPhone
> >> 
> >>> On Mar 3, 2017, at 18:08, Chris Conn  wrote:
> >>> 
> >>> Hello,
> >>> 
> >>> I hope you don't mind my contact off-list, I don't want to make noise on
> >>> it for all.  Apologies.
> >>> 
> >>> This new build, are we talking about a daily.cvd (23162?) or a new build
> >>> of clam/pcre?
> >>> 
> >>> Thanks again in advance for your help,
> >>> 
> >>> Chris
> >>> 
>  On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
>  We are coming to the same conclusions.
>  
>  The issue seem to isolated to using pcre libraries older than 7.0. I
>  does
>  not affect users of newer versions of pcre or users of pcre2.
>  
>  A new build with the fix is in progress now.
>  
>  Apologies for the impact this has caused.
>  
>  Alain
>  
>  On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
>  
>  steveb_cla...@sanesecurity.com> wrote:
> >> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
> >> We're pulling the signature causing the issue now, while we
> >> investigate
> >> the cause.
> >> 
> >> - Alain
> > 
> > Hi Alain,
> > 
> > I think the fix is... Replace ? with ?P  when the PCRE library is old
> > 
> > ie.  ?< to ?P<
> > 
> > On...
> > 
> > Doc.Macro.GenericHeuristic-5901772-0
> > Doc.Macro.GenericHeuristic-5931846-1
> > 
> > 
> > --
> > Cheers,
> > 
> > Steve
> > Twitter: @sanesecurity
> > 
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > 
> > 
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> > 
> > http://www.clamav.net/contact.html#ml
>  
>  ___
>  clamav-users mailing list
>  clamav-users@lists.clamav.net
>  http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>  
>  
>  Help us build a comprehensive ClamAV guide:
>  https://github.com/vrtadmin/clamav-faq
>  
>  http://www.clamav.net/contact.html#ml
> >>> 
> >>> ___
> >>> clamav-users mailing list
> >>> clamav-users@lists.clamav.net
> >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >>> 
> >>> 
> >>> Help us build a comprehensive ClamAV guide:
> >>> https://github.com/vrtadmin/clamav-faq
> >>> 
> >>> http://www.clamav.net/contact.html#ml
> >> 
> >> ___
> >> clamav-users mailing list
> >> clamav-users@lists.clamav.net
> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >> 
> >> 
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >> 
> >> http://www.clamav.net/contact.html#ml
> > 
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > 
> > 
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> > 
> > http://www.clamav.net/contact.html#ml
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Joel Esler (jesler) 
If we required pcre 7, it would allow us to publish this kind of sig in the 
future of 99.3 and high versions by requiring a certain "flevel". 

--
Sent from my iPhone

> On Mar 3, 2017, at 18:18, Chris Conn  wrote:
> 
> Hello,
> 
> Looks like my off-list email went on the list LOL.  So much for not making 
> noise.  Woops.
> 
> If the 0.99.3 or whatever later version where this would be implemented 
> requires PCRE 7, would that break database updates for versions that have not 
> upgraded if this pcre format is re-used in the future, or would it simply 
> disable pcre support in previous version of clamd that have not been upgraded?
> 
> Thanks,
> 
> Chris
> 
>> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
>> A new daily with the Sig dropped.
>> 
>> Probably what we will do to prevent this from happening again, is to have 
>> 0.99.3 (the upcoming version) require pcre 7.
>> 
>> How does that sound?
>> 
>> --
>> Sent from my iPhone
>> 
>>> On Mar 3, 2017, at 18:08, Chris Conn  wrote:
>>> 
>>> Hello,
>>> 
>>> I hope you don't mind my contact off-list, I don't want to make noise on it 
>>> for all.  Apologies.
>>> 
>>> This new build, are we talking about a daily.cvd (23162?) or a new build of 
>>> clam/pcre?
>>> 
>>> Thanks again in advance for your help,
>>> 
>>> Chris
>>> 
>>> 
 On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
 We are coming to the same conclusions.
 
 The issue seem to isolated to using pcre libraries older than 7.0. I does
 not affect users of newer versions of pcre or users of pcre2.
 
 A new build with the fix is in progress now.
 
 Apologies for the impact this has caused.
 
 Alain
 
 On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
 steveb_cla...@sanesecurity.com> wrote:
 
>> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
>> We're pulling the signature causing the issue now, while we investigate
>> the cause.
>> 
>> - Alain
> Hi Alain,
> 
> I think the fix is... Replace ? with ?P  when the PCRE library is old
> 
> ie.  ?< to ?P<
> 
> On...
> 
> Doc.Macro.GenericHeuristic-5901772-0
> Doc.Macro.GenericHeuristic-5931846-1
> 
> 
> --
> Cheers,
> 
> Steve
> Twitter: @sanesecurity
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
 ___
 clamav-users mailing list
 clamav-users@lists.clamav.net
 http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
 
 
 Help us build a comprehensive ClamAV guide:
 https://github.com/vrtadmin/clamav-faq
 
 http://www.clamav.net/contact.html#ml
>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Chris Conn 

Hello,

Looks like my off-list email went on the list LOL.  So much for not 
making noise.  Woops.


If the 0.99.3 or whatever later version where this would be implemented 
requires PCRE 7, would that break database updates for versions that 
have not upgraded if this pcre format is re-used in the future, or would 
it simply disable pcre support in previous version of clamd that have 
not been upgraded?


Thanks,

Chris

On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:

A new daily with the Sig dropped.

Probably what we will do to prevent this from happening again, is to have 
0.99.3 (the upcoming version) require pcre 7.

How does that sound?

--
Sent from my iPhone


On Mar 3, 2017, at 18:08, Chris Conn  wrote:

Hello,

I hope you don't mind my contact off-list, I don't want to make noise on it for 
all.  Apologies.

This new build, are we talking about a daily.cvd (23162?) or a new build of 
clam/pcre?

Thanks again in advance for your help,

Chris



On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
We are coming to the same conclusions.

The issue seem to isolated to using pcre libraries older than 7.0. I does
not affect users of newer versions of pcre or users of pcre2.

A new build with the fix is in progress now.

Apologies for the impact this has caused.

Alain

On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:


On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
We're pulling the signature causing the issue now, while we investigate
the cause.

- Alain

Hi Alain,

I think the fix is... Replace ? with ?P  when the PCRE library is old

ie.  ?< to ?P<

On...

Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1


--
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Joel Esler (jesler) 
A new daily with the Sig dropped. 

Probably what we will do to prevent this from happening again, is to have 
0.99.3 (the upcoming version) require pcre 7.  

How does that sound?

--
Sent from my iPhone

> On Mar 3, 2017, at 18:08, Chris Conn  wrote:
> 
> Hello,
> 
> I hope you don't mind my contact off-list, I don't want to make noise on it 
> for all.  Apologies.
> 
> This new build, are we talking about a daily.cvd (23162?) or a new build of 
> clam/pcre?
> 
> Thanks again in advance for your help,
> 
> Chris
> 
> 
>> On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
>> We are coming to the same conclusions.
>> 
>> The issue seem to isolated to using pcre libraries older than 7.0. I does
>> not affect users of newer versions of pcre or users of pcre2.
>> 
>> A new build with the fix is in progress now.
>> 
>> Apologies for the impact this has caused.
>> 
>> Alain
>> 
>> On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
>> steveb_cla...@sanesecurity.com> wrote:
>> 
 On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
 We're pulling the signature causing the issue now, while we investigate
 the cause.
 
 - Alain
>>> Hi Alain,
>>> 
>>> I think the fix is... Replace ? with ?P  when the PCRE library is old
>>> 
>>> ie.  ?< to ?P<
>>> 
>>> On...
>>> 
>>> Doc.Macro.GenericHeuristic-5901772-0
>>> Doc.Macro.GenericHeuristic-5931846-1
>>> 
>>> 
>>> --
>>> Cheers,
>>> 
>>> Steve
>>> Twitter: @sanesecurity
>>> 
>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>>> 
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Chris Conn 

Hello,

I hope you don't mind my contact off-list, I don't want to make noise on 
it for all.  Apologies.


This new build, are we talking about a daily.cvd (23162?) or a new build 
of clam/pcre?


Thanks again in advance for your help,

Chris


On 3/3/2017 4:00 PM, Alain Zidouemba wrote:

We are coming to the same conclusions.

The issue seem to isolated to using pcre libraries older than 7.0. I does
not affect users of newer versions of pcre or users of pcre2.

A new build with the fix is in progress now.

Apologies for the impact this has caused.

Alain

On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:


On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:

We're pulling the signature causing the issue now, while we investigate
the cause.

- Alain

Hi Alain,

I think the fix is... Replace ? with ?P  when the PCRE library is old

ie.  ?< to ?P<

On...

Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1


--
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Stanislas LEVEAU 

thanks for this build

because i have the same problem with pcre in rel5

Now, I think it will be necessary to quickly update the servers ;-)

regards


Le 03/03/2017 à 22:00, Alain Zidouemba a écrit :

We are coming to the same conclusions.

The issue seem to isolated to using pcre libraries older than 7.0. I does
not affect users of newer versions of pcre or users of pcre2.

A new build with the fix is in progress now.

Apologies for the impact this has caused.

Alain

On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:


On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:

We're pulling the signature causing the issue now, while we investigate
the cause.

- Alain

Hi Alain,

I think the fix is... Replace ? with ?P  when the PCRE library is old

ie.  ?< to ?P<

On...

Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1


--
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Alain Zidouemba 
We are coming to the same conclusions.

The issue seem to isolated to using pcre libraries older than 7.0. I does
not affect users of newer versions of pcre or users of pcre2.

A new build with the fix is in progress now.

Apologies for the impact this has caused.

Alain

On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:

>
> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
> > We're pulling the signature causing the issue now, while we investigate
> > the cause.
> >
> > - Alain
> Hi Alain,
>
> I think the fix is... Replace ? with ?P  when the PCRE library is old
>
> ie.  ?< to ?P<
>
> On...
>
> Doc.Macro.GenericHeuristic-5901772-0
> Doc.Macro.GenericHeuristic-5931846-1
>
>
> --
> Cheers,
>
> Steve
> Twitter: @sanesecurity
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Chris Conn 

Hello,

That may be true, but you also have to maintain a self-compiled version 
of clamav now, and future updates you will need to re-do this.


This may be satisfactory to you as I don't of course know or understand 
your particular situation, but for the clamav userbase that is using 
RHEL5 (or CentOS5...) their clamd is now broken due to a package from 
the base repository being older than what that particular signature 
requires.


RHEL5 is not EOL for another 30 days :)

Chris

On 3/3/2017 3:33 PM, Leonardo Rodrigues wrote:

Em 03/03/17 17:31, Chris Conn escreveu:


Updating the PCRE manually doesn't seem like an option as it will 
break dependancies for important packages, grep, php and httpd among 
others.


I had success installing new PCRE libs on /usr/local (thus keeping 
system libraries untouched) and recompiling clamav linking to the new 
libs, something like:


./configure [..] --with-pcre=/usr/local


It's working just fine here on some CentOS 5 boxes. Did that with 
PCRE 8.40.




___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Leonardo Rodrigues 

Em 03/03/17 17:31, Chris Conn escreveu:


Updating the PCRE manually doesn't seem like an option as it will 
break dependancies for important packages, grep, php and httpd among 
others.


I had success installing new PCRE libs on /usr/local (thus keeping 
system libraries untouched) and recompiling clamav linking to the new 
libs, something like:


./configure [..] --with-pcre=/usr/local


It's working just fine here on some CentOS 5 boxes. Did that with 
PCRE 8.40.


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Chris Conn 

Hello,

If I can add to this discussion; since daily 23161 some RHEL5 systems 
(pcre-6.6-9) are failing with that same error.  A number of them have 
down clamd at the moment.


Updating the PCRE manually doesn't seem like an option as it will break 
dependancies for important packages, grep, php and httpd among others.


Hope this helps,

Chris

On 3/3/2017 3:14 PM, Steven Morgan wrote:

Hi Aaron and Leonardo,

What are the versions of libpcre on your systems?

Thanks,
Steve
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Leonardo Rodrigues 


I said in a previous mail, that i had the problem on CentOS 6 
boxes, and that's not true, sorry for that. All my CentOS 6 boxes are 
OK, and they have latest pcre from CentOS:


[root@correio ~]# rpm -qa | grep pcre
pcre-devel-7.8-7.el6.x86_64
pcre-7.8-7.el6.x86_64

The boxes on CentOS 5, however, these are the ones that broked with 
the new signatures. And they also have latest PCRE libs from CentOS:


[root@correio ~]# rpm -qa | grep pcre
pcre-6.6-9.el5
pcre-devel-6.6-9.el5

On my very few CentOS 5 boxes still running (just 2 actually), i 
manually compiled PCRE 8.40 with the same parameters used by CentOS 
compilation:


./configure --enable-utf8 --enable-unicode-properties

recompiled clamav linking pcre to /usr/local, and things are 
working again !!!




Em 03/03/17 17:14, Steven Morgan escreveu:

Hi Aaron and Leonardo,

What are the versions of libpcre on your systems?



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Steven Morgan 
Hi Aaron and Leonardo,

What are the versions of libpcre on your systems?

Thanks,
Steve
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Steve Basford 

On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
> We're pulling the signature causing the issue now, while we investigate
> the cause.
>
> - Alain
Hi Alain,

I think the fix is... Replace ? with ?P  when the PCRE library is old

ie.  ?< to ?P<

On...

Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1


-- 
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Alain Zidouemba 
We're pulling the signature causing the issue now, while we investigate the
cause.

- Alain

On Fri, Mar 3, 2017 at 12:38 PM, Aaron C. Bolch  wrote:

> Greetings,
>
> After Daily Update 23161 was applied, the following error happened:
>
> Database initialization error: can’t compile engine: Malformed Database
>
> When starting Clamd:
>
> LibCLamAV Error: cli_pcre_compile: PCRE compilation failed at offset 52:
> unrecognized character after (?<
> LibClamAV Error: cli_pcre_build: failed to build pcre regex
>
> Would this be a problem with the update, or something on my end?
>
> --Aaron
>
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Leonardo Rodrigues 


OK, so it's PCRE related. Compiling new PCRE libs and linking 
clamav to it should solve the problem, that's right ?



Em 03/03/17 15:11, Steve Basford escreveu:
It's a macro detecting ldb Sig that fails due to an old pcre engine 
being used.


The Sig can be rewritten to work on older pcre versions .. or you need 
to update.


Sorry I can't help more.



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Steve Basford 

It's a macro detecting ldb Sig that fails due to an old pcre engine being used.

The Sig can be rewritten to work on older pcre versions .. or you need to 
update.


Sorry I can't help more.

Cheers,

Steve
Twitter: @sanesecurity



On 3 March 2017 17:39:48 "Aaron C. Bolch"  wrote:


Greetings,

After Daily Update 23161 was applied, the following error happened:

Database initialization error: can’t compile engine: Malformed Database

When starting Clamd:

LibCLamAV Error: cli_pcre_compile: PCRE compilation failed at offset 52: 
unrecognized character after (?<

LibClamAV Error: cli_pcre_build: failed to build pcre regex

Would this be a problem with the update, or something on my end?

--Aaron


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam

2017-03-03 Thread Leonardo Rodrigues 


Same problem here with 0.99.2 on CentOS 6 machine:

[root@correio clamav]# service clamd start
Starting Clam AV daemon: LibClamAV Error: cli_pcre_compile: PCRE 
compilation failed at offset 52: unrecognized character after (?<

LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database
[FAILED]
[root@correio clamav]#




Em 03/03/17 14:38, Aaron C. Bolch escreveu:

Greetings,

After Daily Update 23161 was applied, the following error happened:

Database initialization error: can’t compile engine: Malformed Database

When starting Clamd:

LibCLamAV Error: cli_pcre_compile: PCRE compilation failed at offset 52: 
unrecognized character after (?<
LibClamAV Error: cli_pcre_build: failed to build pcre regex

Would this be a problem with the update, or something on my end?




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml