On Sun, Oct 05, 2003 at 02:16:55PM +0100, G D McKee wrote: > Every time I try to compile clamav I get the following error. Has anyone got any > ideas how to fix it? > > Thanks in advance > > Gordon > > uname -a > FreeBSD kursk.gdmckee.home 4.9-RC FreeBSD 4.9-RC #0: Sun Oct 5 13:54:04 BST 2003 > [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GDMCKEE i386 > > > cc -O -pipe -march=pentium -I/usr/local/include -O -o .libs/clamdscan options.o > clamdscan.o client.o ../clamscan/getopt.o ../clamscan/others.o ../clamd/cfgfile.o > -L/usr/ports/security/clamav/work/clamav-0.60/libclamav > /usr/ports/security/clamav/work/clamav-0.60/libclamav/.libs/libclamav.so -lcipher > -lz -lbz2 -lc_r -Wl,--rpath -Wl,/usr/local/lib > /usr/lib/libc.so: warning: this program uses gets(), which is unsafe. > /usr/lib/libc.so: warning: mktemp() possibly used unsafely; consider using mkstemp() > /usr/lib/libc.so: warning: tmpnam() possibly used unsafely; consider using mkstemp() > /usr/lib/libc.so: warning: this program uses f_prealloc(), which is not recommended. > /usr/lib/libc.so: warning: tempnam() possibly used unsafely; consider using mkstemp() > creating clamdscan > gmake[1]: Leaving directory `/usr/ports/security/clamav/work/clamav-0.60/clamdscan' > Making all in clamav-milter > gmake[1]: Entering directory > `/usr/ports/security/clamav/work/clamav-0.60/clamav-milter' > gmake[1]: Nothing to be done for `all'. > gmake[1]: Leaving directory > `/usr/ports/security/clamav/work/clamav-0.60/clamav-milter' > Making all in etc > gmake[1]: Entering directory `/usr/ports/security/clamav/work/clamav-0.60/etc' > gmake[1]: Nothing to be done for `all'. > gmake[1]: Leaving directory `/usr/ports/security/clamav/work/clamav-0.60/etc' > gmake[1]: Entering directory `/usr/ports/security/clamav/work/clamav-0.60' > gmake[1]: Nothing to be done for `all-am'. > gmake[1]: Leaving directory `/usr/ports/security/clamav/work/clamav-0.60
Err... I see no errors here. Plenty of warnings, but no errors. gmake prints out some quite distinctive messages when one of the commands it runs returns a failure error code, but that hasn't happened here. Looks like the compilation actually worked. The warnings arise because the clamav code used C API which are hard to use correctly and without exposing the code to potential buffer overflows or other attacks that can lead to privilege escalation, or worse. Submitting patches back to the clamav project to substitute better API and silence these warnings would be a good deed for the day. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp00000.pgp
Description: PGP signature