Mailing List Archive

clamav-0.96 is this properly working???
The changes make it difficult to understand if clamd is functioning
properly because after the upgrade from 0.92 I see log entries that
make no sense in what they are telling me.

The older versions seemed to work and process the mail without issues
until you decided to kill it and the new one doesn't look like it's
capable of doing it's job with any integrity.

In case it matters, clamd is being called from amavisd and it seems
to pass all e-mail (even an e-mail sent with a test-virus that should
be blocked) and this is disturbing.


CONFIGURE COMMAND:

./configure --prefix=/usr/local --mandir=/usr/local/share/man --
sysconfdir=/private/etc/clamav --with-dbdir=/var/clamav --with-
datadir=/var/clamav --with-user=clamav --with-group=clamav --disable-
shared --enable-static --enable-bigstack --enable-readdir_r


LOG EXCERPTS:

Sat Apr 17 20:13:28 2010 -> mode -> MODE_WAITREPLY
Sat Apr 17 20:13:28 2010 -> THRMGR: queue (single) crossed low
threshold -> signaling
Sat Apr 17 20:13:28 2010 -> THRMGR: queue (bulk) crossed low
threshold -> signaling
Sat Apr 17 20:13:28 2010 -> Breaking command loop, mode is no longer
MODE_COMMAND
Sat Apr 17 20:13:28 2010 -> Consumed entire command
Sat Apr 17 20:13:28 2010 -> Number of file descriptors polled: 1 fds
Sat Apr 17 20:13:28 2010 -> fds_poll_recv: timeout after 600 seconds
Sat Apr 17 20:13:28 2010 -> Finished scanthread
Sat Apr 17 20:13:28 2010 -> Scanthread: connection shut down (FD 11)
Sat Apr 17 20:13:28 2010 -> THRMGR: queue (single) crossed low
threshold -> signaling
Sat Apr 17 20:13:28 2010 -> THRMGR: queue (bulk) crossed low
threshold -> signaling
Sat Apr 17 20:13:30 2010 -> Received POLLIN|POLLHUP on fd 6
Sat Apr 17 20:13:30 2010 -> Got new connection, FD 11
Sat Apr 17 20:13:30 2010 -> Received POLLIN|POLLHUP on fd 7
Sat Apr 17 20:13:30 2010 -> fds_poll_recv: timeout after 5 seconds
Sat Apr 17 20:13:30 2010 -> Received POLLIN|POLLHUP on fd 11
Sat Apr 17 20:13:30 2010 -> got command CONTSCAN /var/amavis/tmp/
amavis-20100417T201230-21853/parts (59, 7), argument: /var/amavis/tmp/
amavis-20100417T201230-21853/parts
Sat Apr 17 20:13:30 2010 -> mode -> MODE_WAITREPLY
Sat Apr 17 20:13:30 2010 -> THRMGR: queue (single) crossed low
threshold -> signaling
Sat Apr 17 20:13:30 2010 -> Breaking command loop, mode is no longer
MODE_COMMAND
Sat Apr 17 20:13:30 2010 -> THRMGR: queue (bulk) crossed low
threshold -> signaling
Sat Apr 17 20:13:30 2010 -> Consumed entire command
Sat Apr 17 20:13:30 2010 -> Number of file descriptors polled: 1 fds
Sat Apr 17 20:13:30 2010 -> fds_poll_recv: timeout after 600 seconds
Sat Apr 17 20:13:30 2010 -> Finished scanthread
Sat Apr 17 20:13:30 2010 -> Scanthread: connection shut down (FD 11)
Sat Apr 17 20:13:30 2010 -> THRMGR: queue (single) crossed low
threshold -> signaling
Sat Apr 17 20:13:30 2010 -> THRMGR: queue (bulk) crossed low
threshold -> signaling



-- Dale
Re: clamav-0.96 is this properly working??? [ In reply to ]
On 2010-04-18 18:06, Dale Walsh wrote:
> The changes make it difficult to understand if clamd is functioning
> properly because after the upgrade from 0.92 I see log entries that make
> no sense in what they are telling me.
>
> The older versions seemed to work and process the mail without issues
> until you decided to kill it and the new one doesn't look like it's
> capable of doing it's job with any integrity.
>
> In case it matters, clamd is being called from amavisd and it seems to
> pass all e-mail (even an e-mail sent with a test-virus that should be
> blocked) and this is disturbing.
>
>
> CONFIGURE COMMAND:
>
> ./configure --prefix=/usr/local --mandir=/usr/local/share/man
> --sysconfdir=/private/etc/clamav --with-dbdir=/var/clamav
> --with-datadir=/var/clamav --with-user=clamav --with-group=clamav
> --disable-shared --enable-static --enable-bigstack --enable-readdir_r

Please post the output of clamconf -n.

If you have some MaxRecursion 0, MaxFileSize 0, or similar lines try
removing them.

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: clamav-0.96 is this properly working??? [ In reply to ]
On Apr 18, 2010, at 13:18 PM, Török Edwin wrote:

> On 2010-04-18 18:06, Dale Walsh wrote:
>> The changes make it difficult to understand if clamd is functioning
>> properly because after the upgrade from 0.92 I see log entries
>> that make
>> no sense in what they are telling me.
>>
>> The older versions seemed to work and process the mail without issues
>> until you decided to kill it and the new one doesn't look like it's
>> capable of doing it's job with any integrity.
>>
>> In case it matters, clamd is being called from amavisd and it
>> seems to
>> pass all e-mail (even an e-mail sent with a test-virus that should be
>> blocked) and this is disturbing.
>>
>>
>> CONFIGURE COMMAND:
>>
>> ./configure --prefix=/usr/local --mandir=/usr/local/share/man
>> --sysconfdir=/private/etc/clamav --with-dbdir=/var/clamav
>> --with-datadir=/var/clamav --with-user=clamav --with-group=clamav
>> --disable-shared --enable-static --enable-bigstack --enable-readdir_r
>
> Please post the output of clamconf -n.
>
> If you have some MaxRecursion 0, MaxFileSize 0, or similar lines try
> removing them.
>
> Best regards,
> --Edwin
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>


REQUESTED INFORMATION:

Checking configuration files in /private/etc/spam/clamav

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav.log"
LogFileMaxSize disabled
LogTime = "yes"
LogSyslog = "yes"
PidFile = "/var/clamav/clamd.pid"
TemporaryDirectory = "/var/clamav/tmp"
LocalSocket = "/var/clamav/clamd.sock"
MaxDirectoryRecursion = "20"
Foreground = "yes"
Debug = "yes"
User = "clamav"
AllowSupplementaryGroups = "yes"
DetectBrokenExecutables = "yes"
MaxScanSize = "20971520"
MaxFileSize = "15728640"
MaxRecursion = "20"
MaxFiles = "1500"

Config file: freshclam.conf
---------------------------
LogVerbose = "yes"
PidFile = "/var/clamav/freshclam.pid"
Foreground = "yes"
Debug = "yes"
AllowSupplementaryGroups = "yes"
UpdateLogFile = "/var/log/freshclam.log"
DatabaseMirror = "database.clamav.net"

clamav-milter.conf not found

Software settings
-----------------
Version: 0.96
LibClamAV Warning: Cannot dlopen libclamunrar_iface: file not found -
unrar support unavailable
Optional features supported: MEMPOOL IPv6 BIGSTACK AUTOIT_EA06 BZIP2
Database directory: /var/clamav
main.cvd: version 52, sigs: 704727, built on Mon Feb 15 09:54:51 2010
daily.cld: version 10757, sigs: 52437, built on Sun Apr 18 22:29:28 2010

-- Dale



-- Dale
Re: clamav-0.96 is this properly working??? [ In reply to ]
On 04/19/2010 09:21 AM, Dale Walsh wrote:
> Foreground = "yes"
> Debug = "yes"

Since you have Foreground+Debug active please redirect the stderr output
of clamd to a file.
Then scan the files in test/

Then open a bugreport on bugs.clamav.net, and attach the stderr output
(not the syslog output, since the debug info is not sent to syslog).

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: clamav-0.96 is this properly working??? [ In reply to ]
On Apr 19, 2010, at 03:27 AM, Török Edwin wrote:

> On 04/19/2010 09:21 AM, Dale Walsh wrote:
>> Foreground = "yes"
>> Debug = "yes"
>
> Since you have Foreground+Debug active please redirect the stderr
> output
> of clamd to a file.
> Then scan the files in test/
>
> Then open a bugreport on bugs.clamav.net, and attach the stderr output
> (not the syslog output, since the debug info is not sent to syslog).
>
> Best regards,
> --Edwin
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>


Filed as you requested and I hope this is sufficient information to
help you do whatever you need to do to fix it.

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1976


I take it there is an issue (excluding the faulty rar code) based on
the results of the test run.

This leave me with a couple of options, reduce clamav functionality
down to the level of the 0.92 version so that it can at least perform
some kind of protection or use something else (not my first choice).

-- Dale
Re: clamav-0.96 is this properly working??? [ In reply to ]
On Apr 19, 2010, at 03:27 AM, Török Edwin wrote:

> On 04/19/2010 09:21 AM, Dale Walsh wrote:
>> Foreground = "yes"
>> Debug = "yes"
>
> Since you have Foreground+Debug active please redirect the stderr
> output
> of clamd to a file.
> Then scan the files in test/
>
> Then open a bugreport on bugs.clamav.net, and attach the stderr output
> (not the syslog output, since the debug info is not sent to syslog).
>
> Best regards,
> --Edwin
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>

I've submitted additional information and I certainly hope you
weren't expecting my continued participation on the bug site.

The only reason I registered to submit the information was that it
might be useful in helping you track down the issue(s) but I don't
have the time to pursue this any further than providing you with this
information, my time is better spent finding an acceptable solution
for a production environment because you ensured that the working
0.92 solution I was using is no longer able to operate when you made
the minimum requirement 0.95.

-- Dale
Re: clamav-0.96 is this properly working??? [ In reply to ]
On 04/19/2010 12:06 PM, Dale Walsh wrote:
>
> On Apr 19, 2010, at 03:27 AM, Török Edwin wrote:
>
>> On 04/19/2010 09:21 AM, Dale Walsh wrote:
>>> Foreground = "yes"
>>> Debug = "yes"
>>
>> Since you have Foreground+Debug active please redirect the stderr output
>> of clamd to a file.
>> Then scan the files in test/
>>
>> Then open a bugreport on bugs.clamav.net, and attach the stderr output
>> (not the syslog output, since the debug info is not sent to syslog).
>>
>> Best regards,
>> --Edwin
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>
>
> I've submitted additional information and I certainly hope you weren't
> expecting my continued participation on the bug site.

You didn't provide the stderr output from clamd, that is needed to debug
this problem further.

I think this is merely a configuration issue, since noone else has
reported that 0.95/0.96 is missing those test files on Mac OS X.

>
> The only reason I registered to submit the information was that it might
> be useful in helping you track down the issue(s) but I don't have the
> time to pursue this any further than providing you with this
> information, my time is better spent finding an acceptable solution for
> a production environment because you ensured that the working 0.92
> solution I was using is no longer able to operate when you made the
> minimum requirement 0.95.

You can remove daily.cvd/cld, and stop freshclam as temporary solution
to get 0.92 working, until you get 0.95.3, or 0.96 working.

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: clamav-0.96 is this properly working??? [ In reply to ]
On Apr 19, 2010, at 05:11 AM, Török Edwin wrote:

> On 04/19/2010 12:06 PM, Dale Walsh wrote:
>>
>> On Apr 19, 2010, at 03:27 AM, Török Edwin wrote:
>>
>>> On 04/19/2010 09:21 AM, Dale Walsh wrote:
>>>> Foreground = "yes"
>>>> Debug = "yes"
>>>
>>> Since you have Foreground+Debug active please redirect the stderr
>>> output
>>> of clamd to a file.
>>> Then scan the files in test/
>>>
>>> Then open a bugreport on bugs.clamav.net, and attach the stderr
>>> output
>>> (not the syslog output, since the debug info is not sent to syslog).
>>>
>>> Best regards,
>>> --Edwin
>>> _______________________________________________
>>> http://lurker.clamav.net/list/clamav-devel.html
>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>>
>>
>> I've submitted additional information and I certainly hope you
>> weren't
>> expecting my continued participation on the bug site.
>
> You didn't provide the stderr output from clamd, that is needed to
> debug
> this problem further.

I'll submit this information since you need it.

> I think this is merely a configuration issue, since noone else has
> reported that 0.95/0.96 is missing those test files on Mac OS X.
>
>>
>> The only reason I registered to submit the information was that it
>> might
>> be useful in helping you track down the issue(s) but I don't have the
>> time to pursue this any further than providing you with this
>> information, my time is better spent finding an acceptable
>> solution for
>> a production environment because you ensured that the working 0.92
>> solution I was using is no longer able to operate when you made the
>> minimum requirement 0.95.
>
> You can remove daily.cvd/cld, and stop freshclam as temporary solution
> to get 0.92 working, until you get 0.95.3, or 0.96 working.

I'll recompile without the FD passing support and rebuild to get the
loadable module since it is unclear what benefit this really has.

> Best regards,
> --Edwin
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>

-- Dale
Re: clamav-0.96 is this properly working??? [ In reply to ]
On Apr 19, 2010, at 05:11 AM, Török Edwin wrote:

> You can remove daily.cvd/cld, and stop freshclam as temporary solution
> to get 0.92 working, until you get 0.95.3, or 0.96 working.
>
> Best regards,
> --Edwin
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>


I built everything as static so including the dynamic (shared)
libclamav.dylib library is not required for clamd however
libclamunrar.dylib is linked in the libclamunrar_iface module so it
has been installed.

The code looks like it expects to load the libclamunrar_iface module
from disk and doesn't check to see if it's embedded (static linked).

I submitted the clamd stderr information as requested,, is there
anything else you need?

-- Dale
Re: clamav-0.96 is this properly working??? [ In reply to ]
On 2010-04-19 12:44, Dale Walsh wrote:
>
> On Apr 19, 2010, at 05:11 AM, Török Edwin wrote:
>
>> You can remove daily.cvd/cld, and stop freshclam as temporary solution
>> to get 0.92 working, until you get 0.95.3, or 0.96 working.
>>
>> Best regards,
>> --Edwin
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>
>
>
> I built everything as static so including the dynamic (shared)
> libclamav.dylib library is not required for clamd however
> libclamunrar.dylib is linked in the libclamunrar_iface module so it has
> been installed.
>
> The code looks like it expects to load the libclamunrar_iface module
> from disk and doesn't check to see if it's embedded (static linked).
>
> I submitted the clamd stderr information as requested,, is there
> anything else you need?

Thanks, I'll let you know if I need additional information.

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: clamav-0.96 is this properly working??? [ In reply to ]
On 2010-04-19 12:44, Dale Walsh wrote:
>
> I submitted the clamd stderr information as requested,, is there
> anything else you need?

I tested on a Mac OS X 10.5.8 ppc, with gcc 4.0.1 and all testfiles
(except RAR) were detected in a static build.

The only problem is that clam.mail is missed, right? (well quite a big
problem if you're scanning mail).

What version of Mac OS X do you have (sw_vers will tell you), what
version of gcc (gcc -v will tell you)?

And could you post the output from clamd's stderr when you run
clamdscan test/clam.mail? (I assume it is missed in this case too)

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: clamav-0.96 is this properly working??? [ In reply to ]
On Apr 19, 2010, at 07:05 AM, Török Edwin wrote:

> On 2010-04-19 12:44, Dale Walsh wrote:
>>
>> I submitted the clamd stderr information as requested,, is there
>> anything else you need?
>
> I tested on a Mac OS X 10.5.8 ppc, with gcc 4.0.1 and all testfiles
> (except RAR) were detected in a static build.

Tested 10.4.0 - 10.4.11 ppc, built with gcc 4.0 using a modified
build process and all testfiles including rar now pass.

> The only problem is that clam.mail is missed, right? (well quite a big
> problem if you're scanning mail).

Fixed some of the incompatible pointer type warnings and mail now works.

> What version of Mac OS X do you have (sw_vers will tell you), what
> version of gcc (gcc -v will tell you)?

Configured with gcc 3.3 but built with gcc 4.0.

> And could you post the output from clamd's stderr when you run
> clamdscan test/clam.mail? (I assume it is missed in this case too)

No longer missed.

> Best regards,
> --Edwin
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>

-- Dale
Re: clamav-0.96 is this properly working??? [ In reply to ]
On 2010-04-19 15:40, Dale Walsh wrote:
>
> On Apr 19, 2010, at 07:05 AM, Török Edwin wrote:
>
>> On 2010-04-19 12:44, Dale Walsh wrote:
>>>
>>> I submitted the clamd stderr information as requested,, is there
>>> anything else you need?
>>
>> I tested on a Mac OS X 10.5.8 ppc, with gcc 4.0.1 and all testfiles
>> (except RAR) were detected in a static build.
>
> Tested 10.4.0 - 10.4.11 ppc, built with gcc 4.0 using a modified build
> process and all testfiles including rar now pass.
>
>> The only problem is that clam.mail is missed, right? (well quite a big
>> problem if you're scanning mail).
>
> Fixed some of the incompatible pointer type warnings and mail now works.

When you have some time can you post a patch with the modifications you
made?

>
>> What version of Mac OS X do you have (sw_vers will tell you), what
>> version of gcc (gcc -v will tell you)?
>
> Configured with gcc 3.3 but built with gcc 4.0.

Maybe thats why it failed.

>
>> And could you post the output from clamd's stderr when you run
>> clamdscan test/clam.mail? (I assume it is missed in this case too)
>
> No longer missed.

OK, glad to hear.

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: clamav-0.96 is this properly working??? [ In reply to ]
On Apr 19, 2010, at 08:42 AM, Török Edwin wrote:

> On 2010-04-19 15:40, Dale Walsh wrote:
>>
>> On Apr 19, 2010, at 07:05 AM, Török Edwin wrote:
>>
>>> On 2010-04-19 12:44, Dale Walsh wrote:
>>>>
>>>> I submitted the clamd stderr information as requested,, is there
>>>> anything else you need?
>>>
>>> I tested on a Mac OS X 10.5.8 ppc, with gcc 4.0.1 and all testfiles
>>> (except RAR) were detected in a static build.
>>
>> Tested 10.4.0 - 10.4.11 ppc, built with gcc 4.0 using a modified
>> build
>> process and all testfiles including rar now pass.
>>
>>> The only problem is that clam.mail is missed, right? (well quite
>>> a big
>>> problem if you're scanning mail).
>>
>> Fixed some of the incompatible pointer type warnings and mail now
>> works.
>
> When you have some time can you post a patch with the modifications
> you
> made?

A patch??? the only patch I have is the ppcpatch.txt file that you
already know about.

It involved configuring as static no shared, saving the Makefile's,
configuring as static no shared, merging the the two to get the
binaries to build as I needed and fixing the warnings as I went along.

First built libltdl then libclamav, edited libclamav.la to remove the
dlopen and add the libclamunrar.la as a dependancy for the remainder
of the build but restored for the install process so I could get a
static build with a dynamic module using DESTDIR to control the
intermediate install to move files around.

Once all done and working I saw no need to keep the hacked files and
just backed up the binaries.

>>
>>> What version of Mac OS X do you have (sw_vers will tell you), what
>>> version of gcc (gcc -v will tell you)?
>>
>> Configured with gcc 3.3 but built with gcc 4.0.
>
> Maybe thats why it failed.

It wouldn't work using 3.3 (compiler too old) and wouldn't compile if
configured with gcc 4.0 so I configured with gcc 3.3 then switched
compiler to 4.0 to build.

>>
>>> And could you post the output from clamd's stderr when you run
>>> clamdscan test/clam.mail? (I assume it is missed in this case too)
>>
>> No longer missed.
>
> OK, glad to hear.
>
> Best regards,
> --Edwin
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>


I'll send you a link to the binaries if you want to look at them.


-- Dale
Re: clamav-0.96 is this properly working??? [ In reply to ]
On 2010-04-19 18:02, Dale Walsh wrote:
> Once all done and working I saw no need to keep the hacked files and
> just backed up the binaries.

OK, nevermind.

> I'll send you a link to the binaries if you want to look at them.

No need to do that.

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: clamav-0.96 is this properly working??? [ In reply to ]
On Apr 19, 2010, at 11:11 AM, Török Edwin wrote:

> On 2010-04-19 18:02, Dale Walsh wrote:
>> Once all done and working I saw no need to keep the hacked files and
>> just backed up the binaries.
>
> OK, nevermind.
>
>> I'll send you a link to the binaries if you want to look at them.
>
> No need to do that.
>
> Best regards,
> --Edwin
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>


Played around a little more with the source to get an optimal
universal build (PPC/Intel), it seems link issues were less frequent
when I forced libclamunrar to be built as static during a dynamic build.

The quick method was
CFLAGS="-arch ppc -arch i386 -g -O0 -pipe -no-cpp-precomp" CCFLAGS="-
arch ppc -arch i386 -g -O0 -pipe " CXXFLAGS="-arch ppc -arch i386 -g
-O0 -pipe " LDFLAGS="-arch ppc -arch i386 " ./configure --prefix=/
usr/local --mandir=/usr/share/man --sysconfdir=/private/etc/spam/
clamav --with-dbdir=/var/clamav --with-datadir=/var/clamav --with-
user=clamav --with-group=clamav --enable-bigstack --enable-
readdir_r --enable-shared --disable-static --disable-dependancy-
tracking
cd libltdl
make
cd ../libclamav
make libclamunrar_la_LDFLAGS="-static -no-undefined" libclamunrar.la
cd ../
make


http://daleenterprise.com/info.php#module_clam

http://daleenterprise.com/clamav_test.php


-- Dale