Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. devel
Re: ClamAV(R) blog: ClamAV 0.99 Release Candidate has been posted!
smorgan at sourcefire
Oct 16, 2015, 2:50 PM
Post #1 of 2 (1361 views)
Permalink
Hi Mark,

Thanks for your feedback.

Three work arounds were provided in comment 22 of bugzilla 11309 toward the
problem of compiling built-in llvm on recent OS X 10.10 releases:

- compile llvm unoptimized: ./configure CXXFLAGS='-O0'
- use llvm library already your system: ./configure --with-system-llvm
- use the bytecode interpreter instead of LLVM JIT: ./configure --enable-llvm=no

<https://bugzilla.clamav.net/show_bug.cgi?id=11309#>
The ticket is left open until we decide on the future direction for using
llvm within ClamAV and that is still under discussion as there are
additional considerations for other non-Mac OS X platforms.

As far as compiling on OS X 10.11 with OpenSSL, OpenSSL is required for
ClamAV since ClamAV 0.98.2. There should be a resource for obtaining and
installing OpenSSL for that platform.

libxml2 is not required, but is highly recommended (since ClamAV 0.98.1),
so sounds like you'll need to install that as well. Please let us know if
this persists after libxml2 is installed(libxml2 dev version).

The PCRE warning messages are apparently due to not having PCRE installed.
PCRE is optional, but the new capabilities of using logical signatures
containing PCRE and YARA rules require PCRE. Please advise if it is a
problem when PCRE(dev version again) is installed.

For the warnings you get from 'freshclam ---no-warnings', please open a
bugzilla ticket containing the warning messages and we can get those fixed.

Let us know how things work out with OpenSSL, libxml2, and PCRE installed.

Thanks,
Steve

On Fri, Oct 16, 2015 at 12:30 PM, Mark Allan <markjallan@gmail.com> wrote:

> Hi Joel,
>
> Compiled OK on OS X 10.10.5 using Xcode 6, but I still needed to add the
> "--enable-llvm=no" configure flag to get freshclam to work. The issue 11309
> in Bugzilla is still open, but the target was 0.99
> https://bugzilla.clamav.net/show_bug.cgi?id=11309
>
> ClamAV will NOT compile on OS X 10.11 with Xcode 7 as Apple doesn't supply
> OpenSSL headers any more. I also tried using Xcode 6 and the 10.10 SDK
> (passing -sysroot in CFLAGS and CXXFlags) but it still says OpenSSL not
> found. It also fails to find xmlreader.h
>
> OpenSSL binaries are still available, so it's possible to compile on 10.10
> and run on 10.11, but compilation on OS X 10.11 doesn't appear to be
> possible any more.
>
> Regardless of how ClamAV is compiled, there is also a minor issue with
> freshclam:
>
> Running
> freshclam --no-warnings
> still prints out a load of warnings
> [LibClamAV] cli_loadldb: logical signature for
> Win.Trojan.ssid16667 uses PCREs but support is disabled, skipping
> ...
> [LibClamAV] cli_loadldb: logical signature for
> Win.Trojan.ssid15873 uses PCREs but support is disabled, skipping
>
> Regards
> Mark
>
> > On 15 Oct 2015, at 10:13 pm, Joel Esler (jesler) <jesler@cisco.com>
> wrote:
> >
> >
> >
> http://blog.clamav.net/2015/10/clamav-099-release-candidate-has-been.html
> >
> > ClamAV 0.99 Release Candidate has been posted!
> > ClamAV 0.99 Release Candidate has been posted for download! Please
> check out the below release notes:
> >
> > This the first release of ClamAV that is being done on both ClamAV.net<
> http://clamav.net> and SourceForge. If you are a package or mirror
> maintainer, make sure you start moving your download location from
> SourceForge over to ClamAV.net<http://clamav.net>.
> >
> > 0.99-rc1
> > --------
> >
> > ClamAV 0.99 contains major new features and changes. YARA rules, Perl
> Compatible Regular Expressions, revamped on-access scanning for Linux, and
> other new features join the many great features of ClamAV:
> >
> >
> >
> > * Processing of YARA rules(some limitations- see signatures.pdf).
> > * Support in ClamAV logical signatures for many of the features
> added for YARA, such as Perl Compatible Regular Expressions, alternate
> strings, and YARA string attributes. See signatures.pdf for full details.
> > * New and improved on-access scanning for Linux. See the recent
> blog post and clamdoc.pdf for details on the new on-access capabilities.
> > * A new ClamAV API callback function that is invoked when a
> virus is found. This is intended primarily for applications running in
> all-match mode. Any applications using all-match mode must use the new
> callback function to record and report detected viruses.
> > * Configurable default password list to attempt zip file
> decryption.
> > * TIFF file support.
> > * Upgrade Windows pthread library to 2.9.1.
> > * A new signature target type for designating signatures to run
> against files with unknown file types.
> > * Improved fidelity of the "data loss prevention" heuristic
> algorithm. Code supplied by Bill Parker.
> > * Support for LZMA decompression within Adobe Flash files.
> > * Support for MSO attachments within Microsoft Office 2003 XML
> files.
> > * A new sigtool option(--ascii-normalize) allowing signature
> authors to more easily generate normalized versions of ascii files.
> > * Windows installation directories changed from \Program
> Files\Sourcefire\ClamAV to \Program Files\ClamAV or \Program
> Files\ClamAV-x64.
> >
> >
> > PLEASE NOTE: If you are using clamd on-access scanning or have
> applications using all-match mode, you will want to review the changes and
> make any necessary adjustments before using ClamAV 0.99. Users of windows
> binaries need to be aware of the change of installation directories.
> >
> > Thank you to the ClamAV community members who sent patches and bug
> reports included for ClamAV 0.99:
> >
> > Steve Basford
> > Sebastian Andrzej Siewior
> > Bill Parker
> > Andreas Schulze
> > Yann E. Morin
> > Andreas Cadhalpun
> > Dmitry Marakasov
> > Michael Pelletier
> > Felix Groebert
> >
> > --
> > The ClamAV team (http://www.clamav.net/about.html#credits)
> >
> >
> > --
> > Joel Esler
> > Manager, Talos Group
> >
> >
> >
> >
> > _______________________________________________
> > http://lurker.clamav.net/list/clamav-devel.html
> > Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >
> > http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: ClamAV(R) blog: ClamAV 0.99 Release Candidate has been posted! [ In reply to ]
markjallan at gmail
Oct 20, 2015, 2:16 AM
Post #2 of 2 (1310 views)
Permalink
Hi Steve,

Thanks for getting back to me. Yes, I'm aware of the workarounds - I was merely mentioning that they were still required despite the fix being targeted at v0.99

The main reasons for my email were freshclam producing warnings that weren't being suppressed with the "--no-warnings" flag (now filed as bugzilla 11411); and to raise awareness of the fact that ClamAV won't compile at all on OS X 10.11.

On that last note, having spent a chunk of yesterday working on this, I believe I have a workaround. It's not ideal, but as a binary package maintainer, it sure beats bundling and exporting OpenSSL myself!

First thing is to grab a copy of the OS X 10.10 SDK.
Add the directory /usr/local/include if it doesn't already exist.
Add a symlink in there to the openssl header directory within the 10.10 SDK.

If anyone else reads this message and follows the above instructions, you should bear in mind that Apple deprecated OpenSSL in OS X 10.7 (back in 2011) and they removed the headers this year, so it stands to reason that in the not-to-distant future, the OpenSSL binaries will also be removed from OS X.

Mark

> On 16 Oct 2015, at 10:50 pm, Steven Morgan <smorgan@sourcefire.com> wrote:
>
> Hi Mark,
>
> Thanks for your feedback.
>
> Three work arounds were provided in comment 22 of bugzilla 11309 toward the
> problem of compiling built-in llvm on recent OS X 10.10 releases:
>
> - compile llvm unoptimized: ./configure CXXFLAGS='-O0'
> - use llvm library already your system: ./configure --with-system-llvm
> - use the bytecode interpreter instead of LLVM JIT: ./configure --enable-llvm=no
>
> <https://bugzilla.clamav.net/show_bug.cgi?id=11309#>
> The ticket is left open until we decide on the future direction for using
> llvm within ClamAV and that is still under discussion as there are
> additional considerations for other non-Mac OS X platforms.
>
> As far as compiling on OS X 10.11 with OpenSSL, OpenSSL is required for
> ClamAV since ClamAV 0.98.2. There should be a resource for obtaining and
> installing OpenSSL for that platform.
>
> libxml2 is not required, but is highly recommended (since ClamAV 0.98.1),
> so sounds like you'll need to install that as well. Please let us know if
> this persists after libxml2 is installed(libxml2 dev version).
>
> The PCRE warning messages are apparently due to not having PCRE installed.
> PCRE is optional, but the new capabilities of using logical signatures
> containing PCRE and YARA rules require PCRE. Please advise if it is a
> problem when PCRE(dev version again) is installed.
>
> For the warnings you get from 'freshclam ---no-warnings', please open a
> bugzilla ticket containing the warning messages and we can get those fixed.
>
> Let us know how things work out with OpenSSL, libxml2, and PCRE installed.
>
> Thanks,
> Steve
>
> On Fri, Oct 16, 2015 at 12:30 PM, Mark Allan <markjallan@gmail.com> wrote:
>
>> Hi Joel,
>>
>> Compiled OK on OS X 10.10.5 using Xcode 6, but I still needed to add the
>> "--enable-llvm=no" configure flag to get freshclam to work. The issue 11309
>> in Bugzilla is still open, but the target was 0.99
>> https://bugzilla.clamav.net/show_bug.cgi?id=11309
>>
>> ClamAV will NOT compile on OS X 10.11 with Xcode 7 as Apple doesn't supply
>> OpenSSL headers any more. I also tried using Xcode 6 and the 10.10 SDK
>> (passing -sysroot in CFLAGS and CXXFlags) but it still says OpenSSL not
>> found. It also fails to find xmlreader.h
>>
>> OpenSSL binaries are still available, so it's possible to compile on 10.10
>> and run on 10.11, but compilation on OS X 10.11 doesn't appear to be
>> possible any more.
>>
>> Regardless of how ClamAV is compiled, there is also a minor issue with
>> freshclam:
>>
>> Running
>> freshclam --no-warnings
>> still prints out a load of warnings
>> [LibClamAV] cli_loadldb: logical signature for
>> Win.Trojan.ssid16667 uses PCREs but support is disabled, skipping
>> ...
>> [LibClamAV] cli_loadldb: logical signature for
>> Win.Trojan.ssid15873 uses PCREs but support is disabled, skipping
>>
>> Regards
>> Mark
>>
>>> On 15 Oct 2015, at 10:13 pm, Joel Esler (jesler) <jesler@cisco.com>
>> wrote:
>>>
>>>
>>>
>> http://blog.clamav.net/2015/10/clamav-099-release-candidate-has-been.html
>>>
>>> ClamAV 0.99 Release Candidate has been posted!
>>> ClamAV 0.99 Release Candidate has been posted for download! Please
>> check out the below release notes:
>>>
>>> This the first release of ClamAV that is being done on both ClamAV.net<
>> http://clamav.net> and SourceForge. If you are a package or mirror
>> maintainer, make sure you start moving your download location from
>> SourceForge over to ClamAV.net<http://clamav.net>.
>>>
>>> 0.99-rc1
>>> --------
>>>
>>> ClamAV 0.99 contains major new features and changes. YARA rules, Perl
>> Compatible Regular Expressions, revamped on-access scanning for Linux, and
>> other new features join the many great features of ClamAV:
>>>
>>>
>>>
>>> * Processing of YARA rules(some limitations- see signatures.pdf).
>>> * Support in ClamAV logical signatures for many of the features
>> added for YARA, such as Perl Compatible Regular Expressions, alternate
>> strings, and YARA string attributes. See signatures.pdf for full details.
>>> * New and improved on-access scanning for Linux. See the recent
>> blog post and clamdoc.pdf for details on the new on-access capabilities.
>>> * A new ClamAV API callback function that is invoked when a
>> virus is found. This is intended primarily for applications running in
>> all-match mode. Any applications using all-match mode must use the new
>> callback function to record and report detected viruses.
>>> * Configurable default password list to attempt zip file
>> decryption.
>>> * TIFF file support.
>>> * Upgrade Windows pthread library to 2.9.1.
>>> * A new signature target type for designating signatures to run
>> against files with unknown file types.
>>> * Improved fidelity of the "data loss prevention" heuristic
>> algorithm. Code supplied by Bill Parker.
>>> * Support for LZMA decompression within Adobe Flash files.
>>> * Support for MSO attachments within Microsoft Office 2003 XML
>> files.
>>> * A new sigtool option(--ascii-normalize) allowing signature
>> authors to more easily generate normalized versions of ascii files.
>>> * Windows installation directories changed from \Program
>> Files\Sourcefire\ClamAV to \Program Files\ClamAV or \Program
>> Files\ClamAV-x64.
>>>
>>>
>>> PLEASE NOTE: If you are using clamd on-access scanning or have
>> applications using all-match mode, you will want to review the changes and
>> make any necessary adjustments before using ClamAV 0.99. Users of windows
>> binaries need to be aware of the change of installation directories.
>>>
>>> Thank you to the ClamAV community members who sent patches and bug
>> reports included for ClamAV 0.99:
>>>
>>> Steve Basford
>>> Sebastian Andrzej Siewior
>>> Bill Parker
>>> Andreas Schulze
>>> Yann E. Morin
>>> Andreas Cadhalpun
>>> Dmitry Marakasov
>>> Michael Pelletier
>>> Felix Groebert
>>>
>>> --
>>> The ClamAV team (http://www.clamav.net/about.html#credits)
>>>
>>>
>>> --
>>> Joel Esler
>>> Manager, Talos Group
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> http://lurker.clamav.net/list/clamav-devel.html
>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>>
>>> http://www.clamav.net/contact.html#ml
>>
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal