[Clamav-devel] enabling DMG and XAR support

Steven Morgan smorgan at sourcefire.com
Mon Mar 24 17:32:28 EDT 2014


Yes, a dmg issue and an xar issue were mentioned. If the issue(s) remain,
please open a bug at bugzilla.clamav.net or send some files or --debug
output.


On Sun, Mar 23, 2014 at 5:17 PM, Joel Esler (jesler) <jesler at cisco.com>wrote:

> Then I am sure the developers would be glad to help figure out the problem
> and fix it.
>
> --
> Joel Esler
> Sent from my iPhone
>
> > On Mar 22, 2014, at 13:32, "Dale Walsh" <dale at daleenterprise.com> wrote:
> >
> > 0.98.1 DMG does not work.
> >
> > -- Dale
> >
> >
> >
> >> On Mar 21, 2014, at 09:16 AM, Joel Esler (jesler) wrote:
> >>
> >> DMG support was just added in the last version of ClamAV.  How long ago
> did you do this testing?
> >>
> >>
> >>> On Mar 20, 2014, at 8:22 PM, Dale Walsh <dale at daleenterprise.com>
> wrote:
> >>>
> >>> You did miss it but it's a two headed nail.
> >>>
> >>> PDF, DMG, XAR and RAR have had issues not recognizing the test viruses
> to name just a couple that spring to mind that we've had trouble with and
> this all started happening when the clang and crap entered the picture.
> >>>
> >>> I've worked with the developers in the past, once the build
> environment dependancies changed and I was told I had to upgrade my OS and
> build tools is when it was no longer possible to resolve these issues as
> the update solely for the purpose of building ClamAV is not an option and I
> shouldn't be forced to use someone else's built tool preferences just
> because they have the luxury of updating on a whim or purely for bragging
> rights.
> >>>
> >>> It does not matter if my OS is dated, security patches are applied to
> the build tools as they become available and this seems to satisfy all
> other software that build from source except ClamAV.
> >>>
> >>> Having everything build with GCC 4.0 would allow me/us to re-deploy
> ClamAV and contribute to the code base again (I have in the past) but the
> chances of this are slim to non from what I recall because my OS and build
> tools are dated and listening to rants about ancient and deprecated is
> nothing more than someone spewing stupidity.
> >>>
> >>> The fact that I ensure all bugs and updates to the build tools are
> fixed/added allows me to keep everything in harmony and there is no reason
> to update anything to build a single software package when all other
> software sources seem to be content with the existing build environment.
> >>>
> >>> If you wish to go off-list to continue the discussion I have no
> objections.
> >>>
> >>>
> >>> -- Dale
> >>>
> >>>
> >>>
> >>>> On Mar 20, 2014, at 16:35 PM, Joel Esler (jesler) wrote:
> >>>>
> >>>> Dale,
> >>>>
> >>>> Thanks for your email.  I'm not sure exactly what you are referring
> to.  Maybe I am missing a connection here or something, but the discussion
> was around scanning DMG and XAR, which I think, if there's a issue with,
> we'd be more than happy to work with anyone to try and square away.
> >>>>
> >>>> You seem to be discussing a build issue, and you say that it's a
> waste of time.  When did you get the impression that working with the
> developers was a waste of time?  If we're not communicating well enough, we
> can fix that.  But I think the team is doing a good job of that judging by
> the amount of complaints I have received since we took over the project
> from the old ClamAV team.
> >>>>
> >>>> Please let me know if we need to take this offline and discuss or
> anything I can do to help.
> >>>>
> >>>> --
> >>>> Joel Esler
> >>>> Open Source Manager
> >>>> Threat Intelligence Team Lead
> >>>> Vulnerability Research Team
> >>>>
> >>>> On Mar 20, 2014, at 3:55 PM, Dale Walsh <dale at daleenterprise.com
> <mailto:dale at daleenterprise.com>> wrote:
> >>>>
> >>>> Mark, this has been an issue for many versions along with a slew of
> others things not working as expected.
> >>>>
> >>>> As much as I liked ClamAV, we've abandoned it as a mail solution
> shortly after things stopped working correctly and they changed the
> required build tools so you can no longer build it with GCC 3.3/4.0/4.1/4.2
> and have a fully functional app.
> >>>>
> >>>> Yes there are flags to get it to build but certain modules and
> features don't build and making an incomplete and partially functional
> binary isn't appealing.
> >>>>
> >>>> Advice on updating build tools is a waste of time as there is no
> reason to update the build tools just to build ClamAV as it's the only one
> that has this ridiculous built-tool requirement and only an idiot would
> tell me to update.
> >>>>
> >>>> My thoughts on this is simple, if it doesn't build with the basic GNU
> GCC compiler tools then it's seriously flawed and needs these other tools
> to overcome the short-comings of poorly written/implemented code.
> >>>>
> >>>> When I say build, I mean build with full functionality so don't go
> off the deep-end stating it builds, partial functionality may be acceptable
> to you bhut it isn't to me.
> >>>>
> >>>> At this time, for personal use, I use the source code but repackage
> the build environment to work with what I have and I'm comfortable with
> submitting corrections and patches, too much focus and complaints on my
> build tools so why waste my time.
> >>>>
> >>>> -- Dale
> >>>>
> >>>> On Mar 19, 2014, at 11:34 AM, Rafael Ferreira wrote:
> >>>>
> >>>> Interesting... let me run some tests and get back to you.
> >>>>
> >>>> On Mar 19, 2014, at 8:33 AM, Mark Allan <markjallan at gmail.com<mailto:
> markjallan at gmail.com>> wrote:
> >>>>
> >>>> Just out of interest, did you test to see if it *actually* worked?
> >>>>
> >>>> My configure output shows that dmg and xar are supported, but it
> doesn't actually detect the Eicar test file within a disk image.
> >>>>
> >>>> configure: Summary of engine detection features
> >>>>           autoit_ea06 : yes
> >>>>           bzip2       : ok
> >>>>           zlib        : /usr
> >>>>           unrar       : yes
> >>>>           dmg and xar : yes, from /usr
> >>>>
> >>>> When I create a new disk image, copy the Eicar test file in, and scan
> the dmg, it shows up as being clean.
> >>>>
> >>>> clamscan test.dmg
> >>>> test.dmg: OK
> >>>>
> >>>> ----------- SCAN SUMMARY -----------
> >>>> Known viruses: 3259558
> >>>> Engine version: 0.98.1
> >>>> Scanned directories: 0
> >>>> Scanned files: 1
> >>>> Infected files: 0
> >>>> Data scanned: 10.07 MB
> >>>> Data read: 10.02 MB (ratio 1.01:1)
> >>>> Time: 4.845 sec (0 m 4 s)
> >>>>
> >>>> Does this work as expected for anyone else?
> >>>>
> >>>> Mark
> >>>>
> >>>> On 10 Feb 2014, at 23:38, Rafael Ferreira <raf at uvasoftware.com
> <mailto:raf at uvasoftware.com>> wrote:
> >>>>
> >>>> That worked, thanks!
> >>>>
> >>>> On February 10, 2014 at 4:29:41 PM, Steven Morgan (
> smorgan at sourcefire.com<mailto:smorgan at sourcefire.com>) wrote:
> >>>>
> >>>> Rafael,
> >>>>
> >>>> Probably all you need to do install libxml&libxml2-dev, which is used
> by
> >>>> dmg and xar, then do your configure/make.
> >>>>
> >>>> Steve
> >>>>
> >>>>
> >>>> On Mon, Feb 10, 2014 at 6:05 PM, Rafael Ferreira <raf at uvasoftware.com
> <mailto:raf at uvasoftware.com>>wrote:
> >>>>
> >>>>
> >>>> Folks,
> >>>>
> >>>> I'm compiling clamav 0.98.1 on Linux (Ubuntu 12.04 LTS) and I'm not
> >>>> getting the new super awesome DMG and XAR file support:
> >>>>
> >>>> configure: Summary of detected features follows
> >>>> OS : linux-gnu
> >>>> pthreads : yes (-lpthread)
> >>>> configure: Summary of miscellaneous features
> >>>> check : no (auto)
> >>>> fanotify : yes
> >>>> fdpassing : 1
> >>>> IPv6 : yes
> >>>> configure: Summary of optional tools
> >>>> clamdtop : (auto)
> >>>> milter : yes (disabled)
> >>>> configure: Summary of engine performance features)
> >>>> release mode: yes
> >>>> jit : yes (auto)
> >>>> mempool : yes
> >>>> configure: Summary of engine detection features
> >>>> autoit_ea06 : yes
> >>>> bzip2 : ok
> >>>> zlib : /usr
> >>>> unrar : yes
> >>>> dmg and xar : no
> >>>>
> >>>> Am I missing a configure flag or third party library?
> >>>>
> >>>> Thanks in advance,
> >>>>
> >>>> - Rafael
> >>>>
> >>>> ----
> >>>> scanii.com<http://scanii.com> - the web friendly malware scanner!
> >>>> _______________________________________________
> >>>> http://lurker.clamav.net/list/clamav-devel.html
> >>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>>> _______________________________________________
> >>>> http://lurker.clamav.net/list/clamav-devel.html
> >>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>>> _______________________________________________
> >>>> http://lurker.clamav.net/list/clamav-devel.html
> >>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>>>
> >>>> _______________________________________________
> >>>> http://lurker.clamav.net/list/clamav-devel.html
> >>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>>>
> >>>> _______________________________________________
> >>>> http://lurker.clamav.net/list/clamav-devel.html
> >>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> http://lurker.clamav.net/list/clamav-devel.html
> >>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>>>
> >>>> _______________________________________________
> >>>> http://lurker.clamav.net/list/clamav-devel.html
> >>>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>>
> >>> _______________________________________________
> >>> http://lurker.clamav.net/list/clamav-devel.html
> >>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>
> >> _______________________________________________
> >> http://lurker.clamav.net/list/clamav-devel.html
> >> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >
> > _______________________________________________
> > http://lurker.clamav.net/list/clamav-devel.html
> > Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>


More information about the clamav-devel mailing list