[Clamav-devel] clamav-devel 0.99.3 + OpenSSL 1.1.0

PGNet Dev pgnet.dev at gmail.com
Thu Mar 23 14:02:56 EDT 2017 

fyi.

building clamav-devel 0.99.3 branch head

	cd clamav-devel
	git log | head -n 10
		commit 7e83eea9a4c3be1ba24b7c44e10e9d9eea84e2d9
		Author: Steven Morgan <stevmorg at cisco.com>
		Date:   Mon Mar 20 14:56:34 2017 -0400

		    clamdoc version update.

		commit b2e3350bc201aee13dc3469eab3978be8fe6a3f3
		Author: Steven Morgan <stevmorg at cisco.com>
		Date:   Thu Mar 16 15:06:09 2017 -0400

on linux64 with openssl v110 locally installed

	openssl version
		OpenSSL 1.1.0e  16 Feb 2017
	pkg-config --libs --cflags openssl
		-I/usr/local/openssl11/include -L/usr/local/openssl11/lib64 -lssl -lcrypto

for this env

	export SSL11_LIBS= -lssl -lcrypto
	export SSL11_CFLAGS= -I/usr/local/openssl11/include
	export SSL11_INCLUDES= -I/usr/local/openssl11/include
	export SSL11_LDFLAGS= -L/usr/local/openssl11/lib64  -Wl,-rpath,/usr/local/openssl11/lib64

referencing this patch for 0.99.2

	https://github.com/patch-exchange/openssl-1.1-transition/blob/master/clamav/clamav-0.99.2-openssl-1.1.patch

as a basis for building this patch  (NOTE the 'manual', non-conditional fix for lib64 rpaths in openssl.m4),

	cat clamav-0.99.3-test-openssl-1.1.patch
		diff -ur clamav-devel.ORIG/libclamav/crypto.c clamav-devel/libclamav/crypto.c
		--- clamav-devel.ORIG/libclamav/crypto.c	2017-03-23 10:20:29.590645016 -0700
		+++ clamav-devel/libclamav/crypto.c	2017-03-23 10:18:15.455247547 -0700
		@@ -36,6 +36,7 @@
		 #include "clamav-config.h"
		 #endif

		+#include <openssl/ssl.h>
		 #include <stdio.h>
		 #include <stdlib.h>
		 #include <string.h>
		@@ -120,19 +121,13 @@

		 int cl_initialize_crypto(void)
		 {
		-    SSL_load_error_strings();
		-    SSL_library_init();
		-    OpenSSL_add_all_digests();
		-    OpenSSL_add_all_algorithms();
		-    OpenSSL_add_all_ciphers();
		-    ERR_load_crypto_strings();
		-
		+    OPENSSL_init_ssl(0, NULL);
		     return 0;
		 }

		 void cl_cleanup_crypto(void)
		 {
		-    EVP_cleanup();
		+    return 0;
		 }

		 unsigned char *cl_hash_data(char *alg, const void *buf, size_t len, unsigned char *obuf, unsigned int *olen)
		@@ -1111,7 +1106,7 @@
		     if ((x)) {
			ASN1_TIME *tme;

		-	tme = X509_CRL_get_nextUpdate(x);
		+	tme = X509_CRL_get0_nextUpdate(x);
			if (!tme || X509_cmp_current_time(tme) < 0) {
				X509_CRL_free(x);
				return NULL;
		diff -ur clamav-devel.ORIG/m4/reorganization/libs/openssl.m4 clamav-devel/m4/reorganization/libs/openssl.m4
		--- clamav-devel.ORIG/m4/reorganization/libs/openssl.m4	2017-03-23 10:20:29.606644944 -0700
		+++ clamav-devel/m4/reorganization/libs/openssl.m4	2017-03-23 09:54:07.397505020 -0700
		@@ -30,9 +30,9 @@
		 LIBS="$LIBS $SSL_LIBS"

		 if test "$LIBSSL_HOME" != "/usr"; then
		-    SSL_LDFLAGS="-L$LIBSSL_HOME/lib"
		-    SSL_CPPFLAGS="-I$LIBSSL_HOME/include"
		-    LDFLAGS="-L$LIBSSL_HOME/lib"
		+    SSL_LDFLAGS="$SSL11_LDFLAGS"
		+    SSL_CPPFLAGS="$SSL_INCLUDES"
		+    LDFLAGS="$SSL11_LDFLAGS"
		     CFLAGS="$SSL_CPPFLAGS"
		 else
		     SSL_LDFLAGS=""
		@@ -44,7 +44,7 @@

		 AC_LINK_IFELSE(
			       [AC_LANG_PROGRAM([[#include <openssl/ssl.h>]],
		-				[[SSL_library_init();]])],
		+				[[OPENSSL_init_ssl(0, NULL);]])],
			       [have_ssl="yes";],
			       [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])])

applying

	patch -p1 < ../clamav-0.99.3-test-openssl-1.1.patch

reconfig

	export LDFLAGS=" ${SSL11_LDFLAGS}"
	export CFLAGS+=" ${SSL11_CFLAGS}"
	export LIBS="${SSL11_LIBS}"
	export CPPFLAGS=" ${SSL11_INCLUDES}"

	autoreconf -vif

	./configure \
	--disable-debug \
	--prefix=/usr/local \
	--libdir=/usr/local/lib64 \
	--enable-rpath \
	--enable-shared --disable-static \
	--enable-clamav \
	--enable-clamdtop \
	--enable-libfreshclam \
	--enable-milter \
	--with-openssl=/usr/local/openssl11 \
	...

then build

	make V=1 -j4
	make install

completes OK, bins linked against openssl v110 libs,

	ldd `which clamdscan` `which clamd` | egrep "ssl|crypto"
		libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007fbda5a85000)
		libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007fbda55dc000)
		libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007f08b5a00000)
		libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007f08b5557000)

freshclam works

	freshclam -v --config-file=/usr/local/etc/clamav/freshclam.conf

	ls -al /var/lib/clamav
		drwxrwxrwx   2 clamav clamav 4.0K Feb 27 12:56 ./
		drwxr-xr-x 119 root    root    4.0K Feb 27 08:48 ../
		-rw-r--r--   1 clamav clamav 102K Feb 27 12:56 bytecode.cvd
		-rw-r--r--   1 clamav clamav  39M Feb 27 12:55 daily.cvd
		-rw-r--r--   1 clamav clamav 105M Feb 27 12:55 main.cvd
		-rw-------   1 clamav clamav  156 Feb 27 12:56 mirrors.dat
		-rw-r--r--   1 clamav clamav  47M Feb 27 12:56 safebrowsing.cvd

daemons start

	systemctl start freshclam-custom.service
	systemctl start clamd-custom.service

exec looks ok

	clamdscan --version
		ClamAV 0.99.3-beta1/23230/Thu Mar 23 05:28:56 2017

	clamscan -d /var/lib/clamav
		...
		----------- SCAN SUMMARY -----------
		Known viruses: 9027416
		Engine version: 0.99.3-beta1
		Scanned directories: 1
		Scanned files: 41
		Infected files: 0
		Data scanned: 0.61 MB
		Data read: 0.33 MB (ratio 1.82:1)
		Time: 20.842 sec (0 m 20 s)

	clamdscan /usr/local/scripts/TEST/eicar.com.txt
		/usr/local/scripts/TEST/eicar.com.txt: Eicar-Test-Signature FOUND

		----------- SCAN SUMMARY -----------
		Infected files: 1
		Time: 0.002 sec (0 m 0 s)


not yet ready for pull request, but works -- so far -- as a 1st step here.

More information about the clamav-devel mailing list