[clamav-users] Question about LibClamAV

Reindl Harald h.reindl at thelounge.net
Mon Apr 17 09:20:10 EDT 2017



Am 17.04.2017 um 15:10 schrieb crazy thinker:
> @reidnl
> 
> admin-macbookPro-2:clamav-devel-0.99.2 tringappsinc$ grep -ir "This file
> was created by ClamAV for internal use and should not be run"  .
> 
> how that info added into .dylib files.. even though signle source file of
> ClamAV doesn't have that pattern.. how clamAV development  team  adding
> this info to their library.. could you have any idea on this?

i don't care nor i am a clamav developer but i get annoyed when people 
grep around in binary files and flood users lists whith things nobody 
normally cares about

http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

> On 17 April 2017 at 18:25, Reindl Harald <h.reindl at thelounge.net> wrote:
> 
>>
>>
>> Am 17.04.2017 um 14:36 schrieb crazy thinker:
>>
>>> Hi ClamAV Developers, Users
>>>
>>> Sorry.. i missed proper info in my previous mail thread.. please find
>>> correct info  below
>>>
>>> I have compiled the ClamAV source code  on Mac OS X and  investigating
>>> libclamav.dylib and libclamav.7.dylib internal files information for  my
>>> curiousity.. Surprisingly   i got below info when i ran grep  with some
>>> pattern
>>> *admin-macbookPro-2:clamav-devel-0.99.2 tringappsinc$ grep -ir "This file
>>> was created by ClamAV for internal use and should not be run"*
>>>
>>> *Binary file ./libclamav/.libs/libclamav.7.dylib matches*
>>>
>>> *Binary file ./libclamav/.libs/libclamav.dylib matches*
>>>
>>> *Binary file ./libclamav/.libs/libclamav_la-rebuildpe.o matches*
>>>
>>> *Binary file ./libclamav/.libs/libclamav_la-upx.o matches*
>>>
>>> i still don't understand why those above binary files contains that
>>> pattern(that i mentioned above) even though   single source file of ClamAV
>>> Codebase doesn't have that kind of pattern . From where this pattern
>>> appending to .dylib files.?
>>>
>>> i am so curious to understand things behind it. is there any logic ClamV
>>> Internally using?
>>>
>> because it's not meant as library for 3rd party tools because it's
>> internal signatures can change at every point in time, well, because it's
>> not intended as public  interface?
>>
>> when you provide something below /usr/lib[64]/ it's intended that it is
>> used by third party software for linking and hence you have to maintain
>> compatibility and versioning to not break them by remove unused functions
>> or params or whatever breaks linked applications
>>
>> this is *not* clamav specific and obvious




More information about the clamav-users mailing list