[clamav-users] Question about LibClamAV

Reindl Harald h.reindl at thelounge.net
Mon Apr 17 09:20:10 EDT 2017

Am 17.04.2017 um 15:10 schrieb crazy thinker:
> @reidnl
> admin-macbookPro-2:clamav-devel-0.99.2 tringappsinc$ grep -ir "This file
> was created by ClamAV for internal use and should not be run"  .
> how that info added into .dylib files.. even though signle source file of
> ClamAV doesn't have that pattern.. how clamAV development  team  adding
> this info to their library.. could you have any idea on this?

i don't care nor i am a clamav developer but i get annoyed when people 
grep around in binary files and flood users lists whith things nobody 
normally cares about


> On 17 April 2017 at 18:25, Reindl Harald <h.reindl at thelounge.net> wrote:
>> Am 17.04.2017 um 14:36 schrieb crazy thinker:
>>> Hi ClamAV Developers, Users
>>> Sorry.. i missed proper info in my previous mail thread.. please find
>>> correct info  below
>>> I have compiled the ClamAV source code  on Mac OS X and  investigating
>>> libclamav.dylib and libclamav.7.dylib internal files information for  my
>>> curiousity.. Surprisingly   i got below info when i ran grep  with some
>>> pattern
>>> *admin-macbookPro-2:clamav-devel-0.99.2 tringappsinc$ grep -ir "This file
>>> was created by ClamAV for internal use and should not be run"*
>>> *Binary file ./libclamav/.libs/libclamav.7.dylib matches*
>>> *Binary file ./libclamav/.libs/libclamav.dylib matches*
>>> *Binary file ./libclamav/.libs/libclamav_la-rebuildpe.o matches*
>>> *Binary file ./libclamav/.libs/libclamav_la-upx.o matches*
>>> i still don't understand why those above binary files contains that
>>> pattern(that i mentioned above) even though   single source file of ClamAV
>>> Codebase doesn't have that kind of pattern . From where this pattern
>>> appending to .dylib files.?
>>> i am so curious to understand things behind it. is there any logic ClamV
>>> Internally using?
>> because it's not meant as library for 3rd party tools because it's
>> internal signatures can change at every point in time, well, because it's
>> not intended as public  interface?
>> when you provide something below /usr/lib[64]/ it's intended that it is
>> used by third party software for linking and hence you have to maintain
>> compatibility and versioning to not break them by remove unused functions
>> or params or whatever breaks linked applications
>> this is *not* clamav specific and obvious

More information about the clamav-users mailing list