[clamav-users] Daily 23161 broke Clam
Joel Esler (jesler)
jesler at cisco.com
Fri Mar 3 23:21:30 UTC 2017
If we required pcre 7, it would allow us to publish this kind of sig in the future of 99.3 and high versions by requiring a certain "flevel".
--
Sent from my iPhone
> On Mar 3, 2017, at 18:18, Chris Conn <cconn at abacom.com> wrote:
>
> Hello,
>
> Looks like my off-list email went on the list LOL. So much for not making noise. Woops.
>
> If the 0.99.3 or whatever later version where this would be implemented requires PCRE 7, would that break database updates for versions that have not upgraded if this pcre format is re-used in the future, or would it simply disable pcre support in previous version of clamd that have not been upgraded?
>
> Thanks,
>
> Chris
>
>> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
>> A new daily with the Sig dropped.
>>
>> Probably what we will do to prevent this from happening again, is to have 0.99.3 (the upcoming version) require pcre 7.
>>
>> How does that sound?
>>
>> --
>> Sent from my iPhone
>>
>>> On Mar 3, 2017, at 18:08, Chris Conn <cconn at abacom.com> wrote:
>>>
>>> Hello,
>>>
>>> I hope you don't mind my contact off-list, I don't want to make noise on it for all. Apologies.
>>>
>>> This new build, are we talking about a daily.cvd (23162?) or a new build of clam/pcre?
>>>
>>> Thanks again in advance for your help,
>>>
>>> Chris
>>>
>>>
>>>> On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
>>>> We are coming to the same conclusions.
>>>>
>>>> The issue seem to isolated to using pcre libraries older than 7.0. I does
>>>> not affect users of newer versions of pcre or users of pcre2.
>>>>
>>>> A new build with the fix is in progress now.
>>>>
>>>> Apologies for the impact this has caused.
>>>>
>>>> Alain
>>>>
>>>> On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
>>>> steveb_clamav at sanesecurity.com> wrote:
>>>>
>>>>>> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
>>>>>> We're pulling the signature causing the issue now, while we investigate
>>>>>> the cause.
>>>>>>
>>>>>> - Alain
>>>>> Hi Alain,
>>>>>
>>>>> I think the fix is... Replace ? with ?P when the PCRE library is old
>>>>>
>>>>> ie. ?< to ?P<
>>>>>
>>>>> On...
>>>>>
>>>>> Doc.Macro.GenericHeuristic-5901772-0
>>>>> Doc.Macro.GenericHeuristic-5931846-1
>>>>>
>>>>>
>>>>> --
>>>>> Cheers,
>>>>>
>>>>> Steve
>>>>> Twitter: @sanesecurity
>>>>>
>>>>> _______________________________________________
>>>>> clamav-users mailing list
>>>>> clamav-users at lists.clamav.net
>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>
>>>>>
>>>>> Help us build a comprehensive ClamAV guide:
>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>
>>>>> http://www.clamav.net/contact.html#ml
>>>>>
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users at lists.clamav.net
>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>
>>>>
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>>
>>>> http://www.clamav.net/contact.html#ml
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list