[clamav-users] Daily 23161 broke Clam

Chris Conn cconn at abacom.com
Sat Mar 4 00:04:03 UTC 2017 

Hello,

Insist :)  Well, its considered bad practice to upgrade packages 
independently on a RH-based system where dependancies break. Security 
fixes are back-ported to older versions to preserve versioning an 
compatibility.  Thats a Redhat feature I agree, and RHEL5 will be EOL in 
28 days, so perhaps that point will be moot on April 1 2017.

So insisting on upgrading libraries on a .rpm system in a scenario where 
the distro is not EOL'ed is probably not what the general userbase of 
those distros will be able/willing to perform.   This particular case 
has less weight since the distro is about to go out of support from the 
vendor, however that doesn't mean there won't be anyone still using it.  
I guess once its out of support its not all that hard to start breaking 
package dependancies since there will be no upgrades (although, there is 
an additional "extended life phase" that RHEL5 systems can obtain, so 
the April 1st date is not necessarily accurate).

Your favorite distro probably handles this versioning better than RH does.

Chris

On 3/3/2017 6:53 PM, Scott Kitterman wrote:
> As far as I can tell, pcre 7 came out before 2008.  I think a decade is enough
> time to insist people upgrade.
>
> Scott K
>
> On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote:
>> If we required pcre 7, it would allow us to publish this kind of sig in the
>> future of 99.3 and high versions by requiring a certain "flevel".
>>
>> --
>> Sent from my iPhone
>>
>>> On Mar 3, 2017, at 18:18, Chris Conn <cconn at abacom.com> wrote:
>>>
>>> Hello,
>>>
>>> Looks like my off-list email went on the list LOL.  So much for not making
>>> noise.  Woops.
>>>
>>> If the 0.99.3 or whatever later version where this would be implemented
>>> requires PCRE 7, would that break database updates for versions that have
>>> not upgraded if this pcre format is re-used in the future, or would it
>>> simply disable pcre support in previous version of clamd that have not
>>> been upgraded?
>>>
>>> Thanks,
>>>
>>> Chris
>>>
>>>> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
>>>> A new daily with the Sig dropped.
>>>>
>>>> Probably what we will do to prevent this from happening again, is to have
>>>> 0.99.3 (the upcoming version) require pcre 7.
>>>>
>>>> How does that sound?
>>>>
>>>> --
>>>> Sent from my iPhone
>>>>
>>>>> On Mar 3, 2017, at 18:08, Chris Conn <cconn at abacom.com> wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I hope you don't mind my contact off-list, I don't want to make noise on
>>>>> it for all.  Apologies.
>>>>>
>>>>> This new build, are we talking about a daily.cvd (23162?) or a new build
>>>>> of clam/pcre?
>>>>>
>>>>> Thanks again in advance for your help,
>>>>>
>>>>> Chris
>>>>>
>>>>>> On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
>>>>>> We are coming to the same conclusions.
>>>>>>
>>>>>> The issue seem to isolated to using pcre libraries older than 7.0. I
>>>>>> does
>>>>>> not affect users of newer versions of pcre or users of pcre2.
>>>>>>
>>>>>> A new build with the fix is in progress now.
>>>>>>
>>>>>> Apologies for the impact this has caused.
>>>>>>
>>>>>> Alain
>>>>>>
>>>>>> On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
>>>>>>
>>>>>> steveb_clamav at sanesecurity.com> wrote:
>>>>>>>> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
>>>>>>>> We're pulling the signature causing the issue now, while we
>>>>>>>> investigate
>>>>>>>> the cause.
>>>>>>>>
>>>>>>>> - Alain
>>>>>>> Hi Alain,
>>>>>>>
>>>>>>> I think the fix is... Replace ? with ?P  when the PCRE library is old
>>>>>>>
>>>>>>> ie.  ?< to ?P<
>>>>>>>
>>>>>>> On...
>>>>>>>
>>>>>>> Doc.Macro.GenericHeuristic-5901772-0
>>>>>>> Doc.Macro.GenericHeuristic-5931846-1
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Steve
>>>>>>> Twitter: @sanesecurity
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> clamav-users mailing list
>>>>>>> clamav-users at lists.clamav.net
>>>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>>>
>>>>>>>
>>>>>>> Help us build a comprehensive ClamAV guide:
>>>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>>>
>>>>>>> http://www.clamav.net/contact.html#ml
>>>>>> _______________________________________________
>>>>>> clamav-users mailing list
>>>>>> clamav-users at lists.clamav.net
>>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>>
>>>>>>
>>>>>> Help us build a comprehensive ClamAV guide:
>>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>>
>>>>>> http://www.clamav.net/contact.html#ml
>>>>> _______________________________________________
>>>>> clamav-users mailing list
>>>>> clamav-users at lists.clamav.net
>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>
>>>>>
>>>>> Help us build a comprehensive ClamAV guide:
>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>
>>>>> http://www.clamav.net/contact.html#ml
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users at lists.clamav.net
>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>
>>>>
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>>
>>>> http://www.clamav.net/contact.html#ml
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list