[clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Mark Fortescue mark.lists at thurning-instruments.co.uk
Wed Jul 28 18:10:21 UTC 2021 

Hi All,

I have found a bug that will cause issues for 32bit builds and maybe 
some 64bit builds.

On all three of my OS (2 x x86_64 and one x86) tested, CMake is not 
setting DEFINE_SF64_PREFIX used in clamav-types.h.in.
This breaks the build on one x86_64 OS and may cause issues on the x86 
OS with 64bit numbers.

Any ideas on how to implement a quick fix ?

Regards
	Mark.

On 28/07/21 01:14, Mark Fortescue wrote:
> Hi again,
>
> I needed to read all of the INSTALL.md file not just the top bit.
>
> Got the cmake build to work and the binaries test OK.
>
> Not as user friendly as configure scripts when you are doing something
> different. The big advantage of the configure script is that it can be
> tweaked when it gets something wrong or at least opened in an editor to
> see what it is actually doing. Not sure where to start if cmake does not
> do what it is meant to do.
>
> Regards
>      Mark.
>
> On 28/07/2021 00:14, Mark Fortescue via clamav-users wrote:
>> Hi all,
>>
>> I have two curl installations. One is not suitable for clamav (the
>> system installed version).
>>
>> How do I force cmake to pick up the correct library as it is always
>> picking up the system library not the one in /usr/local/clamav/lib.
>>
>> In order to move to cmake it would be useful to have a conversion from
>> all the configure script options to there cmake equivalents. Is there
>> a way of getting cmake to display all the variables that can be set
>> (equivalent to ./configure --help) ?
>>
>> Regards
>>      Mark.
>>
>> On 22/07/2021 17:18, Joel Esler (jesler) via clamav-users wrote:
>>>
>>>>
>>>> https://blog.clamav.net/2021/07/clamav-01040-release-candidate-is-here.html
>>>>
>>>>
>>>>
>>>>   ClamAV 0.104.0 Release Candidate is here!
>>>>
>>>> We are pleased to announce the ClamAV 0.104.0 release candidate
>>>> <https://www.clamav.net/downloads>.
>>>>
>>>> Please help us validate this release. We need your feedback, so let
>>>> us know what you find and join us on the ClamAV mailing list
>>>> <https://lists.clamav.net/mailman/listinfo/clamav-users>, or on our
>>>> Discord <https://discord.gg/sGaxA5Q>, which is bridged with our IRC.
>>>>
>>>> This release candidate phase is only expected to last about two to
>>>> four weeks before the 0.104.0 Stable version will be published. Take
>>>> this opportunity to verify that you 0.104.0 can build and run in
>>>> your environment.
>>>>
>>>> Please submit bug reports to the ClamAV project GitHub Issues
>>>> <https://github.com/Cisco-Talos/clamav/issues>.
>>>>
>>>> ClamAV 0.104.0 includes the following improvements and changes.
>>>>
>>>>
>>>> <https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#new-requirements>
>>>>
>>>>
>>>>
>>>>       New Requirements
>>>>
>>>>  *
>>>>
>>>>     As of ClamAV 0.104, CMake is required to build ClamAV.
>>>>
>>>>   * We have added comprehensive build instructions for using CMake to
>>>>     the new |INSTALL.md| file. The online documentation will also be
>>>>     updated to include CMake build instructions.
>>>>   * The Autotools and the Visual Studio build systems have been
>>>> removed.
>>>>
>>>>
>>>> <https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#major-changes>
>>>>
>>>>
>>>>
>>>>       Major changes
>>>>
>>>>  *
>>>>
>>>>     The built-in LLVM for the bytecode runtime has been removed.
>>>>
>>>>   * The bytecode interpreter is the default runtime for bytecode
>>>>     signatures just as it was in ClamAV 0.103.
>>>>   * We wished to add support for newer versions of LLVM, but ran out
>>>>     of time. If you're building ClamAV from source and you wish to use
>>>>     LLVM instead of the bytecode interpreter, you will need to supply
>>>>     the development libraries for LLVM version 3.6.2. See |INSTALL.md|
>>>>     to learn more.
>>>>  *
>>>>
>>>>     There are now official ClamAV images on Docker Hub.
>>>>
>>>>       o /Note/: Until ClamAV 0.104.0 is released, these images are
>>>>         limited to "unstable" versions, which are updated daily with
>>>>         the latest changes in the default branch on GitHub.
>>>>
>>>> You can find the images on Docker Hub under |clamav|
>>>> <https://hub.docker.com/r/clamav/clamav>.
>>>>
>>>> Docker Hub ClamAV tags:
>>>>
>>>>  *
>>>>
>>>>     |clamav/clamav:<version>|: A release preloaded with signature
>>>>     databases.
>>>>
>>>>     Using this container will save the ClamAV project some bandwidth.
>>>>     Use this if you will keep the image around so that you don't
>>>>     download the entire database set every time you start a new
>>>>     container. Updating with FreshClam from the existing databases set
>>>>     does not use much data.
>>>>
>>>>  *
>>>>
>>>>     |clamav/clamav:<version>_base|: A release with no signature
>>>> databases.
>>>>
>>>>     Use this container *only* if you mount a volume in your container
>>>>     under |/var/lib/clamav| to persist your signature database
>>>>     databases. This method is the best option because it will reduce
>>>>     data costs for ClamAV and for the Docker registry, but it does
>>>>     require advanced familiarity with Linux and Docker.
>>>>
>>>>         /Caution/: Using this image without mounting an existing
>>>>         database directory will cause FreshClam to download the entire
>>>>         database set each time you start a new container.
>>>>
>>>> You can use the |unstable| version (i.e. |clamav/clamav:unstable| or
>>>> |clamav/clamav:unstable_base|) to try the latest from our
>>>> development branch.
>>>>
>>>> Please, be kind when using "free" bandwidth for the virus databases
>>>> and Docker registry. Try not to download the entire database set or
>>>> the larger ClamAV database images on a regular basis.
>>>>
>>>> For more details, see the ClamAV Docker documentation
>>>> <https://docs.clamav.net/manual/Installing/Docker.html>.
>>>>
>>>> Special thanks to Olliver Schinagl for his excellent work creating
>>>> ClamAV's new Docker files, image database deployment tooling, and
>>>> user documentation.
>>>>
>>>>  *
>>>>
>>>>     |clamd| and |freshclam| are now available as Windows services. To
>>>>     install and run them, use the |--install-service| option and |net
>>>>     start [name]| command.
>>>>
>>>>     Special thanks to Gianluigi Tiesi for his original work on this
>>>>     feature.
>>>>
>>>>
>>>> <https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#notable-changes>
>>>>
>>>>
>>>>
>>>>       Notable changes
>>>>
>>>> We added these features in 0.103.1 but wanted to re-post them here,
>>>> as patch versions do not generally introduce new options:
>>>>
>>>>  *
>>>>
>>>>     Added a new scan option to alert on broken media (graphics) file
>>>>     formats. This feature mitigates the risk of malformed media files
>>>>     intended to exploit vulnerabilities in other software. Currently,
>>>>     media validation exists for JPEG, TIFF, PNG, and GIF files. To
>>>>     enable this feature, set |AlertBrokenMedia yes| in clamd.conf, or
>>>>     use the |--alert-broken-media| option when using |clamscan|. These
>>>>     options are disabled by default in this patch, but may be enabled
>>>>     in a subsequent release. Application developers may enable this
>>>>     scan option by enabling |CL_SCAN_HEURISTIC_BROKEN_MEDIA| for the
>>>>     |heuristic| scan option bit field.
>>>>
>>>>  *
>>>>
>>>>     Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and PNG typing
>>>>     behavior. BMP and JPEG 2000 files will continue to detect as
>>>>     CL_TYPE_GRAPHICS because ClamAV does not have BMP or JPEG 2000
>>>>     format-checking capabilities.
>>>>
>>>>  *
>>>>
>>>>     Added progress callbacks to libclamav for:
>>>>
>>>>       o database load: |cl_engine_set_clcb_sigload_progress()|
>>>>       o engine compile: |cl_engine_set_clcb_engine_compile_progress()|
>>>>       o engine free: |cl_engine_set_clcb_engine_free_progress()|
>>>>
>>>>     These new callbacks enable an application to monitor and estimate
>>>>     load, compile and unload progress. See |clamav.h| for API details.
>>>>
>>>>  *
>>>>
>>>>     Added progress bars to ClamScan for the signature load and engine
>>>>     compile steps before a scan begins. The startup progress bars
>>>>     won't be enabled if ClamScan isn't running in a terminal (i.e. if
>>>>     stdout is not a TTY), or if any of these options are used:
>>>>
>>>>       o |--debug|
>>>>       o |--quiet|
>>>>       o |--infected|
>>>>       o |--no-summary|
>>>>
>>>>
>>>> <https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#other-improvements>
>>>>
>>>>
>>>>
>>>>       Other improvements
>>>>
>>>>  *
>>>>
>>>>     Added the |%f| format string option to the ClamD VirusEvent
>>>>     feature to insert the file path of the scan target when a virus
>>>>     event occurs. This supplements the VirusEvent |%v| option that
>>>>     prints the signature (virus) name. The ClamD VirusEvent feature
>>>>     also provides two environment variables,
>>>>     |$CLAM_VIRUSEVENT_FILENAME| and |$CLAM_VIRUSEVENT_VIRUSNAME| for a
>>>>     similar effect. This fix comes courtesy of Vasile Papp.
>>>>
>>>>  *
>>>>
>>>>     Improvements to the AutoIt extraction module. Patch courtesy of
>>>> cw2k.
>>>>
>>>>  *
>>>>
>>>>     Added support for extracting images from Excel *.xls (OLE2)
>>>> documents.
>>>>
>>>>  *
>>>>
>>>>     Trusted SHA256-based Authenticode hashes can now be loaded in from
>>>>     *.cat files. See our Authenticode documentation
>>>>     <https://docs.clamav.net/appendix/Authenticode.html> for more info
>>>>     about using *.cat files with *.crb rules to trust signed Windows
>>>>     executables.
>>>>
>>>>
>>>> <https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#bug-fixes>
>>>>
>>>>
>>>>
>>>>       Bug fixes
>>>>
>>>>  *
>>>>
>>>>     Fixed a memory leak affecting logical signatures that use the
>>>>     "byte compare" feature. Patch courtesy of Andrea De Pasquale.
>>>>
>>>>  *
>>>>
>>>>     Fixed bytecode match evaluation for PDF bytecode hooks in PDF file
>>>>     scans.
>>>>
>>>>  *
>>>>
>>>>     Other minor bug fixes.
>>>>
>>>>
>>>> <https://github.com/Cisco-Talos/clamav/blob/dev/0.104/NEWS.md#acknowledgements>
>>>>
>>>>
>>>>
>>>>       Acknowledgments
>>>>
>>>> The ClamAV team thanks the following individuals for their code
>>>> submissions:
>>>>
>>>>   * Alexander Golovach
>>>>   * Andrea De Pasquale
>>>>   * Andrew Williams
>>>>   * Armin Kuster
>>>>   * Brian Bergstrand
>>>>   * cw2k
>>>>   * Duane Waddle
>>>>   * Gianluigi Tiesi
>>>>   * Jonas Zaddach
>>>>   * Kenneth Hau
>>>>   * Markus Strehle
>>>>   * Olliver Schinagl
>>>>   * Orion Poplawski
>>>>   * Sergey Valentey
>>>>   * Sven Rueß
>>>>   * Tom Briden
>>>>   * Vasile Papp
>>>>   * Yasuhiro Kimura
>>>
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list