[clamav-users] [ext] ClamAV 1.0.0 release candidate now available

Micah Snyder (micasnyd) micasnyd at cisco.com
Wed Nov 2 17:53:39 UTC 2022 

Hi Andrew,

> Should cli_cvdverify() even be used to verify .cld files ?

Indeed, it should not.

Here is my PR to fix the issue.  Are you able to try it out to help verify it resolves the issue on your end?
https://github.com/Cisco-Talos/clamav/pull/740
[https://opengraph.githubassets.com/fe53b48c8ddd353921519a3075391788df3c30af039e250ba6728bbf35776e86/Cisco-Talos/clamav/pull/740]<https://github.com/Cisco-Talos/clamav/pull/740>
Clam 2167 freshclam cld incremental update by micahsnyder · Pull Request #740 · Cisco-Talos/clamav<https://github.com/Cisco-Talos/clamav/pull/740>
Freshclam: fix incremental update on CLD database When adding the cl_cvdunpack() API that (optionally) verifies the database signature, we used it in libfreshclam in a place where it may also unpac...
github.com

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

________________________________
From: Andrew C Aitchison <andrew at aitchison.me.uk>
Sent: Wednesday, November 2, 2022 8:40 AM
To: Micah Snyder (micasnyd) <micasnyd at cisco.com>
Cc: ClamAV users ML <clamav-users at lists.clamav.net>; Andrew C Aitchison <clamav at aitchison.me.uk>
Subject: Re: [clamav-users] [ext] ClamAV 1.0.0 release candidate now available

On Tue, 1 Nov 2022, Micah Snyder (micasnyd) wrote:

> Oh I see! It is on the second incremental update that the failure occurs -- when the CLD is unpacked to be updated. That should be a very easy fix.
>
> If you can help test it, I will share something as soon as it is ready.

I think I have found the problem.

These .cld files have headers like

ClamAV-VDB:01 Nov 2022 03-52 -0400:26706:2009713:90:X:X:raynman:1667289154

with X in place of both the MD5 and the Digital signature
so cli_cvdverify() has nothing to match and thus fails.

Do *downloaded* .cld files (as opposed to updated and repacked files)
have MD5 and the Digital signature ?

Should cli_cvdverify() even be used to verify .cld files ?

--
Andrew C. Aitchison                      Kendal, UK
                    andrew at aitchison.me.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20221102/d2eb6214/attachment.htm>

More information about the clamav-users mailing list