From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: Re: [Clamav-announce] =?utf-8?q?ClamAV=C2=AE?= blog: ClamAV 0.104.0 released Date: Sat, 04 Sep 2021 15:07:02 +0200 Message-ID: <002f9024-a0cb-2742-93ed-7a3e44a83ea8@ipfire.org> In-Reply-To: <93151ACE-7569-4DAB-8D2C-1DED33B54373@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4131037251115706536==" List-Id: --===============4131037251115706536== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, On 04.09.2021 13:38, Michael Tremer wrote: > Hello, >=20 >> On 4 Sep 2021, at 04:58, Matthias Fischer = wrote: >>=20 >> Hi all, >>=20 >> On 03.09.2021 18:36, Stefan Schantl wrote: >>> Hello Michael, Hello Matthias, Hello list, >>>> Hello everyone, >>>>=20 >>>> I just received this announcement that clamav 0.104.0 has been >>>> released. >>>>=20 >>>> The interesting things for us are the changes in the build system: >>>>=20 >>>> * It now requires cmake which isn=E2=80=99t a problem >>=20 >> Yep. Done. >> I already did a few - early tests with 'clamav 0.104-rc. I'm still not >> 100% sure about the needed options, but it builds (see attached lfs-file). >>=20 >>>> * It now requires LLVM which we don=E2=80=99t have >>>>=20 >>>> LLVM is probably going to be large, but Stefan has already played >>>> around with it and we might be able to merge his patches. So, Stefan, >>>> could you please post them? I suppose Matthias is the de-facto >>>> maintainer of clamav. You will need to merge these patches locally to >>>> see if clamav is happy with what Stefan has built. >>>=20 >>> I've created and pushed a new LLVM git branch in my personal git >>> repository, which builds the LLVM compiler suite. >>>=20 >>> https://git.ipfire.org/?p=3Dpeople/stevee/ipfire-2.x.git;a=3Dshortlog;h= =3Drefs/heads/llvm >>>=20 >>> I hope this will do the trick with the new clamav version. >>=20 >> I'm not sure at this point. >>=20 >> I think we need to add something like "-D BYTECODE_RUNTIME=3D"llvm" \" for >> building 'clamav'. >>=20 >> Stefan provided the current 'llvm 12.0.1'. Thanks again! >>=20 >> But the clamav announcement - please read below - says: >> "We hoped to add support for newer versions of LLVM, but ran out of >> time. If you're building ClamAV from source and you wish to use LLVM >> instead of the bytecode interpreter, you will need to supply the >> development libraries for LLVM version 3.6.2." Done. Building with 'llvm 3.6.2' and 'cfe[!]-3.6.2' crashed. I had to remove some 'llvm' options in lfs (AMDGPU and BPF), and downloaded 'cfe 3.6.2' to test the whole '3.6.2' bundle. But nevertheless, 'llvm 3.6.2' build did stop with a 'ninja' error. I didn't investigate this further, it already took some time... > This is outrageous. ClamAV is owned by Cisco, a multi-billion dollar compan= y that cannot afford to do things right. I hope they have a different strateg= y for their other products. ACK. > LLVM 3.6.2 was released in 2015 (https://releases.llvm.org). This is a 6 ye= ar old release that is no longer maintained and I suppose many bugs and secur= ity issues have been fixed in the meantime. ACK. >> First build - *without* BYTECODE_RUNTIME=3D"llvm" - seems to build ok, >> next I'll test building *with* this option. I'm just a bit puzzled if I >> should use 12.0.1 or 3.6.2. The latter is a bit old(!?). Or do I miss >> something? >=20 > If it won=E2=80=99t build with recent releases we are facing the question w= hether we want to ship old and outdated software that nobody cares for any mo= re and disable the functionality altogether. What is better? Not scanning cer= tain signatures, or exposing the firewall to being exploited through its viru= s scanner? >=20 > I vote for disabling the bytecode runtime. +1 Devel is running. I'll test with "-D BYTECODE_RUNTIME=3D"none" \" - *without* 'llvm' and 'clang' as I did in my first builds. Would this be sufficient? Addendum: In the meantime I tested with "-D BYTECODE_RUNTIME=3D"interpreter" - this is building, too. But I have not yet tested these builds productively with a clean build respectively. And I'm not sure which one to prefer!? Best, Matthias >> And since the 'llvm' rootfile is quite large: does anyone have an idea >> what llvm-parts (/usr/bin/...? /usr/lib/...?) are needed (see attachment). >=20 > Probably some libraries which we could have seen by checking what clamav is= linked against (with lld). But that is a kind of moot question now :) >=20 > Thank you for investigating this. >=20 > -Michael >=20 >> Best, >> Matthias >>=20 >>> Best regards, >>>=20 >>> -Stefan >>>=20 >>>>=20 >>>> This will be an interesting project :) >>=20 >> I think so... ;-) >>=20 >>>> -Michael >>>>=20 >>>>> Begin forwarded message: >>>>>=20 >>>>> From: "Joel Esler (jesler)" >>>>> Subject: [Clamav-announce] ClamAV=C2=AE blog: ClamAV 0.104.0 released >>>>> Date: 3 September 2021 at 16:51:29 BST >>>>> To: "ClamAV-announce(a)lists.clamav.net" < >>>>> ClamAV-announce(a)lists.clamav.net>, "clamav-users(a)lists.clamav.net" >>>>> >>>>> Reply-To: noreply(a)clamav.net >>>>>=20 >>>>>=20 >>>>>>=20 >>>>>> https://blog.clamav.net/2021/09/clamav-01040-released.html >>>>>>=20 >>>>>> ClamAV 0.104.0 releasedClamAV 0.104.0 is available as an official >>>>>> release as of today. >>>>>> We are also announcing a new Long Term Support (LTS) program >>>>>> today in an update to our End-of-Life (EOL) policy. The LTS will >>>>>> start retroactively with ClamAV 0.103, the previous feature >>>>>> release. This new LTS policy extends the life of 0.103 up through >>>>>> September 2023 and will facilitate the production of more >>>>>> frequent feature releases while enabling users to rely on a >>>>>> supported version for years to come if they cannot keep pace with >>>>>> the feature release cadence. For full details about the Long Term >>>>>> Support program, you can see the LTS announcement blog post and >>>>>> review the LTS policy in our online documentation. >>>>>> We're also introducing new install packages to make it easier for >>>>>> folks to upgrade without having to build ClamAV from source and >>>>>> without having to wait for a community volunteer to package the >>>>>> latest release. You can find the new install packages on the >>>>>> ClamAV.net Downloads Page. >>>>>> Today you can find: >>>>>> * x86_64 and i686 RPM packages compatible with RPM-based Linux >>>>>> distributions running glibc version 2.17 or newer. >>>>>> * x86_64 and i686 DEB packages compatible with Debian-based >>>>>> Linux distributions running glibc version 2.23 or newer. >>>>>> * An x86_64/ARM64 macOS installer package is compatible with >>>>>> Intel and Apple M1 systems. >>>>>> * x64 and win32 Windows packages are compatible with Windows 7 >>>>>> and newer. >>>>>> In the future, we hope to supplement these with ARM64 Linux DEB >>>>>> and RPM packages and an x86_64 FreeBSD package. >>>>>> Please note that you may find installations in this release >>>>>> require more manual configuration than when using a preconfigured >>>>>> package provided by a Linux or Unix distribution. See our >>>>>> installation instructions on clamav.net for more information. >>>>>> ClamAV 0.104.0 includes the following improvements and changes. >>>>>>=20 >>>>>> New Requirements * As of ClamAV 0.104, CMake is required to build >>>>>> ClamAV.We have added comprehensive build instructions for using >>>>>> CMake to the new INSTALL.md file. The online documentation will >>>>>> also be updated to include CMake build instructions.The Autotools >>>>>> and the Visual Studio build systems have been removed. >>>>>>=20 >>>>>> Major changes * The built-in LLVM for the bytecode runtime has >>>>>> been removed.The bytecode interpreter is the default runtime for >>>>>> bytecode signatures just as it was in ClamAV 0.103.We hoped to >>>>>> add support for newer versions of LLVM, but ran out of time. If >>>>>> you're building ClamAV from source and you wish to use LLVM >>>>>> instead of the bytecode interpreter, you will need to supply the >>>>>> development libraries for LLVM version 3.6.2. See the "bytecode >>>>>> runtime" section in INSTALL.md to learn more. >>>>>> * There are now official ClamAV images on Docker Hub.Docker Hub >>>>>> ClamAV tags:clamav/clamav:: A release preloaded with >>>>>> signature databases.Using this container will save the ClamAV >>>>>> project some bandwidth. Use this if you will keep the image >>>>>> around so that you don't download the entire database set every >>>>>> time you start a new container. Updating with FreshClam from the >>>>>> existing databases set does not use much >>>>>> data.clamav/clamav:_base: A release with no signature >>>>>> databases.Use this container only if you mount a volume in your >>>>>> container under /var/lib/clamav to persist your signature >>>>>> database databases. This method is the best option because it >>>>>> will reduce data costs for ClamAV and for the Docker registry, >>>>>> but it does require advanced familiarity with Linux and >>>>>> Docker.Caution: Using this image without mounting an existing >>>>>> database directory will cause FreshClam to download the entire >>>>>> database set each time you start a new container.You can use >>>>>> the unstable version >>>>>> (i.e. clamav/clamav:unstable or clamav/clamav:unstable_base) to >>>>>> try the latest from our development branch.Please, be kind when >>>>>> using 'free' bandwidth, both for the virus databases but also the >>>>>> Docker registry. Try not to download the entire database set or >>>>>> the larger ClamAV database images on a regular basis.For more >>>>>> details, see the ClamAV Docker documentation.Special thanks to >>>>>> Olliver Schinagl for his excellent work creating ClamAV's new >>>>>> Docker files, image database deployment tooling, and user >>>>>> documentation. >>>>>> * clamd and freshclam are now available as Windows services. To >>>>>> install and run them, use the --install-service option and net >>>>>> start [name] command.Special thanks to Gianluigi Tiesi for his >>>>>> original work on this feature. >>>>>>=20 >>>>>> Notable changesThe following was added in 0.103.1 and is repeated >>>>>> here for awareness, as patch versions do not generally introduce >>>>>> new options: >>>>>> * Added a new scan option to alert on broken media (graphics) >>>>>> file formats. This feature mitigates the risk of malformed media >>>>>> files intended to exploit vulnerabilities in other software. At >>>>>> present, media validation exists for JPEG, TIFF, PNG and GIF >>>>>> files. To enable this feature, set AlertBrokenMedia yes in >>>>>> clamd.conf, or use the --alert-broken-media option when >>>>>> using clamscan. These options are disabled by default in this >>>>>> patch release but may be enabled in a subsequent release. >>>>>> Application developers may enable this scan option by >>>>>> enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan >>>>>> option bit field. >>>>>> * Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG >>>>>> typing behavior. BMP and JPEG 2000 files will continue to detect >>>>>> as CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG >>>>>> 2000 format checking capabilities. >>>>>> * Added progress callbacks to libclamav for:database >>>>>> load: cl_engine_set_clcb_sigload_progress()engine >>>>>> compile: cl_engine_set_clcb_engine_compile_progress()engine >>>>>> free: cl_engine_set_clcb_engine_free_progress()These new >>>>>> callbacks enable an application to monitor and estimate load, >>>>>> compile, and unload progress. See clamav.h for API details. >>>>>> * Added progress bars to ClamScan for the signature load and >>>>>> engine compile steps before a scan begins. The start-up progress >>>>>> bars won't be enabled if ClamScan isn't running in a terminal >>>>>> (i.e. stdout is not a TTY), or if any of these options are used:- >>>>>> -debug--quiet--infected--no-summary >>>>>> Other improvements * Added the %f format string option to the >>>>>> ClamD VirusEvent feature to insert the file path of the scan >>>>>> target when a virus-event occurs. This supplements the >>>>>> VirusEvent %v option which prints the signature (virus) name. The >>>>>> ClamD VirusEvent feature also provides two environment >>>>>> variables, $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNA >>>>>> ME for a similar effect. Patch courtesy of Vasile Papp. >>>>>> * Improvements to the AutoIt extraction module. Patch courtesy >>>>>> of cw2k. >>>>>> * Added support for extracting images from Excel *.xls (OLE2) >>>>>> documents. >>>>>> * Trusted SHA256-based Authenticode hashes can now be loaded in >>>>>> from *.cat files. For more information, visit our Authenticode >>>>>> documentation about using *.cat files with *.crb rules to trust >>>>>> signed Windows executables. >>>>>>=20 >>>>>> Bug fixes * Fixed a memory leak affecting logical signatures that >>>>>> use the "byte compare" feature. Patch courtesy of Andrea De >>>>>> Pasquale. >>>>>> * Fixed bytecode match evaluation for PDF bytecode hooks in PDF >>>>>> file scans. >>>>>> * Other minor bug fixes. >>>>>>=20 >>>>>> AcknowledgmentsThe ClamAV team thanks the following individuals >>>>>> for their code submissions: >>>>>> * Alexander Golovach >>>>>> * Andrea De Pasquale >>>>>> * Andrew Williams >>>>>> * Arjen de Korte >>>>>> * Armin Kuster >>>>>> * Brian Bergstrand >>>>>> * cw2k >>>>>> * Duane Waddle >>>>>> * Gianluigi Tiesi >>>>>> * Jonas Zaddach >>>>>> * Kenneth Hau >>>>>> * Mark Fortescue >>>>>> * Markus Strehle >>>>>> * Olliver Schinagl >>>>>> * Orion Poplawski >>>>>> * Sergey Valentey >>>>>> * Sven Rue=C3=9F >>>>>> * Tom Briden >>>>>> * Tuomo Soini >>>>>> * Vasile Papp >>>>>> * Yasuhiro Kimura >>>>> _______________________________________________ >>>>>=20 >>>>> clamav-announce mailing list >>>>> clamav-announce(a)lists.clamav.net >>>>> https://lists.clamav.net/mailman/listinfo/clamav-announce >>>>>=20 >>>>> http://www.clamav.net/contact.html#ml >>>>=20 >>>=20 >>>=20 >>=20 >> >=20 --===============4131037251115706536==--