From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: Re: [Clamav-announce] =?utf-8?q?ClamAV=C2=AE?= blog: ClamAV 0.104.0 released Date: Sun, 05 Sep 2021 11:29:03 +0200 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2261540552258727198==" List-Id: --===============2261540552258727198== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, thinkin about it, consider sticking with 0.103.3 LTS(!): =3D> https://docs.clamav.net/faq/faq-eol.html "Expected end of life" will be September 2023, "DB downloads allowed until" Sep 2023", "Patch versions continue until "Sep 2023". Besides, '0.104.0' - built with "interpreter" - is running like '0.103.3'. No seen differences in functionality and speed. Changelog for 0.104.0: =3D> https://blog.clamav.net/2021/09/clamav-01040-released.html#more Jm2C Best, Matthias On 04.09.2021 18:47, Matthias Fischer wrote: > Hi, >=20 > I finally got a "testversion" of 'clamav 0.104.0' up and running in > productive environment (Core 159 / 64bit). Testing. Its filtering, no > problems during startup. >=20 > But: NO 'llvm' - I built this version with "-D > BYTECODE_RUNTIME=3D"interpreter" \". >=20 > I did this because if I read the clamav blog right, it would make no > (big) difference compared to 0.103.3: >=20 > "The bytecode interpreter is the default runtime for bytecode signatures > just as it was in ClamAV 0.103. > We wished to add support for newer versions of LLVM, but ran out of > time. If you're building ClamAV from source and you wish to use LLVM > instead of the bytecode interpreter, you will need to supply the > development libraries for LLVM version 3.6.2." >=20 > The current 'llvm 12.0.1' isn't supported, 'llvm 3.6.2' kept crashing my > build, so I thought: what the heck!? >=20 > I'll test and report. If anyone wants to test this too, I'll send a patch. >=20 > Best, > Matthias >=20 > On 04.09.2021 13:38, Michael Tremer wrote: >> Hello, >>=20 >>> On 4 Sep 2021, at 04:58, Matthias Fischer = wrote: >>>=20 >>> Hi all, >>>=20 >>> On 03.09.2021 18:36, Stefan Schantl wrote: >>>> Hello Michael, Hello Matthias, Hello list, >>>>> Hello everyone, >>>>>=20 >>>>> I just received this announcement that clamav 0.104.0 has been >>>>> released. >>>>>=20 >>>>> The interesting things for us are the changes in the build system: >>>>>=20 >>>>> * It now requires cmake which isn=E2=80=99t a problem >>>=20 >>> Yep. Done. >>> I already did a few - early tests with 'clamav 0.104-rc. I'm still not >>> 100% sure about the needed options, but it builds (see attached lfs-file). >>>=20 >>>>> * It now requires LLVM which we don=E2=80=99t have >>>>>=20 >>>>> LLVM is probably going to be large, but Stefan has already played >>>>> around with it and we might be able to merge his patches. So, Stefan, >>>>> could you please post them? I suppose Matthias is the de-facto >>>>> maintainer of clamav. You will need to merge these patches locally to >>>>> see if clamav is happy with what Stefan has built. >>>>=20 >>>> I've created and pushed a new LLVM git branch in my personal git >>>> repository, which builds the LLVM compiler suite. >>>>=20 >>>> https://git.ipfire.org/?p=3Dpeople/stevee/ipfire-2.x.git;a=3Dshortlog;h= =3Drefs/heads/llvm >>>>=20 >>>> I hope this will do the trick with the new clamav version. >>>=20 >>> I'm not sure at this point. >>>=20 >>> I think we need to add something like "-D BYTECODE_RUNTIME=3D"llvm" \" for >>> building 'clamav'. >>>=20 >>> Stefan provided the current 'llvm 12.0.1'. Thanks again! >>>=20 >>> But the clamav announcement - please read below - says: >>> "We hoped to add support for newer versions of LLVM, but ran out of >>> time. If you're building ClamAV from source and you wish to use LLVM >>> instead of the bytecode interpreter, you will need to supply the >>> development libraries for LLVM version 3.6.2." >>=20 >> This is outrageous. ClamAV is owned by Cisco, a multi-billion dollar compa= ny that cannot afford to do things right. I hope they have a different strate= gy for their other products. >>=20 >> LLVM 3.6.2 was released in 2015 (https://releases.llvm.org). This is a 6 y= ear old release that is no longer maintained and I suppose many bugs and secu= rity issues have been fixed in the meantime. >>=20 >>> First build - *without* BYTECODE_RUNTIME=3D"llvm" - seems to build ok, >>> next I'll test building *with* this option. I'm just a bit puzzled if I >>> should use 12.0.1 or 3.6.2. The latter is a bit old(!?). Or do I miss >>> something? >>=20 >> If it won=E2=80=99t build with recent releases we are facing the question = whether we want to ship old and outdated software that nobody cares for any m= ore and disable the functionality altogether. What is better? Not scanning ce= rtain signatures, or exposing the firewall to being exploited through its vir= us scanner? >>=20 >> I vote for disabling the bytecode runtime. >>=20 >>> And since the 'llvm' rootfile is quite large: does anyone have an idea >>> what llvm-parts (/usr/bin/...? /usr/lib/...?) are needed (see attachment). >>=20 >> Probably some libraries which we could have seen by checking what clamav i= s linked against (with lld). But that is a kind of moot question now :) >>=20 >> Thank you for investigating this. >>=20 >> -Michael >>=20 >>> Best, >>> Matthias >>>=20 >>>> Best regards, >>>>=20 >>>> -Stefan >>>>=20 >>>>>=20 >>>>> This will be an interesting project :) >>>=20 >>> I think so... ;-) >>>=20 >>>>> -Michael >>>>>=20 >>>>>> Begin forwarded message: >>>>>>=20 >>>>>> From: "Joel Esler (jesler)" >>>>>> Subject: [Clamav-announce] ClamAV=C2=AE blog: ClamAV 0.104.0 released >>>>>> Date: 3 September 2021 at 16:51:29 BST >>>>>> To: "ClamAV-announce(a)lists.clamav.net" < >>>>>> ClamAV-announce(a)lists.clamav.net>, "clamav-users(a)lists.clamav.net" >>>>>> >>>>>> Reply-To: noreply(a)clamav.net >>>>>>=20 >>>>>>=20 >>>>>>>=20 >>>>>>> https://blog.clamav.net/2021/09/clamav-01040-released.html >>>>>>>=20 >>>>>>> ClamAV 0.104.0 releasedClamAV 0.104.0 is available as an official >>>>>>> release as of today. >>>>>>> We are also announcing a new Long Term Support (LTS) program >>>>>>> today in an update to our End-of-Life (EOL) policy. The LTS will >>>>>>> start retroactively with ClamAV 0.103, the previous feature >>>>>>> release. This new LTS policy extends the life of 0.103 up through >>>>>>> September 2023 and will facilitate the production of more >>>>>>> frequent feature releases while enabling users to rely on a >>>>>>> supported version for years to come if they cannot keep pace with >>>>>>> the feature release cadence. For full details about the Long Term >>>>>>> Support program, you can see the LTS announcement blog post and >>>>>>> review the LTS policy in our online documentation. >>>>>>> We're also introducing new install packages to make it easier for >>>>>>> folks to upgrade without having to build ClamAV from source and >>>>>>> without having to wait for a community volunteer to package the >>>>>>> latest release. You can find the new install packages on the >>>>>>> ClamAV.net Downloads Page. >>>>>>> Today you can find: >>>>>>> * x86_64 and i686 RPM packages compatible with RPM-based Linux >>>>>>> distributions running glibc version 2.17 or newer. >>>>>>> * x86_64 and i686 DEB packages compatible with Debian-based >>>>>>> Linux distributions running glibc version 2.23 or newer. >>>>>>> * An x86_64/ARM64 macOS installer package is compatible with >>>>>>> Intel and Apple M1 systems. >>>>>>> * x64 and win32 Windows packages are compatible with Windows 7 >>>>>>> and newer. >>>>>>> In the future, we hope to supplement these with ARM64 Linux DEB >>>>>>> and RPM packages and an x86_64 FreeBSD package. >>>>>>> Please note that you may find installations in this release >>>>>>> require more manual configuration than when using a preconfigured >>>>>>> package provided by a Linux or Unix distribution. See our >>>>>>> installation instructions on clamav.net for more information. >>>>>>> ClamAV 0.104.0 includes the following improvements and changes. >>>>>>>=20 >>>>>>> New Requirements * As of ClamAV 0.104, CMake is required to build >>>>>>> ClamAV.We have added comprehensive build instructions for using >>>>>>> CMake to the new INSTALL.md file. The online documentation will >>>>>>> also be updated to include CMake build instructions.The Autotools >>>>>>> and the Visual Studio build systems have been removed. >>>>>>>=20 >>>>>>> Major changes * The built-in LLVM for the bytecode runtime has >>>>>>> been removed.The bytecode interpreter is the default runtime for >>>>>>> bytecode signatures just as it was in ClamAV 0.103.We hoped to >>>>>>> add support for newer versions of LLVM, but ran out of time. If >>>>>>> you're building ClamAV from source and you wish to use LLVM >>>>>>> instead of the bytecode interpreter, you will need to supply the >>>>>>> development libraries for LLVM version 3.6.2. See the "bytecode >>>>>>> runtime" section in INSTALL.md to learn more. >>>>>>> * There are now official ClamAV images on Docker Hub.Docker Hub >>>>>>> ClamAV tags:clamav/clamav:: A release preloaded with >>>>>>> signature databases.Using this container will save the ClamAV >>>>>>> project some bandwidth. Use this if you will keep the image >>>>>>> around so that you don't download the entire database set every >>>>>>> time you start a new container. Updating with FreshClam from the >>>>>>> existing databases set does not use much >>>>>>> data.clamav/clamav:_base: A release with no signature >>>>>>> databases.Use this container only if you mount a volume in your >>>>>>> container under /var/lib/clamav to persist your signature >>>>>>> database databases. This method is the best option because it >>>>>>> will reduce data costs for ClamAV and for the Docker registry, >>>>>>> but it does require advanced familiarity with Linux and >>>>>>> Docker.Caution: Using this image without mounting an existing >>>>>>> database directory will cause FreshClam to download the entire >>>>>>> database set each time you start a new container.You can use >>>>>>> the unstable version >>>>>>> (i.e. clamav/clamav:unstable or clamav/clamav:unstable_base) to >>>>>>> try the latest from our development branch.Please, be kind when >>>>>>> using 'free' bandwidth, both for the virus databases but also the >>>>>>> Docker registry. Try not to download the entire database set or >>>>>>> the larger ClamAV database images on a regular basis.For more >>>>>>> details, see the ClamAV Docker documentation.Special thanks to >>>>>>> Olliver Schinagl for his excellent work creating ClamAV's new >>>>>>> Docker files, image database deployment tooling, and user >>>>>>> documentation. >>>>>>> * clamd and freshclam are now available as Windows services. To >>>>>>> install and run them, use the --install-service option and net >>>>>>> start [name] command.Special thanks to Gianluigi Tiesi for his >>>>>>> original work on this feature. >>>>>>>=20 >>>>>>> Notable changesThe following was added in 0.103.1 and is repeated >>>>>>> here for awareness, as patch versions do not generally introduce >>>>>>> new options: >>>>>>> * Added a new scan option to alert on broken media (graphics) >>>>>>> file formats. This feature mitigates the risk of malformed media >>>>>>> files intended to exploit vulnerabilities in other software. At >>>>>>> present, media validation exists for JPEG, TIFF, PNG and GIF >>>>>>> files. To enable this feature, set AlertBrokenMedia yes in >>>>>>> clamd.conf, or use the --alert-broken-media option when >>>>>>> using clamscan. These options are disabled by default in this >>>>>>> patch release but may be enabled in a subsequent release. >>>>>>> Application developers may enable this scan option by >>>>>>> enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan >>>>>>> option bit field. >>>>>>> * Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG >>>>>>> typing behavior. BMP and JPEG 2000 files will continue to detect >>>>>>> as CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG >>>>>>> 2000 format checking capabilities. >>>>>>> * Added progress callbacks to libclamav for:database >>>>>>> load: cl_engine_set_clcb_sigload_progress()engine >>>>>>> compile: cl_engine_set_clcb_engine_compile_progress()engine >>>>>>> free: cl_engine_set_clcb_engine_free_progress()These new >>>>>>> callbacks enable an application to monitor and estimate load, >>>>>>> compile, and unload progress. See clamav.h for API details. >>>>>>> * Added progress bars to ClamScan for the signature load and >>>>>>> engine compile steps before a scan begins. The start-up progress >>>>>>> bars won't be enabled if ClamScan isn't running in a terminal >>>>>>> (i.e. stdout is not a TTY), or if any of these options are used:- >>>>>>> -debug--quiet--infected--no-summary >>>>>>> Other improvements * Added the %f format string option to the >>>>>>> ClamD VirusEvent feature to insert the file path of the scan >>>>>>> target when a virus-event occurs. This supplements the >>>>>>> VirusEvent %v option which prints the signature (virus) name. The >>>>>>> ClamD VirusEvent feature also provides two environment >>>>>>> variables, $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNA >>>>>>> ME for a similar effect. Patch courtesy of Vasile Papp. >>>>>>> * Improvements to the AutoIt extraction module. Patch courtesy >>>>>>> of cw2k. >>>>>>> * Added support for extracting images from Excel *.xls (OLE2) >>>>>>> documents. >>>>>>> * Trusted SHA256-based Authenticode hashes can now be loaded in >>>>>>> from *.cat files. For more information, visit our Authenticode >>>>>>> documentation about using *.cat files with *.crb rules to trust >>>>>>> signed Windows executables. >>>>>>>=20 >>>>>>> Bug fixes * Fixed a memory leak affecting logical signatures that >>>>>>> use the "byte compare" feature. Patch courtesy of Andrea De >>>>>>> Pasquale. >>>>>>> * Fixed bytecode match evaluation for PDF bytecode hooks in PDF >>>>>>> file scans. >>>>>>> * Other minor bug fixes. >>>>>>>=20 >>>>>>> AcknowledgmentsThe ClamAV team thanks the following individuals >>>>>>> for their code submissions: >>>>>>> * Alexander Golovach >>>>>>> * Andrea De Pasquale >>>>>>> * Andrew Williams >>>>>>> * Arjen de Korte >>>>>>> * Armin Kuster >>>>>>> * Brian Bergstrand >>>>>>> * cw2k >>>>>>> * Duane Waddle >>>>>>> * Gianluigi Tiesi >>>>>>> * Jonas Zaddach >>>>>>> * Kenneth Hau >>>>>>> * Mark Fortescue >>>>>>> * Markus Strehle >>>>>>> * Olliver Schinagl >>>>>>> * Orion Poplawski >>>>>>> * Sergey Valentey >>>>>>> * Sven Rue=C3=9F >>>>>>> * Tom Briden >>>>>>> * Tuomo Soini >>>>>>> * Vasile Papp >>>>>>> * Yasuhiro Kimura >>>>>> _______________________________________________ >>>>>>=20 >>>>>> clamav-announce mailing list >>>>>> clamav-announce(a)lists.clamav.net >>>>>> https://lists.clamav.net/mailman/listinfo/clamav-announce >>>>>>=20 >>>>>> http://www.clamav.net/contact.html#ml >>>>>=20 >>>>=20 >>>>=20 >>>=20 >>> >>=20 >=20 --===============2261540552258727198==--