I can understand that on some legacy production systems, it would be easier to work around than upgrade. I have run into FC3 production machines, and just compiling clamav or such wouldn't just work.
Limor, can you give us a reason why it's an issue? 2010/3/2 Török Edwin <[email protected]> > On 03/02/2010 02:00 PM, Limor Tal wrote: > > 1. Can I keep using code that is older than 0.95 with the future CVD > files > > Why? What prevents you from upgrading? > What version are you running now? > > > (those that will be distributed starting from May 2010) if I do not use > > sigtool and cdiff? > > If you somehow workaround the special signature (your question 4), then > the CVD will load. It may, or may not work; it may, or may not crash. > > There is also bug #1331 (which got fixed in 0.95) affecting libclamav > with logical signatures. > > All signatures can specify a "functionality level" to say what is the > minimum engine version needed to load them. When we release a signature > that makes use of these new features, we usually set the minimum > functionality level (so old engines will skip the signature). > > However due to bug #1331, ClamAV <0.95 which tries to load a logical > signature with a functionality level specified, it will either read > uninitialized memory, or crash. > So even if we wanted to add functionality level to the new ldbs, so that > older engines (than 0.95) can load it, we can't since adding the > functionality level would cause a crash for them. > If we don't add the functionality level, libclamav won't crash, but will > probably fail to load the signature with a syntax error. > > > 2. Are those the only places in the code where the long signatures in the > > daily file cause a problem? > > cdiff is the only problem with long signatures, which affects freshclam. > But as I've shown above there are other bugs with <0.95 that may cause > problems. > > > 3. Is the signature length the only incompatibility issue? > > No, see above for an example. > > > 4. Can I choose to ignore the "special signature which disables all clamd > > installations older than 0.95"? > > Nothing prevents you from removing that signature with a script, or > modifying the code to skip it. > > But if you go through all that trouble, you might as well just upgrade. > You are: > - spending time to implement something to workaround the special > signature, possibly more time than what an upgrade would need > - running a ClamAV installation that has known bugs (including security > bugs) that got fixed in later versions > - depending on how old your ClamAV engine is, you could be missing lots > of signatures. Look at the number of Known viruses reported by clamscan, > and compare it to the one on clamav.net > - there is no support for bugs in clamav 0.94.x or older, you should > run the latest stable to get all the security fixes [1] > > Considering all this, you could simply install clamav-0.95.3 using a > package from your distro, or compile it from source. > Then you would have something that you know that loads all signatures, > and works. > > [1] distributions may backport security fixes to older fixes. > They may or may not backport all the fixes that affect signature loading. > > Best regards, > --Edwin > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > -- http://www.volatileminds.net _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
