I am running clamav on my dev laptop which is Snow Leopard, running FreeBSD. The bzip2 warning if I don't have to worry about it -- that's fine. But if I wanted to fix the issue, I don't think it's obvious how to go about it. I would rather ran the software without the warning -- warnings are there to put up flags to the developer. I am not doing my job if I ignore it, nor if I have to jump through all kinds of hoops otherwise -- it's a time burner.
Wendy Bossons Web Developer MIT Libraries Technology Research & Development Building E25-131 77 Massachusetts Ave. Cambridge, MA 02141-4307 Phone 617-253-0770 Fax 617-253-4462 wboss...@mit.edu<mailto:wboss...@mit.edu> http://libraries.mit.edu On Sep 22, 2010, at 11:48 AM, Tomasz Kojm wrote: On Wed, 22 Sep 2010 10:14:57 -0500 George Kasica <george_kas...@mgic.com<mailto:george_kas...@mgic.com>> wrote: Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2, 0.96.3 is a security release, which fixes an integer overflow in the bzip2 library (we use a modified version of this lib in the NSIS unpacker). It also detects whether or not your local libbz2 (which we use to handle .bz2 files) is affected by this problem and prints a warning if needed. and STILL no fix to bzip2 RPMs for the Fedora Core 13 platform Well, we have no control over those RPMs.. (we had to compile from a tar.gz for the others) except RHEL4/5 that have RPMs out (AFTER 0.96.3 released), So you did the right job. Your bzip2 lib can no longer be exploited. the ULIMIT issue that I still don't fully grasp here and am still not clear if its something we need to deal with....things seem to run so for now we haven't gone in and touched it(again, this wasn't an issue in 0.96.2 why is it an issue in 0.96.3 which appears to be a minor release 0.0.1) This issue was recently described on the ml. The warning can be safely ignored on Linux. In our environment we have certain time-frames where we need to apply code once its released depending on what and why it was put out so we don't always have the luxury to let it sit for days...getting code that is not labeled as RC and is supposedly prod quality and ready to go and having these issues is not good...we've spend a good portion of the week on this so far and seem to be finally OK, but it could have been much smoother (again)....brings me back to the point of why are we running these 4 test harness boxes for Torok if no-one is looking at what is coming back from them. Thanks for your support. The 0.96.3 was tested on your boxes and confirmed to work fine before we released it. Since the tests are fully automated, we missed the ULIMIT warning issue but as I wrote above, it can just be ignored. Cheers, -- oo ..... Tomasz Kojm <tk...@clamav.net<mailto:tk...@clamav.net>> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 17:38:15 CEST 2010 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
