On 03/03/17 23:53, Scott Kitterman wrote:
As far as I can tell, pcre 7 came out before 2008. I think a decade is enough
time to insist people upgrade.
Scott K
Red Hat typically now supports each release of RHEL for at least a
decade, and that's not including any additional extended support periods
one may purchase from Red Hat in addition to the standard production
lifespan, so in a Red Hat world, I would say a decade is the *minimum*
period one should support dependent libs if you want your software used
on that platform.
RHEL5 may reach end of production on 31 March 2017 but extended
life-cycle support continues until 30 Nov 2020, so preferably support
for pcre-6 should continue until then.
https://access.redhat.com/support/policy/updates/errata#Life_Cycle_Dates
A huge number of mail admins want to install a RH mail server and forget
about it for 10+ years knowing it is supported and will just work, and
that things aren't going to continually break with each and every
update. I'm currently in the process of installing a new mail server to
replace a RHEL5 server, initially set up in 2007, and only because RHEL5
is EOL. The same hardware (touch wood) is still going strong and hasn't
missed a beat in 10 years. If I could afford the extended support from
RH I'd probably let it run for another 3 years.
So your opinion on this will be influenced by your perspective. I would
argue that RHEL has a large enough installed userbase to warrant
supporting it for at least it's 10 year production life-cycle.
On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote:
If we required pcre 7, it would allow us to publish this kind of sig in the
future of 99.3 and high versions by requiring a certain "flevel".
--
Sent from my iPhone
On Mar 3, 2017, at 18:18, Chris Conn <cc...@abacom.com> wrote:
Hello,
Looks like my off-list email went on the list LOL. So much for not making
noise. Woops.
If the 0.99.3 or whatever later version where this would be implemented
requires PCRE 7, would that break database updates for versions that have
not upgraded if this pcre format is re-used in the future, or would it
simply disable pcre support in previous version of clamd that have not
been upgraded?
Thanks,
Chris
On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
A new daily with the Sig dropped.
Probably what we will do to prevent this from happening again, is to have
0.99.3 (the upcoming version) require pcre 7.
How does that sound?
--
Sent from my iPhone
On Mar 3, 2017, at 18:08, Chris Conn <cc...@abacom.com> wrote:
Hello,
I hope you don't mind my contact off-list, I don't want to make noise on
it for all. Apologies.
This new build, are we talking about a daily.cvd (23162?) or a new build
of clam/pcre?
Thanks again in advance for your help,
Chris
On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
We are coming to the same conclusions.
The issue seem to isolated to using pcre libraries older than 7.0. I
does
not affect users of newer versions of pcre or users of pcre2.
A new build with the fix is in progress now.
Apologies for the impact this has caused.
Alain
On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
We're pulling the signature causing the issue now, while we
investigate
the cause.
- Alain
Hi Alain,
I think the fix is... Replace ? with ?P when the PCRE library is old
ie. ?< to ?P<
On...
Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1
--
Cheers,
Steve
Twitter: @sanesecurity
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
