On 3/21/2019 3:14 PM, Alessandro Vesely via clamav-users wrote: > On Thu 21/Mar/2019 15:05:59 +0100 Bowie Bailey wrote: >> $ pkg-config --atleast-version=0.101.0 libclamav --print-errors >> Package libclamav was not found in the pkg-config search path. >> Perhaps you should add the directory containing `libclamav.pc' >> to the PKG_CONFIG_PATH environment variable >> No package 'libclamav' found >> >> Once I found that file (in /usr/local/lib64/pkgconfig) and added the >> directory to the >> config path, I was able to complete the configure and make without any >> further errors. > > Hm.. that way pkg-config couldn't find itself? > > >> When I ran "make check", it failed on 11 of 12 tests. I was able to fix >> most of the >> tests by adding '/usr/local/lib64' to the LD_LIBRARY_PATH so it could find >> libclamav.so. I assume I'll need to make a similar change somewhere when I >> add the >> filter to Courier. > > Or you might add it to ld.so.conf? Otherwise, you may try building with > CFLAGS=-Wl,-rpath,/usr/local/lib64 and check ldd. The issue is the ability > to have libraries of different versions simultaneously installed on the same > system. See e.g.: > https://unix.stackexchange.com/questions/356624/why-isnt-usr-local-lib-on-the-library-path-by-default
Adding it to ld.so.conf worked once I figured out I had to run ldconfig to load the changes. > > At that point, the top of the header should be plenty of virus_header's (one > for each invocation): > > ale@pcale:~/tmp/courier/avfilter/svn/tests/testsuite.dir/09$ head eicar.mail > ClamAV-Found: Eicar-Test-Signature.UNOFFICIAL Eicar-Test-Signature.UNOFFICIAL > Old-ClamAV-Found: Eicar-Test-Signature.UNOFFICIAL > Eicar-Test-Signature.UNOFFICIAL > Old-ClamAV-Found: Eicar-Test-Signature.UNOFFICIAL > Eicar-Test-Signature.UNOFFICIAL > Eicar-Test-Signature.UNOFFICIAL > From: aut...@example.com > To: vic...@example.net > Subject: test message > Virus-Header: what does this mean? > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="=_1_1553193777_12188" And here's the problem. SecuriteInfo has their own Eicar signatures, so ClamAV found those first and not the one you were expecting. My header looks like this: ClamAV-Found: SecuriteInfo.com.Eicar-Test-Signature.UNOFFICIAL SecuriteInfo.com.Eicar-Test-Signature-4.UNOFFICIAL SecuriteInfo.com.Eicar-Test-Signature-2.UNOFFICIAL Eicar-Test-Signature.UNOFFICIAL SecuriteInfo.com.Eicar-Test-Signature.UNOFFICIAL SecuriteInfo.com.Eicar-Test-Signature-4.UNOFFICIAL SecuriteInfo.com.Eicar-Test-Signature-2.UNOFFICIAL Eicar-Test-Signature.UNOFFICIAL Not sure why everything is duplicated... > And hence: > > ale@pcale:~/tmp/courier/avfilter/svn/tests/testsuite.dir/09$ egrep > '^ClamAV-Found: Eicar' eicar.mail | wc -l > 1 > > Instead, at yours wc wrote "0". Why? > >> 9. testsuite.at:540: 9. per-virus behavior (testsuite.at:540): FAILED >> (testsuite.at:612) >> >> Suggestions? >> > I'd guess something must have gone wrong in the testsuite script. In the > testsuite, wc is $WC, after a definition in tests/atlocal, but egrep was not > checked during configure, so maybe it should have been grep -E or similar. > Is that the culprit? No, egrep works fine once the regex is adjusted to match the header. I guess I should have specified that I'm running this on CentOS 7, not that it matters at this point. Looks like everything is working now. I'll try integrating it with Courier tomorrow. If I just want to reject any email that is flagged by ClamAV, I shouldn't need to adjust the default config, right? -- Bowie _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
