BYOE issues with ClamXav Sentry

Discussions relating to ClamXav

Moderator: Mark

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Mon 26 Sep 2016 9:54 am

Notes for B.Y.O.E users;
If you have installed OpenSSL for building ClamAV, OpenSSL 1.0.2i (including security fixes) has been available.
See: OpenSSL Security Advisory [22 Sep 2016].

OpenSSL 1.1.0x has been available, but for now OpenSSL 1.1.0x seems not to be compatible with ClamAV 0.99.2.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Tue 27 Sep 2016 8:09 am

Update nootes for B.Y.O.E users:
OpenSSL 1.0.2j is now available, including a security fix.
See: OpenSSL Security Advisory [26 Sep 2016].
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby alvarnell » Tue 27 Sep 2016 8:29 am

Just curious. Although I know that the current Apple supplied version of openssl v0.9.8zh is no longer supported by openssl.org, I don't see any existing vulnerabilities regarding it. Is there some other reason that users need to be using v1.0.2_?

Edit: After giving it some more thought, I suspect the issue is related to Apple dropping the openssl headers. I had forgotten that I solved that by downloading the Command_Line_Tools_OS_X_10.10_for_Xcode_6.4 and used Pacifist to extract the OpenSSL header directory to /usr/local/include.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Tue 27 Sep 2016 12:01 pm

Apple has deprecated use of openssl in OS X due to its unstable API between versions:

"If your app depends on OpenSSL, you should compile OpenSSL yourself and statically link a known version of OpenSSL into your app"

See OpenSSL section of Apple's documentation: "Encrypting and Hashing Data".

And see ClamAV blog:"Introducing OpenSSL as a dependency to ClamAV".
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby alvarnell » Tue 27 Sep 2016 4:30 pm

eiichi wrote:Apple has deprecated use of openssl in OS X due to its unstable API between versions:

"If your app depends on OpenSSL, you should compile OpenSSL yourself and statically link a known version of OpenSSL into your app"


Yes, Mark held his breath every time Apple updates the OS, but so far only the headers have been removed. He's been prepared to include it within ClamXav since this all came up back in 2014, but if and when Apple removes the binary, all kinds of third party apps will break.

The ClamAV engine only uses openssl to produce hashes, not for any type of connectivity, and the hash part of the process hasn't involved any vulnerabilities that I'm aware of.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Tue 27 Sep 2016 11:33 pm

I'm now building B.Y.O.E. on macOS 10.12 Sierra using Xcode 8.0 and CommandLineTools.
In my case, I installed OpenSSL to configure and build ClamAV 0.99.x.

That's the only reason.

So I wrote above:
Notes for B.Y.O.E users;
If you have installed OpenSSL for building ClamAV, OpenSSL 1.0.2i (including security fixes) has been available.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Tue 29 Nov 2016 12:48 pm

Fortunately ClamXav Version 2.11 including ClamXav Sentry Version 3.11 works fine with B.Y.O.E ClamAV 0.99.2.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Mon 30 Jan 2017 10:01 am

Notes for B.Y.O.E users;
If you have installed OpenSSL for building ClamAV, OpenSSL 1.0.2k (including bug and security fixes) has been available.
See: OpenSSL Security Advisory [26 Jan 2017].
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Fri 17 Mar 2017 2:03 pm

Fortunately ClamXav Version 2.12 and ClamXav Sentry 3.12 work fine with B.Y.O.E. ClamAV-devel: ClamAV Development.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Fri 24 Mar 2017 12:33 pm

ClamXAV (ClamXav) new version 2.14 is available.
And fortunately ClamXAV Version 2.14 and ClamXAV Sentry 3.14 work fine with B.Y.O.E.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby dgkanter » Fri 24 Mar 2017 10:44 pm

eiichi wrote:ClamXAV (ClamXav) new version 2.14 is available…

While I'm not doing a BYOE, for what it's worth, my v2.12.1 still reports it's the latest—as does the the Website http://www.clamxav.com.

David
dgkanter
 
Posts: 66
Joined: Tue 11 Apr 2006 7:04 pm

Re: BYOE issues with ClamXav Sentry

Postby alvarnell » Fri 24 Mar 2017 10:56 pm

Yes, 2.12.1 is the latest release version. As I recall, eiichi has enabled beta releases.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Wed 31 May 2017 11:52 am

eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Wed 31 May 2017 12:39 pm

Just for reference, you can confirm your installed sudo version by:
Code: Select all
$ sudo --version

For example:
Code: Select all
$ sudo --version   
Sudo version 1.8.20p1
Sudoers policy plugin version 1.8.20p1
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.20p1
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby alvarnell » Wed 31 May 2017 6:24 pm

That command doesn't seem to be valid in El Capitan with the OS X version of sudo.

Code: Select all
sudo -V
Sudo version 1.7.10p9


Vulnerable versions listed as Sudo 1.8.6p7 through 1.8.20 inclusive, so apparently not an issue here.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

PreviousNext

Return to ClamXav

Who is online

Users browsing this forum: No registered users