headers
Jacek Zapala | 4 Oct 2010 14:31
Picon

freshclam and getaddrinfo()

Hi.

Starting from the last upgrade (0.96.3 on debian) freshclam randomly chooses
between ipv6/ipv4 connecting to the name that has addresses in both
protocols.

freshclam uses getaddrinfo() for resolving mirror dns name (wwwconnect in
manager.c), but then it randomizes the list returned as a result.
This way it breaks the algorithm of ipv6 address selection from rfc3484
implemented in getaddrinfo().

What is the reason for doing this?

Regards,
	Jacek
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 3 comments |
headers
Török Edwin | 4 Oct 2010 14:43
Favicon

Re: freshclam and getaddrinfo()

On Mon, 4 Oct 2010 14:31:21 +0200
Jacek Zapala <jacek <at> it.pl> wrote:

> Hi.
> 
> Starting from the last upgrade (0.96.3 on debian) freshclam randomly
> chooses between ipv6/ipv4 connecting to the name that has addresses
> in both protocols.
> 
> freshclam uses getaddrinfo() for resolving mirror dns name
> (wwwconnect in manager.c), but then it randomizes the list returned
> as a result. This way it breaks the algorithm of ipv6 address
> selection from rfc3484 implemented in getaddrinfo().

It is not intended to mix IPv4 and IPv6. It should be possible to
randomize only IPv4 and IPv6 separately.

Is the problem that your IPv6 link is slower than IPv4, or that you
don't have an IPv6 connection at all?

> 
> What is the reason for doing this?

Because otherwise the list returned by getaddrinfo() is always in
sorted order (on Linux at least), so it would only use the first mirror.

See this:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2021#c1

Best regards,
(Continue reading)

Permalink | Reply | 2 comments |
headers
Jacek Zapala | 4 Oct 2010 15:14
Picon

Re: freshclam and getaddrinfo()

* Török Edwin (edwin <at> clamav.net) [101004 14:45] wrote:
> On Mon, 4 Oct 2010 14:31:21 +0200
> Jacek Zapala <jacek <at> it.pl> wrote:
> 
> > Hi.
> > 
> > Starting from the last upgrade (0.96.3 on debian) freshclam randomly
> > chooses between ipv6/ipv4 connecting to the name that has addresses
> > in both protocols.
> > 
> > freshclam uses getaddrinfo() for resolving mirror dns name
> > (wwwconnect in manager.c), but then it randomizes the list returned
> > as a result. This way it breaks the algorithm of ipv6 address
> > selection from rfc3484 implemented in getaddrinfo().
> 
> It is not intended to mix IPv4 and IPv6. It should be possible to
> randomize only IPv4 and IPv6 separately.
> 
> Is the problem that your IPv6 link is slower than IPv4, or that you
> don't have an IPv6 connection at all?

No, I have good IPv6 connection to my local mirror
clamavmirror.ipartners.pl, but I found it strange to behave randomly.

And sometimes it's better to choose IPv6 address over the IPv4 one, but
this is not always true.

I know we currently setup freshclam to use either IPv6 address set
(db.ipv6.clamav.net) or the IPv4 one, but I think some day we will just add
IPv6 addresses to db.<country>.clamav.net and leave making the decision up to
(Continue reading)

Permalink | Reply | 1 comment |
headers
Török Edwin | 4 Oct 2010 15:29
Favicon

Re: freshclam and getaddrinfo()

On Mon, 4 Oct 2010 15:14:06 +0200
Jacek Zapala <jacek <at> it.pl> wrote:

> * Török Edwin (edwin <at> clamav.net) [101004 14:45] wrote:
> > On Mon, 4 Oct 2010 14:31:21 +0200
> > Jacek Zapala <jacek <at> it.pl> wrote:
> > 
> > > Hi.
> > > 
> > > Starting from the last upgrade (0.96.3 on debian) freshclam
> > > randomly chooses between ipv6/ipv4 connecting to the name that
> > > has addresses in both protocols.
> > > 
> > > freshclam uses getaddrinfo() for resolving mirror dns name
> > > (wwwconnect in manager.c), but then it randomizes the list
> > > returned as a result. This way it breaks the algorithm of ipv6
> > > address selection from rfc3484 implemented in getaddrinfo().
> > 
> > It is not intended to mix IPv4 and IPv6. It should be possible to
> > randomize only IPv4 and IPv6 separately.
> > 
> > Is the problem that your IPv6 link is slower than IPv4, or that you
> > don't have an IPv6 connection at all?
> 
> No, I have good IPv6 connection to my local mirror
> clamavmirror.ipartners.pl, but I found it strange to behave randomly.
> 
> And sometimes it's better to choose IPv6 address over the IPv4 one,
> but this is not always true.
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tomasz Kojm | 19 Oct 2010 16:24
Favicon

Upcoming release of ClamAV

Dear Users,

we're going to release a new version of ClamAV on Monday, October 25.
ClamAV 0.96.4 will fix some issues with the PDF parser, logical
signatures and other problems reported for 0.96.3:

https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXED&query_format=advanced&bug_status=RESOLVED&product=ClamAV&target_milestone=0.96.4

You can help by testing (or just running ./configure && make check) the
latest code available in our Git repository - the latest snapshot
tarball can be grabbed here:

http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;sf=tgz

Thanks in advance,

--

-- 
   oo    .....         Tomasz Kojm <tkojm <at> clamav.net>
  (\/)\.........         http://www.ClamAV.net/gpg/tkojm.gpg
     \..........._         0DCA5A08407D5288279DB43454822DC8985A444B
       //\   /\              Tue Oct 19 16:21:33 CEST 2010
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 18 comments |
headers
Renato Botelho | 19 Oct 2010 16:32
Picon
Gravatar

Re: Upcoming release of ClamAV

On Tue, Oct 19, 2010 at 12:24 PM, Tomasz Kojm <tkojm <at> clamav.net> wrote:
> Dear Users,
>
> we're going to release a new version of ClamAV on Monday, October 25.
> ClamAV 0.96.4 will fix some issues with the PDF parser, logical
> signatures and other problems reported for 0.96.3:
>
> https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXED&query_format=advanced&bug_status=RESOLVED&product=ClamAV&target_milestone=0.96.4
>
> You can help by testing (or just running ./configure && make check) the
> latest code available in our Git repository - the latest snapshot
> tarball can be grabbed here:
>
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;sf=tgz

Does update clamav-devel FreeBSD port to 20101019 help?

--

-- 
Renato Botelho
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 2 comments |
headers
Török Edwin | 19 Oct 2010 16:36
Favicon

Re: Upcoming release of ClamAV

On Tue, 19 Oct 2010 12:32:06 -0200
Renato Botelho <rbgarga <at> gmail.com> wrote:

> On Tue, Oct 19, 2010 at 12:24 PM, Tomasz Kojm <tkojm <at> clamav.net>
> wrote:
> > Dear Users,
> >
> > we're going to release a new version of ClamAV on Monday, October
> > 25. ClamAV 0.96.4 will fix some issues with the PDF parser, logical
> > signatures and other problems reported for 0.96.3:
> >
> > https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXED&query_format=advanced&bug_status=RESOLVED&product=ClamAV&target_milestone=0.96.4
> >
> > You can help by testing (or just running ./configure && make check)
> > the latest code available in our Git repository - the latest
> > snapshot tarball can be grabbed here:
> >
> > http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;sf=tgz
> 
> Does update clamav-devel FreeBSD port to 20101019 help?
> 

Rather -20101020 to include today's commits.

If the current version in the ports is clamav-devel-20101015, then
definetely yes. 
The -20101015 version has a bug (see
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2332)

Best regards,
(Continue reading)

Permalink | Reply | 1 comment |
headers
Renato Botelho | 19 Oct 2010 16:40
Picon
Gravatar

Re: Upcoming release of ClamAV

2010/10/19 Török Edwin <edwin <at> clamav.net>:
> On Tue, 19 Oct 2010 12:32:06 -0200
> Renato Botelho <rbgarga <at> gmail.com> wrote:
>
>> On Tue, Oct 19, 2010 at 12:24 PM, Tomasz Kojm <tkojm <at> clamav.net>
>> wrote:
>> > Dear Users,
>> >
>> > we're going to release a new version of ClamAV on Monday, October
>> > 25. ClamAV 0.96.4 will fix some issues with the PDF parser, logical
>> > signatures and other problems reported for 0.96.3:
>> >
>> > https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXED&query_format=advanced&bug_status=RESOLVED&product=ClamAV&target_milestone=0.96.4
>> >
>> > You can help by testing (or just running ./configure && make check)
>> > the latest code available in our Git repository - the latest
>> > snapshot tarball can be grabbed here:
>> >
>> > http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;sf=tgz
>>
>> Does update clamav-devel FreeBSD port to 20101019 help?
>>
>
> Rather -20101020 to include today's commits.
>
> If the current version in the ports is clamav-devel-20101015, then
> definetely yes.
> The -20101015 version has a bug (see
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2332)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Amr Thabet | 24 Oct 2010 01:11
Picon

Supporting Emulators

Hello everyone

First I want to say it's a great antivirus and seems it will have a good
future

Second I want to say when I read some portions of the source code I see it
doesn't have an emulator (except yc emulator) to detect polymorphic viruses
or support heuristic detections .

I suggest to add an open source emulator to the application to make it run
when the md5 scan failed to detect any virus .

I suggest to use Pokas x86 Emulator (http://sourceforge.net/projects/x86emu/
)
(as I'm the Author of it) or support ida-emulator by Crist Eagle

Thanks
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply | 2 comments |
headers
Brandon Perry | 24 Oct 2010 01:20
Picon
Gravatar

Re: Supporting Emulators

I think if a discussion were to take place on this, Bochs should
certainly be an option.

http://bochs.sourceforge.net/

It is very mature and used in great projects like qemu.

On Sat, Oct 23, 2010 at 6:11 PM, Amr Thabet
<amr.thabet <at> student.alx.edu.eg> wrote:
> Hello everyone
>
> First I want to say it's a great antivirus and seems it will have a good
> future
>
> Second I want to say when I read some portions of the source code I see it
> doesn't have an emulator (except yc emulator) to detect polymorphic viruses
> or support heuristic detections .
>
> I suggest to add an open source emulator to the application to make it run
> when the md5 scan failed to detect any virus .
>
> I suggest to use Pokas x86 Emulator (http://sourceforge.net/projects/x86emu/
> )
> (as I'm the Author of it) or support ida-emulator by Crist Eagle
>
> Thanks
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
(Continue reading)

Permalink | Reply | 0 comments |

Gmane