I will work on this tomorrow night. It' doesn't build anymore because of dependency (bug 3108)

It seems dlucio (adding in CC to this bug) just submitted a new package to updates_testing.

CC: (none) => dlucio

I don't think this is very good usage of resources. I spent time for getting the update ready, but testing it first locally and running into a dep bug and someone else does the same.
Well, at least I found the curl bug.

see comment 2

Status: NEW => RESOLVED
Resolution: (none) => FIXED

according to the updates policy, it needs to go on the QA.

"Reassign the bug to qa-bugs@ml.mageia.org (add a comment in the bug with the package version/release at re-assign)
Write the update announcement
"

Status: RESOLVED => REOPENED
CC: (none) => thomas
Resolution: FIXED => (none)
Assignee: thomas => dlucio

Created attachment 1015 [details]
Eicar test file

If this package is ready for qa testing, then testing can be considered
complete on i586 for the srpm
clamav-0.97.3-1.1.mga1.src.rpm

Services clamav and freshclam work.
clamscan tested with the EICAR Standard Anti-Virus Test File from
http://en.wikipedia.org/wiki/EICAR_test_file

no news... reassign to QA... please packager read your mails...

Assignee: dlucio => qa-bugs

Still need x86-64 testing for clamav

CC: (none) => davidwhodgins

Who will do the testing for x86-64?

I have no problem testing on x86_64 with Mageia 1 installation.

CC: (none) => pham182b

(In reply to comment #10)
> I have no problem testing on x86_64 with Mageia 1 installation.

We don't have a poc for the security problem, so just test that the
package works.

Install clamav from Core Updates Testing.
service start clamav
run freshclam (as root), then
service start freshclam

As a regular user ...
Download the eicar test file from attachment 1015 [details]
clamscan attachment.cgi\?id\=1015

Confirm that it shows Eicar-Test-Signature FOUND

x86_64

# wget https://bugs.mageia.org/attachment.cgi?id=1015
# mv attachment.cgi\?id\=1015 eicar


Before
------

# urpmi clamav
Package clamav-0.97.2-1.1.mga1.x86_64 is already installed

# service freshclam start
Starting Clam AntiVirus Update Daemon:                          [  OK  ]

# clamscan eicar
eicar: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 1070925
Engine version: 0.97.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 2.819 sec (0 m 2 s)


After
-----

The following 3 packages are going to be installed:

- clamav-0.97.3-1.1.mga1.x86_64
- clamav-db-0.97.3-1.1.mga1.x86_64
- lib64clamav6-0.97.3-1.1.mga1.x86_64

# service freshclam restart
Stopping Clam AntiVirus Update Daemon:                          [  OK  ]
Starting Clam AntiVirus Update Daemon:                          [  OK  ]

# clamscan eicar
LibClamAV Warning: Detected duplicate databases /var/lib/clamav/daily.cvd and /var/lib/clamav/daily.cld, please manually remove one of them
LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them
eicar: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 1044425
Engine version: 0.97.3
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 2.481 sec (0 m 2 s)


New version seems to know of 30000 fewer viruses and gives warnings about duplicate databases.

According to http://www.atomicorp.com/forums/viewtopic.php?f=3&t=4474
you need to run freshclam as root to clean up the database.

Most likely, the freshclam service you started (which does run
freshclam as root), was in the middle of updating the database
when the clamscan ran.

It's not unusual for the number of viruses detected to go down,
as they do clean up of viruses that only affect software that is
no longer supported, such as win 3.1, or win 95, or replace multiple
specific signatures with more generalized signatures.

Try running freshclam manually (as root), to see if that does clear
up the duplicates message.  If it does, I think the update is ready
to be validated.

# freshclam
ClamAV update process started at Tue Nov 15 19:15:30 2011
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cld is up to date (version: 13951, sigs: 28774, f-level: 60, builder: jesler)
bytecode.cld is up to date (version: 152, sigs: 38, f-level: 60, builder: edwin)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them


I could remove one of them manually (Which one?) but that isn't ideal. There must be some sort of issue to cause the warning. It doesn't seem to affect the function of clamscan other than by producing a warning every time.

# ll /var/lib/clamav
total 107936
-rw-r--r-- 1 clamav clamav   286720 Oct 24 13:32 bytecode.cld
-rw-r--r-- 1 clamav clamav  1896448 Nov 15 19:10 daily.cld
-rw-r--r-- 1 clamav clamav 77453824 Oct 11 16:32 main.cld
-rw-r--r-- 1 clamav clamav 30750647 Oct 19 14:25 main.cvd
-rw------- 1 clamav clamav     1508 Nov 15 19:15 mirrors.dat
drwxr-xr-x 2 clamav clamav     4096 Oct 19 14:25 tmp/

After a clean install of clamav and clamd and completing freshclam, I have
# ll /var/lib/clamav
total 76384
-rw-r--r-- 1 clamav clamav    56876 Nov 15 16:07 bytecode.cvd
-rw-r--r-- 1 clamav clamav   693896 Nov 15 16:07 daily.cvd
-rw-r--r-- 1 clamav clamav 77453824 Nov 15 16:07 main.cld
-rw------- 1 clamav clamav      156 Nov 15 16:12 mirrors.dat
drwxr-xr-x 2 clamav clamav     4096 Jul 29 16:36 tmp/

Looks like the main.cvd file in yours shouldn't be there, although I have
no idea why it's there.

Claire, do you think we can validate this update or do you want to
dig more into why the main.cvd file is being left there.

I have seen the 'duplicate databases' message before in previous clamav versions in Mandriva so it is not unique to this release.

CC: (none) => derekjenn

So that bug, whatever it's cause, is not a regression.
Valicating the update.

Could someone from the sysadmin team push the srpm
clamav-0.97.3-1.1.mga1.src.rpm
from Core Updates Testing to Core Updates.

Advisory: This security update to clamav fixes CVE-2011-3627 where
the bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause
a denial of service (crash) via vectors related to "recursion level" and (1)
libclamav/bytecode.c and (2) libclamav/bytecode_api.c.

See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3627
for more information.

https://bugs.mageia.org/show_bug.cgi?id=3105

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Update pushed.

Status: REOPENED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED