-
Notifications
You must be signed in to change notification settings - Fork 693
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Statically link (new) libcurl into clamav for use on CentOS 7? #199
Comments
Option 1: is pretty simple to test using ClamDScan with Option 2: would require building libcurl as a static library. I'm not certain if its dependencies (there are a lot of dependency choices, but most likely: openssl, nghttp2(?), libc-ares(?), libz, libssh2) need to be static as well. I suspect not, though they must be linked into libclamav.so instead of libcurl.so. I suspect the build systems will have trouble forwarding those dependencies. But this would be the best of the 3 options. I think this is probably doable, just... needs some investigation. Option 3 (the title of this issue): cannot be done. Mickey has looked at it several times and we've loosened the requirements as much as possible. The fdpass feature is relying on a libcurl API that simply doesn't exist in the older version. |
I renamed your ticket since the original name was for Option 3, which we can't do. |
Testing |
Per our conversation yesterday, we found that if you build libcurl as a static library using CMake, then you can build ClamAV (0.104+, also using CMake) and instruct it to use libcurl's CURLConfig.cmake "exported targets" file, rather than using CMake's "FindCURL.cmake" module. You don't have to install libcurl to a system directory, you can install it wherever since it is a static library. Here are the instructions we came up with... Start with these instructions to get the clamav pre-requisites. You can skip the To build libcurl statically with mkdir build && cd build
cmake .. \
-D CMAKE_BUILD_TYPE=Release \
-D CMAKE_POSITION_INDEPENDENT_CODE=ON \
-D CMAKE_USE_OPENSSL=ON \
-D CMAKE_INSTALL_PREFIX="`$HOME`/curl-install" \
-D BUILD_SHARED_LIBS=OFF
make && make install To build clamav with the static libcurl, the notable change is adding mkdir build && cd build
cmake .. \
-D CMAKE_FIND_PACKAGE_PREFER_CONFIG=TRUE \
-D CMAKE_PREFIX_PATH=`$HOME`/curl-install
make && make install
Thanks @goshansp for doing the legwork on this to test all of this. Please correct me if I got any of the above wrong. I only did very light testing. |
@goshansp ok if I close this issue since we found a solution? |
The information above has been extremely helpful and using |
Situation
Red Hat Enterprise Linux (RHEL) and CentOS 7 are using
Libcurl=7.29
. Therefore ClamAV must be using--stream
as for--fdpass
the curl version is required to be at least 7.45. File streaming--stream
is suspected to have a significant performance disadvantage when compared to--fdpass
. This impacts performance because files will be streamed fromclamonacc
toclamd
instead of leveraging the highly efficient--fdpass
mechanism.Option 1: Neglecting Impact
--stream
be neglected?Option 2: Compile a later Libcurl into binaries?
Option 3: Loosen ClamAV Libcurl Version Constraints
Any advice will be appreciated as most our customers roll on RHEL7/Libcurl=7.29 and will be doing so for the coming years - Thank you!
The text was updated successfully, but these errors were encountered: