Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecated option DetectBrokenExecutables on clamav 0.101 #62

Open
pirxthepilot opened this issue Jan 26, 2019 · 5 comments
Open

Deprecated option DetectBrokenExecutables on clamav 0.101 #62

pirxthepilot opened this issue Jan 26, 2019 · 5 comments

Comments

@pirxthepilot
Copy link

Hello, got this warning on CentOS 7 with clamd 0.101:

WARNING: Ignoring deprecated option DetectBrokenExecutables at /etc/clamd.d/scan.conf

Not a big deal but would be nice to fix in future releases :) Thanks!
@pirxthepilot
Copy link
Author

pirxthepilot commented Jan 26, 2019
edited

It looks like there are a bunch of deprecated options (or rather, the options got renamed) in 0.101:
https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html

I'm only getting the warning for DetectBrokenExecutables, though. I'm planning to submit a PR with just that option removed from default, but I'm wondering if I should remove the other renamed options from default as well. Thoughts, @edestecd ?

@edestecd
Copy link
Owner

Sure if you check for the version of clamav and switch the options...

Or we can cut a new release and explicitly only support the newer version.
Is this true in other supported OSs (ubuntu)

@pirxthepilot
Copy link
Author

Don't have a test Ubuntu instance atm, but looks like it's still on 0.100 at the latest https://packages.ubuntu.com/search?keywords=clamav

I surveyed the default values in clamd itself vs puppet-clamav and all options that do exist in the latter sync up with the former:

Old name New name clamd default puppet-clamav default
AlgorithmicDetection HeuristicAlerts yes yes
DetectBrokenExecutables AlertBrokenExecutables no no
PhishingAlwaysBlockCloak AlertPhishingCloak no no
PhishingAlwaysBlockSSLMismatch AlertPhishingSSLMismatch no no
PartitionIntersection AlertPartitionIntersection no Not in default options
BlockMax AlertExceedsMax no Not in default options
OLE2BlockMacros AlertOLE2Macros no no
ArchiveBlockEncrypted AlertEncrypted no no
AlertEncryptedArchive no Not in default options
AlertEncryptedDoc no Not in default options

I think the cleanest and easiest way is to just remove these from $clamd_default_options.

@pirxthepilot pirxthepilot mentioned this issue Feb 22, 2019
Open
@edestecd
Copy link
Owner

We can trim the defaults down if you like. Just as a reminder you can sent any of them to undef and they will be removed.

@ZaxLofful
Copy link

This is still active in the latest versions. It also still forcibly uses a PID file, which is not needed in most modern Linux kernels. Can we get rid of that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@edestecd @pirxthepilot @ZaxLofful