Add support for clamav 0.95.2

I have finish the port of code for add compatibility with the recent 0.95 version of clamav.
Many changes ... it doesn't backward compatible with Clamav 4 and 5, only compatible with Clamav 6.

Thanks,

Despite the patch compile without error by using patch php-clamavlib_0.13-1.2ubuntu1~hardy4.diff, the module actually is not functioning.

1. the arguement count in setlimits is wrong, it should receive 4 argument instead of 5 (line 478 and line 494 clamav.c)
2. I find that the cl_engine can't initiate in MINIT. I find that cl_scanfile won't work unless I initiate the engine everytime before the cl_scanfile is called (by adding cl_engine initiation code before line 417 clamav.c) but I think the module shouldn't work like this

Sorry that I'm not familiar with C and PHP module programming and I don't know how to create a patch. I'm using RHEL5 Linux with PHP 5.2.10. I tried this module under apache and PHP CLI (i.e. shell script). Thanks

Sorry that I should elaborate more on the bug I found:

For 1, it causes a Segmentation Fault if you try to call cl_setlimits in PHP
For 2. it will fail to detect a virus. I tried a virus sample "eicar_com.zip" and I believe that it won't work with other virus neither.

Thanks for the feedback. The project is pretty well abandoned, so we are
just trying to keep it going for older, but still suppported releases. The
test results I have on Ubuntu Server is that it works as long as the scan
target isn't zipped.

Hello,

I have released an other patch, but I have not submit this on the bug report.
This patch is based on the most recent version available at :
http://mentors.debian.net/debian/pool/main/p/php-clamavlib/php-clamavlib_0.13.orig.tar.gz

I have tested on PHP 5.2 with Clamav 0.95.2 and it work very well from one month without restart apache ;-)
Please test and submit your feedback on this patch.

Here is the changelog from 0.13-3 :

php-clamavlib (0.13-1.5) unstable; urgency=low

  * Fix a bug on PHP_RINIT_FUNTION that cause module crash.
  * Change return format for more compatibility with PHP.
  * Suppress warning message on compilation.
  * Remove compatibility functions (clam_scan_file, clam_get_version).
  * Move static void into PHP_FUNCTION.

 -- Argos <email address hidden> Sat, 12 Jun 2009 00:01:40 -0100

php-clamavlib (0.13-1.4) unstable; urgency=low

  * Change default db directory to /var/lib/clamav.
  * Delete unsupported parameters (maxratio and archivememlim).
  * Rename function cl_setlimits to cl_engine.
  * Implement keeptmp(CL_ENGINE_KEEPTMP) and tmpdir(CL_ENGINE_TMPDIR) parameters.
  * Add cl_debug function.
  * Porting code for libclamav6 only compatibility. (Closes: #498554)

 -- Argos <email address hidden> Sat, 12 Jun 2009 00:01:40 -0100

Sorry I have uploaded an incorrect patch, please this patch replace the precedent.

I tried the 0.13-5 patch and I got the follow error:

php: symbol lookup error: /usr/local/lib/php/extensions/no-debug-zts-20060613/clamav.so: undefined symbol: php_cl_scanfile

Once I comment this line (line 344 in clamav.c) and recompile the error got removed and it works fine!!! It even works on zip file as long as you setup a correct recursive limit. Let me know if it is a correct way to fix the problem.

I made some very minor amendment base on your patch. Sorry that I don't know how to use diff / patch so that I upload the whole clamav.c. Here are the list of changes:

1. Change CLAMAV_G(dbpath) to cl_retdbdir() in MINIT (line 166)
2. Commented php_cl_scanfile in line in cl_scanfile
3. added php clamav version and libclamav version under MINFO

Actually I tried added the number of virus signature into MINFO but failed (sorry that I'm not that familiar with C). Also I'd suggest that the dbpath should be detected by configure script but sorry that I don't know how to modify the m4...

I really appreciate you guys effort. Why don't submit this module to PECL? I think it's a very useful module and I really hope that some talent can maintain it (is it too greedy????)

try to submit the file again....

Hi,

I put the module on my Apache box for a couple of days but I found that it crash my Apache everytime the virus DB is updated (which is around 12:00pm GMT+8 HKT). I created a core dump of my Apache after the segmentation fault for your reference.

[Switching to thread 73 (process 23617)]#0 0x00002adfda0a15d7 in kill () from /lib64/libc.so.6
(gdb) bt
#0 0x00002adfda0a15d7 in kill () from /lib64/libc.so.6
#1 <signal handler called>
#2 mpool_malloc (mp=0x2aaaaaeba000, size=120) at mpool.c:447
#3 0x00002adfe1c728aa in mpool_calloc (mp=0x2aaaaaeba000, nmemb=<value optimized out>, size=<value optimized out>) at mpool.c:525
#4 0x00002adfe1c0cac7 in cli_ac_addsig (root=0x2aaaaaebc6b8, virname=0x666636c0 "Trojan.Bat.CW.C",
    hexsig=0x2aaab80ca310 "74797065207669722e746d70203e3e253120256e3425", sigid=650, parts=2, partno=2, rtype=0, type=0, mindist=0, maxdist=0, offset=0x0,
    lsigid=0x0, options=96) at matcher-ac.c:1134
#5 0x00002adfe1c123cd in cli_parse_add (root=0x2aaaaaebc6b8, virname=0x666636c0 "Trojan.Bat.CW.C",
    hexsig=0x666636d7 "406563686f206f666625435725256e3025*74797065207669722e746d70203e3e253120256e3425", rtype=<value optimized out>, type=0, offset=0x0,
    target=0 '\0', lsigid=0x0, options=96) at readdb.c:240
#6 0x00002adfe1c14ecd in cli_loaddb (fs=0x0, engine=0x60f4b90, signo=0x2adfe1bf0850, options=96, dbio=0x66667800, dbname=0x66667a30 "main.db")
    at readdb.c:455
#7 0x00002adfe1c15014 in cli_load (filename=0x66667a30 "main.db", engine=0x60f4b90, signo=0x2adfe1bf0850, options=96, dbio=0x66667800) at readdb.c:1563
#8 0x00002adfe1c16dfc in cli_cvdload (fs=<value optimized out>, engine=0x60f4b90, signo=0x2adfe1bf0850, daily=<value optimized out>,
    options=<value optimized out>, cld=<value optimized out>) at cvd.c:291
#9 0x00002adfe1c150e8 in cli_load (filename=0x95994a0 "/var/clamav/main.cvd", engine=0x60f4b90, signo=0x2adfe1bf0850, options=32, dbio=0x0)
    at readdb.c:1492
#10 0x00002adfe1c15b77 in cl_load (path=0x2adfe1c89b58 "/var/clamav", engine=0x60f4b90, signo=0x2adfe1bf0850, dboptions=32) at readdb.c:1662
#11 0x00002adfe19eec8f in zm_activate_clamav (type=<value optimized out>, module_number=<value optimized out>, tsrm_ls=<value optimized out>)
    at /usr/local/src/php-clamavlib-0.13/clamav.c:286
#12 0x00002adfdba982ff in module_registry_request_startup (module=0x5fe9a30, tsrm_ls=0x2aaa0000000e) at /usr/local/src/php-5.2.6/Zend/zend_API.c:1957
#13 0x00002adfdba9f508 in zend_hash_apply (ht=0x2adfdc02ec60, apply_func=0x2adfdba982e0 <module_registry_request_startup>, tsrm_ls=0x99807a0)
    at /usr/local/src/php-5.2.6/Zend/zend_hash.c:673
#14 0x00002adfdba4ac28 in php_request_startup (tsrm_ls=0x99807a0) at /usr/local/src/php-5.2.6/main/main.c:1301
#15 0x00002adfdbb1c615 in php_handler (r=0xe5305f8) at /usr/local/src/php-5.2.6/sapi/apache2handler/sapi_apache2.c:580
#16 0x000000000043c5ea in ap_run_handler (r=0xe5305f8) at config.c:157
#17 0x000000000043f82c in ap_invoke_handler (r=0xe5305f8) at config.c:372
#18 0x0000000000466ac8 in ap_process_request (r=0xe5305f8) at http_request.c:258
#19 0x0000000000463ecc in ap_process_http_connection (c=0x70860f0) at http_core.c:190
#20 0x0000000000443442 in ap_run_proc...

I'll try to check this out this weekend.

Please file this as a new bug against apache.

Hi,

I don't have the time for add your proposition for the moment Amiroot.
I propose to create a sourceforge project for php-clamavlib, I'll reply when I did that.

After all people contribute on a central location and not on a launchpad bug post.

Bye,

So happy that this module attract loads of attention and willing to devote time to the development and debug. I got some additional information and hope that it is helpful for the debug.

1. I'm using CentOS Linux 5.3, apache 2.2.9, PHP 5.2.6. My Clamav 0.95.2 is installed by rpm pachakge (http://packages.sw.be/clamav/)
2. My apache is compiled to use worker MPM, which is a thread base MPM. The PHP is compiled with apache2handle and using LoadModule (mod_so) to load into apache.
3. The crash happen at SHARP 12:00pm GMT+8 (HKT), at that time the daily.cld is being updated. It happen once and only once everyday and it will resume if you restart the apache
4. The crash won't kill the apache but it all threads will be killed by segmentation fault while new thread is created in the time being.
5. No special config for clamav module in php.ini

php4-clamavlib and php5-clamavlib with clamav 0.95.2 are in -backports on Dapper (php4/php5) and Hardy (php5). Please test these packages and update the bugreport.

Test especially with .zip files with maxreclevel set to > 0 in /etc/php*/*/php.ini. It should look something like this at the end (after installing the above packages):

extension=clamav.so
[clamav]
clamav.dbpath="/var/lib/clamav"
clamav.maxreclevel=1
clamav.maxfiles=0
clamav.archivememlim=0
clamav.maxfilesize=0

Thanks.

Hello,

I have create a project named php-clamav on sourceforge (php-clamav is a fork of php-clamavlib based on last 0.13 available on Debian).
Please, I encourage you to help me in this project so that we make this plugin more life.
Join me on sourceforge project tracker.

Bye and thanks,

For the bug of maxreclevel parameter, it seem to be fixed in the next release 0.95.3.
Look at this URL for more information : https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1650

Sorry, I don't have tested your package Gergely (because I'm on Karmic and I pre).

But I have release a new version on SVN (http://sourceforge.net/projects/php-clamav/).
I have add some versions information to phpinfo() view from Amiroot code's and finalize the fork because the original author's of php-clamavlib don't respond at email and don't maintain this extension from 2007.

I will look at PECL for add this extension when we have finish to debug the current version that seem to be stable for me.
I need builder for RPM packages on 32 and 64 bits platform.

Thanks for your help.