As mentioned here, the version 1.2.1 stable source does not build correctly if ClamAV is installed. Bro 1.2.1 is using the cl_scannbuf function which is not exported in newer versions of ClamAV.
To work around this I edited the configure.in file so it checks for the cl_scanbuff function and does not configure ClamAV support if it is not exported by ClamAV.
In the Bro configure.in I edited the ClamAV checks to read:
# Libclamav
have_libclamav=Yes
AC_CHECK_HEADERS([clamav.h],,have_libclamav=No)
AC_CHECK_LIB(clamav,cl_scanbuff,,have_libclamav=No)
#AC_CHECK_LIB(clamav,cl_retdbdir,,have_libclamav=No)
Then re-generated the configure file.
One possible "real fix" would be to re-write the FileAnalyzer functions to create temporary files and use cl_scanfile to scan the temporary file.
No comments:
Post a Comment