Sunday, November 25, 2007

Bro v1.2.1 and new ClamAV versions

As mentioned here, the version 1.2.1 stable source does not build correctly if ClamAV is installed. Bro 1.2.1 is using the cl_scannbuf function which is not exported in newer versions of ClamAV.

To work around this I edited the file so it checks for the cl_scanbuff function and does not configure ClamAV support if it is not exported by ClamAV.

In the Bro I edited the ClamAV checks to read:
# Libclamav

Then re-generated the configure file.

One possible "real fix" would be to re-write the FileAnalyzer functions to create temporary files and use cl_scanfile to scan the temporary file.

No comments: