edwintorok at gmail
Mar 11, 2010, 6:35 AM
Post #6 of 12
On 2010-03-11 15:44, Renato Botelho wrote:
> IIRC, you can use --enable-llvm=no at ./configure to disable.
That just disables the JIT, not the interpreter.
On 2010-03-11 16:26, Tomasz Kojm wrote:
> On Thu, 11 Mar 2010 13:29:16 +0000 (GMT)
> "G.W. Haywood" <clamav-devel [at] jubileegroup> wrote:
>> Hi there,
>> On Thu, 11 Mar 2010 David F. Skoll wrote:
>>> I noticed the announcement of the bytecode interpreter in the 0.96-rc1
>>> Why do we need the bytecode interpreter? Can we disable it if we decide
>>> the cons outweigh the pros?
>> I was about to write something along these lines when Mr. Skoll's post
>> arrived. The very idea of a bytecode interpreter in ClamAV gives me
>> the creeps. It sounds like a whole bunch of vulnerabilities waiting
>> to happen.
> Due to security reasons all bytecodes need to be digitally signed,
> so no 3rd parties will be able to inject any code into your installations.
> When it comes to vulnerabilities, they will not be that critical as
> vulnerabilities in the regular code since all bytecodes can be remotely
Yes, and let me explain some of the other security features:
- bytecode can only call functions it defines itself, and a limited
ClamAV API (see libclamav/bytecode_api.h), no syscalls
- no direct access to the filesystem, it can only read the currently
scanned file (via the API), and write to a temporary file via the API
- no arbitrary memory access, bounds of all accesses must be known,
bounds checks inserted by the compiler, or libclamav itself (see
BytecodeSecurity in clamd.conf)
- although the above should be enough, there is also stack smashing
protection in the JITed code (which simply aborts the bytecode, not clamd)
>> I'd like to add my voice to those who want an easy way to
>> disable it - I can see nothing in the clamd.conf man page for 0.96-rc1
>> which offers any solace.
> As Edwin already described, you just set the "Bytecode" option to "no"
> in freshclam.conf.
>> In the same man page there are a couple of small formatting errors in
>> the bold attributes for LocalSocketGroup and LocalSocketMode.
> Thanks, this will be fixed in the next release
Please submit your patches to our Bugzilla: http://bugs.clamav.net