…when your working production system stops working because a developer
decides to send you a ‘stop working code’….
Starting clamav_clamd. LibClamAV Warning: *********************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq *** LibClamAV Warning: *********************************************************** LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see www.clamav.net/eol-clamav-094 and www.clamav.net/download (length: 169) LibClamAV Error: Problem parsing database at line 742 LibClamAV Error: Can't load daily.ndb: Malformed database LibClamAV Error: cli_tgzload: Can't load daily.ndb LibClamAV Error: Can't load /var/db/clamav/daily.cld: Malformed database ERROR: Malformed database Especially when you haven't upgraded because attempting to upgrade you get: libtool: link: rm -f .libs/clamscan.nm .libs/clamscan.nmS .libs/clamscan.nmT libtool: link: (cd .libs && cc -O2 -fno-strict-aliasing -pipe -c -fno-builtin "clamscanS.c") libtool: link: rm -f ".libs/clamscanS.c" ".libs/clamscan.nm" ".libs/clamscan.nmS" ".libs/clamscan.nmT" libtool: link: cc -O2 -fno-strict-aliasing -pipe -o .libs/clamscan output.o getopt.o optparser.o actions.o misc.o clamscan.o others.o manager.o -L/usr/local/lib ../libclamav/.libs/libclamav.so -lbz2 -lz -lthr -Wl,-rpath -Wl,/usr/local/lib ../libclamav/.libs/libclamav.so: undefined reference to `gethostbyname_r' *** Error code 1 1 error *** Error code 1 1 error *** Error code 2 1 error *** Error code 1 Stop in /usr/ports/security/clamav. *** Error code 1 Stop in /usr/ports/security/clamav.
Yes I know you get what you pay for, but stop catching viruses is one thing, killing my mail system is an entirely different issue..! Upgrading the OS on a production system is something that needs planning…! (and usually means it’s time to replace the hardware completely.)
For the non-techies reading… ClamAV is a free Anti-Virus system that is written as a community project. A ‘stop working code’ is a code that is specifically designed to stop a product working (usually after a specific time period etc). In my case all my mail servers (including the big SORBS spamtrap servers) are using ClamAV to filter out viruses from the mail stream. There was quite a controversy some years ago when ClamAV decided to add an ‘anti-phishing’ filter to the software without telling anyone.. since then I amongst a lot of others have been reluctant to upgrade to every ‘point release’ due to new ‘undocumented’ features screwing with my mail system.
The latest trick by the ClamAV developers seems to be ’cause all the software to crash/shutdown’ and has been done with very little notice. I for one was in the middle of moving house today and in my ‘most important’ system have been attempting to upgrade for some time. I have been unable to date because the newer versions of the software make a call to a library function that does not exist on my system. The particular system has no ‘remote console’ so if I attempt to upgrade the OS (in Windows terms, formatting and reloading from CD) the machine will be dead to everyone unless I fly to Australia (Brisbane) and do it there myself!!!!
Anyway my message to all ClamAV users is simple.. you get what you pay for.. which means as it’s free, you get nothing of use. Trash it and switch to Sophos which will cost you money, but appears in testing to be one of the best on the market!
UPDATE: It appears from the many private comments that I received in private that my statement about ‘you get what you pay for’ were made without any substantive research, and as such I have been made aware there are a number of free AV engines that do not suffer from the ‘you get what you pay for syndrome’. So my advice and a lesson for me is do your research, companies who provide free services/utilities do have strict controls on what happens with the code and are worth considering. Of course the amusing issue is I have been providing a free service for many years in the Anti-Spam field free of charge and I don’t consider my service to be a ‘you get what you pay for’ service, perhaps I should think more carefully about things I write before I publish…! 
Thank you all for your comments!
Note to Neil Schwartzman: ( http://www.returnpath.net/blog/2010/04/clamav-and-the-case-of-the-mis.php ) talk about a mis-quote. The SORBS mail servers were not taken out by the ClamAV update, just one of the Spamtrap input servers which did not have an effect on list production, even though the server is a production server. All the servers used ClamAV, that particular server wasn’t upgraded with the rest because of the base OS compatibility issue, the other servers were running newer versions and were not affected by the ‘stop’ command. My concern was that a ‘stop’ command exists and was used with very little warning (the ‘stop’ command was issued the same day the warning was sent.)
They did give over 6 months of warning for this upgrade.
Initial announcement:
http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.html
Reminders:
http://lurker.clamav.net/message/20100107.135918.17d2f486.en.html
http://lurker.clamav.net/message/20100208.165118.43d176f5.en.html
http://lurker.clamav.net/message/20100407.141109.2a7c287b.en.html