Don’t you just love it….

…when your working production system stops working because a developer
decides to send you a ‘stop working code’….

Starting clamav_clamd.
LibClamAV Warning:
***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is
outdated.     ***
LibClamAV Warning: *** DON'T PANIC! Read
http://www.clamav.net/support/faq ***
LibClamAV Warning:
***********************************************************
LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version
has reached End of Life! Please upgrade to version 0.95 or later. For
more information see  www.clamav.net/eol-clamav-094 and
www.clamav.net/download (length: 169)
LibClamAV Error: Problem parsing database at line 742
LibClamAV Error: Can't load daily.ndb: Malformed database
LibClamAV Error: cli_tgzload: Can't load daily.ndb
LibClamAV Error: Can't load /var/db/clamav/daily.cld: Malformed database
ERROR: Malformed database

Especially when you haven't upgraded because attempting to upgrade you get:

libtool: link: rm -f .libs/clamscan.nm .libs/clamscan.nmS .libs/clamscan.nmT
libtool: link: (cd .libs && cc -O2 -fno-strict-aliasing -pipe -c
-fno-builtin "clamscanS.c")
libtool: link: rm -f ".libs/clamscanS.c" ".libs/clamscan.nm"
".libs/clamscan.nmS" ".libs/clamscan.nmT"
libtool: link: cc -O2 -fno-strict-aliasing -pipe -o .libs/clamscan
output.o getopt.o optparser.o actions.o misc.o clamscan.o others.o
manager.o  -L/usr/local/lib ../libclamav/.libs/libclamav.so -lbz2 -lz
-lthr -Wl,-rpath -Wl,/usr/local/lib
../libclamav/.libs/libclamav.so: undefined reference to `gethostbyname_r'
*** Error code 1
1 error
*** Error code 1
1 error
*** Error code 2
1 error
*** Error code 1

Stop in /usr/ports/security/clamav.
*** Error code 1

Stop in /usr/ports/security/clamav.

Yes I know you get what you pay for, but stop catching viruses is one thing, killing my mail system is an entirely different issue..! Upgrading the OS on a production system is something that needs planning…! (and usually means it’s time to replace the hardware completely.)

For the non-techies reading… ClamAV is a free Anti-Virus system that is written as a community project. A ‘stop working code’ is a code that is specifically designed to stop a product working (usually after a specific time period etc). In my case all my mail servers (including the big SORBS spamtrap servers) are using ClamAV to filter out viruses from the mail stream. There was quite a controversy some years ago when ClamAV decided to add an ‘anti-phishing’ filter to the software without telling anyone.. since then I amongst a lot of others have been reluctant to upgrade to every ‘point release’ due to new ‘undocumented’ features screwing with my mail system.

The latest trick by the ClamAV developers seems to be ’cause all the software to crash/shutdown’ and has been done with very little notice. I for one was in the middle of moving house today and in my ‘most important’ system have been attempting to upgrade for some time. I have been unable to date because the newer versions of the software make a call to a library function that does not exist on my system. The particular system has no ‘remote console’ so if I attempt to upgrade the OS (in Windows terms, formatting and reloading from CD) the machine will be dead to everyone unless I fly to Australia (Brisbane) and do it there myself!!!!

Anyway my message to all ClamAV users is simple.. you get what you pay for.. which means as it’s free, you get nothing of use. Trash it and switch to Sophos which will cost you money, but appears in testing to be one of the best on the market!

UPDATE: It appears from the many private comments that I received in private that my statement about ‘you get what you pay for’ were made without any substantive research, and as such I have been made aware there are a number of free AV engines that do not suffer from the ‘you get what you pay for syndrome’. So my advice and a lesson for me is do your research, companies who provide free services/utilities do have strict controls on what happens with the code and are worth considering.