Hi all,
I’m porting many tools used for reverse engineering and malware analysis.
Tonight I decided to attempt a port of clamav.
Please, say hello to the (probably?) first AV running on haiku
I’m very happy with the result of this porting, as this was not that easy!
I’d like to say thank you to @erysdren who gave me a lot of good suggestions tonight.
Building a recipe will not be that easy, but it possible ofcourse
Bravo! I worked with some coders about 5 years ago to try the same and failed miserably. Too many obstacles to get around and we simply gave up and walked away from the challenge.
I don’t have a list atm, sorry. I’m very interested in reverse engineering and malware analysis, so I’ll give priority to this type of software.
That said, yes I’ll try to port other security related software. Firewalls, for example, are usually deeply integrated in other OS components, so a port might be really hard, but let’s see what we can do.
Back to ClamAV:
I’ve removed all the hacks I used to build the modules and prepared a patchset file (that will be upstreamed later on). I’ve also fixed the default paths to match the Haiku ones. I’m starting to write the recipe, it might require some time tho.
~> freshclam
Creating missing database directory: /boot/system/settings/clamav/db
Assigned ownership of database directory to user “user”.
ClamAV update process started at Wed Oct 18 16:31:01 2023
daily database available for download (remote version: 27065)
WARNING: Can’t download daily.cvd from https://database.clamav.net/daily.cvd
WARNING: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
This could mean several things:
You are running an out-of-date version of ClamAV / FreshClam.
Ensure you are the most updated version by visiting ClamAVNet
Your network is explicitly denied by the FreshClam CDN.
In order to rectify this please check that you are:
a. Running an up-to-date version of FreshClam
b. Running FreshClam no more than once an hour
c. If you have checked (a) and (b), please open a ticket at Issues · Cisco-Talos/clamav · GitHub
and we will investigate why your network is blocked.
WARNING: You are on cool-down until after: 2023-10-19 16:31:01
ERROR: Database update process failed: Forbidden; Blocked by CDN
ERROR: Update failed.
Hi @Garic I don’t think that your issue is related to this Haiku port. It seems your IP is blacklisted until tomorrow. You can either change your IP and try again or use another mirror to get the current virus signature database.
I found this random ClamAV database mirror on Presearch: https://clamavdb.c3sl.ufpr.br/
It’s hosted at some regional hosting company and I can connect to it without issues,however I can’t say how reliable it is as I don’t use this mirror (or ClamAV at all) myself.
You can change the currently used mirror by editing /system/settings/clamav/freshclam.conf.
The default mirror (behind cloudflare) is: DatabaseMirror database.clamav.net
I was not aware of the cloudflare problems mentioned by @nipos (thank you for reporting), so you might want to edit the DatabaseMirror value to change mirror.
PLEASE NOTE that this is NOT related to this port. This is a CDN/IP issue.
WARNING: using random/unverified mirrors can decrease your level of security!!! Always use mirrors you trust!!!
Just a note: “ufpr.br” has been up since… “forever”. It belongs to “Universidade Federal do Paraná” on Brazil. Pretty much the biggest mirror for sourceforge.net on this side of the world too.