clamav @0.102.0 does not build on PPC Tiger, Mac Os X 10.4.11, because of "fatal error: Security/SecRequirement.h: No such file or directory"

[ballapete (Peter "Pete" Dyballa)]

/bin/sh ../libtool  --tag CXX  --mode=compile /opt/local/bin/gcc-mp-6 -DHAVE_CONFIG_H -DCL_NOTHREADS -I. -I.. -I../libclammspack  -I.. -I../shared -I../libclamav -I/opt/local/include -I/opt/local/include  -I/opt/local/include -I/opt/local/include -I/opt/local/include/json-c -I/opt/local/include -I/opt/local/include -I/opt/local/include -I/opt/local/include  -pipe -Os -arch ppc -MT cert_util_mac.lo -MD -MP -MF .deps/cert_util_mac.Tpo -c -o cert_util_mac.lo `test -f '../shared/mac/cert_util_mac.m' || echo './'`../shared/mac/cert_util_mac.m
libtool: compile:  /opt/local/bin/gcc-mp-6 -DHAVE_CONFIG_H -DCL_NOTHREADS -I. -I.. -I../libclammspack -I.. -I../shared -I../libclamav -I/opt/local/include -I/opt/local/include -I/opt/local/include -I/opt/local/include -I/opt/local/include/json-c -I/opt/local/include -I/opt/local/include -I/opt/local/include -I/opt/local/include -pipe -Os -arch ppc -MT cert_util_mac.lo -MD -MP -MF .deps/cert_util_mac.Tpo -c ../shared/mac/cert_util_mac.m  -fno-common -DPIC -o .libs/cert_util_mac.o
../shared/mac/cert_util_mac.m:24:36: fatal error: Security/SecRequirement.h: No such file or directory
 #import <Security/SecRequirement.h>
                                    ^
compilation terminated.
make[2]: *** [cert_util_mac.lo] Error 1
make[2]: Leaving directory `/opt/local/var/macports/build/_opt_local_var_macports_sources_lil.fr.rsync.macports.org_release_tarballs_ports_sysutils_clamav/clamav/work/clamav-0.102.0/libfreshclam'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/opt/local/var/macports/build/_opt_local_var_macports_sources_lil.fr.rsync.macports.org_release_tarballs_ports_sysutils_clamav/clamav/work/clamav-0.102.0'
make: *** [all] Error 2
make: Leaving directory `/opt/local/var/macports/build/_opt_local_var_macports_sources_lil.fr.rsync.macports.org_release_tarballs_ports_sysutils_clamav/clamav/work/clamav-0.102.0'

Compilation with GCC 4.2 fails as usual, compilation with GCC 6 now fails because of a missing header file.

[ballapete (Peter "Pete" Dyballa)]

Main.log from PPC Tiger

[kencu (Ken)]

Hey Peter. When did it last build on Tiger? Can you see what has changed since then? Looks like they are calling in some non-Tiger API now. Can you find a way to turn it off and use something Tiger has?

The maintainer is not going to be of any use here I'm afraid; if you want it on Tiger you will have to be part of the solution, but we (I) can help guide you.

[kencu (Ken)]

Peter, try adding this block to the Portfile, just above test.run yes. It passes all the tests for me on 10.6.8.

# use linux version of openssl cert util on systems < 10.7 
# that don't support the macOS version
# ./shared/linux/cert_util_linux.c -> ./shared/mac/cert_util_mac.m
post-extract {
 if { ${os.platform} eq "darwin" && ${os.major} < 11 } {
    ui_msg "replacing mac security with linux security"
    delete ${worksrcpath}/shared/mac/cert_util_mac.m
    copy ${worksrcpath}/shared/linux/cert_util_linux.c \
         ${worksrcpath}/shared/mac/cert_util_mac.m
  }
}

[ballapete (Peter "Pete" Dyballa)]

Replying to kencu:

Ken, this worked! Although I think clamav built on PPC Leopard, Mac OS X 10.5.8, without additional patches… (but I'll check and report back)

[ballapete (Peter "Pete" Dyballa)]

On Leopard I had ClamAV already configured, but it was not installed yet! And to build and install clamav it needs GCC 6 and your additional patch.

[kencu (Ken)]

Great! I am not surprised, as the certificate handling in the new file is 10.7+.

Peter, given your WWW skills which I do not have, are you able to tell me if the linux certificate code does the right thing? It compiles fine -- but how to test that it works?

[ballapete (Peter "Pete" Dyballa)]

Replying to kencu:

My test is simple, and in two steps. Sttep 1:

root 276 /\ pd +1
/Users/pete ~ 
root 277 /\ freshclam -v --show-progress
ClamAV update process started at Sun Oct  6 10:07:02 2019
Current working dir is /usr/local/clamXav/share/clamav/
Current working dir restored to /Users/pete
Querying current.cvd.clamav.net
TTL: 1280
fc_dns_query_update_info: Software version from DNS: 0.101.4
Current working dir is /usr/local/clamXav/share/clamav/
check_for_new_database_version: Local copy of daily found: daily.cld.
query_remote_database_version: daily.cvd version from DNS: 25593
daily.cld database is up to date (version: 25593, sigs: 1797565, f-level: 63, builder: raynman)
fc_update_database: daily.cld already up-to-date.
Current working dir restored to /Users/pete
Current working dir is /usr/local/clamXav/share/clamav/
check_for_new_database_version: Local copy of main found: main.cvd.
query_remote_database_version: main.cvd version from DNS: 58
main.cvd database is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
fc_update_database: main.cvd already up-to-date.
Current working dir restored to /Users/pete
Current working dir is /usr/local/clamXav/share/clamav/
check_for_new_database_version: Local copy of bytecode found: bytecode.cld.
query_remote_database_version: bytecode.cvd version from DNS: 331
bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
fc_update_database: bytecode.cld already up-to-date.
Current working dir restored to /Users/pete

Step 2 is to use the ancient ClamXav software to check for updates. It uses its own ancient version 0.97.8 of ClamAV. If it reports that no updates are available then the update by freshclam had worked. This is also reported in /usr/local/clamXav/share/clamav/freshclam.log.

ClamAV 0.102 is different than the other versions: it cannot run from root's home directory, because it gives other users from ordinary groups no permissions (drwxr-x--- 35 root wheel). A second difference is that freshclam used *patching* to modify the viruses DB. On PPC Leopard this did not happen. So I presume that freshclam dust not trust the server, i.e., it does not use the cerificate tools.

Besides this a make check from the build directory did succeed. (BTW, I am using ClamAV as subsitute of ClamXav.)

[ballapete (Peter "Pete" Dyballa)]

I tried a new test, after some reading:

Retrieving https://database.clamav.net/daily-25594.cdiff
downloadFile: Download source:      https://database.clamav.net/daily-25594.cdiff
downloadFile: Download destination: ./clamav-949a3a82f6683a042dfaf2821215661c.tmp
*   Trying 2606:4700::6810:da54:443...
* TCP_NODELAY set
* Connected to database.clamav.net (2606:4700::6810:da54) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /opt/local/share/curl/curl-ca-bundle.crt
  CApath: none
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=ssl392509.cloudflaressl.com
*  start date: Aug 24 00:00:00 2019 GMT
*  expire date: Mar  1 23:59:59 2020 GMT
*  subjectAltName: host "database.clamav.net" matched cert's "*.clamav.net"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x380c600)
> GET /daily-25594.cdiff HTTP/2
Host: database.clamav.net
User-Agent: ClamAV/0.102.0 (OS: darwin9.8.0, ARCH: ppc, CPU: powerpc)
Accept: */*
Connection: close

* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200 
< date: Sun, 06 Oct 2019 13:15:21 GMT
< content-type: application/octet-stream
< content-length: 38996
< set-cookie: __cfduid=d36a7566c5035a396545ad295847438c01570367721; expires=Mon, 05-Oct-20 13:15:21 GMT; path=/; domain=.clamav.net; HttpOnly
< last-modified: Sun, 06 Oct 2019 08:32:00 GMT
< etag: "5d99a680-9854"
< expires: Mon, 05 Oct 2020 12:52:10 GMT
< cache-control: public, max-age=31534609
< cf-cache-status: HIT
< age: 808
< accept-ranges: bytes
< strict-transport-security: max-age=15552000
< x-content-type-options: nosniff
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
< cf-ray: 5217e751b95672e1-AMS
< 
Time: 0.5s, ETA; 0.0s [=======================================>] 0.04KiB/0.04KiB  
* Connection #0 to host database.clamav.net left intact
cdiff_apply: Parsed 1513 lines and executed 1513 commands
updatedb: Running g_cb_download_complete callback...
download_complete_callback: Download complete for database : /usr/local/clamXav/share/clamav/tmp/clamav-d5a52c89142dfeff34275a14e0f6694d.tmp-daily.cld
download_complete_callback:   fc_context->bTestDatabases   : 1
download_complete_callback:   fc_context->bBytecodeEnabled : 1
Testing database: '/usr/local/clamXav/share/clamav/tmp/clamav-d5a52c89142dfeff34275a14e0f6694d.tmp-daily.cld' ...
Loading signatures from /usr/local/clamXav/share/clamav/tmp/clamav-d5a52c89142dfeff34275a14e0f6694d.tmp-daily.cld
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^ *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$
LibClamAV debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: in cli_cvdload()
LibClamAV debug: in cli_tgzload()
LibClamAV debug: daily.info loaded
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV debug: in cli_tgzload()
LibClamAV debug: daily.cfg loaded
LibClamAV debug: daily.cdb loaded
LibClamAV debug: cli_loadcrt: subject: 4a532974c46ae5048824c6da8cfb8e163705b693
LibClamAV debug: cli_loadcrt: public key: ABCAC1194D5A2DDB91CD71AA7464BEE3EF5CFF333343EFFDA9A43DD193BEDEDD3276FBEF27DD41E3C86D2A44670388D6DB3FDE36F3EE1F96DEA1304CEB49E7355CD0C2AB5A9DA2A599155AE9D3787B5413CB00C0CBBC02AF8A0FF2EF8DE3CFF39F1CB6B001933A0D8FC9ED17C21BC27FFDD85BB0D7960BC7B863722B2503CCEDA1991ACF429908C3DA06DE4D59E399616F7E71269C27041B0425B9209167E1471911222C501D9322646BCFB0DE921542A611476A2E0CB60AA356A7CBE23BC127B8B20062996266539ACF4BD4042CF088E75E61BFFF2AB3FEA4BB5AF8B0D7198CEF14F60BA4F5FECB181D2566125E2854FD8DD65FD7AE665AF723077A5A5F8695
LibClamAV debug: cli_loadcrt: subject: 9a02278e9cb12876c47ab0bc75dd694e72d1b2bc
LibClamAV debug: cli_loadcrt: public key: 00d62b587861458653ea347b519cedb0e62e180efee05fa827d3b4c9e07c594e160e735460c17ff69f2ee93a8524153cdb470463c39ec4941a5adf4c7af3d9431d3c107a7925db90fef051e730d64100fd9f28df79be94bb9db614e32385d7a941e04ca479b02b1a8bf2f83b8a3e45ac719200b4904198fb5fedfab72e8af88837
LibClamAV debug: cli_loadcrt: subject: 113bd86beddebcd4c5f10aa07ab2026b982f4b92
LibClamAV debug: cli_loadcrt: public key: 00f35dfa8067d45aa7a90c2c9020d035083c7584cdb707899c89dadecec360fa91685a9e94712918767cc2e0c82576940e58fa043436e6dfaff780bae9580b2b93e59d05e3772291f734643c22911d5ee10990bc14fefc755819e179b70792a3ae885908d89f07ca0358fc68296d32d7d2a8cb4bfce10b48324fe6ebb8ad4fe45c6f139499db95d575dba81ab79491b4775bf5480c8f6a797d1470047d6daf90f5da70d847b7bf9b2f6ce705b7e11160ac7991147cc5d6a6e4e17ed5c37ee592d23c00b53682de79e16df3b56ef89f33c9cb527d739836db8ba16ba295979ba3dec24d26ff0696672506c8e7ace4ee1233953199c835084e34ca7953d5b5be6332594036c0a54e044d3ddb5b0733e458bfef3f5364d842593557fd0f457c24044d9ed6387411972290ce684474926fd54b6fb086e3c73642a0d0fcc1c05af9a361b9304771960a16b091c04295ef107f286ae32a1fb1e4cd033f777104c720fc490f1d4588a4d7cb7e88ad8e2dec45dbc45104c92afcec869e9a11975bdece5388e6e2b7fdac95c22840dbef0490df813339d9b245a5238706a5558931bb062d600e41187d1f2eb597cb11eb15d524a594ef151489fd4b73fa325bfcd13300f95962700732ea2eab402d7bcadd21671b30998f16aa23a841d1b06e119b36c4de40749ce15865c1601e7a5LibClamAV debug: cli_loadcrt: subject: adf79877065ef305eb95b56dbca9e63e9ab40d3b
LibClamAV debug: cli_loadcrt: public key: a902bdc170e63bf24e1b289f97785e30eaa2a98d255ff8fe954ca3b7fe9da2203e7c51a29ba28f60326bd1426479eeac76c954daf2eb9c861c8f9f8466b3c56b7a6223d61d3cde0f0192e896c4bf2d669a9a682699d03a2cbf0cb55826c146e70a3e38962ca92839a8ec498342e3840fbb9a6c5561ac827ca1602d774ce999b4643b9a501c310824149fa9e7912b18e63d986314605805659f1d375287f7a7ef9402c61bd3bf5545b38980bf3aec54944eaefda77a6d744eaf18cc96092821005790606937bb4b12073c56ff5bfba4660a08a6d2815657efb63b5e16817704daf6beae8095feb0cd7fd6a71a725c3ccabcf008a32230b30685c9b320771385df
LibClamAV debug: Number of certs: 4

which shows that certificates are used.

[ballapete (Peter "Pete" Dyballa)]

On macOS 10.13.6, High Sierra (the latest that supports my eight year old MacBook Pro), I can see much more certificate use:

Retrieving https://database.clamav.net/daily-25594.cdiff
downloadFile: Download source:      https://database.clamav.net/daily-25594.cdiff
downloadFile: Download destination: ./clamav-086c73960eb28bc58473b7a0df4cfe99.tmp
*   Trying 104.16.218.84:443...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.218.84) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /opt/local/share/curl/curl-ca-bundle.crt
  CApath: none
Found 162 certificates from system root keychain
Found 4 certificates from system keychain
Found system root trusted certificate O=Entrust.net; OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.); OU=(c) 1999 Entrust.net Limited; CN=Entrust.net Certification Authority (2048)
Found system root trusted certificate C=ES; ST=Barcelona; L=Barcelona (see current address at http://www.anf.es/es/address-direccion.html ); O=ANF Autoridad de Certificacion; OU=ANF Clase 1 CA; emailAddress=info@anf.es; serialNumber=G63287510; CN=ANF Global Root CA
Found system root trusted certificate C=IT; L=Milan; O=Actalis S.p.A./03358520967; CN=Actalis Authentication Root CA
Found system root trusted certificate C=SE; O=AddTrust AB; OU=AddTrust TTP Network; CN=AddTrust Class 1 CA Root
Found system root trusted certificate C=SE; O=AddTrust AB; OU=AddTrust External TTP Network; CN=AddTrust External CA Root
Found system root trusted certificate C=US; O=AffirmTrust; CN=AffirmTrust Commercial
Found system root trusted certificate C=US; O=AffirmTrust; CN=AffirmTrust Networking
Found system root trusted certificate C=US; O=AffirmTrust; CN=AffirmTrust Premium ECC
Found system root trusted certificate C=US; O=AffirmTrust; CN=AffirmTrust Premium
Found system root trusted certificate C=US; O=Amazon; CN=Amazon Root CA 1
Found system root trusted certificate C=US; O=Amazon; CN=Amazon Root CA 2
Found system root trusted certificate C=US; O=Amazon; CN=Amazon Root CA 3
Found system root trusted certificate C=US; O=Amazon; CN=Amazon Root CA 4
Found system root trusted certificate CN=Apple Root CA - G2; OU=Apple Certification Authority; O=Apple Inc.; C=US
Found system root trusted certificate CN=Apple Root CA - G3; OU=Apple Certification Authority; O=Apple Inc.; C=US
Found system root trusted certificate CN=Developer ID Certification Authority; OU=Apple Certification Authority; O=Apple Inc.; C=US
Found system root trusted certificate C=US; O=Apple Inc.; OU=Apple Certification Authority; CN=Apple Root CA
Found system root trusted certificate C=US; O=Apple Computer, Inc.; OU=Apple Computer Certificate Authority; CN=Apple Root Certificate Authority
Found system root trusted certificate CN=Atos TrustedRoot 2011; O=Atos; C=DE
Found system root trusted certificate CN=Autoridad de Certificacion Raiz del Estado Venezolano; C=VE; L=Caracas; ST=Distrito Capital; O=Sistema Nacional de Certificacion Electronica; OU=Superintendencia de Servicios de Certificacion Electronica; emailAddress=acraiz@suscerte.gob.ve
Found system root trusted certificate C=ch; O=admin; OU=Services; OU=Certification Authorities; CN=Admin-Root-CA
Found system root trusted certificate C=IE; O=Baltimore; OU=CyberTrust; CN=Baltimore CyberTrust Root
Found system root trusted certificate C=NO; O=Buypass AS-983163327; CN=Buypass Class 2 Root CA
Found system root trusted certificate C=NO; O=Buypass AS-983163327; CN=Buypass Class 3 Root CA
Found system root trusted certificate C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=(c) 1999 VeriSign, Inc. - For authorized use only; CN=VeriSign Class 1 Public Primary Certification Authority - G3
Found system root trusted certificate C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=(c) 1999 VeriSign, Inc. - For authorized use only; CN=VeriSign Class 2 Public Primary Certification Authority - G3
Found system root trusted certificate C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=(c) 1999 VeriSign, Inc. - For authorized use only; CN=VeriSign Class 3 Public Primary Certification Authority - G3
Found system root trusted certificate C=SK; L=Bratislava; O=Disig a.s.; CN=CA Disig Root R1
Found system root trusted certificate C=SK; L=Bratislava; O=Disig a.s.; CN=CA Disig Root R2
Found system root trusted certificate C=CN; O=China Financial Certification Authority; CN=CFCA EV ROOT
Found system root trusted certificate C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO Certification Authority
Found system root trusted certificate C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Certification Authority
Found system root trusted certificate C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Certification Authority
Found system root trusted certificate C=FR; O=Certplus; CN=Certplus Root CA G1
Found system root trusted certificate C=FR; O=Certplus; CN=Certplus Root CA G2
Found system root trusted certificate C=FR; O=Dhimyotis; CN=Certigna
Found system root trusted certificate C=FR; O=Certinomis; OU=0002 433998903; CN=Certinomis - Root CA
Found system root trusted certificate C=FR; O=Certinomis; OU=0002 433998903; CN=Certinomis - Autorit? Racine
Found system root trusted certificate C=PL; O=Unizeto Technologies S.A.; OU=Certum Certification Authority; CN=Certum Trusted Network CA 2
Found system root trusted certificate C=TW; O=Chunghwa Telecom Co., Ltd.; OU=ePKI Root Certification Authority
Found system root trusted certificate CN=ComSign CA; O=ComSign; C=IL
Found system root trusted certificate CN=ComSign Global Root CA; O=ComSign Ltd.; C=IL
Found system root trusted certificate CN=ComSign Secured CA; O=ComSign; C=IL
Found system root trusted certificate C=GB; ST=Greater Manchester; L=Salford; O=Comodo CA Limited; CN=AAA Certificate Services
Found system root trusted certificate C=DE; O=D-Trust GmbH; CN=D-TRUST Root Class 3 CA 2 2009
Found system root trusted certificate C=DE; O=D-Trust GmbH; CN=D-TRUST Root Class 3 CA 2 EV 2009
Found system root trusted certificate O=Digital Signature Trust Co.; CN=DST Root CA X4
Found system root trusted certificate C=DE; O=D-Trust GmbH; CN=D-TRUST Root CA 3 2013
Found system root trusted certificate C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Assured ID Root CA
Found system root trusted certificate C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Assured ID Root G2
Found system root trusted certificate C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Assured ID Root G3
Found system root trusted certificate C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Global Root CA
Found system root trusted certificate C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Global Root G2
Found system root trusted certificate C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Global Root G3
Found system root trusted certificate C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance EV Root CA
Found system root trusted certificate C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Trusted Root G4
Found system root trusted certificate C=TR; L=Ankara; O=E-Tu\U011Fra EBG Bili\U015Fim Teknolojileri ve Hizmetleri A.\U015E.; OU=E-Tugra Sertifikasyon Merkezi; CN=E-Tugra Certification Authority
Found system root trusted certificate C=CA; ST=Ontario; L=Toronto; O=Echoworx Corporation; OU=Certification Services; CN=Echoworx Root CA2
Found system root trusted certificate C=US; O=Entrust, Inc.; OU=www.entrust.net/CPS is incorporated by reference; OU=(c) 2006 Entrust, Inc.; CN=Entrust Root Certification Authority
Found system root trusted certificate C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust Root Certification Authority - EC1
Found system root trusted certificate C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2009 Entrust, Inc. - for authorized use only; CN=Entrust Root Certification Authority - G2
Found system root trusted certificate C=US; O=U.S. Government; OU=FPKI; CN=Federal Common Policy CA
Found system root trusted certificate C=ES; CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
Found system root trusted certificate C=US; O=The Go Daddy Group, Inc.; OU=Go Daddy Class 2 Certification Authority
Found system root trusted certificate C=US; O=GeoTrust Inc.; OU=(c) 2007 GeoTrust Inc. - For authorized use only; CN=GeoTrust Primary Certification Authority - G2
Found system root trusted certificate C=US; O=GeoTrust Inc.; OU=(c) 2008 GeoTrust Inc. - For authorized use only; CN=GeoTrust Primary Certification Authority - G3
Found system root trusted certificate C=US; O=GeoTrust Inc.; CN=GeoTrust Global CA
Found system root trusted certificate OU=GlobalSign Root CA - R3; O=GlobalSign; CN=GlobalSign
Found system root trusted certificate C=BE; O=GlobalSign nv-sa; OU=Root CA; CN=GlobalSign Root CA
Found system root trusted certificate OU=GlobalSign ECC Root CA - R4; O=GlobalSign; CN=GlobalSign
Found system root trusted certificate OU=GlobalSign ECC Root CA - R5; O=GlobalSign; CN=GlobalSign
Found system root trusted certificate OU=GlobalSign Root CA - R2; O=GlobalSign; CN=GlobalSign
Found system root trusted certificate C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; CN=Go Daddy Root Certificate Authority - G2
Found system root trusted certificate C=CH; O=SwissSign AG; CN=SwissSign Gold Root CA - G3
Found system root trusted certificate C=HK; O=Hongkong Post; CN=Hongkong Post Root CA 1
Found system root trusted certificate C=GR; O=Hellenic Academic and Research Institutions Cert. Authority; CN=Hellenic Academic and Research Institutions RootCA 2011
Found system root trusted certificate C=US; O=IdenTrust; CN=IdenTrust Commercial Root CA 1
Found system root trusted certificate C=US; O=IdenTrust; CN=IdenTrust Public Sector Root CA 1
Found system root trusted certificate O=Digital Signature Trust Co.; CN=DST Root CA X3
Found system root trusted certificate C=ES; O=IZENPE S.A.; CN=Izenpe.com
Found system root trusted certificate C=ES; O=IZENPE S.A.; CN=Izenpe.com
Found system root trusted certificate C=JP; O=Japanese Government; OU=GPKI; CN=ApplicationCA2 Root
Found system root trusted certificate C=PL; O=Krajowa Izba Rozliczeniowa S.A.; CN=SZAFIR ROOT CA
Found system root trusted certificate C=HU; L=Budapest; O=Microsec Ltd.; CN=Microsec e-Szigno Root CA 2009; emailAddress=info@e-szigno.hu
Found system root trusted certificate C=HU; L=Budapest; O=NetLock Kft.; OU=Tan?s?tv?nykiad?k (Certification Services); CN=NetLock Arany (Class Gold) F\U0151tan?s?tv?ny
Found system root trusted certificate C=US; O=Network Solutions L.L.C.; CN=Network Solutions Certificate Authority
Found system root trusted certificate C=FR; O=OpenTrust; CN=OpenTrust Root CA G1
Found system root trusted certificate C=FR; O=OpenTrust; CN=OpenTrust Root CA G2
Found system root trusted certificate C=FR; O=OpenTrust; CN=OpenTrust Root CA G3
Found system root trusted certificate C=NL; O=Staat der Nederlanden; CN=Staat der Nederlanden Root CA - G3
Found system root trusted certificate C=CH; O=SwissSign AG; CN=SwissSign Platinum Root CA - G3
Found system root trusted certificate C=PL; O=Unizeto Technologies S.A.; OU=Certum Certification Authority; CN=Certum Trusted Network CA
Found system root trusted certificate C=EU; O=AC Camerfirma SA CIF A82743287; OU=http://www.chambersign.org; CN=Chambers of Commerce Root
Found system root trusted certificate C=EU; O=AC Camerfirma SA CIF A82743287; OU=http://www.chambersign.org; CN=Global Chambersign Root
Found system root trusted certificate C=JP; O=SECOM Trust.net; OU=Security Communication RootCA1
Found system root trusted certificate C=JP; O=SECOM Trust Systems CO.,LTD.; OU=Security Communication EV RootCA1
Found system root trusted certificate C=JP; O=SECOM Trust Systems CO.,LTD.; OU=Security Communication RootCA2
Found system root trusted certificate C=US; O=Starfield Technologies, Inc.; OU=Starfield Class 2 Certification Authority
Found system root trusted certificate C=EE; O=AS Sertifitseerimiskeskus; CN=EE Certification Centre Root CA; emailAddress=pki@sk.ee
Found system root trusted certificate C=CH; O=SwissSign AG; CN=SwissSign Silver Root CA - G3
Found system root trusted certificate C=FI; O=Sonera; CN=Sonera Class2 CA
Found system root trusted certificate C=NL; O=Staat der Nederlanden; CN=Staat der Nederlanden EV Root CA
Found system root trusted certificate C=US; ST=Arizona; L=Scottsdale; O=Starfield Technologies, Inc.; CN=Starfield Root Certificate Authority - G2
Found system root trusted certificate C=US; ST=Arizona; L=Scottsdale; O=Starfield Technologies, Inc.; CN=Starfield Services Root Certificate Authority - G2
Found system root trusted certificate C=IL; O=StartCom Ltd.; CN=StartCom Certification Authority G2
Found system root trusted certificate C=CH; O=SwissSign AG; CN=SwissSign Gold CA - G2
Found system root trusted certificate C=CH; O=SwissSign AG; CN=SwissSign Platinum CA - G2
Found system root trusted certificate C=CH; O=SwissSign AG; CN=SwissSign Silver CA - G2
Found system root trusted certificate C=ch; O=Swisscom; OU=Digital Certificate Services; CN=Swisscom Root CA 2
Found system root trusted certificate C=ch; O=Swisscom; OU=Digital Certificate Services; CN=Swisscom Root EV CA 2
Found system root trusted certificate C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 1 Public Primary Certification Authority - G4
Found system root trusted certificate C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 1 Public Primary Certification Authority - G6
Found system root trusted certificate C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 2 Public Primary Certification Authority - G4
Found system root trusted certificate C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 2 Public Primary Certification Authority - G6
Found system root trusted certificate C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 Public Primary Certification Authority - G4
Found system root trusted certificate C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 Public Primary Certification Authority - G6
Found system root trusted certificate C=DE; O=T-Systems Enterprise Services GmbH; OU=T-Systems Trust Center; CN=T-TeleSec GlobalRoot Class 2
Found system root trusted certificate C=DE; O=T-Systems Enterprise Services GmbH; OU=T-Systems Trust Center; CN=T-TeleSec GlobalRoot Class 3
Found system root trusted certificate C=DK; O=TRUST2408; CN=TRUST2408 OCES Primary CA
Found system root trusted certificate C=TW; O=TAIWAN-CA; OU=Root CA; CN=TWCA Global Root CA
Found system root trusted certificate C=TW; O=Government Root Certification Authority
Found system root trusted certificate O=TeliaSonera; CN=TeliaSonera Root CA v1
Found system root trusted certificate C=GB; O=Trustis Limited; OU=Trustis FPS Root CA
Found system root trusted certificate C=US; O=SecureTrust Corporation; CN=Secure Global CA
Found system root trusted certificate C=US; O=SecureTrust Corporation; CN=SecureTrust CA
Found system root trusted certificate C=CN; O=UniTrust; CN=UCA Global Root
Found system root trusted certificate C=CN; O=UniTrust; CN=UCA Root
Found system root trusted certificate C=US; ST=New Jersey; L=Jersey City; O=The USERTRUST Network; CN=USERTrust ECC Certification Authority
Found system root trusted certificate C=US; ST=New Jersey; L=Jersey City; O=The USERTRUST Network; CN=USERTrust RSA Certification Authority
Found system root trusted certificate C=PL; O=Unizeto Sp. z o.o.; CN=Certum CA
Found system root trusted certificate C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=(c) 2007 VeriSign, Inc. - For authorized use only; CN=VeriSign Class 3 Public Primary Certification Authority - G4
Found system root trusted certificate C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=(c) 2008 VeriSign, Inc. - For authorized use only; CN=VeriSign Universal Root Certification Authority
Found system root trusted certificate C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=(c) 2006 VeriSign, Inc. - For authorized use only; CN=VeriSign Class 3 Public Primary Certification Authority - G5
Found system root trusted certificate C=US; O=VISA; OU=Visa International Service Association; CN=Visa Information Delivery Root CA
Found system root trusted certificate C=US; O=VISA; OU=Visa International Service Association; CN=Visa eCommerce Root
Found system root trusted certificate C=CH; O=WISeKey; OU=OISTE Foundation Endorsed; CN=OISTE WISeKey Global Root GB CA
Found system root trusted certificate C=CH; O=WISeKey; OU=Copyright (c) 2005; OU=OISTE Foundation Endorsed; CN=OISTE WISeKey Global Root GA CA
Found system root trusted certificate C=US; OU=www.xrampsecurity.com; O=XRamp Security Services Inc; CN=XRamp Global Certification Authority
Found system root trusted certificate C=BE; CN=Belgium Root CA2
Found system root trusted certificate C=RO; O=certSIGN; OU=certSIGN ROOT CA
Found system root trusted certificate O=Cisco Systems; CN=Cisco Root CA 2048
Found system root trusted certificate O=Entrust.net; OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.); OU=(c) 1999 Entrust.net Limited; CN=Entrust.net Certification Authority (2048)
Found system root trusted certificate C=US; O=GeoTrust Inc.; CN=GeoTrust Primary Certification Authority
Found system root trusted certificate C=US; O=Internet Security Research Group; CN=ISRG Root X1
Found system root trusted certificate C=KR; O=KISA; OU=Korea Certification Authority Central; CN=KISA RootCA 1
Found system root trusted certificate C=FI; ST=Finland; O=Vaestorekisterikeskus CA; OU=Certification Authority Services; OU=Varmennepalvelut; CN=VRK Gov. Root CA
Found system root trusted certificate C=BM; O=QuoVadis Limited; OU=Root Certification Authority; CN=QuoVadis Root Certification Authority
Found system root trusted certificate C=BM; O=QuoVadis Limited; CN=QuoVadis Root CA 1 G3
Found system root trusted certificate C=BM; O=QuoVadis Limited; CN=QuoVadis Root CA 2
Found system root trusted certificate C=BM; O=QuoVadis Limited; CN=QuoVadis Root CA 2 G3
Found system root trusted certificate C=BM; O=QuoVadis Limited; CN=QuoVadis Root CA 3
Found system root trusted certificate C=BM; O=QuoVadis Limited; CN=QuoVadis Root CA 3 G3
Found system root trusted certificate C=EU; L=Madrid (see current address at www.camerfirma.com/address); serialNumber=A82743287; O=AC Camerfirma S.A.; CN=Chambers of Commerce Root - 2008
Found system root trusted certificate C=EU; L=Madrid (see current address at www.camerfirma.com/address); serialNumber=A82743287; O=AC Camerfirma S.A.; CN=Global Chambersign Root - 2008
Found system root trusted certificate C=NL; O=Staat der Nederlanden; CN=Staat der Nederlanden Root CA - G2
Found system root trusted certificate C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Certification Authority
Found system root trusted certificate C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Certification Authority
Found system root trusted certificate C=ch; O=Swisscom; OU=Digital Certificate Services; CN=Swisscom Root CA 1
Found system root trusted certificate C=US; O=thawte, Inc.; OU=Certification Services Division; OU=(c) 2008 thawte, Inc. - For authorized use only; CN=thawte Primary Root CA - G3
Found system root trusted certificate C=US; O=thawte, Inc.; OU=Certification Services Division; OU=(c) 2006 thawte, Inc. - For authorized use only; CN=thawte Primary Root CA
Found system root trusted certificate C=US; O=thawte, Inc.; OU=(c) 2007 thawte, Inc. - For authorized use only; CN=thawte Primary Root CA - G2
Found system root trusted certificate C=TW; O=TAIWAN-CA; OU=Root CA; CN=TWCA Root Certification Authority
Found system trusted certificate C=US; O=Apple Inc.; OU=Apple Certification Authority; CN=Apple Code Signing Certification Authority
Found system trusted certificate C=US; O=Apple Inc.; OU=Apple Software; CN=Software Signing
Found system trusted certificate CN=http://openvpn.net/localca.html #1482142842
Found system trusted certificate C=US; O=Apple Inc.; OU=Apple Worldwide Developer Relations; CN=Apple Worldwide Developer Relations Certification Authority
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=ssl392509.cloudflaressl.com
*  start date: Aug 24 00:00:00 2019 GMT
*  expire date: Mar  1 23:59:59 2020 GMT
*  subjectAltName: host "database.clamav.net" matched cert's "*.clamav.net"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7faf14802800)
> GET /daily-25594.cdiff HTTP/2
Host: database.clamav.net
User-Agent: ClamAV/0.102.0 (OS: darwin17.7.0, ARCH: x86_64, CPU: x86_64)
Accept: */*
Connection: close

* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200 
< date: Sun, 06 Oct 2019 13:11:30 GMT
< content-type: application/octet-stream
< content-length: 38996
< set-cookie: __cfduid=d0a07c6d13deb91cec781fd5ac83a971f1570367490; expires=Mon, 05-Oct-20 13:11:30 GMT; path=/; domain=.clamav.net; HttpOnly
< last-modified: Sun, 06 Oct 2019 08:32:00 GMT
< etag: "5d99a680-9854"
< expires: Mon, 05 Oct 2020 12:58:04 GMT
< cache-control: public, max-age=31535194
< cf-cache-status: REVALIDATED
< accept-ranges: bytes
< strict-transport-security: max-age=15552000
< x-content-type-options: nosniff
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
< cf-ray: 5217e1b14986dfeb-FRA
< 
Time: 1.1s, ETA; 0.0s [=======================================>] 0.04KiB/0.04KiB  
* Connection #0 to host database.clamav.net left intact
cdiff_apply: Parsed 1513 lines and executed 1513 commands
updatedb: Running g_cb_download_complete callback...
download_complete_callback: Download complete for database : /usr/local/clamXav/share/clamav/tmp/clamav-ad54842cbe3043ef594a6b5660829d08.tmp-daily.cld
download_complete_callback:   fc_context->bTestDatabases   : 1
download_complete_callback:   fc_context->bBytecodeEnabled : 1
Testing database: '/usr/local/clamXav/share/clamav/tmp/clamav-ad54842cbe3043ef594a6b5660829d08.tmp-daily.cld' ...
Loading signatures from /usr/local/clamXav/share/clamav/tmp/clamav-ad54842cbe3043ef594a6b5660829d08.tmp-daily.cld
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^ *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$
LibClamAV debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: in cli_cvdload()
LibClamAV debug: in cli_tgzload()
LibClamAV debug: daily.info loaded
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV debug: in cli_tgzload()
LibClamAV debug: daily.cfg loaded
LibClamAV debug: daily.cdb loaded
LibClamAV debug: cli_loadcrt: subject: 4a532974c46ae5048824c6da8cfb8e163705b693
LibClamAV debug: cli_loadcrt: public key: ABCAC1194D5A2DDB91CD71AA7464BEE3EF5CFF333343EFFDA9A43DD193BEDEDD3276FBEF27DD41E3C86D2A44670388D6DB3FDE36F3EE1F96DEA1304CEB49E7355CD0C2AB5A9DA2A599155AE9D3787B5413CB00C0CBBC02AF8A0FF2EF8DE3CFF39F1CB6B001933A0D8FC9ED17C21BC27FFDD85BB0D7960BC7B863722B2503CCEDA1991ACF429908C3DA06DE4D59E399616F7E71269C27041B0425B9209167E1471911222C501D9322646BCFB0DE921542A611476A2E0CB60AA356A7CBE23BC127B8B20062996266539ACF4BD4042CF088E75E61BFFF2AB3FEA4BB5AF8B0D7198CEF14F60BA4F5FECB181D2566125E2854FD8DD65FD7AE665AF723077A5A5F8695
LibClamAV debug: cli_loadcrt: subject: 9a02278e9cb12876c47ab0bc75dd694e72d1b2bc
LibClamAV debug: cli_loadcrt: public key: 00d62b587861458653ea347b519cedb0e62e180efee05fa827d3b4c9e07c594e160e735460c17ff69f2ee93a8524153cdb470463c39ec4941a5adf4c7af3d9431d3c107a7925db90fef051e730d64100fd9f28df79be94bb9db614e32385d7a941e04ca479b02b1a8bf2f83b8a3e45ac719200b4904198fb5fedfab72e8af88837
LibClamAV debug: cli_loadcrt: subject: 113bd86beddebcd4c5f10aa07ab2026b982f4b92
LibClamAV debug: cli_loadcrt: public key: 00f35dfa8067d45aa7a90c2c9020d035083c7584cdb707899c89dadecec360fa91685a9e94712918767cc2e0c82576940e58fa043436e6dfaff780bae9580b2b93e59d05e3772291f734643c22911d5ee10990bc14fefc755819e179b70792a3ae885908d89f07ca0358fc68296d32d7d2a8cb4bfce10b48324fe6ebb8ad4fe45c6f139499db95d575dba81ab79491b4775bf5480c8f6a797d1470047d6daf90f5da70d847b7bf9b2f6ce705b7e11160ac7991147cc5d6a6e4e17ed5c37ee592d23c00b53682de79e16df3b56ef89f33c9cb527d739836db8ba16ba295979ba3dec24d26ff0696672506c8e7ace4ee1233953199c835084e34ca7953d5b5be6332594036c0a54e044d3ddb5b0733e458bfef3f5364d842593557fd0f457c24044d9ed6387411972290ce684474926fd54b6fb086e3c73642a0d0fcc1c05af9a361b9304771960a16b091c04295ef107f286ae32a1fb1e4cd033f777104c720fc490f1d4588a4d7cb7e88ad8e2dec45dbc45104c92afcec869e9a11975bdece5388e6e2b7fdac95c22840dbef0490df813339d9b245a5238706a5558931bb062d600e41187d1f2eb597cb11eb15d524a594ef151489fd4b73fa325bfcd13300f95962700732ea2eab402d7bcadd21671b30998f16aa23a841d1b06e119b36c4de40749ce15865c1601e7a5LibClamAV debug: cli_loadcrt: subject: adf79877065ef305eb95b56dbca9e63e9ab40d3b
LibClamAV debug: cli_loadcrt: public key: a902bdc170e63bf24e1b289f97785e30eaa2a98d255ff8fe954ca3b7fe9da2203e7c51a29ba28f60326bd1426479eeac76c954daf2eb9c861c8f9f8466b3c56b7a6223d61d3cde0f0192e896c4bf2d669a9a682699d03a2cbf0cb55826c146e70a3e38962ca92839a8ec498342e3840fbb9a6c5561ac827ca1602d774ce999b4643b9a501c310824149fa9e7912b18e63d986314605805659f1d375287f7a7ef9402c61bd3bf5545b38980bf3aec54944eaefda77a6d744eaf18cc96092821005790606937bb4b12073c56ff5bfba4660a08a6d2815657efb63b5e16817704daf6beae8095feb0cd7fd6a71a725c3ccabcf008a32230b30685c9b320771385df
LibClamAV debug: Number of certs: 4

[grumpybozo (Bill Cole)]

Replying to kencu:

Hey Peter. When did it last build on Tiger? Can you see what has changed since then? Looks like they are calling in some non-Tiger API now. Can you find a way to turn it off and use something Tiger has?

FWIW, v0.101.4_1 built on 10.6.8-i386. As of v0.102, it fails with "undeclared identifier" errors for stuff defined in Security/SecItem.h. Adding an #include to cert_util_mac.m didn't fix it, so there's something I'm missing...

Anyway, with the Portfile patch provided, a clang-8.0 build on 10.6.8-i386 worked and a freshclam --debug run showed the cert being verified. I believe that patch also creates a dependency on curl-ca-bundle, since the debug run says this:

* successfully set certificate verify locations:
*   CAfile: /opt/local/share/curl/curl-ca-bundle.crt

[kencu (Ken)]

looks like clamav has a dep on curl already, and curl calls in curl-ca-bundle, so we should be covered there.

OK. Now we have to see if we can get this sold to daniel. Everyone feel free to chip in with your support for the PR I'll put together, as it a trifle 'hacky' but, IMHO, reasonable.

[kencu (Ken)]

Alright, gentlemen, feel free to lend your support <​https://github.com/macports/macports-ports/pull/5454>

[danielluke (Daniel J. Luke)]

Replying to kencu:

OK. Now we have to see if we can get this sold to daniel. Everyone feel free to chip in with your support for the PR I'll put together, as it a trifle 'hacky' but, IMHO, reasonable.

I don't think I've ever rejected one of your PRs ;-)

My position in general is that we shouldn't be helping people to run older OSes that aren't getting patching from the OS provider - but specifically I just don't have older systems to test on. I need to rely on others to produce and test the patches for older systems.

[kencu (Ken)]

In 130e060f21c32aba941e20ec78766c6b88e9b991/macports-ports (master):

clamav: support systems < 10.7

the new certificate code is using 10.7+ API
the other implementation, for linux compiles without
issues on MacOSX, and passes all test

closes: #59168

[danielluke (Daniel J. Luke)]

Merged. I'm about to rev-bump this port to fix the upstream bug preventing +clamav_milter from running - so if you're using an older system you may want to wait a little bit for the buildbots to get the new revision built.