There is a procedure name collision between libclamav and openssl both use name as MD5_Init, MD5_Update, MD5_Final as public subroutine. (fact is both include a module named md5.c) If an application (clement in my case) use libclamav AND start a TLS connection, openssl can/may use MD5 library from libclamav instead of libcrypto. this will generate a rather ugly crash (stack fully overwrite) How reproducible: Rather difficult, first noticed on a RH7.3 using openssl 0.9.6 and clamav 0.88.3. seems to depend the order crypto and clamav are found within the dynamic lbrary cache on the running system. clamav changed its md5.c module between 088.2 and 0.88.3 (previously procedure were named MD5Init instead of MD5_init). Actual results: Big Huge Crash (traces wiped-out within core dump) Expected results: Point was proved, while changing the MD5 subrouting name within clamav and reinstalling clamav, everything equal otherwise, the clement application didn't crash. Additional info: My guess, clamav should either depend on openssl/crypto (first option) or rename its MD5 routine name (second option). just checked with current extras (clamav-0.88.4) and FC6 (openssl-0.9.8b), library name still colide.
Can you check whether http://cvs.fedora.redhat.com/viewcvs/rpms/clamav/FC-5/clamav-0.88.4-visibility.patch?root=extras&rev=1.1&view=auto solves your problem (FC-5 CVS branch), please?
I do confirm , patch is doing the trick... Done it on plain legacy RH7.3. With a standard clamav.0.88.4 application crash (as previously), once the patch apply and RPM Delta installed (0.88.4-X), no crash anymore (everything else equal). From my stand point its a "go". Many thanks.... (Do you know if Clamav team will take the patch inside their own release?)
ok; closing bug...