MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
February
Sun Mon Tue Wed Thu Fri Sat
     
13
       
2006
Months
Feb


Mon, Feb 13, 2006 11:05 pm

Incompatibility between OpenSSH for Windows and ClamWin

When I attempted to scan a directory with 83 .exe files with ClamWin, the scan completed almost instantly and I saw the message below.

-------------------
Completed
-------------------

I was skeptical that any scan had actually been conducted. I suspected a cygwin.dll incompatibility, since I also had installed OpenSSH for Windows to set up the Windows 2000 Professional system as an SSH server. So I got a command prompt and attempted to run clamscan on one of the files in the directory. The ClamWin application uses clamscan.exe to do the actual scanning for viruses. Sure enough, when I ran clamscan, I received a message, which is shown below, informing me that there was a likely cygwin.dll compatibility problem instructing me to search for multiple versions of cygwin1.dll on the system.


C:\Program Files\Security\AntiVirus\ClamWin\bin>clamscan \zips\11700.exe
C:\Program Files\Security\AntiVirus\ClamWin\bin\clamscan.exe (1356): *** system
shared memory version mismatch detected - 0x75BE0074/0x75BE0084.
This problem is probably due to using incompatible versions of the cygwin DLL.
Search for cygwin1.dll using the Windows Start->Find/Search facility
and delete all but the most recent version.  The most recent version *should*
reside in x:\cygwin\bin, where 'x' is the drive on which you have
installed the cygwin distribution.  Rebooting is also suggested if you
are unable to find another cygwin DLL.

I looked at the versions of cygwin1.dll which came with each application and found the versions shown below. The cygwin1.dll files are in the Clamwin\bin and OpenSSH\bin subdirectories underneath \Program Files, if you installed the applications in the default directories. You can check the version number for the dll files by right-clicking on them and selecting "Properties" and then clicking on the "Version" tab of the window that opens. You will see "File Version" listed near the top of the window then. You will also see "Product Version" listed under the "Item name" section of the version window. You will need to click on "Product Version" to see the value for it. The timestamps on the files also showed the ClamWin version of cygwin1.dll to be a later version.

ProgramProgram VersionCygwin1.dll File Version Product VersionTimestamp
ClamWin0.881005.18.0.01.5.18 July 03, 2005, 11:30:52 AM
OpenSSH3.8.1p1-11005.10.0.01.5.10-cr-0x5e6 Tuesday, May 25, 2004, 9:07:50 PM

Obviously, ClamWin 0.88 has a later version of the DLL file cygwin1.dll than OpenSSH for Windows 3.8.1p1-1. I shouldn't have had a problem if the later version was loaded into memory, so OpenSSH must have started first. Windows won't load another version of a DLL file with the same name as one already loaded.

You can resolve such a problem by overwriting the older version with the newer version. In this case, since OpenSSH for Windows had its copy of cygwin1.dll loaded in memory already, I couldn't overwrite its copy of the dll file without stopping it first. Otherwise I would get an error message "Cannot copy cygwin1: There has been a sharing violation. The source or destination file may be in use." So I stopped OpenSSH with the command net stop opensshd, copied the newer version of the cygwin1.dll file from Clamwin's bin directory to the OpenSSH bin directory, overwriting the existing version, and then restarted OpenSSH with net start opensshd. Note: if you have any SSH connections open, you will need to close those as well in order to overwrite the cygwin1.dll file in the OpenSSH bin directory.

I then rescaned the directory I had been trying to scan with ClamWin earlier. This time it took considerably longer to finish and produced a report at the end indicating the number of directories and files it had scanned. It found 3 infected files in the directory.

[/security/antivirus/clamav] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo