Merge branch 'features/yara' of git.clam.sourcefire.com:/var/lib/git/clamav-devel into features/yara

10 years ago · 440410c7a7
parent 3ca6d4c020 c94a95b821
commit 440410c7a7
15 changed files with 233 additions and 37 deletions
--- a/clambc/bcrun.c
+++ b/clambc/bcrun.c
@ -62,7 +62,7 @@ static void help(void)
    printf("    --printbcir            -c         Print IR of bytecode signature\n");
    printf("    --trace <level>        -T         Set bytecode trace level 0..7 (default 7)\n");
    printf("    --no-trace-showsource  -s         Don't show source line during tracing\n");
-    printf("    --bytecode-statistics             Collect and print bytecode execution statistics\n");
+    printf("    --statistics=bytecode             Collect and print bytecode execution statistics\n");
    printf("    file                              file to test\n");
    printf("\n");
    return;
@ -246,7 +246,7 @@ int main(int argc, char *argv[])
    FILE *f;
    struct cli_bc *bc;
    struct cli_bc_ctx *ctx;
-    int rc, dbgargc;
+    int rc, dbgargc, bc_stats=0;
    struct optstruct *opts;
    const struct optstruct *opt;
    unsigned funcid=0, i;
@ -319,8 +319,15 @@ int main(int argc, char *argv[])
    bcs.all_bcs = bc;
    bcs.count = 1;

-    rc = cli_bytecode_load(bc, f, NULL, optget(opts, "trust-bytecode")->enabled, 
-			   optget(opts, "bytecode-statistics")->enabled);
+    if((opt = optget(opts, "statistics"))->enabled) {
+	while(opt) {
+	    if (!strcasecmp(opt->strarg, "bytecode"))
+		bc_stats=1;
+	    opt = opt->nextarg;
+        }
+    }
+
+    rc = cli_bytecode_load(bc, f, NULL, optget(opts, "trust-bytecode")->enabled, bc_stats);
    if (rc != CL_SUCCESS) {
 	fprintf(stderr,"Unable to load bytecode: %s\n", cl_strerror(rc));
 	optfree(opts);
--- a/clamscan/clamscan.c
+++ b/clamscan/clamscan.c
@ -239,7 +239,7 @@ void help(void)
    mprintf("    --bytecode[=yes(*)/no]               Load bytecode from the database\n");
    mprintf("    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode\n");
    mprintf("    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)\n");
-    mprintf("    --bytecode-statistics[=yes/no(*)]    Collect and print bytecode statistics\n");
+    mprintf("    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics\n");
    mprintf("    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications\n");
    mprintf("    --exclude-pua=CAT                    Skip PUA sigs of category CAT\n");
    mprintf("    --include-pua=CAT                    Load PUA sigs of category CAT\n");
--- a/55
+++ b/55
@ -902,6 +902,7 @@ with_libncurses_prefix
 with_libpdcurses_prefix
 enable_distcheck_werror
 with_system_llvm
+with_llvm_linking
 enable_llvm
 enable_sha_collector_for_internal_use
 with_libcurl
@ -1628,6 +1629,8 @@ Optional Packages:
  --with-system-llvm      use system llvm instead of built-in, uses full path
                          to llvm-config [default=/usr/local or /usr if not
                          found in /usr/local]
+  --with-llvm-linking     specifies method to linking llvm [static|dynamic],
+                          only valid with --with-system-llvm
  --with-libcurl[=DIR]    path to directory containing libcurl
                          [default=/usr/local or /usr if not found in
                          /usr/local]
@ -22450,6 +22453,36 @@ else
 fi


+
+# Check whether --with-llvm-linking was given.
+if test "${with_llvm_linking+set}" = set; then :
+  withval=$with_llvm_linking;
+if test "x$system_llvm" = "xbuilt-in"; then
+   as_fn_error $? "Failed to configure LLVM, and LLVM linking was specified without specifying system-llvm" "$LINENO" 5
+else
+case "$withval" in
+  static)
+    llvm_linking="static"
+    ;;
+  dynamic)
+    llvm_linking="dynamic"
+    ;;
+  *)
+    as_fn_error $? "Invalid argument to --with-llvm-linking" "$LINENO" 5
+esac
+fi
+
+else
+
+if test "x$system_llvm" = "xbuilt-in"; then
+   llvm_linking=""
+else
+   llvm_linking="auto"
+fi
+
+fi
+
+
 # Check whether --enable-llvm was given.
 if test "${enable_llvm+set}" = set; then :
  enableval=$enable_llvm; enable_llvm=$enableval
@ -22478,6 +22511,7 @@ subdirs="$subdirs libclamav/c++"

 else
    system_llvm="none"
+    llvm_linking=""
 fi

 # Check whether --enable-sha-collector-for-internal-use was given.
@ -25314,6 +25348,11 @@ fi
 if test "$enable_llvm" = "yes" && test "$subdirfailed" != "no"; then
    as_fn_error $? "Failed to configure LLVM, and LLVM was explicitly requested" "$LINENO" 5
 fi
+if test "$enable_llvm" = "auto" && test "$subdirfailed" != "no"; then
+    system_llvm="MIA"
+    llvm_linking=""
+fi
+
 if test "$subdirfailed" != "yes" && test "$enable_llvm" != "no"; then
  ENABLE_LLVM_TRUE=
  ENABLE_LLVM_FALSE='#'
@ -28121,6 +28160,7 @@ have_jit="no"
 if test "$subdirfailed" = "no"; then
    have_jit="yes"
 fi
+if test "x$llvm_linking" = "x"; then


   $as_echo_n "              llvm        : "
@ -28134,6 +28174,21 @@ else
  $as_echo "$have_jit, from $system_llvm ($enable_llvm)"
 fi

+else
+
+
+   $as_echo_n "              llvm        : "
+   if test "x$enable_llvm" = "xno"; then :
+  $as_echo "$have_jit, from $system_llvm ($llvm_linking) (disabled)"
+elif test "x$enable_llvm" = "xyes"; then :
+  $as_echo "$have_jit, from $system_llvm ($llvm_linking)"
+elif test "x$enable_llvm" = "x"; then :
+  $as_echo "$have_jit, from $system_llvm ($llvm_linking)"
+else
+  $as_echo "$have_jit, from $system_llvm ($llvm_linking) ($enable_llvm)"
+fi
+
+fi


   $as_echo_n "              mempool     : "
--- a/configure.ac
+++ b/configure.ac
@ -173,6 +173,11 @@ AC_OUTPUT
 if test "$enable_llvm" = "yes" && test "$subdirfailed" != "no"; then
    AC_MSG_ERROR([Failed to configure LLVM, and LLVM was explicitly requested])
 fi
+if test "$enable_llvm" = "auto" && test "$subdirfailed" != "no"; then
+    system_llvm="MIA"
+    llvm_linking=""
+fi
+
 AM_CONDITIONAL([ENABLE_LLVM],
 	       [test "$subdirfailed" != "yes" && test "$enable_llvm" != "no"])
 no_recursion="yes";
@ -216,7 +221,11 @@ have_jit="no"
 if test "$subdirfailed" = "no"; then
    have_jit="yes"
 fi
-CL_MSG_STATUS([llvm        ],[$have_jit, from $system_llvm],[$enable_llvm])
+if test "x$llvm_linking" = "x"; then
+   CL_MSG_STATUS([llvm        ],[$have_jit, from $system_llvm],[$enable_llvm])
+else
+   CL_MSG_STATUS([llvm        ],[$have_jit, from $system_llvm ($llvm_linking)],[$enable_llvm])
+fi
 CL_MSG_STATUS([mempool     ],[$have_mempool],[$enable_mempool])

 AC_MSG_NOTICE([Summary of engine detection features])
--- a/docs/man/clambc.1.in
+++ b/docs/man/clambc.1.in
@ -39,7 +39,7 @@ Set bytecode trace level 0..7 (default 7)
 \fB\-\-no\-trace\-showsource\fR
 Don't show source line during tracing
 .TP
-\fB\-\-bytecode\-statistics\fR
+\fB\-\-statistics=bytecode\fR
 Collect and print bytecode execution statistics
 .TP
 file
--- a/docs/man/clamscan.1.in
+++ b/docs/man/clamscan.1.in
@ -102,8 +102,8 @@ Allow loading bytecode from outside digitally signed .c[lv]d files.
 \fB\-\-bytecode\-timeout=N\fR
 Set bytecode timeout in milliseconds (default: 60000 = 60s)
 .TP 
-\fB\-\-bytecode\-statistics[=yes/no(*)]\fR
-Collect and print bytecode statistics.
+\fB\-\-statistics[=none(*)/bytecode/pcre]\fR
+Collect and print execution statistics.
 .TP 
 \fB\-\-detect\-pua[=yes/no(*)]\fR
 Detect Possibly Unwanted Applications.
--- a/docs/signatures.pdf
+++ b/docs/signatures.pdf
--- a/docs/signatures.tex
+++ b/docs/signatures.tex
@ -487,12 +487,11 @@ Sig2;Target:0;((0|1|2)>5,2)&(3|1);6b6f74656b;616c61;7a6f6c77;737
 Sig3;Target:0;((0|1|2|3)=2)&(4|1);6b6f74656b;616c61;7a6f6c77;737
 46566616e;deadbeef

-Sig4;Target:1,Engine:18-20;((0|1)&(2|3))&4;EP+123:33c06834f04100
+Sig4;Target:1;Engine:18-20;((0|1)&(2|3))&4;EP+123:33c06834f04100
 f2aef7d14951684cf04100e8110a00;S2+78:22??232c2d252229{-15}6e6573
-(63|64)61706528;S+50:68efa311c3b9963cb1ee8e586d32aeb9043e;f9c58d
-cf43987e4f519d629b103375;SL+550:6300680065005c0046006900
+(63|64)61706528;S3+50:68efa311c3b9963cb1ee8e586d32aeb9043e;f9c58
+dcf43987e4f519d629b103375;SL+550:6300680065005c0046006900
    \end{verbatim}
-
    \subsection{Special Subsignature Types}
    Macro subsignatures(clamav-0.96): \verb+${min-max}MACROID$+:
    \begin{itemize}
@ -585,6 +584,15 @@ Firefox.boundElements;Target:0;0&1&2;6576656e742e626f756e64456c6
 22?window\.close\s*\x28/si
    \end{verbatim}

+    \subsection{Subsignature Options}
+    ClamAV (clamav-0.99) supports a number of additional subsignature options
+    for logical signatures. This is done by specifying a single '/' followed
+    by a number of characters representing the option.
+    \begin{itemize}
+    \item \verb+i+\\
+    Match subsignature as case-insensitive. (ex. ..;42434445/i;..)
+    \end{itemize}
+
    \subsection{Icon signatures for PE files}
    ClamAV 0.96 includes an approximate/fuzzy icon matcher to help
    detecting malicious executables disguising themselves as innocent
--- a/libclamav/c++/configure
+++ b/libclamav/c++/configure
@ -575,7 +575,6 @@ PACKAGE_STRING='libclamavc++ devel'
 PACKAGE_BUGREPORT='http://bugs.clamav.net'
 PACKAGE_URL=''

-ac_unique_file="llvm/configure"
 # Factoring default headers for most tests.
 ac_includes_default="\
 #include <stdio.h>
@ -776,6 +775,7 @@ with_gnu_ld
 with_sysroot
 enable_libtool_lock
 with_system_llvm
+with_llvm_linking
 enable_llvm
 enable_optimized
 enable_all_jit_targets
@ -1441,6 +1441,8 @@ Optional Packages:
  --with-system-llvm      Use system llvm instead of built-in, uses full path
                          to llvm-config (default= search /usr/local or /usr
                          if not found in /usr/local)
+  --with-llvm-linking     specifies method to linking llvm [static|dynamic],
+                          only valid with --with-system-llvm

 Some influential environment variables:
  CXX         C++ compiler command
@ -2340,7 +2342,6 @@ ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.



-
 ac_config_headers="$ac_config_headers clamavcxx-config.h"

 # Make sure we can run config.sub.
@ -15445,6 +15446,29 @@ $as_echo "$as_me: Using external LLVM" >&6;}
 fi


+llvm_linking=
+
+# Check whether --with-llvm-linking was given.
+if test "${with_llvm_linking+set}" = set; then :
+  withval=$with_llvm_linking;
+if test "x$llvmconfig" = "x"; then
+   as_fn_error $? "Failed to configure LLVM, and LLVM linking was specified without valid llvm-config" "$LINENO" 5
+else
+case "$withval" in
+  static)
+    llvm_linking="static"
+    ;;
+  dynamic)
+    llvm_linking="dynamic"
+    ;;
+  *)
+    as_fn_error $? "Invalid argument to --with-llvm-linking" "$LINENO" 5
+esac
+fi
+
+fi
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported LLVM version" >&5
 $as_echo_n "checking for supported LLVM version... " >&6; }
 if test "x$llvmconfig" = "x"; then
@ -15485,18 +15509,28 @@ fi
 if test "x$llvmconfig" != "x"; then
    LLVMCONFIG_CXXFLAGS=`$llvmconfig --cxxflags`

-    if test $llvmver_test -ge 350; then
-                ldflags=`$llvmconfig --ldflags`
-        syslibs=`$llvmconfig --system-libs`
-        LLVMCONFIG_LDFLAGS="$ldflags $syslibs"

-    else
+    if test "x$llvm_linking" = "xdynamic"; then
        LLVMCONFIG_LDFLAGS=`$llvmconfig --ldflags`

-    fi
-    LLVMCONFIG_LIBS=`$llvmconfig --libs jit nativecodegen scalaropts ipo`
+        LLVMCONFIG_LIBS=-lLLVM-$llvmver
+
+
+    else
+        if test $llvmver_test -ge 350; then
+                      ldflags=`$llvmconfig --ldflags`
+           syslibs=`$llvmconfig --system-libs`
+           LLVMCONFIG_LDFLAGS="$ldflags $syslibs"

-    LLVMCONFIG_LIBFILES=`$llvmconfig --libfiles jit nativecodegen scalaropts ipo`
+        else
+           LLVMCONFIG_LDFLAGS=`$llvmconfig --ldflags`
+
+        fi
+        LLVMCONFIG_LIBS=`$llvmconfig --libs jit nativecodegen scalaropts ipo`
+
+        LLVMCONFIG_LIBFILES=`$llvmconfig --libfiles jit nativecodegen scalaropts ipo`
+
+    fi

    { $as_echo "$as_me:${as_lineno-$LINENO}: CXXFLAGS from llvm-config: $LLVMCONFIG_CXXFLAGS" >&5
 $as_echo "$as_me: CXXFLAGS from llvm-config: $LLVMCONFIG_CXXFLAGS" >&6;}
--- a/libclamav/c++/configure.ac
+++ b/libclamav/c++/configure.ac
@ -16,7 +16,6 @@ dnl   MA 02110-1301, USA.
 AC_PREREQ([2.59])
 AC_INIT([libclamavc++],[devel],[http://bugs.clamav.net])
 AC_CONFIG_AUX_DIR([config])
-AC_CONFIG_SRCDIR([llvm/configure])
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADER([clamavcxx-config.h])
 AC_CANONICAL_TARGET
@ -78,6 +77,26 @@ AC_ARG_WITH([system-llvm], AC_HELP_STRING([--with-system-llvm],
 fi
 ])

+llvm_linking=
+AC_ARG_WITH([llvm-linking], [AC_HELP_STRING([--with-llvm-linking],
+[specifies method to linking llvm @<:@static|dynamic@:>@, only valid with --with-system-llvm])],
+[
+if test "x$llvmconfig" = "x"; then
+   AC_MSG_ERROR([Failed to configure LLVM, and LLVM linking was specified without valid llvm-config])  
+else
+case "$withval" in
+  static)
+    llvm_linking="static"
+    ;;
+  dynamic)
+    llvm_linking="dynamic"
+    ;;
+  *)
+    AC_MSG_ERROR([Invalid argument to --with-llvm-linking])
+esac
+fi
+], [])
+
 AC_MSG_CHECKING([for supported LLVM version])
 if test "x$llvmconfig" = "x"; then
    dnl macro not available in older autotools
@ -113,16 +132,24 @@ fi
 dnl aquire the required flags to properly link in external LLVM
 if test "x$llvmconfig" != "x"; then
    AC_SUBST(LLVMCONFIG_CXXFLAGS, [`$llvmconfig --cxxflags`])
-    if test $llvmver_test -ge 350; then
-        dnl LLVM 3.5.0 and after splits linker flags into two sets
-        ldflags=`$llvmconfig --ldflags`
-        syslibs=`$llvmconfig --system-libs`
-        AC_SUBST(LLVMCONFIG_LDFLAGS, ["$ldflags $syslibs"])
-    else
+
+    if test "x$llvm_linking" = "xdynamic"; then
        AC_SUBST(LLVMCONFIG_LDFLAGS, [`$llvmconfig --ldflags`])
+        AC_SUBST(LLVMCONFIG_LIBS, [-lLLVM-$llvmver])
+        AC_SUBST(LLVMCONFIG_LIBFILES, [])
+    else
+        if test $llvmver_test -ge 350; then
+           dnl LLVM 3.5.0 and after splits linker flags into two sets
+           ldflags=`$llvmconfig --ldflags`
+           syslibs=`$llvmconfig --system-libs`
+           AC_SUBST(LLVMCONFIG_LDFLAGS, ["$ldflags $syslibs"])
+        else
+           AC_SUBST(LLVMCONFIG_LDFLAGS, [`$llvmconfig --ldflags`])
+        fi
+        AC_SUBST(LLVMCONFIG_LIBS, [`$llvmconfig --libs jit nativecodegen scalaropts ipo`])
+        AC_SUBST(LLVMCONFIG_LIBFILES, [`$llvmconfig --libfiles jit nativecodegen scalaropts ipo`])
    fi
-    AC_SUBST(LLVMCONFIG_LIBS, [`$llvmconfig --libs jit nativecodegen scalaropts ipo`])
-    AC_SUBST(LLVMCONFIG_LIBFILES, [`$llvmconfig --libfiles jit nativecodegen scalaropts ipo`])
+
    AC_MSG_NOTICE([CXXFLAGS from llvm-config: $LLVMCONFIG_CXXFLAGS])
    AC_MSG_NOTICE([LDFLAGS from llvm-config: $LLVMCONFIG_LDFLAGS])
    AC_MSG_NOTICE([LIBS from llvm-config: $LLVMCONFIG_LIBS])
--- a/libclamav/mew.c
+++ b/libclamav/mew.c
@ -827,9 +827,7 @@ int unmew11(char *src, int off, int ssize, int dsize, uint32_t base, uint32_t va

 		if (!uselzma)
 		{
-			/* bb#11212 - DO NOT PEALIGN sections to cli_rebuildpe() *
-			 * data processed in src buffer is stored NOT pe-aligned */
-			uint32_t val = f2 - src;
+			uint32_t val = PESALIGN(f2 - src, 0x1000);
 			void *newsect;

 			if (i && val < section[i].raw) {
@ -850,6 +848,18 @@ int unmew11(char *src, int off, int ssize, int dsize, uint32_t base, uint32_t va
 			section[i+1].raw = val;
 			section[i+1].rva = val + vadd;
 			section[i].rsz = section[i].vsz = ((i)?(val - section[i].raw):val);
+
+            /*
+             * bb#11212 - alternate fix, buffer is aligned
+             * must validate that sections do not intersect with source
+             * or, in other words, exceed the specified size of destination
+             */
+            if (section[i].raw + section[i].rsz > dsize) {
+                cli_dbgmsg("MEW: Section %i [%d, %d] exceeds destination size %d\n",
+                           i, section[i].raw, section[i].raw+section[i].rsz, dsize);
+                free(section);
+                return -1;
+            }
 		}
 		i++;

--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@ -379,7 +379,7 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex

            free(pt);
        }
-    } else if(root->ac_only || type || lsigid || strpbrk(hexsig, "?([") || (root->bm_offmode && (!strcmp(offset, "*") || strchr(offset, ','))) || strstr(offset, "VI") || strchr(offset, '$')) {
+    } else if(root->ac_only || type || lsigid || sigopts || strpbrk(hexsig, "?([") || (root->bm_offmode && (!strcmp(offset, "*") || strchr(offset, ','))) || strstr(offset, "VI") || strchr(offset, '$')) {
        if((ret = cli_ac_addsig(root, virname, hexsig, sigopts, 0, 0, 0, rtype, type, 0, 0, offset, lsigid, options))) {
            cli_errmsg("cli_parse_add(): Problem adding signature (3).\n");
            return ret;
@ -1435,7 +1435,7 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig
    /* Regex Usage and Support Check */
    for (i = 0; i < subsigs; ++i) {
        if (strchr(tokens[i+3], '/')) {
-            cli_dbgmsg("cli_loadldb: logical signature for %s uses PCREs but support is disabled, skipping\n", virname);
+            cli_warnmsg("cli_loadldb: logical signature for %s uses PCREs but support is disabled, skipping\n", virname);
            (*sigs)--;
            return CL_SUCCESS;
        }
--- a/libclamav/regex/regcomp.c
+++ b/libclamav/regex/regcomp.c
@ -157,6 +157,7 @@ cli_regcomp_real(regex_t *preg, const char *pattern, int cflags)
 	struct parse *p = &pa;
 	int i;
 	size_t len;
+	size_t maxlen;
 #ifdef REDEBUG
 #	define	GOODFLAGS(f)	(f)
 #else
@ -179,7 +180,24 @@ cli_regcomp_real(regex_t *preg, const char *pattern, int cflags)
 							(NC-1)*sizeof(cat_t));
 	if (g == NULL)
 		return(REG_ESPACE);
+	/* Patch for bb11264 submitted by the Debian team:                */
+	/*
+	 * Limit the pattern space to avoid a 32-bit overflow on buffer
+	 * extension.  Also avoid any signed overflow in case of conversion
+	 * so make the real limit based on a 31-bit overflow.
+	 *
+	 * Likely not applicable on 64-bit systems but handle the case
+	 * generically (who are we to stop people from using ~715MB+
+	 * patterns?).
+	 */
+	maxlen = ((size_t)-1 >> 1) / sizeof(sop) * 2 / 3;
+	if (len >= maxlen) {
+		free((char *)g);
+		return(REG_ESPACE);
+	}
 	p->ssize = len/(size_t)2*(size_t)3 + (size_t)1;	/* ugh */
+	assert(p->ssize >= len);
+
 	p->strip = (sop *)cli_calloc(p->ssize, sizeof(sop));
 	p->slen = 0;
 	if (p->strip == NULL) {
--- a/libclamav/stats.c
+++ b/libclamav/stats.c
@ -282,6 +282,7 @@ end:
        cli_warnmsg("clamav_stats_add_sample: unlcoking mutex failed (err: %d): %s\n", err, strerror(err));
    }
 #endif
+    return;
 }

 void clamav_stats_flush(struct cl_engine *engine, void *cbdata)
@ -492,6 +493,7 @@ void clamav_stats_decrement_count(const char *virname, const unsigned char *md5,
        cli_warnmsg("clamav_stats_decrement_count: unlocking mutex failed (err: %d): %s\n", err, strerror(err));
    }
 #endif
+    return;
 }

 size_t clamav_stats_get_num(void *cbdata)
--- a/m4/reorganization/llvm.m4
+++ b/m4/reorganization/llvm.m4
@ -13,6 +13,31 @@ AC_ARG_WITH([system-llvm], [AC_HELP_STRING([--with-system-llvm],
 esac
 ], [system_llvm="built-in"])

+AC_ARG_WITH([llvm-linking], [AC_HELP_STRING([--with-llvm-linking],
+[specifies method to linking llvm @<:@static|dynamic@:>@, only valid with --with-system-llvm])],
+[
+if test "x$system_llvm" = "xbuilt-in"; then
+   AC_MSG_ERROR([Failed to configure LLVM, and LLVM linking was specified without specifying system-llvm])  
+else
+case "$withval" in
+  static)
+    llvm_linking="static"
+    ;;
+  dynamic)
+    llvm_linking="dynamic"
+    ;;
+  *)
+    AC_MSG_ERROR([Invalid argument to --with-llvm-linking])
+esac
+fi
+], [
+if test "x$system_llvm" = "xbuilt-in"; then
+   llvm_linking=""
+else
+   llvm_linking="auto"
+fi
+])
+
 AC_ARG_ENABLE([llvm],AC_HELP_STRING([--enable-llvm],
 [enable 'llvm' JIT/verifier support @<:@default=auto@:>@]),
 [enable_llvm=$enableval],
@ -29,4 +54,5 @@ if test "$enable_llvm" != "no"; then
    AC_CONFIG_SUBDIRS_OPTIONAL([libclamav/c++])
 else
    system_llvm="none"
+    llvm_linking=""
 fi