[clamav-users] Extremely slow PDF file scanning
Hello, I’m investigating why it takes about five minutes for ClamAV 0.104.0 to scan PDF file. Can someone help me, please? Looks like some sort of format/parsing defect to me because the issue is not reproducible if I modify the file using pdftk, e.g. append page in front. Additional information below. Execution time: root@da6a7952db76:/tmp# time echo "nSCAN /tmp/1.pdf" | nc localhost 3310 /tmp/1.pdf: OK real 4m53.823s user 0m0.001s sys0m0.006s File: https://storage.googleapis.com/upload-samples/Museum_26MB.pdf Config file: https://storage.googleapis.com/upload-samples/clamd.conf Debug log: https://storage.googleapis.com/upload-samples/debug.log Extract file size data: https://storage.googleapis.com/upload-samples/files.log Thanks, Nikolay CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential information of Five9 and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Five9 and/or its affiliated entities. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] How to exclude /tmp/systemd-* but include /tmp/ ?
Hi there, 41;366;0c On Fri, 24 Sep 2021, dee heffemm via clamav-users wrote: I've tried "ExcludePath /tmp/systemd-*" but the obvious regex ... It's not obvious to me that your regex does what you think it does. You've probably been using things like that in a shell (or Windows?) but regexes behave differently. In a regex, an asterisk means "zero or more occurreneces of the preceding element". The preceding element in your regex is the character '-', which means that your regex excludes /tmp/systemd /tmp/systemd- /tmp/systemd-- /tmp/systemd--- /tmp/systemd /tmp/systemd- ad infinitum... Instead, try something like ExcludePath /tmp/systemd.* You can use the ExcludePath directive more than once (more or less as many times as you like) in the configuration file. HTH -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] How to exclude /tmp/systemd-* but include /tmp/ ?
Hi, clamonacc is still blocking my webapp from loading. I've tried removing clamd from apparmor and running clamd through strace to find any obvious errors. Nothing has turned up yet except that maybe something is odd with the /tmp/ directory. If I "OnAccessExcludePath /tmp/", then everything works OK. I'd like to have /tmp/ in the scan config however because it's a world-writable location. I have a hunch the /tmp/systemd-* directories are the source of trouble but how do I include /tmp/, yet still exclude just those systemd subdirectories? I've tried "ExcludePath /tmp/systemd-*" but the obvious regex makes no difference and I'm not sure if clamd.conf uses POSIX regex, or Perl style, or what. How can I exclude /tmp/systemd-*? My clamd.conf is below showing edits I've made from the default. TemporaryDirectory /var/lib/clamav/ ExcludePath ^/proc ExcludePath ^/sys ExcludePath ^/run ExcludePath ^/dev ExcludePath ^/var/lib/lxcfs/cgroup ExcludePath /tmp/systemd-* OnAccessPrevention yes OnAccessExtraScanning yes OnAccessExcludeUname clamav OnAccessExcludePath / OnAccessIncludePath /var/www OnAccessIncludePath /home OnAccessIncludePath /tmp OnAccessExcludePath /tmp/systemd-* ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml