All,

This is a set of regex signatures I published. These lines in the signature
database should have been ignored by ClamAV versions previous to 0.99.

Given the problems that alternate versions of ClamAV have, I am going to
drop these signatures.

Thanks,
Shaun Hurley

On Mon, Oct 19, 2015 at 1:38 AM, Rafael Ferreira <r...@uvasoftware.com>
wrote:

> Hey folks, just closing the loop on this, unsurprisingly, this turned out
> to be a problem on our side. I had forgotten but we were running a custom
> build of clamav a couple of commits before the 0.98.7 release that
> apparently had a signature parsing regression, upgrading to the release
> commit fixed the issue for us.
>
> Thanks everyone for the help!
>
> On Sun, Oct 18, 2015 at 5:31 PM, Al Varnell <alvarn...@mac.com> wrote:
>
> > I just had a Mac OS X 10.11/ClamXav 2.8.5/ClamAV 0.98.7 user with a
> > similar situation.  Appears to be in the US, but I need to get more
> > information to verify that and the results of sigtool -i:
> >
> > Checking official ClamAV definitions
> > --------------------------------------
> > ClamAV update process started at Sat Oct 17 11:58:34 2015
> > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder:
> > neo)
> > Downloading daily-20931.cdiff [100%]
> > Downloading daily-20932.cdiff [100%]
> > Downloading daily-20933.cdiff [100%]
> > Downloading daily-20934.cdiff [100%]
> > Downloading daily-20935.cdiff [100%]
> > Downloading daily-20936.cdiff [100%]
> > Downloading daily-20937.cdiff [100%]
> > Downloading daily-20938.cdiff [100%]
> > Downloading daily-20939.cdiff [100%]
> > Downloading daily-20940.cdiff [100%]
> > Downloading daily-20941.cdiff [100%]
> > Downloading daily-20942.cdiff [100%]
> > Downloading daily-20943.cdiff [100%]
> > Downloading daily-20944.cdiff [100%]
> > Downloading daily-20945.cdiff [100%]
> > Downloading daily-20946.cdiff [100%]
> > Downloading daily-20947.cdiff [100%]
> > Downloading daily-20948.cdiff [100%]
> > Downloading daily-20949.cdiff [100%]
> > Downloading daily-20950.cdiff [100%]
> > Downloading daily-20951.cdiff [100%]
> > Downloading daily-20952.cdiff [100%]
> > Downloading daily-20953.cdiff [100%]
> > Downloading daily-20954.cdiff [100%]
> > Downloading daily-20955.cdiff [100%]
> > Downloading daily-20956.cdiff [100%]
> > Downloading daily-20957.cdiff [100%]
> > Downloading daily-20958.cdiff [100%]
> > Downloading daily-20959.cdiff [100%]
> > Downloading daily-20960.cdiff [100%]
> > Downloading daily-20961.cdiff [100%]
> > Downloading daily-20962.cdiff [100%]
> > Downloading daily-20963.cdiff [100%]
> > Downloading daily-20964.cdiff [100%]
> > Downloading daily-20965.cdiff [100%]
> > Downloading daily-20966.cdiff [100%]
> > Downloading daily-20967.cdiff [100%]
> > Downloading daily-20968.cdiff [100%]
> > Downloading daily-20969.cdiff [100%]
> > Downloading daily-20970.cdiff [100%]
> > Downloading daily-20971.cdiff [100%]
> > Downloading daily-20972.cdiff [100%]
> > Downloading daily-20973.cdiff [100%]
> > Downloading daily-20974.cdiff [100%]
> > Downloading daily-20975.cdiff [100%]
> > Downloading daily-20976.cdiff [100%]
> > Downloading daily-20977.cdiff [100%]
> > ERROR: Failed to load new database: Malformed database
> > ERROR: Failed to load new database
> > --------------------------------------
> > ClamAV update process started at Sun Oct 18 05:45:07 2015
> > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder:
> > neo)
> > Downloading daily-20931.cdiff [100%]
> > Downloading daily-20932.cdiff [100%]
> > Downloading daily-20933.cdiff [100%]
> > Downloading daily-20934.cdiff [100%]
> > Downloading daily-20935.cdiff [100%]
> > Downloading daily-20936.cdiff [100%]
> > Downloading daily-20937.cdiff [100%]
> > Downloading daily-20938.cdiff [100%]
> > Downloading daily-20939.cdiff [100%]
> > Downloading daily-20940.cdiff [100%]
> > Downloading daily-20941.cdiff [100%]
> > Downloading daily-20942.cdiff [100%]
> > ERROR: cdiff_apply: Incorrect digital signature
> > ERROR: getpatch: Can't apply patch
> > Downloading daily.cvd [100%]
> > ERROR: Verification: Can't verify database integrity
> > Trying again in 5 secs...
> > ClamAV update process started at Sun Oct 18 05:52:05 2015
> > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder:
> > neo)
> > Downloading daily-20931.cdiff [100%]
> > Downloading daily-20932.cdiff [100%]
> > Downloading daily-20933.cdiff [100%]
> > Downloading daily-20934.cdiff [100%]
> > Downloading daily-20935.cdiff [100%]
> > Downloading daily-20936.cdiff [100%]
> > Downloading daily-20937.cdiff [100%]
> > Downloading daily-20938.cdiff [100%]
> > Downloading daily-20939.cdiff [100%]
> > Downloading daily-20940.cdiff [100%]
> > Downloading daily-20941.cdiff [100%]
> > Downloading daily-20942.cdiff [100%]
> > Downloading daily-20943.cdiff [100%]
> > Downloading daily-20944.cdiff [100%]
> > Downloading daily-20945.cdiff [100%]
> > Downloading daily-20946.cdiff [100%]
> > Downloading daily-20947.cdiff [100%]
> > Downloading daily-20948.cdiff [100%]
> > ERROR: cdiff_cmd_close: Can't apply DEL at line 1493879 of daily.mdb
> > ERROR: cdiff_apply: Can't execute command CLOSE
> > ERROR: cdiff_apply: Error executing command at line 19
> > ERROR: getpatch: Can't apply patch
> > Downloading daily.cvd [100%]
> > ERROR: Verification: Can't verify database integrity
> > Trying again in 5 secs...
> > ClamAV update process started at Sun Oct 18 05:53:10 2015
> > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder:
> > neo)
> > Downloading daily-20931.cdiff [100%]
> > Downloading daily-20932.cdiff [100%]
> > Downloading daily-20933.cdiff [100%]
> > Downloading daily-20934.cdiff [100%]
> > Downloading daily-20935.cdiff [100%]
> > Downloading daily-20936.cdiff [100%]
> > Downloading daily-20937.cdiff [100%]
> > Downloading daily-20938.cdiff [100%]
> > Downloading daily-20939.cdiff [100%]
> > Downloading daily-20940.cdiff [100%]
> > Downloading daily-20941.cdiff [100%]
> > Downloading daily-20942.cdiff [100%]
> > Downloading daily-20943.cdiff [100%]
> > Downloading daily-20944.cdiff [100%]
> > Downloading daily-20945.cdiff [100%]
> > Downloading daily-20946.cdiff [100%]
> > Downloading daily-20947.cdiff [100%]
> > Downloading daily-20948.cdiff [100%]
> > ERROR: cdiff_cmd_close: Can't apply DEL at line 1493879 of daily.mdb
> > ERROR: cdiff_apply: Can't execute command CLOSE
> > ERROR: cdiff_apply: Error executing command at line 19
> > ERROR: getpatch: Can't apply patch
> > Downloading daily.cvd [100%]
> > ERROR: Verification: Can't verify database integrity
> > Giving up on database.clamav.net...
> > Update failed. Your network may be down or none of the mirrors listed in
> > /usr/local/clamXav/etc/freshclam.conf is working. Check
> > http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
> >
> > -Al-
> >
> > On Thu, Oct 15, 2015 at 01:41 PM, Rafael Ferreira wrote:
> > >
> > > Odd, we run Debian (Jessie) Linux and we see this problem on quite a
> few
> > of our hosts; nothing obviously relevant seems to have changed on our
> side.
> > We will keep looking and report back.
> > >
> > >> On Oct 15, 2015, at 1:15 PM, Steven Morgan <smor...@sourcefire.com>
> > wrote:
> > >> Thanks, that is working for me with ClamAV 0.98.7. It even worked
> using
> > >> http://scanii-assets.s3.amazonaws.com/daily.cvd. What OS and hardware
> > are
> > >> you using?
> > >>
> > >> On Thu, Oct 15, 2015 at 1:30 PM, Rafael Ferreira <r...@uvasoftware.com
> >
> > >> wrote:
> > >>> 0.98.7
> > >>>
> > >>>>> On Oct 15, 2015, at 8:46 AM, Steven Morgan
> > >>>> wrote:
> > >>>> Rafael,
> > >>>>
> > >>>> I don't see this. Which version of ClamAV are you using?
> > >>>>
> > >>>> Steve
> > >>>>
> > >>>>
> > >>>> On Thu, Oct 15, 2015 at 11:24 AM, Rafael Ferreira
> > >>>> wrote:
> > >>>>> Howdy folks, we started noticing problems with daily.cvd:
> > >>>>>
> > >>>>> Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd
> > >>>>>
> > >>>>> Trying to download http://scanii-assets.s3.amazonaws.com/daily.cvd
> > (IP:
> > >>>>> 54.231.34.41)
> > >>>>>
> > >>>>> Downloading daily.cvd [100%]
> > >>>>>
> > >>>>> Loading signatures from daily.cvd
> > >>>>>
> > >>>>> WARNING: [LibClamAV] cli_parseadd(): Problem adding signature (1b).
> > >>>>>
> > >>>>> WARNING: [LibClamAV] Problem parsing database at line 1097
> > >>>>>
> > >>>>> WARNING: [LibClamAV] Can't load daily.ldb: Malformed database
> > >>>>>
> > >>>>> WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb
> > >>>>>
> > >>>>> WARNING: [LibClamAV] Can't load
> > >>>>>
> >
> /var/lib/clamav/clamav-bde1e525a5ccd73f8aef9d297171cfdc.tmp/clamav-d1391230fbba45ed1a1ab05e2a069102.cvd:
> > >>>>> Malformed database
> > >>>>>
> > >>>>> ERROR: Failed to load new database: Malformed database
> > >>>>>
> > >>>>> ERROR: During database load : WARNING: [LibClamAV] cli_parse_add():
> > >>>>> Problem
> > >>>>> adding signature (1). [...] ERROR: Failed to load new database:
> > >>>>> Malformed
> > >>>>> database
> > >>>>>
> > >>>>> WARNING: Database load exited with status 55
> > >>>>>
> > >>>>> ERROR: Failed to load new database
> > >>>>>
> > >>>>> couple of things worth noting, there's no indication of memory
> > pressure
> > >>>>> on
> > >>>>> the hosts, the databases do pass a sigtool dump of its contents and
> > were
> > >>>>> tested for potential in flight corruption.
> > >>>>>
> > >>>>> Anyone else seeing this?
> > >>>>>
> > >>>>> - Rafael
> >
> >
> >
> >
> > _______________________________________________
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
>
>
>
> --
> Rafael Ferreira
> Uva Software, LLC
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to