All, This is a set of regex signatures I published. These lines in the signature database should have been ignored by ClamAV versions previous to 0.99.
Given the problems that alternate versions of ClamAV have, I am going to drop these signatures. Thanks, Shaun Hurley On Mon, Oct 19, 2015 at 1:38 AM, Rafael Ferreira <r...@uvasoftware.com> wrote: > Hey folks, just closing the loop on this, unsurprisingly, this turned out > to be a problem on our side. I had forgotten but we were running a custom > build of clamav a couple of commits before the 0.98.7 release that > apparently had a signature parsing regression, upgrading to the release > commit fixed the issue for us. > > Thanks everyone for the help! > > On Sun, Oct 18, 2015 at 5:31 PM, Al Varnell <alvarn...@mac.com> wrote: > > > I just had a Mac OS X 10.11/ClamXav 2.8.5/ClamAV 0.98.7 user with a > > similar situation. Appears to be in the US, but I need to get more > > information to verify that and the results of sigtool -i: > > > > Checking official ClamAV definitions > > -------------------------------------- > > ClamAV update process started at Sat Oct 17 11:58:34 2015 > > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: > > neo) > > Downloading daily-20931.cdiff [100%] > > Downloading daily-20932.cdiff [100%] > > Downloading daily-20933.cdiff [100%] > > Downloading daily-20934.cdiff [100%] > > Downloading daily-20935.cdiff [100%] > > Downloading daily-20936.cdiff [100%] > > Downloading daily-20937.cdiff [100%] > > Downloading daily-20938.cdiff [100%] > > Downloading daily-20939.cdiff [100%] > > Downloading daily-20940.cdiff [100%] > > Downloading daily-20941.cdiff [100%] > > Downloading daily-20942.cdiff [100%] > > Downloading daily-20943.cdiff [100%] > > Downloading daily-20944.cdiff [100%] > > Downloading daily-20945.cdiff [100%] > > Downloading daily-20946.cdiff [100%] > > Downloading daily-20947.cdiff [100%] > > Downloading daily-20948.cdiff [100%] > > Downloading daily-20949.cdiff [100%] > > Downloading daily-20950.cdiff [100%] > > Downloading daily-20951.cdiff [100%] > > Downloading daily-20952.cdiff [100%] > > Downloading daily-20953.cdiff [100%] > > Downloading daily-20954.cdiff [100%] > > Downloading daily-20955.cdiff [100%] > > Downloading daily-20956.cdiff [100%] > > Downloading daily-20957.cdiff [100%] > > Downloading daily-20958.cdiff [100%] > > Downloading daily-20959.cdiff [100%] > > Downloading daily-20960.cdiff [100%] > > Downloading daily-20961.cdiff [100%] > > Downloading daily-20962.cdiff [100%] > > Downloading daily-20963.cdiff [100%] > > Downloading daily-20964.cdiff [100%] > > Downloading daily-20965.cdiff [100%] > > Downloading daily-20966.cdiff [100%] > > Downloading daily-20967.cdiff [100%] > > Downloading daily-20968.cdiff [100%] > > Downloading daily-20969.cdiff [100%] > > Downloading daily-20970.cdiff [100%] > > Downloading daily-20971.cdiff [100%] > > Downloading daily-20972.cdiff [100%] > > Downloading daily-20973.cdiff [100%] > > Downloading daily-20974.cdiff [100%] > > Downloading daily-20975.cdiff [100%] > > Downloading daily-20976.cdiff [100%] > > Downloading daily-20977.cdiff [100%] > > ERROR: Failed to load new database: Malformed database > > ERROR: Failed to load new database > > -------------------------------------- > > ClamAV update process started at Sun Oct 18 05:45:07 2015 > > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: > > neo) > > Downloading daily-20931.cdiff [100%] > > Downloading daily-20932.cdiff [100%] > > Downloading daily-20933.cdiff [100%] > > Downloading daily-20934.cdiff [100%] > > Downloading daily-20935.cdiff [100%] > > Downloading daily-20936.cdiff [100%] > > Downloading daily-20937.cdiff [100%] > > Downloading daily-20938.cdiff [100%] > > Downloading daily-20939.cdiff [100%] > > Downloading daily-20940.cdiff [100%] > > Downloading daily-20941.cdiff [100%] > > Downloading daily-20942.cdiff [100%] > > ERROR: cdiff_apply: Incorrect digital signature > > ERROR: getpatch: Can't apply patch > > Downloading daily.cvd [100%] > > ERROR: Verification: Can't verify database integrity > > Trying again in 5 secs... > > ClamAV update process started at Sun Oct 18 05:52:05 2015 > > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: > > neo) > > Downloading daily-20931.cdiff [100%] > > Downloading daily-20932.cdiff [100%] > > Downloading daily-20933.cdiff [100%] > > Downloading daily-20934.cdiff [100%] > > Downloading daily-20935.cdiff [100%] > > Downloading daily-20936.cdiff [100%] > > Downloading daily-20937.cdiff [100%] > > Downloading daily-20938.cdiff [100%] > > Downloading daily-20939.cdiff [100%] > > Downloading daily-20940.cdiff [100%] > > Downloading daily-20941.cdiff [100%] > > Downloading daily-20942.cdiff [100%] > > Downloading daily-20943.cdiff [100%] > > Downloading daily-20944.cdiff [100%] > > Downloading daily-20945.cdiff [100%] > > Downloading daily-20946.cdiff [100%] > > Downloading daily-20947.cdiff [100%] > > Downloading daily-20948.cdiff [100%] > > ERROR: cdiff_cmd_close: Can't apply DEL at line 1493879 of daily.mdb > > ERROR: cdiff_apply: Can't execute command CLOSE > > ERROR: cdiff_apply: Error executing command at line 19 > > ERROR: getpatch: Can't apply patch > > Downloading daily.cvd [100%] > > ERROR: Verification: Can't verify database integrity > > Trying again in 5 secs... > > ClamAV update process started at Sun Oct 18 05:53:10 2015 > > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: > > neo) > > Downloading daily-20931.cdiff [100%] > > Downloading daily-20932.cdiff [100%] > > Downloading daily-20933.cdiff [100%] > > Downloading daily-20934.cdiff [100%] > > Downloading daily-20935.cdiff [100%] > > Downloading daily-20936.cdiff [100%] > > Downloading daily-20937.cdiff [100%] > > Downloading daily-20938.cdiff [100%] > > Downloading daily-20939.cdiff [100%] > > Downloading daily-20940.cdiff [100%] > > Downloading daily-20941.cdiff [100%] > > Downloading daily-20942.cdiff [100%] > > Downloading daily-20943.cdiff [100%] > > Downloading daily-20944.cdiff [100%] > > Downloading daily-20945.cdiff [100%] > > Downloading daily-20946.cdiff [100%] > > Downloading daily-20947.cdiff [100%] > > Downloading daily-20948.cdiff [100%] > > ERROR: cdiff_cmd_close: Can't apply DEL at line 1493879 of daily.mdb > > ERROR: cdiff_apply: Can't execute command CLOSE > > ERROR: cdiff_apply: Error executing command at line 19 > > ERROR: getpatch: Can't apply patch > > Downloading daily.cvd [100%] > > ERROR: Verification: Can't verify database integrity > > Giving up on database.clamav.net... > > Update failed. Your network may be down or none of the mirrors listed in > > /usr/local/clamXav/etc/freshclam.conf is working. Check > > http://www.clamav.net/doc/mirrors-faq.html for possible reasons. > > > > -Al- > > > > On Thu, Oct 15, 2015 at 01:41 PM, Rafael Ferreira wrote: > > > > > > Odd, we run Debian (Jessie) Linux and we see this problem on quite a > few > > of our hosts; nothing obviously relevant seems to have changed on our > side. > > We will keep looking and report back. > > > > > >> On Oct 15, 2015, at 1:15 PM, Steven Morgan <smor...@sourcefire.com> > > wrote: > > >> Thanks, that is working for me with ClamAV 0.98.7. It even worked > using > > >> http://scanii-assets.s3.amazonaws.com/daily.cvd. What OS and hardware > > are > > >> you using? > > >> > > >> On Thu, Oct 15, 2015 at 1:30 PM, Rafael Ferreira <r...@uvasoftware.com > > > > >> wrote: > > >>> 0.98.7 > > >>> > > >>>>> On Oct 15, 2015, at 8:46 AM, Steven Morgan > > >>>> wrote: > > >>>> Rafael, > > >>>> > > >>>> I don't see this. Which version of ClamAV are you using? > > >>>> > > >>>> Steve > > >>>> > > >>>> > > >>>> On Thu, Oct 15, 2015 at 11:24 AM, Rafael Ferreira > > >>>> wrote: > > >>>>> Howdy folks, we started noticing problems with daily.cvd: > > >>>>> > > >>>>> Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd > > >>>>> > > >>>>> Trying to download http://scanii-assets.s3.amazonaws.com/daily.cvd > > (IP: > > >>>>> 54.231.34.41) > > >>>>> > > >>>>> Downloading daily.cvd [100%] > > >>>>> > > >>>>> Loading signatures from daily.cvd > > >>>>> > > >>>>> WARNING: [LibClamAV] cli_parseadd(): Problem adding signature (1b). > > >>>>> > > >>>>> WARNING: [LibClamAV] Problem parsing database at line 1097 > > >>>>> > > >>>>> WARNING: [LibClamAV] Can't load daily.ldb: Malformed database > > >>>>> > > >>>>> WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb > > >>>>> > > >>>>> WARNING: [LibClamAV] Can't load > > >>>>> > > > /var/lib/clamav/clamav-bde1e525a5ccd73f8aef9d297171cfdc.tmp/clamav-d1391230fbba45ed1a1ab05e2a069102.cvd: > > >>>>> Malformed database > > >>>>> > > >>>>> ERROR: Failed to load new database: Malformed database > > >>>>> > > >>>>> ERROR: During database load : WARNING: [LibClamAV] cli_parse_add(): > > >>>>> Problem > > >>>>> adding signature (1). [...] ERROR: Failed to load new database: > > >>>>> Malformed > > >>>>> database > > >>>>> > > >>>>> WARNING: Database load exited with status 55 > > >>>>> > > >>>>> ERROR: Failed to load new database > > >>>>> > > >>>>> couple of things worth noting, there's no indication of memory > > pressure > > >>>>> on > > >>>>> the hosts, the databases do pass a sigtool dump of its contents and > > were > > >>>>> tested for potential in flight corruption. > > >>>>> > > >>>>> Anyone else seeing this? > > >>>>> > > >>>>> - Rafael > > > > > > > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > > > > -- > Rafael Ferreira > Uva Software, LLC > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml