Hi Ged, > Am 01.08.2022 um 12:20 schrieb G.W. Haywood <cla...@jubileegroup.co.uk > <mailto:cla...@jubileegroup.co.uk>>: > > The signature database has the facility to whitelist falsely flagged > files using a digest. These are propagated with the 'daily' updates. > Are you sure that your signature database is up to date? What version > of 'daily' do you have?
I always run freshclam bevor clamscan. See the output below. 22:51 hesk@kenny:~ $ freshclam ClamAV update process started at Mon Aug 1 22:51:52 2022 daily.cld database is up-to-date (version: 26615, sigs: 1992518, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) 22:51 hesk@kenny:~ $ clamscan /opt/homebrew/Cellar/node/18.7.0/bin/node Loading: 7s, ETA: 0s [========================>] 8.62M/8.62M sigs Compiling: 2s, ETA: 0s [========================>] 41/41 tasks /opt/homebrew/Cellar/node/18.7.0/bin/node: Osx.Exploit.CVE_2021_4034-9951522-1 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 8624548 Engine version: 0.105.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 40.39 MB Data read: 37.92 MB (ratio 1.06:1) Time: 10.480 sec (0 m 10 s) Start Date: 2022:08:01 22:52:20 End Date: 2022:08:01 22:52:30 > If you can post an example file somewhere for me to download I can > take a look at it. (Alternatively post a link to where you got the > file, AND the MD5 digest of the file that ClamAV is flagging so that > we all know that we're looking at the same thing.) I’m using Homebrew to install nodejs. Below is the curl command that downloads the file (taken from debug output) and the MD5 hash. curl --disable --cookie /dev/null --globoff --show-error --user-agent Homebrew/3.5.6-73-ge217fd3\ \(Macintosh\;\ arm64\ Mac\ OS\ X\ 12.5\)\ curl/7.79.1 --header Accept-Language:\ en --fail --progress-bar --retry 3 --location --remote-time --output node--18.7.0.arm64_monterey.bottle.tar.gz https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:5bc3bbc7796679a30ef86748accee8170fad11bccea0fcc1fc129f2a51b4b6fa\?se=2022-08-01T21\%3A05\%3A00Z\&sig=4J7BjIWzJ12h4lS5\%2FBL8zdhsYKLZFPS1j\%2BX4iWgdQ3s\%3D\&sp=r\&spr=https\&sr=b\&sv=2019-12-12 <https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:5bc3bbc7796679a30ef86748accee8170fad11bccea0fcc1fc129f2a51b4b6fa/?se=2022-08-01T21\%3A05\%3A00Z\&sig=4J7BjIWzJ12h4lS5\%2FBL8zdhsYKLZFPS1j\%2BX4iWgdQ3s\%3D\&sp=r\&spr=https\&sr=b\&sv=2019-12-12> MD5 (node/18.7.0/bin/node) = bd689141b74bf1c9d897d25aa6878a85 Cheers, Viktor
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
