Re: [clamav-users] safebrowsing.cvd causing clamd to stop functioning

2018-05-01 Thread Rafael Ferreira 
$ sigtool --info safebrowsing.cvd 
File: safebrowsing.cvd
Build time: 30 Apr 2018 18:49 -0400
Version: 47323
Signatures: 2898788
Functionality level: 63
Builder: google
MD5: df018f5caf24960004570ab3eb0b2049
Digital signature: 
P+Jbcme4Qp66dwjnHxKCXwyhhZ3xg0QvI5bSDTNP9UwkRDmL1DNeTDZJcPGdWiIQOScjwpt1kFU1z4ImWvL+w9ENN3mRyZMRL7vUw7fKKkIirdwyCa1KfddGk6JOEsAtUPf1CmMBOytzXX6Oa2ljUad9ViEkkLe17NtXygczIWj
Verification OK.

just in case someone saw the same. I haven’t tried the latest cvd but I’ll do 
it so later today. 

> On May 1, 2018, at 1:19 AM, Reindl Harald <h.rei...@thelounge.net> wrote:
> 
> 
> 
> Am 01.05.2018 um 04:40 schrieb Rafael Ferreira:
>> It seems that the latest safebrowsing.cvd update is causing clamd daemons 
>> with version 0.99 to get into a broken state (100% cpu and rampant memory 
>> growth)
> 
> no - but hey, who knows what is "the latest" for you
> 
> May  1 07:25:57 buildserver freshclam[7413]: Downloading
> safebrowsing-47324.cdiff [100%]
> May  1 07:26:05 buildserver freshclam[7413]: safebrowsing.cld updated
> (version: 47324, sigs: 2898710, f-level: 63, builder: google)

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] safebrowsing.cvd causing clamd to stop functioning

2018-04-30 Thread Rafael Ferreira 
It seems that the latest safebrowsing.cvd update is causing clamd daemons with 
version 0.99 to get into a broken state (100% cpu and rampant memory growth). 

- Rafael 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

2018-01-26 Thread Rafael Ferreira 
Nope, latest is still 

File: daily.cvd
Build time: 26 Jan 2018 04:24 -0500
Version: 24257
Signatures: 1835982
Functionality level: 63
Builder: neo
MD5: 3b3092994fdf9aa39aae480c38fb31ab
Digital signature: 
D7RfRs/Zbl/2fFW4FZKHoHskjH5BWU1K/Qqyhc0qEyO4bHblupzLq/m3oJo4CfcVfysd3cOMZNPhwRzTzJlKTGWQx4Y4VT/jhM+5NOI8tcVZgFzpvQE699hBHggYRqDZq+mlTiFNmZ7pCUR9ACmso3uElfFpRZP4oy4I3ULxkXg

which appears to have the issue, we, scanii.com , are 
having quite a bit of run today because of it. 


> On Jan 26, 2018, at 7:44 AM, Jason J. W. Williams  
> wrote:
> 
> We started seeing this problem last night as well. Reading through the
> thread, it doesn't appear that ClamAV has fixed the signatures yet (as of
> 24257), or am I wrong?
> 
> -J
> 
> On Fri, Jan 26, 2018 at 6:24 AM, Dianne Skoll 
> wrote:
> 
>> On Fri, 26 Jan 2018 13:50:27 +0100
>> Ralf Hildebrandt  wrote:
>> 
>>> If I had to guess: they used the beta for testing, but the release
>>> versions (both 0.99.2 and 0.99.3!) fail to operate properly...
>> 
>> No, I bet that's not what happened.  A file descriptor leak doesn't show
>> up right away.  They probably tested the signatures on a lightly-loaded
>> server and didn't notice any problems.
>> 
>> ClamAV QA team: In future, please run new signatures against a clamd
>> process a few thousand times to check for possible resource leakage.
>> 
>> Regards,
>> 
>> Dianne.
>> 
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fwd: [clamav-virusdb] Signatures Published daily - 23583

2017-07-21 Thread Rafael Ferreira 
looks like the signatures are stuck again, the appear to be empty since 
yesterday. 

> Begin forwarded message:
> 
> From: nore...@sourcefire.com
> Subject: [clamav-virusdb] Signatures Published daily - 23583
> Date: July 21, 2017 at 1:17:47 AM PDT
> To: clamav-viru...@lists.clamav.net
> 
> 
> ClamAV Signature Publishing Notice
> 
> Datefile:   daily
> Version:23583
> Publisher:  Alain Zidouemba
> New Sigs:   0
> Dropped Sigs:   0
> Ignored Sigs:   34
> 
> 
> New Detection Signatures:
> 
> 
> 
> Dropped Detection Signatures:
> 
> 
> 
> 
> ___
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] 18+ hours since last signature

2017-05-15 Thread Rafael Ferreira 
Hey folks, just a heads up that it looks like signatures are “stuck” again, the 
last daily (23389) came out at 2AM PST: 

http://lists.clamav.net/pipermail/clamav-virusdb/2017-May/004726.html 


Anyone knows what is going on? Things were much better when the signature dbs 
were coming out every 4 hours…. 

- Rafael 







___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Different results: Clamscan vs ClamWin

2017-05-02 Thread Rafael Ferreira 
Can you tell us which virus you encountered? Also can you validate that the 
file has the same checksum in both windows and Linux? 

> On May 2, 2017, at 2:22 PM, Peter B.  wrote:
> 
> Dear Clamav users,
> 
> I was scanning a ZIP file with both: clamscan (on Xubuntu), and clamwin
> (on Win7).
> Clamwin found a virus, where clamscan did not.
> 
> I'm surprised, since I thought these are just 2 frontends for the same
> engine and virus database?
> 
> I updated the database on Linux using "$ sudo freshclam".
> No change.
> 
> 
> Grateful for any information why clamscan finds less than clamwin...? :)
> 
> Thank you in advance,
> Peter B.
> 
> 
> 
> Software versions on my setups:
> 
> Xubuntu 12.04.1 (64bit):
> -
>ClamAV 0.99.2/23350/Tue May  2 15:02:21 2017
>main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60,
> builder: amishhammer)
>daily.cld is up to date (version: 23350, sigs: 2063182, f-level: 63,
> builder: neo)
>bytecode.cvd is up to date (version: 296, sigs: 58, f-level: 63,
> builder: anvilleg)
> 
> 
> Win7 (64bit):
> -
>ClamWin v0.99.1
>Virus DB Version: main 57 daily 23350
>Updated: 15:02 02 May 2017
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Sporadic signature frequency

2017-04-17 Thread Rafael Ferreira 
Thanks Joel, that makes sense, what's is the issue with the current deletion 
strategy? 

> On Apr 17, 2017, at 9:33 AM, Joel Esler (jesler) <jes...@cisco.com> wrote:
> 
> Yes —
> 
> Since more and more content is being shipped, it’s taking longer and longer 
> to build the daily.cvd.  So if the build of a daily is locked when it comes 
> around to build the next one, it doesn’t build the second one.  Hence why 
> they are coming more spaced out.
> 
> Couple remedies for this, all of which require development, time, and 
> bandwidth:
> 
> 1. Make a new main.cvd and push it out (easiest fix)
> 2. Optimize how we do deletes
> 
> But the beginning of this email is the reason.
> 
> --
> Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
> 
> 
> 
> 
> 
> 
> On Apr 15, 2017, at 11:29 AM, Rafael Ferreira 
> <r...@uvasoftware.com<mailto:r...@uvasoftware.com>> wrote:
> 
> That’s what I noticed as well, anyone know why?
> 
> On Apr 13, 2017, at 9:39 PM, Al Varnell 
> <alvarn...@mac.com<mailto:alvarn...@mac.com>> wrote:
> 
> Actually, they have been coming every 8 hours since 8 March. It was 6 hours 
> on 7 March and 4 hours before that.
> 
> -Al-
> 
> On Thu, Apr 13, 2017 at 07:09 PM, Alain Zidouemba wrote:
> 
> They come out every 6h.
> 
> -Alain
> 
> On Apr 13, 2017, at 9:57 PM, Rafael Ferreira 
> <r...@uvasoftware.com<mailto:r...@uvasoftware.com>> wrote:
> 
> Hey folks, I've noticed that new sig databases are coming out at a fairly 
> inconsistent frequency lately,  is this accidental or for a particular reason?
> 
> Rafael
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Sporadic signature frequency

2017-04-15 Thread Rafael Ferreira 
That’s what I noticed as well, anyone know why? 

> On Apr 13, 2017, at 9:39 PM, Al Varnell <alvarn...@mac.com> wrote:
> 
> Actually, they have been coming every 8 hours since 8 March. It was 6 hours 
> on 7 March and 4 hours before that.
> 
> -Al-
> 
> On Thu, Apr 13, 2017 at 07:09 PM, Alain Zidouemba wrote:
>> 
>> They come out every 6h.
>> 
>> -Alain
>> 
>>> On Apr 13, 2017, at 9:57 PM, Rafael Ferreira <r...@uvasoftware.com> wrote:
>>> 
>>> Hey folks, I've noticed that new sig databases are coming out at a fairly 
>>> inconsistent frequency lately,  is this accidental or for a particular 
>>> reason?
>>> 
>>> Rafael
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Sporadic signature frequency

2017-04-13 Thread Rafael Ferreira 
Thanks! I believe it used to be 4 hours in the past.

> On Apr 13, 2017, at 7:09 PM, Alain Zidouemba <azidoue...@sourcefire.com> 
> wrote:
> 
> They come out every 6h.
> 
> -Alain
> 
>> On Apr 13, 2017, at 9:57 PM, Rafael Ferreira <r...@uvasoftware.com> wrote:
>> 
>> Hey folks, I've noticed that new sig databases are coming out at a fairly 
>> inconsistent frequency lately,  is this accidental or for a particular 
>> reason?
>> 
>> Rafael
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Sporadic signature frequency

2017-04-13 Thread Rafael Ferreira 
Hey folks, I've noticed that new sig databases are coming out at a fairly 
inconsistent frequency lately,  is this accidental or for a particular reason?

Rafael 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Reporting malware/false negatives

2017-03-21 Thread Rafael Ferreira 
That is a fundamentally different type of "free". I think that, all in all, the 
clamav folks do an amazing job with signature distribution, specially for 
submitted samples. 

> On Mar 21, 2017, at 6:41 PM, Al Varnell  wrote:
> 
> Actually, the still give their macOS/OS X product away for free.
> 
> Sent from Janet's iPad
> 
> -Al-
> 
> On Mar 21, 2017, at 6:22 PM, "Joel Esler (jesler)" wrote:
> 
>>> I don't even bother reporting them to sophos, et al because it's
>>> sometimes days before they're added. I was expecting better from
>>> clamav...
>> 
>> Interesting, considering Sophos is not a free product.
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Fwd: [clamav-virusdb] Signatures Published daily - 22968

2017-01-29 Thread Rafael Ferreira 
Hey folks, it seems like database creation is stuck again,  versions 22965 
through 22968 all have 0 new and dropped sigs. 

- Rafael 

> Begin forwarded message:
> 
> From: nore...@sourcefire.com
> Subject: [clamav-virusdb] Signatures Published daily - 22968
> Date: January 29, 2017 at 5:29:30 PM MST
> To: clamav-viru...@lists.clamav.net
> 
> 
> ClamAV Signature Publishing Notice
> 
> Datefile:   daily
> Version:22968
> Publisher:  Alain Zidouemba
> New Sigs:   0
> Dropped Sigs:   0
> Ignored Sigs:   146
> 
> 
> New Detection Signatures:
> 
> 
> 
> Dropped Detection Signatures:
> 
> 
> 
> 
> ___
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] CRDF databases and clamav

2016-11-20 Thread Rafael Ferreira 
That’s excellent news, thanks everyone. 

> On Nov 20, 2016, at 2:58 PM, Steve basford  
> wrote:
> 
> Passed directly to CRDF at the same time something is reported to the ClamAV 
> team.
> 
> For infoIf someone reports an FP with a Sanesecurity or Sanesecurity 
> distributed sigs, the sig is firstly removed then reported to the sig maker 
> and if the FP can be avoided and fixed, it will be reinstated.
> 
> Ham tests are done every hour automatically  before mirror updates... issues 
> and database errors directly reported, which has been the case for years.
> 
> 
> On 20 November 2016 21:46:56 Dennis Peterson  wrote:
> 
>> Will the ClamAV team handle CRDF FP's and other issues?
> 
> Cheers,
> 
> Steve
> Twitter: @sanesecurity
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] CRDF databases and clamav

2016-11-20 Thread Rafael Ferreira 
Howdy folks, am I correct to say that based on this announcement 
(http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html 
) that 
CRDF databases are now being rolled into the main/daily.cvd ones? 

Thanks!

- Rafael 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam error

2016-09-29 Thread Rafael Ferreira 
That appears to be a memory issue with your host, the malloc (memory allocator) 
is failing. 

> On Sep 29, 2016, at 8:01 AM, Tsutomu Oyamada  wrote:
> 
> Hi,
> 
> Following error is showed when the CVD is updated on freshclam;
> 
> Sep 27 04:00:05 W1K freshclam[26882]: [LibClamAV] mpool_malloc():Attempt to 
> allocate 8388608 bytes. Please report to http://bugs.clamav.net
> 
> This error has been showed from 26th September.
> The version of ClamAV is 0.98.1.
> 
> Could you tell us the cause of this error and how to solve it?
> 
> Best regards,
> 
> Tsutomu Oyamada
> Promark Inc.
> Japan
> 
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV updates

2016-09-19 Thread Rafael Ferreira 
It’s not a mirror issue, there seems to be something up with the signature dbs 
and it seems to have started after a fairly large jump in the versions: 



22199 is the latest version available from http://db.us.clamav.net/daily.cvd 
 - so either it was moved or we stopped 
updating the daly db :( 

In all seriousness, I would say this is pretty bad since it means signatures 
haven’t been updated in 3 days. 

- Rafael 


> On Sep 9, 2016, at 6:05 AM, Ed Christiansen MS  wrote:
> 
> Ah.  Don't worry about the dead link... what possible use could a list of 
> mirror sites be anyway?
> 
> If you mean http://www.clamav.net/documents/official-mirror-faq, it lists 
> errors, but not any other mirrors to check.
> 
> On 9/9/2016 8:58 AM, Joel Esler (jesler) wrote:
>> That link has been dead for a couple years.   We're going to bring it back 
>> eventually.
>> 
>> That being said, there is an FAQ document on how to select a different 
>> mirror.
>> 
>> Sent from my iPhone
>> 
>> On Sep 9, 2016, at 8:42 AM, Ed Christiansen MS 
>> > wrote:
>> 
>> I go to the same spot every time.  However, when I went to check the mirrors 
>> today at http://www.clamav.net/mirrors.html it shows me a 404 error with a 
>> red rotating clam head.
>> 
>> On 9/8/2016 5:23 PM, Joel Esler (jesler) wrote:
>> What mirror are you getting it from?  The same one every time?  Or different 
>> mirrors every time.
>> 
>> Sent from my iPad
>> 
>> On Sep 8, 2016, at 5:22 PM, Ed Christiansen MS 
>> > 
>> wrote:
>> 
>> Greetings,
>> 
>> I have been getting the updates off 
>> database.clamav.net 
>> for a long time.  The daily.cvd doesn't seem to have changed size in the 
>> past couple days.  Is this normal?
>> 
>> Thanks,
>> 
>> Ed Christiansen
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> 
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-virusdb Update Problems?

2016-09-17 Thread Rafael Ferreira 
Following up that 22216-22217 are showing the same issue as well. 

> On Sep 16, 2016, at 8:06 PM, Rafael Ferreira <r...@uvasoftware.com> wrote:
> 
> Yup we noticed the same problem here. Updates have become quite inconsistent. 
> 
>> On Sep 16, 2016, at 7:35 PM, Al Varnell <alvarn...@mac.com> wrote:
>> 
>> Just to try to get ahead of any problems now that the weekend has started, I 
>> noticed that daily 22210 through 22213 were quite small & most were twelve 
>> hours apart instead of the usual four and 22214 & 22215 appear to not have 
>> made any changes with eight hour intervals.
>> 
>> -Al-
>> -- 
>> Al Varnell
>> Mountain View, CA
>> 
>> 
>> 
>> 
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-virusdb Update Problems?

2016-09-16 Thread Rafael Ferreira 
Yup we noticed the same problem here. Updates have become quite inconsistent. 

> On Sep 16, 2016, at 7:35 PM, Al Varnell  wrote:
> 
> Just to try to get ahead of any problems now that the weekend has started, I 
> noticed that daily 22210 through 22213 were quite small & most were twelve 
> hours apart instead of the usual four and 22214 & 22215 appear to not have 
> made any changes with eight hour intervals.
> 
> -Al-
> -- 
> Al Varnell
> Mountain View, CA
> 
> 
> 
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV updates

2016-09-10 Thread Rafael Ferreira 
Software is hard, but the issue was identified and fairly promptly resolved. 
Thanks to all the clamav folks that sorted this out on a Friday night. 

- Rafael 

> On Sep 10, 2016, at 3:17 AM, Steve basford  
> wrote:
> 
> 
> 
> 
> On 10 September 2016 10:05:47 Alan Forbes  wrote:
> 
>> I have since uninstalled CLAMAV and am now using COMODO, at least it
>> updates correctly.
> 
> Yep, it might update... but...
> 
> https://www.autoitscript.com/forum/topic/184066-solved-comodo-av-detected-a-virus-in-autoit-33120/
> 
> *All* AVs have connection issues, fps, update issues etc. at some point.. and 
> it shouldn't surprise anybody.
> 
> Cheers,
> 
> Steve
> Twitter: @sanesecurity
> 
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV updates

2016-09-09 Thread Rafael Ferreira 
Thanks Paul! Yeah as far as I can tell those newer databases just don't exist. 
If anyone from the signature team is reading this, it would be good if they 
could chime in.

> On Sep 9, 2016, at 6:24 PM, Paul Kosinski <clamav-us...@iment.com> wrote:
> 
> I just looked at my logs, and I agree it's bad. I haven't seen an
> update since the one to 22199, which was 72 hours ago (see below).
> 
> Paul
> 
> --  Tuesday 06 September 2016 at 21:06:02  
> --
> 
> Current working dir is /opt/clamav.d/clamav.0.99.2/share/clamav
> Max retries == 4
> ClamAV update process started at Tue Sep  6 21:06:02 2016
> Using IPv6 aware code
> Querying current.cvd.clamav.net
> TTL: 1800
> Software version from DNS: 0.99.2
> main.cvd version from DNS: 57
> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: 
> amishhammer)
> daily.cvd version from DNS: 22199
> Retrieving http://db.us.clamav.net/daily.cvd
> Ignoring mirror 104.131.196.175 (due to previous errors)
> Ignoring mirror 194.8.197.22 (due to previous errors)
> Ignoring mirror 128.199.133.36 (due to previous errors)
> nonblock_connect: connect timing out (30 secs)
> Can't connect to port 80 of host db.us.clamav.net (IP: 207.57.106.31)
> nonblock_connect: connect timing out (30 secs)
> Can't connect to port 80 of host db.us.clamav.net (IP: 209.198.147.20)
> Ignoring mirror 104.131.196.175 (due to previous errors)
> Trying host db.us.clamav.net (172.110.204.67)...
> nonblock_connect: connect timing out (30 secs)
> Can't connect to port 80 of host db.us.clamav.net (IP: 172.110.204.67)
> Ignoring mirror 194.8.197.22 (due to previous errors)
> Trying host db.us.clamav.net (200.236.31.1)...
> Trying to download http://db.us.clamav.net/daily.cvd (IP: 200.236.31.1)
> Downloading daily.cvd [100%]
> Loading signatures from daily.cvd
> Properly loaded 596179 signatures from new daily.cvd
> daily.cvd updated (version: 22199, sigs: 596178, f-level: 63, builder: neo)
> Querying daily.22199.82.1.0.C8EC1F01.ping.clamav.net
> bytecode.cvd version from DNS: 283
> bytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
> Database updated (4815021 signatures) from db.us.clamav.net (IP: 200.236.31.1)
> OnUpdateExecute: EXIT_1
> 
> --  Tuesday 06 September 2016 at 21:08:57  
> --
> 
> TIME PASSES...
> 
> --  Friday 09 September 2016 at 21:06:01  
> --
> 
> Current working dir is /opt/clamav.d/clamav.0.99.2/share/clamav
> Max retries == 4
> ClamAV update process started at Fri Sep  9 21:06:01 2016
> Using IPv6 aware code
> Querying current.cvd.clamav.net
> TTL: 1800
> Software version from DNS: 0.99.2
> main.cvd version from DNS: 57
> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: 
> amishhammer)
> daily.cvd version from DNS: 22199
> daily.cvd is up to date (version: 22199, sigs: 596178, f-level: 63, builder: 
> neo)
> bytecode.cvd version from DNS: 283
> bytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
> 
> --  Friday 09 September 2016 at 21:06:01  
> --
> 
> 
> 
> 
> 
> On Fri, 9 Sep 2016 17:58:52 -0700
> Rafael Ferreira <r...@uvasoftware.com> wrote:
> 
>> It’s not a mirror issue, there seems to be something up with the
>> signature dbs and it seems to have started after a fairly large jump
>> in the versions between v22199 and v44399
>> (http://lists.clamav.net/pipermail/clamav-virusdb/2016-September/thread.html
>> <http://lists.clamav.net/pipermail/clamav-virusdb/2016-September/thread.html>).
>>  
>> 
>> 22199 is the latest version available from
>> http://db.us.clamav.net/daily.cvd <http://db.us.clamav.net/daily.cvd>
>> - so either it was moved or we stopped updating the daly db :( 
>> 
>> In all seriousness, I would say this is pretty bad since it means
>> signatures haven’t been updated in 3 days. 
>> 
>> - Rafael
> 
>> http://www.clamav.net/contact.html#ml
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV updates

2016-09-09 Thread Rafael Ferreira 
It’s not a mirror issue, there seems to be something up with the signature dbs 
and it seems to have started after a fairly large jump in the versions between 
v22199 and v44399 
(http://lists.clamav.net/pipermail/clamav-virusdb/2016-September/thread.html 
). 

22199 is the latest version available from http://db.us.clamav.net/daily.cvd 
 - so either it was moved or we stopped 
updating the daly db :( 

In all seriousness, I would say this is pretty bad since it means signatures 
haven’t been updated in 3 days. 

- Rafael 


> On Sep 9, 2016, at 6:05 AM, Ed Christiansen MS  > wrote:
> 
> Ah.  Don't worry about the dead link... what possible use could a list of 
> mirror sites be anyway?
> 
> If you mean http://www.clamav.net/documents/official-mirror-faq 
> , it lists errors, but 
> not any other mirrors to check.
> 
> On 9/9/2016 8:58 AM, Joel Esler (jesler) wrote:
>> That link has been dead for a couple years.   We're going to bring it back 
>> eventually.
>> 
>> That being said, there is an FAQ document on how to select a different 
>> mirror.
>> 
>> Sent from my iPhone
>> 
>> On Sep 9, 2016, at 8:42 AM, Ed Christiansen MS > > >> wrote:
>> 
>> I go to the same spot every time.  However, when I went to check the mirrors 
>> today at http://www.clamav.net/mirrors.html 
>>  it shows me a 404 error with a red 
>> rotating clam head.
>> 
>> On 9/8/2016 5:23 PM, Joel Esler (jesler) wrote:
>> What mirror are you getting it from?  The same one every time?  Or different 
>> mirrors every time.
>> 
>> Sent from my iPad
>> 
>> On Sep 8, 2016, at 5:22 PM, Ed Christiansen MS > > >> >> wrote:
>> 
>> Greetings,
>> 
>> I have been getting the updates off database.clamav.net 
>> > >> > for a long time.  The daily.cvd doesn't seem 
>> to have changed size in the past couple days.  Is this normal?
>> 
>> Thanks,
>> 
>> Ed Christiansen
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq 
>> 
>> 
>> http://www.clamav.net/contact.html#ml
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> 
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq 
> 
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Issue with ClamAV on Red Hat Enterprise Linux

2016-05-29 Thread Rafael Ferreira 
That error usually means that main.cvd is corrupted but since freshclam doesn’t 
even run I would start there, it might be just a matter of sorting out your 
/etc/freshclam.conf file

> On May 29, 2016, at 6:55 PM, Nathan Parker  
> wrote:
> 
> Hi there!
> 
> 
> Sorry it's taken me so long to respond. I've had issues receiving the Daily 
> Digests.
> 
> 
> Here's the error message I receive when I attempt to run freshclam:
> 
> 
> [parkernathan@redhatpc ~]$ freshclam
> 
> ERROR: Please edit the example config file /etc/freshclam.conf
> 
> ERROR: Can't open/parse the config file /etc/freshclam.conf
> 
> [parkernathan@redhatpc ~]$
> 
> 
> Here is the error message I receive when I attempt to run clamscan:
> 
> [parkernathan@redhatpc ~]$ clamscan
> LibClamAV Warning: **
> LibClamAV Warning: ***  The virus database is older than 7 days!  ***
> LibClamAV Warning: ***   Please update it as soon as possible.***
> LibClamAV Warning: **
> LibClamAV Error: Can't load /var/lib/clamav/main.cvd: Can't verify database 
> integrity
> LibClamAV Error: cli_loaddbdir(): error loading database 
> /var/lib/clamav/main.cvd
> ERROR: Can't verify database integrity
> 
> --- SCAN SUMMARY ---
> Known viruses: 78529
> Engine version: 0.99.1
> Scanned directories: 0
> Scanned files: 0
> Infected files: 0
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 1.106 sec (0 m 1 s)
> [parkernathan@redhatpc ~]$
> 
> 
> Any help in resolving these two issues would be much appreciated.
> 
> 
> Thanks!
> 
> 
> Nathan Parker
> 
> President/CEO
> Mallard Computer, Inc.
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Issue with ClamAV on Red Hat Enterprise Linux

2016-05-22 Thread Rafael Ferreira 
Can you post the error here? That image is impossible to read. 

> On May 21, 2016, at 8:35 PM, Nathan Parker  
> wrote:
> 
> I recently installed Red Hat Enterprise Linux (7.2 I believe) on a VM on my 
> Mac. I have been trying to install ClamAV on it and get clamscan and 
> freshclam functioning. I am running into some issues.
> 
> Here’s a link to my post on Red Hat forums with an image of my Terminal 
> output with the error messages (I’m not on my RHEL VM at the moment). 
> https://access.redhat.com/discussions/2321751 
> 
> Can someone inform me what is not functioning correctly with my ClamAV 
> installation and help me resolve this? I will also need to get ClamAV 
> installed on a Ubuntu VM as well.
> 
> Thanks!
> 
> Nathan Parker
> 
> President/CEO
> Mallard Computer, Inc.
> 
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Community-sigs] ClamAV® blog: ClamAV Signature Interface maintenance is now complete! New Main.cvd!

2016-03-19 Thread Rafael Ferreira 
Joel, 

First congrats to you and the team, from the sounds of it, this took a lot of 
late nights and caffeine. Quick question, are any of the official sigs 
{main/daily/bytecode} changing names (or extensions)? That does not seem to be 
the case but I figure it would be good to confirm in order to avoid any 
surprises. 

Cheers,

- Rafael 

Rafael Ferreira
Uva Software, LLC | scanii.com <http://scanii.com/> 
☎ 623.252.0441


> On Mar 16, 2016, at 8:24 PM, Joel Esler (jesler) <jes...@cisco.com> wrote:
> 
> 
> http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.htm<http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html?m=1>l
> 
> ClamAV Signature Interface maintenance is now complete! New Main.cvd!
> Our ClamAV Signature Interface maintenance is now complete.  While we 
> apologize for the delay, the rollout of the the new Signature Interface 
> inside of ClamAV will result in several new features for the community, and I 
> wanted to tell you about some of them:
> 
> First, the first new “main.cvd” in about two years.  This main.cvd has been 
> completely re-written from scratch, and while the function of the “main” is 
> largely the same, it’s been rewritten to not only enforce order to the 
> signatures, but naming convention as well.  For example:
> 
> W97M.Ethan.AK-1 has moved to Doc.Trojan.Ethan
> Worm.Padowor.A-zippwd has moved to Win.Worm.Padowor
> Adware.Smshoax has moved to Win.Adware.Smshoax
> 
> Re-naming of the signatures may affect a local user’s whitelist.  If you have 
> excluded certain signatures in the past that are now firing, we ask that you 
> both submit the file to us for false positive remediation (if you believe it 
> to be a false positive), and rename the signature whitelist on your side.
> 
> This new main is 109Mb in size, and contains 4 million signatures for ClamAV. 
>  Now that the main.cvd has been rewritten, it is now easier for us to create 
> diffs, which means upgrading the main more often, and making the “daily.cvd” 
> smaller more often.
> 
> Second,  we now have the ability to offer different types of CVDs.  For 
> instance, we now have the ability to distribute 3rd party signatures that are 
> officially signed by ClamAV, but updated through the ClamAV global mirror 
> network.  If we wanted to separate out “policy” type signatures from the 
> daily.cvd into their own cvd, we can now do that.
> 
> Third, while we have not removed some of the older signature formats, we did 
> convert those older signatures to the newer formats to empty those older 
> “cvd”s out.
> 
> For example:
> “db" signatures were consolidated into “ndb" signatures
> “zmd" and “rmd"  archive signatures we moved to the “cdb" container signature 
> format
> 
> These formats are not new, they simply have never been published before. This 
> includes other formats such as “hsb", “msb", “sfp", and “crb".  The older 
> formats are supported for now, we are simply no longer publishing them.
> 
> Fourth, newer features, like the ability to write signatures based on the 
> SHA256 of a file have been added to the system, and we can now publish that 
> type of detection.
> 
> We’d like to thank you for your patience.
> 
> ClamAV team
> ___
> Community-sigs mailing list
> community-s...@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problems with daily db?

2015-10-18 Thread Rafael Ferreira 
ly patch
> Downloading daily.cvd [100%]
> ERROR: Verification: Can't verify database integrity
> Trying again in 5 secs...
> ClamAV update process started at Sun Oct 18 05:53:10 2015
> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder:
> neo)
> Downloading daily-20931.cdiff [100%]
> Downloading daily-20932.cdiff [100%]
> Downloading daily-20933.cdiff [100%]
> Downloading daily-20934.cdiff [100%]
> Downloading daily-20935.cdiff [100%]
> Downloading daily-20936.cdiff [100%]
> Downloading daily-20937.cdiff [100%]
> Downloading daily-20938.cdiff [100%]
> Downloading daily-20939.cdiff [100%]
> Downloading daily-20940.cdiff [100%]
> Downloading daily-20941.cdiff [100%]
> Downloading daily-20942.cdiff [100%]
> Downloading daily-20943.cdiff [100%]
> Downloading daily-20944.cdiff [100%]
> Downloading daily-20945.cdiff [100%]
> Downloading daily-20946.cdiff [100%]
> Downloading daily-20947.cdiff [100%]
> Downloading daily-20948.cdiff [100%]
> ERROR: cdiff_cmd_close: Can't apply DEL at line 1493879 of daily.mdb
> ERROR: cdiff_apply: Can't execute command CLOSE
> ERROR: cdiff_apply: Error executing command at line 19
> ERROR: getpatch: Can't apply patch
> Downloading daily.cvd [100%]
> ERROR: Verification: Can't verify database integrity
> Giving up on database.clamav.net...
> Update failed. Your network may be down or none of the mirrors listed in
> /usr/local/clamXav/etc/freshclam.conf is working. Check
> http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
>
> -Al-
>
> On Thu, Oct 15, 2015 at 01:41 PM, Rafael Ferreira wrote:
> >
> > Odd, we run Debian (Jessie) Linux and we see this problem on quite a few
> of our hosts; nothing obviously relevant seems to have changed on our side.
> We will keep looking and report back.
> >
> >> On Oct 15, 2015, at 1:15 PM, Steven Morgan <smor...@sourcefire.com>
> wrote:
> >> Thanks, that is working for me with ClamAV 0.98.7. It even worked using
> >> http://scanii-assets.s3.amazonaws.com/daily.cvd. What OS and hardware
> are
> >> you using?
> >>
> >> On Thu, Oct 15, 2015 at 1:30 PM, Rafael Ferreira <r...@uvasoftware.com>
> >> wrote:
> >>> 0.98.7
> >>>
> >>>>> On Oct 15, 2015, at 8:46 AM, Steven Morgan
> >>>> wrote:
> >>>> Rafael,
> >>>>
> >>>> I don't see this. Which version of ClamAV are you using?
> >>>>
> >>>> Steve
> >>>>
> >>>>
> >>>> On Thu, Oct 15, 2015 at 11:24 AM, Rafael Ferreira
> >>>> wrote:
> >>>>> Howdy folks, we started noticing problems with daily.cvd:
> >>>>>
> >>>>> Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd
> >>>>>
> >>>>> Trying to download http://scanii-assets.s3.amazonaws.com/daily.cvd
> (IP:
> >>>>> 54.231.34.41)
> >>>>>
> >>>>> Downloading daily.cvd [100%]
> >>>>>
> >>>>> Loading signatures from daily.cvd
> >>>>>
> >>>>> WARNING: [LibClamAV] cli_parseadd(): Problem adding signature (1b).
> >>>>>
> >>>>> WARNING: [LibClamAV] Problem parsing database at line 1097
> >>>>>
> >>>>> WARNING: [LibClamAV] Can't load daily.ldb: Malformed database
> >>>>>
> >>>>> WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb
> >>>>>
> >>>>> WARNING: [LibClamAV] Can't load
> >>>>>
> /var/lib/clamav/clamav-bde1e525a5ccd73f8aef9d297171cfdc.tmp/clamav-d1391230fbba45ed1a1ab05e2a069102.cvd:
> >>>>> Malformed database
> >>>>>
> >>>>> ERROR: Failed to load new database: Malformed database
> >>>>>
> >>>>> ERROR: During database load : WARNING: [LibClamAV] cli_parse_add():
> >>>>> Problem
> >>>>> adding signature (1). [...] ERROR: Failed to load new database:
> >>>>> Malformed
> >>>>> database
> >>>>>
> >>>>> WARNING: Database load exited with status 55
> >>>>>
> >>>>> ERROR: Failed to load new database
> >>>>>
> >>>>> couple of things worth noting, there's no indication of memory
> pressure
> >>>>> on
> >>>>> the hosts, the databases do pass a sigtool dump of its contents and
> were
> >>>>> tested for potential in flight corruption.
> >>>>>
> >>>>> Anyone else seeing this?
> >>>>>
> >>>>> - Rafael
>
>
>
>
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



-- 
Rafael Ferreira
Uva Software, LLC
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Problems with daily db?

2015-10-15 Thread Rafael Ferreira 
Howdy folks, we started noticing problems with daily.cvd:

Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd

Trying to download http://scanii-assets.s3.amazonaws.com/daily.cvd (IP:
54.231.34.41)

Downloading daily.cvd [100%]

Loading signatures from daily.cvd

WARNING: [LibClamAV] cli_parseadd(): Problem adding signature (1b).

WARNING: [LibClamAV] Problem parsing database at line 1097

WARNING: [LibClamAV] Can't load daily.ldb: Malformed database

WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb

WARNING: [LibClamAV] Can't load
/var/lib/clamav/clamav-bde1e525a5ccd73f8aef9d297171cfdc.tmp/clamav-d1391230fbba45ed1a1ab05e2a069102.cvd:
Malformed database

ERROR: Failed to load new database: Malformed database

ERROR: During database load : WARNING: [LibClamAV] cli_parse_add(): Problem
adding signature (1). [...] ERROR: Failed to load new database: Malformed
database

WARNING: Database load exited with status 55

ERROR: Failed to load new database

couple of things worth noting, there's no indication of memory pressure on
the hosts, the databases do pass a sigtool dump of its contents and were
tested for potential in flight corruption.

Anyone else seeing this?

- Rafael
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Rafael Ferreira 
Odd, we run Debian (Jessie) Linux and we see this problem on quite a few of our 
hosts; nothing obviously relevant seems to have changed on our side. We will 
keep looking and report back.

> On Oct 15, 2015, at 1:15 PM, Steven Morgan <smor...@sourcefire.com> wrote:
> 
> Thanks, that is working for me with ClamAV 0.98.7. It even worked using
> http://scanii-assets.s3.amazonaws.com/daily.cvd. What OS and hardware are
> you using?
> 
> On Thu, Oct 15, 2015 at 1:30 PM, Rafael Ferreira <r...@uvasoftware.com>
> wrote:
> 
>> 0.98.7
>> 
>>>> On Oct 15, 2015, at 8:46 AM, Steven Morgan <smor...@sourcefire.com>
>>> wrote:
>>> 
>>> Rafael,
>>> 
>>> I don't see this. Which version of ClamAV are you using?
>>> 
>>> Steve
>>> 
>>> 
>>> On Thu, Oct 15, 2015 at 11:24 AM, Rafael Ferreira <r...@uvasoftware.com>
>>> wrote:
>>> 
>>>> Howdy folks, we started noticing problems with daily.cvd:
>>>> 
>>>> Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd
>>>> 
>>>> Trying to download http://scanii-assets.s3.amazonaws.com/daily.cvd (IP:
>>>> 54.231.34.41)
>>>> 
>>>> Downloading daily.cvd [100%]
>>>> 
>>>> Loading signatures from daily.cvd
>>>> 
>>>> WARNING: [LibClamAV] cli_parseadd(): Problem adding signature (1b).
>>>> 
>>>> WARNING: [LibClamAV] Problem parsing database at line 1097
>>>> 
>>>> WARNING: [LibClamAV] Can't load daily.ldb: Malformed database
>>>> 
>>>> WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb
>>>> 
>>>> WARNING: [LibClamAV] Can't load
>> /var/lib/clamav/clamav-bde1e525a5ccd73f8aef9d297171cfdc.tmp/clamav-d1391230fbba45ed1a1ab05e2a069102.cvd:
>>>> Malformed database
>>>> 
>>>> ERROR: Failed to load new database: Malformed database
>>>> 
>>>> ERROR: During database load : WARNING: [LibClamAV] cli_parse_add():
>> Problem
>>>> adding signature (1). [...] ERROR: Failed to load new database:
>> Malformed
>>>> database
>>>> 
>>>> WARNING: Database load exited with status 55
>>>> 
>>>> ERROR: Failed to load new database
>>>> 
>>>> couple of things worth noting, there's no indication of memory pressure
>> on
>>>> the hosts, the databases do pass a sigtool dump of its contents and were
>>>> tested for potential in flight corruption.
>>>> 
>>>> Anyone else seeing this?
>>>> 
>>>> - Rafael
>>>> ___
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>> 
>>>> http://www.clamav.net/contact.html#ml
>>> ___
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problems with daily db?

2015-10-15 Thread Rafael Ferreira 
0.98.7 

> On Oct 15, 2015, at 8:46 AM, Steven Morgan <smor...@sourcefire.com> wrote:
> 
> Rafael,
> 
> I don't see this. Which version of ClamAV are you using?
> 
> Steve
> 
> 
> On Thu, Oct 15, 2015 at 11:24 AM, Rafael Ferreira <r...@uvasoftware.com>
> wrote:
> 
>> Howdy folks, we started noticing problems with daily.cvd:
>> 
>> Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd
>> 
>> Trying to download http://scanii-assets.s3.amazonaws.com/daily.cvd (IP:
>> 54.231.34.41)
>> 
>> Downloading daily.cvd [100%]
>> 
>> Loading signatures from daily.cvd
>> 
>> WARNING: [LibClamAV] cli_parseadd(): Problem adding signature (1b).
>> 
>> WARNING: [LibClamAV] Problem parsing database at line 1097
>> 
>> WARNING: [LibClamAV] Can't load daily.ldb: Malformed database
>> 
>> WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb
>> 
>> WARNING: [LibClamAV] Can't load
>> 
>> /var/lib/clamav/clamav-bde1e525a5ccd73f8aef9d297171cfdc.tmp/clamav-d1391230fbba45ed1a1ab05e2a069102.cvd:
>> Malformed database
>> 
>> ERROR: Failed to load new database: Malformed database
>> 
>> ERROR: During database load : WARNING: [LibClamAV] cli_parse_add(): Problem
>> adding signature (1). [...] ERROR: Failed to load new database: Malformed
>> database
>> 
>> WARNING: Database load exited with status 55
>> 
>> ERROR: Failed to load new database
>> 
>> couple of things worth noting, there's no indication of memory pressure on
>> the hosts, the databases do pass a sigtool dump of its contents and were
>> tested for potential in flight corruption.
>> 
>> Anyone else seeing this?
>> 
>> - Rafael
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Streaming support in ClamD

2015-07-07 Thread Rafael Ferreira 
Well, the progress you see is likely to be transfer, not processing, time since 
that’s where most time is going to be spent for a sizable file anyways (under 
normal circumstances) so I doubt clamd is your main latency source here. 

Can you elaborate on your setup a bit? Is the ICAP proxy in-line to your users 
or alongside another caching proxy like squid? 

- Rafael 
--
Scanii.com | the web friendly virus scanner

 On Jul 7, 2015, at 5:14 PM, Jason Haar jason_h...@trimble.com wrote:
 
 Great timing for me on this topic. We are currently phasing out our use
 of Henrik's great havp proxy and are going to ICAP - and I have been
 majorly disappointed with the performance of the commercial ICAP
 services I've tried
 
 I had a 60M zip file I was testing with via Firefox: Kaspersky would say
 9 hours to download, then go 9h, 9h, 9h, 9h, complete! - which is an
 AWFUL end-user experience. F-Secure would go unknown, unknown, unknown,
 complete! - which is even worse. Strangely enough, the one ICAP service
 that worked well was - c-icap with CLAMD! That seemed to give a much
 better feeling of 2m, 2m, 1m, complete! - which seems to contradict
 what's been said here
 
 Henrik - you said ICAP can't achieve such trickery - are you sure
 about that? If that's true (and my c-icap test is somehow mistaken),
 then I'm majorly disappointed - and a bit stuck as to how to do AV
 filtering without users screaming
 
 (PS: yes the AVs all took 2minutes to download and process the same file
 - but the *perception* of performance is the key attribute I want to see)
 
 Jason
 
 -- 
 Cheers
 
 Jason Haar
 Corporate Information Security Manager, Trimble Navigation Ltd.
 Phone: +1 408 481 8171
 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
 
 ___
 Help us build a comprehensive ClamAV guide:
 https://github.com/vrtadmin/clamav-faq
 
 http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml