[Clamav-users] clamAV 0.91.2 error scanning pdf - platform Linux

2007-09-23 Thread K.Deepak 
Hi All,

I am running ClamAV 0.91.2 release on RedHat Enterprise Linux 5 release
(64 bit  version).  I scanned a pdf and it gives clamav a denial of
service. can someone help me giving me a fix to this.

I am giving the output of clamscan that i ran on the pdf at the end of
this email. important things are marked in bold

Regards
K.Deepak



*LibClamAV debug: Initializing the engine (0.91.2)*
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex:
^(0[xX][0-9a-fA-F]+|[0-9]+)(\.(0[xX][0-9a-fA-F]+|[0-9]+)){0,3}$
LibClamAV debug: Phishcheck: Compiling regex:
^(a[dfilmoqrtuwxz]|b[bdeghijmorstwyz]|c[ahlmnosuy]|d[ejkmz]|e[cegrstu]|f[ijr]|g[abdeghilmnprtuwy]|h[nrtu]|i[delnqst]|j[emop]|k[eghimwz]|l[birstuv]|m[acglmnoqrstuvwxyz]|n[aegilopru]|om|p[aehkltwy]|qa|r[ow]|s[cdeginorz]|t[dghjklmnorvwz]|u[agyz]|v[enu]|ws|y[etu])$
LibClamAV debug: Phishcheck: Compiling regex:
^(A[CDEFGILMNOQRSTUWXZ]|B[ABDEFGHIJMNORSTVWYZ]|C[ACDFGHIKLMNORUVXYZ]|D[EJKMOZ]|E[CEGRSTU]|F[IJKMOR]|G[ABDEFGHILMNPQRSTUWY]|H[KMNRTU]|I[DELMNOQRST]|J[EMOP]|K[EGHIMNRWYZ]|L[ABCIKRSTUVY]|M[ACDGHKLMNOPQRSTUVWXYZ]|N[ACEFGILOPRUZ]|OM|P[AEFGHKLMNRSTWY]|QA|R[EOUW]|S[ABCDEGHIJKLMNORTUVYZ]|T[CDFGHJKLMNOPRTVWZ]|U[AGKMSYZ]|V[ACEGINU]|W[FS]|Y[ETU]|Z[AMW]|BIZ|CAT|COM|EDU|GOV|INT|MIL|NET|ORG|PRO|AERO|ARPA|COOP|INFO|JOBS|MOBI|NAME|MUSEUM)$
LibClamAV debug: Phishcheck: Compiling regex: ^
*(([a-zA-Z]([-$_@a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})*:(//)?)?(([-$_@a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})|\+)+\.((([-$_@a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})|\+)+\.)*(A[CDEFGILMNOQRSTUWXZ]|B[ABDEFGHIJMNORSTVWYZ]|C[ACDFGHIKLMNORUVXYZ]|D[EJKMOZ]|E[CEGRSTU]|F[IJKMOR]|G[ABDEFGHILMNPQRSTUWY]|H[KMNRTU]|I[DELMNOQRST]|J[EMOP]|K[EGHIMNRWYZ]|L[ABCIKRSTUVY]|M[ACDGHKLMNOPQRSTUVWXYZ]|N[ACEFGILOPRUZ]|OM|P[AEFGHKLMNRSTWY]|QA|R[EOUW]|S[ABCDEGHIJKLMNORTUVYZ]|T[CDFGHJK
 

LMNOPRTVWZ]|U[AGKMSYZ]|V[ACEGINU]|W[FS]|Y[ETU]|Z[AMW]|BIZ|CAT|COM|EDU|GOV|INT|MIL|NET|ORG|PRO|AERO|ARPA|COOP|INFO|JOBS|MOBI|NAME|MUSEUM)(/(([EMAIL
 PROTECTED]a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})|\+|=)*)*(\?(([EMAIL 
PROTECTED]a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})+)*)?(#([EMAIL 
PROTECTED]a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})+)?|(http|https|ftp)://.+) 

*$
LibClamAV debug: Phishcheck: Compiling regex: ^
*([a-zA-Z]([-$_@a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})*:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}(:(([-$_@a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})|\+)+)?(/((([EMAIL
 PROTECTED]a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})|\+)+/?)*)?(\?(([EMAIL 
PROTECTED]a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})+)*)?(#([EMAIL 
PROTECTED]a-zA-Z0-9!*'(),]|%[0-9a-fA-f]{2})+)? 

*$
LibClamAV debug: Phishcheck module initialized
LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Initializing engine-root[0]
LibClamAV debug: Initialising AC pattern matcher of root[0]
LibClamAV debug: cli_initroots: Initializing BM tables of root[0]
LibClamAV debug: in cli_bm_init()
LibClamAV debug: BM: Number of indexes = 63744
LibClamAV debug: Initializing engine-root[1]
LibClamAV debug: Initialising AC pattern matcher of root[1]
LibClamAV debug: cli_initroots: Initializing BM tables of root[1]
LibClamAV debug: in cli_bm_init()
LibClamAV debug: BM: Number of indexes = 63744
LibClamAV debug: Initializing engine-root[2]
LibClamAV debug: Initialising AC pattern matcher of root[2]
LibClamAV debug: cli_initroots: Initializing BM tables of root[2]
LibClamAV debug: in cli_bm_init()
LibClamAV debug: BM: Number of indexes = 63744
LibClamAV debug: Initializing engine-root[3]
LibClamAV debug: Initialising AC pattern matcher of root[3]
LibClamAV debug: cli_initroots: Initializing BM tables of root[3]
LibClamAV debug: in cli_bm_init()
LibClamAV debug: BM: Number of indexes = 63744
LibClamAV debug: /var/lib/clamav/phish.ndb loaded
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = f58ebea492c9bd38d4921f6c60b480cb
LibClamAV debug: cli_versig: Decoded signature:
f58ebea492c9bd38d4921f6c60b480cb
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking
/tmp/clamav-462851ba33b53ab50d257fe9274b4048/COPYING
LibClamAV debug: Unpacking
/tmp/clamav-462851ba33b53ab50d257fe9274b4048/main.db
LibClamAV debug: Unpacking
/tmp/clamav-462851ba33b53ab50d257fe9274b4048/main.hdb
LibClamAV debug: Unpacking
/tmp/clamav-462851ba33b53ab50d257fe9274b4048/main.ndb
LibClamAV debug: Unpacking
/tmp/clamav-462851ba33b53ab50d257fe9274b4048/main.zmd
LibClamAV debug: Unpacking
/tmp/clamav-462851ba33b53ab50d257fe9274b4048/main.fp
LibClamAV debug: Unpacking
/tmp/clamav-462851ba33b53ab50d257fe9274b4048/main.mdb
LibClamAV debug: Unpacking
/tmp/clamav-462851ba33b53ab50d257fe9274b4048/main.info
LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock
LibClamAV debug: Loading databases from
/tmp/clamav-462851ba33b53ab50d257fe9274b4048
LibClamAV debug: /tmp/clamav-462851ba33b53ab50d257fe9274b4048/main.ndb
loaded
LibClamAV debug: /tmp/clamav-462851ba33b53ab50d257fe9274b4048/main.db loaded
LibClamAV debug:

[Clamav-users] Updated unofficial-sigs.sh script available

2007-09-23 Thread Bill Landry 
After a discussion on the clamav-users list yesterday of an issue a
couple of script users were experiencing with write access to the
temporary directory, I made a change to the script to overcome this
issue.  There are also a couple of other script modifications to make
the integer expression handling more consistent throughout the script.

There is no new functionality, and thus no need to upgrade unless you
were experiencing the following error when running the script:

ERROR: Can't write to temporary directory

I have gotten confirmation from a couple of users that were experiencing
this error that the latest version of the script resolves the issue.  As
usual, the updated script can be downloaded from:

ftp://ftp.inetmsg.com/pub/unofficial-sigs.sh

I should be available from the SaneSecuirty Usage page, as well, once
Steve has gotten a chance to upload it.

Regards,

Bill
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamd problem

2007-09-23 Thread Matthias Schmidt 
Hello,

I have a little problem with clamd:
the process terminates, because:
Socket file /tmp/clamd is in use by another process.

now I have no glue, which other process could use the socket file from clamd.
I set the permissions to 777 on the end, but didn't help.
The original user and group is clamav.
So it seams to be not a permission problem.

This all runs on a Mac OS 10.4.10 Server with clamav 0.91.2


Thanks and all the best

Matthias

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamd problem

2007-09-23 Thread Dennis Peterson 
Matthias Schmidt wrote:
 Hello,
 
 I have a little problem with clamd:
 the process terminates, because:
 Socket file /tmp/clamd is in use by another process.
 
 now I have no glue, which other process could use the socket file from clamd.
 I set the permissions to 777 on the end, but didn't help.
 The original user and group is clamav.
 So it seams to be not a permission problem.
 
 This all runs on a Mac OS 10.4.10 Server with clamav 0.91.2
 
 
 Thanks and all the best
 
 Matthias

Run lsof to see what processes have the socket open.

Use ktrace and kdump to see what is happening when the process is 
started. Explain how clamd is started and how it is restarted. What 
other processes use /tmp/clamd? (see lsof).

dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamd problem

2007-09-23 Thread Bill Landry 
Matthias Schmidt wrote the following on 9/23/2007 8:20 PM -0800:
 Hello,

 I have a little problem with clamd:
 the process terminates, because:
 Socket file /tmp/clamd is in use by another process.

 now I have no glue, which other process could use the socket file from clamd.
 I set the permissions to 777 on the end, but didn't help.
 The original user and group is clamav.
 So it seams to be not a permission problem.

 This all runs on a Mac OS 10.4.10 Server with clamav 0.91.2
   
I seen orphaned socket files left when clamd crashes.  When clamd is
stopped, check to see if there is still a orphaned socket file left in
/tmp/clamd.  If there is, delete it and then you should be able to start
clamd.

Bill
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html