date:20170713

Re: [clamav-users] Freshclam or clamav-database

2017-07-13 Thread Bob Williams

On Thu, 13 Jul 2017 16:14:43 +0200
Benny Pedersen  wrote:

> Bob Williams skrev den 2017-07-12 11:30:
> 
> > Thank you. The openSUSE updater has a method of locking packages to
> > prevent unwanted updates, which I have now applied:
> > 
> > # zypper al clamav-database  
> 
> in that case you would uninstall freshclam, else you get unstable 
> results
> 
The command I gave above prevents the updater from downloading clamav-database, 
leaving the job to freshclam. So no, I don't want to uninstall freshclam.

> notify opensuse maintainers to not provide clamav-database, let 
> freshclam do its work please
> 
Opensuse provide clamav-database so that new installations of clamav have 
something to work with. My mistake was to continue fetching clamav-database 
from the opensuse repo, instead of using freshclam.

> i remember when clamav tarball was holding current databases, so
> gentoo users have to download old data to get new clamav source code,
> now this is solved, but seems opensuse have to learn more still :=)
> 
> note freshclam is a daemon aswell as clamd, when both runs as so it 
> works perfectly
> 
> on top of that disable systemd for clamd and freshclam, this 2 things 
> are not designed to be used from systemd at all
> 
Seems to work OK here

> i hate precompiled problems
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml



-- 
Bob Williams
   System:  Linux 4.4.74-18.20-default
   Distro:  openSUSE 42.2 (x86_64)
   Desktop: KDE Frameworks: 5.26.0, Qt: 5.6.1 and Plasma: 5.8.2


pgpxrJCGWdGXO.pgp
Description: OpenPGP digital signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam or clamav-database

2017-07-13 Thread Reindl Harald




Am 13.07.2017 um 16:14 schrieb Benny Pedersen:

Bob Williams skrev den 2017-07-12 11:30:


Thank you. The openSUSE updater has a method of locking packages to
prevent unwanted updates, which I have now applied:

# zypper al clamav-database


in that case you would uninstall freshclam, else you get unstable results


no - nothing on the system will change the clamav database any longer

notify opensuse maintainers to not provide clamav-database, let 
freshclam do its work please


nonsense - to provide is perfectly OK but not to require, see my 
previous post how it is solved on Fedora


i remember when clamav tarball was holding current databases, so gentoo 
users have to download old data to get new clamav source code, now this 
is solved, but seems opensuse have to learn more still :=)


no, that's hwy subpackages exists

note freshclam is a daemon aswell as clamd, when both runs as so it 
works perfectly


freshclam is a cronjob

on top of that disable systemd for clamd and freshclam, this 2 things 
are not designed to be used from systemd at all


bullshit proven by running multiple clamd services over a long time as 
well as freshclam with a systemd unit - you just have no clue about 
systemd, that's all



i hate precompiled problems


and i hate persons which always give bad advises, if you have no clue 
about packaging then just be silent when it comes ot non-gentoo systems

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Segmentation fault (core dumped) for clamscan & clamdscan for large zip files

2017-07-13 Thread Steven Morgan

Hi Ravi,

Thanks for reporting this. Is it possible to upload the file to dropbox (or
other) for testing?

Steve

On Thu, Jul 13, 2017 at 5:24 AM, Ravi  wrote:

> Hi,
>
> We observed that segfaults causing clamd crash when scanning a zip
> file(around 190 MB) which gets extracted by clamd in /tmp which goes upto
> around 4.3 GB which is crossing hardlimits(*set to filesize and scanszie of
> 4294967295 bytes in clamd.conf*). The system(OEL Virtual Machine) has
> around 12 GB total memory & free memory of around 9 GB when the scan was
> run. Below is the more info. Need help here to resolve since previously we
> had scanned files of around 5GB which was not causing the issues.
>
> OS version : Oracle Linux Server release 7.2
> System: CPU Core : 4, Memory: 12GB
> ClamAV version: ClamAV 0.99.2/23555/Wed Jul 12 07:00:09 2017
>
> *# clamconf*
>
> *Config file: clamd.conf*
> *---*
> *LogFile disabled*
> *StatsHostID disabled*
> *StatsEnabled disabled*
> *StatsPEDisabled disabled*
> *StatsTimeout disabled*
> *LogFileUnlock disabled*
> *LogFileMaxSize = "1048576"*
> *LogTime disabled*
> *LogClean disabled*
> *LogSyslog = "yes"*
> *LogFacility = "LOG_LOCAL6"*
> *LogVerbose disabled*
> *LogRotate disabled*
> *ExtendedDetectionInfo disabled*
> *PidFile = "/var/run/clamd.scan/clamd.pid"*
> *TemporaryDirectory disabled*
> *DatabaseDirectory = "/var/lib/clamav"*
> *OfficialDatabaseOnly disabled*
> *LocalSocket = "/var/run/clamd.scan/clamd.sock"*
> *LocalSocketGroup disabled*
> *LocalSocketMode disabled*
> *FixStaleSocket = "yes"*
> *TCPSocket = "3310"*
> *TCPAddr = "127.0.0.1"*
> *MaxConnectionQueueLength = "30"*
> *StreamMaxLength = "26214400"*
> *StreamMinPort = "1024"*
> *StreamMaxPort = "2048"*
> *MaxThreads = "50"*
> *ReadTimeout = "300"*
> *CommandReadTimeout = "5"*
> *SendBufTimeout = "500"*
> *MaxQueue = "100"*
> *IdleTimeout = "30"*
> *ExcludePath disabled*
> *MaxDirectoryRecursion = "15"*
> *FollowDirectorySymlinks disabled*
> *FollowFileSymlinks disabled*
> *CrossFilesystems = "yes"*
> *SelfCheck = "600"*
> *DisableCache disabled*
> *VirusEvent disabled*
> *ExitOnOOM disabled*
> *AllowAllMatchScan = "yes"*
> *Foreground disabled*
> *Debug disabled*
> *LeaveTemporaryFiles disabled*
> *User = "clamav"*
> *AllowSupplementaryGroups = "yes"*
> *Bytecode = "yes"*
> *BytecodeSecurity = "TrustSigned"*
> *BytecodeTimeout = "5000"*
> *BytecodeUnsigned disabled*
> *BytecodeMode = "ForceInterpreter"*
> *DetectPUA disabled*
> *ExcludePUA disabled*
> *IncludePUA disabled*
> *AlgorithmicDetection = "yes"*
> *ScanPE = "yes"*
> *ScanELF = "yes"*
> *DetectBrokenExecutables = "yes"*
> *ScanMail = "yes"*
> *ScanPartialMessages disabled*
> *PhishingSignatures = "yes"*
> *PhishingScanURLs = "yes"*
> *PhishingAlwaysBlockCloak disabled*
> *PhishingAlwaysBlockSSLMismatch disabled*
> *PartitionIntersection disabled*
> *HeuristicScanPrecedence disabled*
> *StructuredDataDetection disabled*
> *StructuredMinCreditCardCount = "3"*
> *StructuredMinSSNCount = "3"*
> *StructuredSSNFormatNormal = "yes"*
> *StructuredSSNFormatStripped disabled*
> *ScanHTML = "yes"*
> *ScanOLE2 = "yes"*
> *OLE2BlockMacros disabled*
> *ScanPDF = "yes"*
> *ScanSWF = "yes"*
> *ScanXMLDOCS = "yes"*
> *ScanHWP3 = "yes"*
> *ScanArchive = "yes"*
> *ArchiveBlockEncrypted disabled*
> *ForceToDisk disabled*
> *MaxScanSize = "4294967295"*
> *MaxFileSize = "4294967295"*
> *MaxRecursion = "16"*
> *MaxFiles = "1"*
> *MaxEmbeddedPE = "10485760"*
> *MaxHTMLNormalize = "10485760"*
> *MaxHTMLNoTags = "2097152"*
> *MaxScriptNormalize = "5242880"*
> *MaxZipTypeRcg = "1048576"*
> *MaxPartitions = "50"*
> *MaxIconsPE = "100"*
> *MaxRecHWP3 = "16"*
> *PCREMatchLimit = "1"*
> *PCRERecMatchLimit = "5000"*
> *PCREMaxFileSize = "26214400"*
> *ScanOnAccess disabled*
> *OnAccessMountPath disabled*
> *OnAccessIncludePath disabled*
> *OnAccessExcludePath disabled*
> *OnAccessExcludeUID disabled*
> *OnAccessMaxFileSize = "5242880"*
> *OnAccessDisableDDD disabled*
> *OnAccessPrevention disabled*
> *OnAccessExtraScanning disabled*
> *DevACOnly disabled*
> *DevACDepth disabled*
> *DevPerformance disabled*
> *DevLiblog disabled*
> *DisableCertCheck disabled*
>
> *Config file: freshclam.conf*
> *---*
> *StatsHostID disabled*
> *StatsEnabled disabled*
> *StatsTimeout disabled*
> *LogFileMaxSize = "1048576"*
> *LogTime disabled*
> *LogSyslog = "yes"*
> *LogFacility = "LOG_LOCAL6"*
> *LogVerbose disabled*
> *LogRotate disabled*
> *PidFile disabled*
> *DatabaseDirectory = "/var/lib/clamav"*
> *Foreground disabled*
> *Debug disabled*
> *AllowSupplementaryGroups disabled*
> *UpdateLogFile = "/var/log/clamav/freshclam.log"*
> *DatabaseOwner = "clamav"*
> *Checks = "12"*
> *DNSDatabaseInfo = "current.cvd.clamav.net  >"*
> *DatabaseMirror = "db.us.clamav.net "*
> *PrivateMirror disabled*
> *MaxAttempts = "3"*
> *ScriptedUpdates = "yes"*
> *TestDatabases = "yes"*
> *CompressLocalDatabase disabled*
>

Re: [clamav-users] Freshclam or clamav-database

2017-07-13 Thread Benny Pedersen


Bob Williams skrev den 2017-07-12 11:30:


Thank you. The openSUSE updater has a method of locking packages to
prevent unwanted updates, which I have now applied:

# zypper al clamav-database


in that case you would uninstall freshclam, else you get unstable 
results


notify opensuse maintainers to not provide clamav-database, let 
freshclam do its work please


i remember when clamav tarball was holding current databases, so gentoo 
users have to download old data to get new clamav source code, now this 
is solved, but seems opensuse have to learn more still :=)


note freshclam is a daemon aswell as clamd, when both runs as so it 
works perfectly


on top of that disable systemd for clamd and freshclam, this 2 things 
are not designed to be used from systemd at all


i hate precompiled problems
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Segmentation fault (core dumped) for clamscan & clamdscan for large zip files

2017-07-13 Thread Ravi

Hi,

We observed that segfaults causing clamd crash when scanning a zip
file(around 190 MB) which gets extracted by clamd in /tmp which goes upto
around 4.3 GB which is crossing hardlimits(*set to filesize and scanszie of
4294967295 bytes in clamd.conf*). The system(OEL Virtual Machine) has
around 12 GB total memory & free memory of around 9 GB when the scan was
run. Below is the more info. Need help here to resolve since previously we
had scanned files of around 5GB which was not causing the issues.

OS version : Oracle Linux Server release 7.2
System: CPU Core : 4, Memory: 12GB
ClamAV version: ClamAV 0.99.2/23555/Wed Jul 12 07:00:09 2017

*# clamconf*

*Config file: clamd.conf*
*---*
*LogFile disabled*
*StatsHostID disabled*
*StatsEnabled disabled*
*StatsPEDisabled disabled*
*StatsTimeout disabled*
*LogFileUnlock disabled*
*LogFileMaxSize = "1048576"*
*LogTime disabled*
*LogClean disabled*
*LogSyslog = "yes"*
*LogFacility = "LOG_LOCAL6"*
*LogVerbose disabled*
*LogRotate disabled*
*ExtendedDetectionInfo disabled*
*PidFile = "/var/run/clamd.scan/clamd.pid"*
*TemporaryDirectory disabled*
*DatabaseDirectory = "/var/lib/clamav"*
*OfficialDatabaseOnly disabled*
*LocalSocket = "/var/run/clamd.scan/clamd.sock"*
*LocalSocketGroup disabled*
*LocalSocketMode disabled*
*FixStaleSocket = "yes"*
*TCPSocket = "3310"*
*TCPAddr = "127.0.0.1"*
*MaxConnectionQueueLength = "30"*
*StreamMaxLength = "26214400"*
*StreamMinPort = "1024"*
*StreamMaxPort = "2048"*
*MaxThreads = "50"*
*ReadTimeout = "300"*
*CommandReadTimeout = "5"*
*SendBufTimeout = "500"*
*MaxQueue = "100"*
*IdleTimeout = "30"*
*ExcludePath disabled*
*MaxDirectoryRecursion = "15"*
*FollowDirectorySymlinks disabled*
*FollowFileSymlinks disabled*
*CrossFilesystems = "yes"*
*SelfCheck = "600"*
*DisableCache disabled*
*VirusEvent disabled*
*ExitOnOOM disabled*
*AllowAllMatchScan = "yes"*
*Foreground disabled*
*Debug disabled*
*LeaveTemporaryFiles disabled*
*User = "clamav"*
*AllowSupplementaryGroups = "yes"*
*Bytecode = "yes"*
*BytecodeSecurity = "TrustSigned"*
*BytecodeTimeout = "5000"*
*BytecodeUnsigned disabled*
*BytecodeMode = "ForceInterpreter"*
*DetectPUA disabled*
*ExcludePUA disabled*
*IncludePUA disabled*
*AlgorithmicDetection = "yes"*
*ScanPE = "yes"*
*ScanELF = "yes"*
*DetectBrokenExecutables = "yes"*
*ScanMail = "yes"*
*ScanPartialMessages disabled*
*PhishingSignatures = "yes"*
*PhishingScanURLs = "yes"*
*PhishingAlwaysBlockCloak disabled*
*PhishingAlwaysBlockSSLMismatch disabled*
*PartitionIntersection disabled*
*HeuristicScanPrecedence disabled*
*StructuredDataDetection disabled*
*StructuredMinCreditCardCount = "3"*
*StructuredMinSSNCount = "3"*
*StructuredSSNFormatNormal = "yes"*
*StructuredSSNFormatStripped disabled*
*ScanHTML = "yes"*
*ScanOLE2 = "yes"*
*OLE2BlockMacros disabled*
*ScanPDF = "yes"*
*ScanSWF = "yes"*
*ScanXMLDOCS = "yes"*
*ScanHWP3 = "yes"*
*ScanArchive = "yes"*
*ArchiveBlockEncrypted disabled*
*ForceToDisk disabled*
*MaxScanSize = "4294967295"*
*MaxFileSize = "4294967295"*
*MaxRecursion = "16"*
*MaxFiles = "1"*
*MaxEmbeddedPE = "10485760"*
*MaxHTMLNormalize = "10485760"*
*MaxHTMLNoTags = "2097152"*
*MaxScriptNormalize = "5242880"*
*MaxZipTypeRcg = "1048576"*
*MaxPartitions = "50"*
*MaxIconsPE = "100"*
*MaxRecHWP3 = "16"*
*PCREMatchLimit = "1"*
*PCRERecMatchLimit = "5000"*
*PCREMaxFileSize = "26214400"*
*ScanOnAccess disabled*
*OnAccessMountPath disabled*
*OnAccessIncludePath disabled*
*OnAccessExcludePath disabled*
*OnAccessExcludeUID disabled*
*OnAccessMaxFileSize = "5242880"*
*OnAccessDisableDDD disabled*
*OnAccessPrevention disabled*
*OnAccessExtraScanning disabled*
*DevACOnly disabled*
*DevACDepth disabled*
*DevPerformance disabled*
*DevLiblog disabled*
*DisableCertCheck disabled*

*Config file: freshclam.conf*
*---*
*StatsHostID disabled*
*StatsEnabled disabled*
*StatsTimeout disabled*
*LogFileMaxSize = "1048576"*
*LogTime disabled*
*LogSyslog = "yes"*
*LogFacility = "LOG_LOCAL6"*
*LogVerbose disabled*
*LogRotate disabled*
*PidFile disabled*
*DatabaseDirectory = "/var/lib/clamav"*
*Foreground disabled*
*Debug disabled*
*AllowSupplementaryGroups disabled*
*UpdateLogFile = "/var/log/clamav/freshclam.log"*
*DatabaseOwner = "clamav"*
*Checks = "12"*
*DNSDatabaseInfo = "current.cvd.clamav.net "*
*DatabaseMirror = "db.us.clamav.net "*
*PrivateMirror disabled*
*MaxAttempts = "3"*
*ScriptedUpdates = "yes"*
*TestDatabases = "yes"*
*CompressLocalDatabase disabled*
*ExtraDatabase disabled*
*DatabaseCustomURL disabled*
*HTTPProxyServer = "proxy "*
*HTTPProxyPort = "80"*
*HTTPProxyUsername = "test"*
*HTTPProxyPassword = "test"*
*HTTPUserAgent disabled*
*NotifyClamd = "/etc/clamd.conf"*
*OnUpdateExecute disabled*
*OnErrorExecute disabled*
*OnOutdatedExecute disabled*
*LocalIPAddress disabled*
*ConnectTimeout = "30"*
*ReceiveTimeout = "30"*
*SubmitDetectionStats disabled*
*DetectionStatsCountry disabled*
*DetectionStatsHostID disabled*
*

Re: [clamav-users] Signature not detected

2017-07-13 Thread ungifted01



13.07.2017 05:32, Alex пишет:
> On Wed, Jul 12, 2017 at 3:02 PM, Alain Zidouemba
>  wrote:
>> Signature will be going out shortly.
> 
> It's now detected thanks to the amazing work by Steve from
> sanesecurity. Also appreciate your help - perhaps his sig just hits
> first.
> 
> I've also just submitted another unrelated to investigate.
> 
> $ sha1sum GOOGLESER.doc
> d42e71932c866f9822c800fe46cd46bdf1b5e739  GOOGLESER.doc

f4434f22ffc51edf9641140d1b747feeab6b5a6a  SCAN50784502102.DOC

> 
>>
>> On Wed, Jul 12, 2017 at 2:52 PM, Alex  wrote:
>>
>>> Hi, we've received a word virus that isn't currently being detected by
>>> any scanners. I've submitted the FN, but would like to see if we can
>>> get that pushed out as soon as possible.
>>>
>>> $ sha1sum Invoice_SKMBT_20170501.doc
>>> 6cc1dd12fbc79311ebaf59e19e562ff63141f457  Invoice_SKMBT_20170501.doc
>>>
>>> It's not currently being found by any scanners:
>>> https://www.virustotal.com/en/file/5b10fb6d20649c246d970e521e4436
>>> d70608bbb8c6d6128245d349c69a76ef10/analysis/
>>>
>>> Also, there's some notes in the "comments" section of this post. What
>>> does it mean? How can I use that to my benefit in the future?
>>>
>>> Is there any way a postfix/amavisd/spamassassin/clamav user can
>>> benefit from this information by blocking based on that signature
>>> provided?
>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam or clamav-database

Re: [clamav-users] Freshclam or clamav-database

Re: [clamav-users] Segmentation fault (core dumped) for clamscan & clamdscan for large zip files

Re: [clamav-users] Freshclam or clamav-database

[clamav-users] Segmentation fault (core dumped) for clamscan & clamdscan for large zip files

Re: [clamav-users] Signature not detected

6 matches

Site Navigation

Mail list logo

Footer information