Re: [clamav-users] Error in testing clamav and no fanotify

[Micah Snyder (micasnyd) via clamav-users]

Frans,

Can you provide some more details about your system?  What version of Linux are 
you testing on?

-Micah

On 10/3/19, 5:05 PM, "clamav-users on behalf of Frans de Boer" 
 wrote:

LS,

The 0.102.0 version has problem to enable fanotify. Setting it manually 
does not work, only when a statement in configure '$have-fanotify=no' is 
changed to yes, it is included in the compile phase.

Also, the test 'test-clamav' is always failing. I did not tried the 
101.4 version yet to see if that behaves the same. 101.3 is compiling 
properly and tests are all passed.

Regards, Frans.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Error in testing clamav and no fanotify

[Frans de Boer]

LS,

The 0.102.0 version has problem to enable fanotify. Setting it manually 
does not work, only when a statement in configure '$have-fanotify=no' is 
changed to yes, it is included in the compile phase.


Also, the test 'test-clamav' is always failing. I did not tried the 
101.4 version yet to see if that behaves the same. 101.3 is compiling 
properly and tests are all passed.


Regards, Frans.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV(R) blog: ClamAV 0.102.0 Release Candidate is now available

[Dennis Peterson]

Does this obsolete earlier versions of ClamAV?

dp

On 10/2/19 2:20 PM, Joel Esler (jesler) via clamav-users wrote:

Ssl interaction with mirrors and ClamAV.net.

Sent from my  iPhone


On Oct 2, 2019, at 16:42, Rick Cooper  wrote:


Not wanting to appear stuipid but exactly what important security feature 
does the new lincurl include that is so important to moving clamav forward?



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Question

[Eric Tykwinski]

> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
Behalf Of Wagde Zabit via clamav-users
> Sent: Thursday, October 03, 2019 1:09 PM
> To: ClamAV users ML
> Cc: Wagde Zabit
> Subject: Re: [clamav-users] Question
>
> https://www.clamav.net/downloads/production/clamav-0.102.0.tar.gz
>

Or my preference: https://github.com/Cisco-Talos/clamav-devel

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300





___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Question

[Wagde Zabit via clamav-users]

https://www.clamav.net/downloads/production/clamav-0.102.0.tar.gz 



> On 3 Oct 2019, at 19:13, alex mc via clamav-users 
>  wrote:
> 
> Hi, lately I've been looking for the clamav antivirus code but I don't know 
> why I can't find it, could you send it to me or tell me where to find it?
> Thank you so much
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Question

[Joel Esler (jesler) via clamav-users]

You mean on clamav.net/downloads?

 

--

Joel Esler

Manager, Communities Division

Cisco Talos Intelligence Group

http://www.talosintelligence.com

 

From: clamav-users  on behalf of alex mc 
via clamav-users 
Reply-To: ClamAV users ML 
Date: Thursday, October 3, 2019 at 12:31 PM
To: "clamav-users@lists.clamav.net" 
Cc: alex mc 
Subject: [clamav-users] Question

 

Hi, lately I've been looking for the clamav antivirus code but I don't know why 
I can't find it, could you send it to me or tell me where to find it?
Thank you so much



smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Question

[alex mc via clamav-users]

Hi, lately I've been looking for the clamav antivirus code but I don't know
why I can't find it, could you send it to me or tell me where to find it?
Thank you so much

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] [Clamav-devel] ClamAV(R) blog: ClamAV 0.102.0 has been released!

[Micah Snyder (micasnyd) via clamav-users]

Muhammad,

Let's continue this conversation offline, as Mussels isn't available to 
everyone yet.

Micah

On 10/3/19, 6:31 AM, "clamav-devel on behalf of Muhammad Moosa Aslam" 
 wrote:

Dear Team,

after running  python -m pip install --user in the main directory at the
below mentioned step I am stucked, in the main directory of mussels
whenever I write mussels the cmd is unable to recognize the command.

Then, from the same directory (because the recipes are currently co-located
with the Mussels program files), run:
mussels --help
or just:
mussels

[image: image.png]

Regards

On Thu, Oct 3, 2019 at 12:08 AM Joel Esler (jesler) 
wrote:

>
>
> https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html
>
> ClamAV 0.102.0 has been released!
> Today we are excited to release ClamAV 0.102.0!
>
> Users that have tested the 0.102.0 release candidate may note that the
> 0.102.0 release includes a handful of minor bug fixes and improvements 
over
> the release candidate.  For easy reference, these include:
>
>   *   Improved zlib, and iconv detection when running ./configure.
>   *   Fixed detection of the libcurl version and c-ares dependency
> required for the LocalIP freshclam config option.
>   *   Fixed bug in file copy routine that caused a failure when attempting
> to update freshclam using a DatabaseCustomURL with "file://"
>   *   Added ./configure --enable-libclamav-only option, for those wishing
> to bypass building of libfreshclam and the ClamAV CLI applications. This
> option also bypasses the libcurl dependency requirement.
>
> Release materials for ClamAV 0.102.0 can be found on the ClamAV's
> downloads site.
> Release Notes
> ClamAV 0.102.0 includes an assortment improvements and a couple of
> significant changes.
>
> Major changes
>
>   *   The On-Access Scanning feature has been migrated out of clamd and
> into a brand new utility named clamonacc. This utility is similar to
> clamdscan and clamav-milter in that it acts as a client to clamd. This
> separation from clamd means that clamd no longer needs to run with root
> privileges while scanning potentially malicious files. Instead, clamd may
> drop privileges to run under an account that does not have super-user. In
> addition to improving the security posture of running clamd with On-Access
> enabled, this update fixed a few outstanding defects:
>  *   On-Access scanning for created and moved files (Extra-Scanning)
> is fixed.
>  *   VirusEvent for On-Access scans is fixed.
>  *   With clamonacc, it is now possible to copy, move, or remove a
> file if the scan triggered an alert, just like with clamdscan.
>  *   For details on how to use the new clamonacc On-Access scanner,
> please refer to the user manual on ClamAV.net<
> http://www.clamav.net/documents/>, and please read our blog post entitled
> "Understanding and transitioning to ClamAV's new On-Access scanner<
> https://blog.clamav.net/2019/09/understanding-and-transitioning-to.html>."
>   *   The freshclam database update utility has undergone a significant
> update. This includes:
>  *   Added support for HTTPS.
>  *   Support for database mirrors hosted on ports other than 80.
>  *   Removal of the mirror management feature (mirrors.dat).
>  *   An all new libfreshclam library API.
>
> Notable changes
>
>   *   Added support for extracting ESTsoft .egg archives. This feature is
> new code developed from scratch using ESTsoft's Egg-archive specification
> and without referencing the UnEgg library provided by ESTsoft. This was
> necessary because the UnEgg library's license includes restrictions
> limiting the commercial use of the UnEgg library.
>   *   The documentation has moved!
>  *   Users should navigate to ClamAV.net<
> http://www.clamav.net/documents/> to view the documentation online.
>  *   The documentation will continue to be provided in HTML format
> with each release for offline viewing in the docs/html directory.
>  *   The new home for the documentation markdown is in our ClamAV FAQ
> Github repository.
>   *   To remediate future denial of service conditions caused by excessive
> scan times, we introduced a scan time limit. The default value is 2 
minutes
> (12 milliseconds).
>
> To customize the time limit:
>  *   use the clamscan --max-scantime option
>  *   use the clamd MaxScanTime config option
>   *   Libclamav users may customize the time limit using the
> cl_engine_set_num function. For example:
>
> cl_engine_set_num(engine, CL_ENGINE_

Re: [clamav-users] ClamAV® blog: ClamAV 0.102.0 has been released!

[G.W. Haywood via clamav-users]

Hi there,

On Thu, 3 Oct 2019, Marco wrote:


Il 02/10/2019 21:08, Joel Esler (jesler) via clamav-users ha scritto:




https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html


  ClamAV 0.102.0 has been released!


I read "the version of clamonacc (and clamd) released with 0.102.0 is not 
optimized for sending files and receiving verdicts via a network stream".


It took me a couple of tries to find where you read that.  It's not
actually in the link you posted, but it is in

https://blog.clamav.net/2019/

and since both pages start with the same 3rd October item it was a
little confusing.


I use Amavis and clamd with INSTREAM to check infected emails.
Clamd is listening at TCP port 3310 the Amavis requests.

Do you suggest to upgrade to this last clamd version?


You might want consider the following before doing it.

Until now clamonacc and clamd ran together on the same machine.  Every
time clamd scans a file, it first computes a hash of the file and puts
the hash in a lookup table if it isn't already there.  After it has
scanned the file it stores the result with the hash.  The next time it
sees the same file, instead of scanning it all over again it can just
look in the lookup table and return that result.  Until the separation
of the clamonacc utilty from clamd (for excellent reasons) clamonacc
had access to clamd's lookup table.  After the separation, it doesn't.

That means as things are at the moment in 0.102.x, if you're using a
TCP socket to stream data from clamonacc to clamd you'll need to send
the whole file every time you san it.  I believe in future development
clamonacc will be given its own lookup table, so it can compute a hash
and first send just the hash to the clamd instance.  That's obviously
a lot less data to send if that hash is already in clamd's table too.

The performance gain from hashing is very significant.  I do not use
clamonacc and I do not use clamav-milter.  I interface directly with
clamd from my own milter and I use TCP for the communications between
clamd and the milter.  Typically, for modest-sized files in the region
of tens to hundreds of kilobytes which have not already been hashed, I
see scan times in the order of tens to hundreds of milliseconds on my
ageing dual 2.7GHz Opterons.  If a file has already been hashed, the
clamd response will come back in 2-3 milliseconds.  Obviously the TCP
data transfer times will very much depend on your network.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.102.0 has been released!

[Marco]

Il 02/10/2019 21:08, Joel Esler (jesler) via clamav-users ha scritto:




https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html


  ClamAV 0.102.0 has been released!


Hello,

 I read "the version of clamonacc (and clamd) released with 0.102.0 is 
not optimized for sending files and receiving verdicts via a network 
stream".


I use Amavis and clamd with INSTREAM to check infected emails.
Clamd is listening at TCP port 3310 the Amavis requests.

Do you suggest to upgrade to this last clamd version?

Thank you
Kind Regards
Marco

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml