Re: [clamav-users] PhishingScanURLs no/yes
On 11/08/2020 00:53, Paul via clamav-users wrote: [SNIP] Further digging has led me to find that when 'PhishingScanURLs no" is set the signatures in safebrowsing.cld are not loaded by clamd. Well, there's a win for plain and simple use of the English language (or a close approximation thereof. ;-) ). Cheers, GaryB-) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] PhishingScanURLs no/yes
On 10/08/2020 15:10, G.W. Haywood via clamav-users wrote: Hi there, On Mon, 10 Aug 2020, Paul via clamav-users wrote: Can anybody explain why when "PhishingScanURLs no " I get Loaded 9042923 signatures in logs and when "PhishingScanURLs yes" I get Loaded 11256306 signatures I would have expected the difference to be the count of urls in daily.pdb (263) not 2,213,383. What else is not getting loaded when "PhishingScanURLs no" is set. I suspect at least one fundamental misunderstanding. It isn't clear to me how you have reached the conclusion that the 'PhishingScanURLs' configuration option should have the effect which you describe (nor is it clear why you mention only 'daily.pdb'). ClamAV signatures have a complex structure. Without a good understanding of it, you'll find it difficult to work with them. Please see the documentation, especially http://www.clamav.net/documents/phishsigs#hints which should explain why the number of URLs which you have counted (by _whatever_ method) in any of the signature databases is not relevant to the observed difference in the numbers of signatures loaded. The entry for the 'PhishingScanURLs' configuration option in the man page for clamd.conf may also help. Apart from curiosity, is there some deeper reason behind the question such as memory consumption, performance, vulnerability, ...? It's a great deal more important to understand the limitations and potential downsides of enabling certain features than it is to count signatures. I'm tempted to say that a bare signature count is, to all intents and purposes, more or less meaningless. Hi Further digging has led me to find that when 'PhishingScanURLs no" is set the signatures in safebrowsing.cld are not loaded by clamd. paule@larch:clamscan -d safebrowsing.cld /etc/hosts /etc/hosts: OK --- SCAN SUMMARY --- Known viruses: 2213119 Engine version: 0.102.4 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 3.954 sec (0 m 3 s) Thanks Paul ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] PhishingScanURLs no/yes
Hi there, On Mon, 10 Aug 2020, Paul via clamav-users wrote: Can anybody explain why when "PhishingScanURLs no " I get Loaded 9042923 signatures in logs and when "PhishingScanURLs yes" I get Loaded 11256306 signatures I would have expected the difference to be the count of urls in daily.pdb (263) not 2,213,383. What else is not getting loaded when "PhishingScanURLs no" is set. I suspect at least one fundamental misunderstanding. It isn't clear to me how you have reached the conclusion that the 'PhishingScanURLs' configuration option should have the effect which you describe (nor is it clear why you mention only 'daily.pdb'). ClamAV signatures have a complex structure. Without a good understanding of it, you'll find it difficult to work with them. Please see the documentation, especially http://www.clamav.net/documents/phishsigs#hints which should explain why the number of URLs which you have counted (by _whatever_ method) in any of the signature databases is not relevant to the observed difference in the numbers of signatures loaded. The entry for the 'PhishingScanURLs' configuration option in the man page for clamd.conf may also help. Apart from curiosity, is there some deeper reason behind the question such as memory consumption, performance, vulnerability, ...? It's a great deal more important to understand the limitations and potential downsides of enabling certain features than it is to count signatures. I'm tempted to say that a bare signature count is, to all intents and purposes, more or less meaningless. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] PhishingScanURLs no/yes
Hi Can anybody explain why when "PhishingScanURLs no " I get Loaded 9042923 signatures in logs and when "PhishingScanURLs yes" I get Loaded 11256306 signatures I would have expected the difference to be the count of urls in daily.pdb (263) not 2,213,383. What else is not getting loaded when "PhishingScanURLs no" is set. Regards Paul ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV 0.102.4 crash in test directory
Hi, You are right. The crash is specific to my build. On Ubuntu it works well. I shall open a ticket to supply more information. Thank you, Zvi On 8/9/2020 4:37 PM, G.W. Haywood via clamav-users wrote: Hi there, On Sun, 9 Aug 2020, Zvi Kave via clamav-users wrote: I get a crash - Memory fault(coredump) - when scanning clamav 0.102.4 test directory. Other files pass OK. I found that the crash is caused by each one of the 6 files: clam.ea05.exe, clam.ea06.exe, clam_IScab_ext.exe, clam_IScab_int.exe, clam_ISmsi_ext.exe, clam_ISmsi_int.exe. I suggest that you open a ticket at https://bugzilla.clamav.net/enter_bug.cgi Using the form there you can attach copies of the files. ... I am running on IBM i PASE, an AIX Unix-like. This problem may be specific to your build. After you have uploaded the sample files I will gladly scan them for you using a system here, to see if the same thing happens. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml