Re: [clamav-users] Upgrade to 1.0.0
lz4 was last updated in Debian in September 2022. If you're running Debian Unstable and not upgrading packages for months, that's not a distro problem. That said, lz4 isn't used by clamav, so whatever it was, that's likely a coincidence. Debian Unstable isn't for everyone. It's not uncommon for things to get temporarily broken and then fixed. You do need to keep it up to date and be prepared for periods where the ride may get a little rough. Scott K On Sunday, January 29, 2023 5:33:42 PM EST Jorge Bastos wrote: > Ah, > > Guys, solved it, this might help someone. > It was liblz4-1 that was outdated!! and the upgrade of clamav disn't > force that lib update (debian issue maybe), > > On 2023-01-29 22:31, Jorge Bastos wrote: > > Hi, > > > > I've managed to solve the freshclam part, but not CLAMD has a new > > error: > > > > Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_loadinfo: > > Incorrect digital signature > > Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_loadinfo: > > Problem parsing database at line 25 > > Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: Can't load > > daily.info: Malformed database > > Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_tgzload: > > Can't load daily.info > > Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: Can't load > > /var/lib/clamav/daily.cld: Malformed database > > Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: > > cli_loaddbdir: error loading database /var/lib/clamav/daily.cld > > > > What could it be? > > I see a few people with the same issue, but no answer, > > > > On 2023-01-27 12:22, Jorge Bastos wrote: > > > > Howdy, > > > > It's the debian binary, on sid, > > > > Should i ask the package maintainers to update it? > > > > On 2023-01-26 22:36, Micah Snyder (micasnyd) via clamav-users wrote: > > > > How did you install ClamAV? > > > > We had a similar issue in the release candidate for 1.0.0. As far as I > > know, that was completely resolved. > > > > Is this your github issue? > > https://github.com/Cisco-Talos/clamav/issues/818 [1] > > It sounds like the same issue, but I haven't observed it myself and > > haven't heard of any widespread issues. > > > > Yes, wget and similar tools are intentionally blocked and discouraged > > because they waste precious bandwidth by downloading whole signature > > databases when only a small update is required, or no update is > > required. See > > https://docs.clamav.net/faq/faq-freshclam.html?highlight=wget#http-error-c > > odes [2] for more details. > > > > Regards, > > Micah > > > > Micah Snyder > > ClamAV Development > > Talos > > Cisco Systems, Inc. > > > > - > > > > From: clamav-users on behalf of > > Jorge Bastos > > Sent: Thursday, January 26, 2023 2:11 PM > > To: ClamAV users ML > > Subject: [clamav-users] Upgrade to 1.0.0 > > > > Hi Guys! > > > > I upgraded to 1.0.0, and boom, now I have a problem!! > > > > Freshclam can't download/verify signatures databases. > > > > I'm always getting this info below, the only thing that happened was > > the upgrade! > > For some reason I can't test the download with wget, maybe it's > > forbidden, if I try it on my windows desktop i can download it. > > Would it be some issue with freshclam with the user agent that is being > > issued when downloading? > > > > Thanks in avanced, > > > > root@fastmail:/var/log/clamav# freshclam --version > > ClamAV 1.0.0 > > root@fastmail:/var/log/clamav# > > > > Thu Jan 26 10:09:00 2023 -> -- > > Thu Jan 26 10:09:00 2023 -> freshclam daemon 1.0.0 (OS: Linux, ARCH: > > x86_64, CPU: x86_64) > > Thu Jan 26 10:09:00 2023 -> ClamAV update process started at Thu Jan 26 > > 10:09:00 2023 > > Thu Jan 26 10:09:00 2023 -> daily database available for download > > (remote version: 26793) > > Thu Jan 26 10:09:02 2023 -> ERROR: Verification: Can't verify database > > integrity > > Thu Jan 26 10:09:02 2023 -> Trying again in 5 secs... > > Thu Jan 26 10:09:07 2023 -> daily database available for download > > (remote version: 26793) > > Thu Jan 26 10:09:08 2023 -> ^Can't download daily.cvd from > > https://database.clamav.net/daily.cvd > > ___ > > > > Manage your clamav-users mailing list subscription / unsubscribe: > > https://lists.clamav.net/mailman/listinfo/clamav-users > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/Cisco-Talos/clamav-documentation > > > > https://docs.clamav.net/#mailing-lists-and-chat > > > > ___ > > > > Manage your clamav-users mailing list subscription / unsubscribe: > > https://lists.clamav.net/mailman/listinfo/clamav-users > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/Cisco-Talos/clamav-documentation > > > > https://docs.clamav.net/#mailing-lists-and-chat > > ___ > > Man
Re: [clamav-users] Upgrade to 1.0.0
Ah, Guys, solved it, this might help someone. It was liblz4-1 that was outdated!! and the upgrade of clamav disn't force that lib update (debian issue maybe), On 2023-01-29 22:31, Jorge Bastos wrote: Hi, I've managed to solve the freshclam part, but not CLAMD has a new error: Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_loadinfo: Incorrect digital signature Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_loadinfo: Problem parsing database at line 25 Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: Can't load daily.info: Malformed database Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_tgzload: Can't load daily.info Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: Can't load /var/lib/clamav/daily.cld: Malformed database Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_loaddbdir: error loading database /var/lib/clamav/daily.cld What could it be? I see a few people with the same issue, but no answer, On 2023-01-27 12:22, Jorge Bastos wrote: Howdy, It's the debian binary, on sid, Should i ask the package maintainers to update it? On 2023-01-26 22:36, Micah Snyder (micasnyd) via clamav-users wrote: How did you install ClamAV? We had a similar issue in the release candidate for 1.0.0. As far as I know, that was completely resolved. Is this your github issue? https://github.com/Cisco-Talos/clamav/issues/818 [1] It sounds like the same issue, but I haven't observed it myself and haven't heard of any widespread issues. Yes, wget and similar tools are intentionally blocked and discouraged because they waste precious bandwidth by downloading whole signature databases when only a small update is required, or no update is required. See https://docs.clamav.net/faq/faq-freshclam.html?highlight=wget#http-error-codes [2] for more details. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. - From: clamav-users on behalf of Jorge Bastos Sent: Thursday, January 26, 2023 2:11 PM To: ClamAV users ML Subject: [clamav-users] Upgrade to 1.0.0 Hi Guys! I upgraded to 1.0.0, and boom, now I have a problem!! Freshclam can't download/verify signatures databases. I'm always getting this info below, the only thing that happened was the upgrade! For some reason I can't test the download with wget, maybe it's forbidden, if I try it on my windows desktop i can download it. Would it be some issue with freshclam with the user agent that is being issued when downloading? Thanks in avanced, root@fastmail:/var/log/clamav# freshclam --version ClamAV 1.0.0 root@fastmail:/var/log/clamav# Thu Jan 26 10:09:00 2023 -> -- Thu Jan 26 10:09:00 2023 -> freshclam daemon 1.0.0 (OS: Linux, ARCH: x86_64, CPU: x86_64) Thu Jan 26 10:09:00 2023 -> ClamAV update process started at Thu Jan 26 10:09:00 2023 Thu Jan 26 10:09:00 2023 -> daily database available for download (remote version: 26793) Thu Jan 26 10:09:02 2023 -> ERROR: Verification: Can't verify database integrity Thu Jan 26 10:09:02 2023 -> Trying again in 5 secs... Thu Jan 26 10:09:07 2023 -> daily database available for download (remote version: 26793) Thu Jan 26 10:09:08 2023 -> ^Can't download daily.cvd from https://database.clamav.net/daily.cvd ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat Links: -- [1] https://github.com/Cisco-Talos/clamav/issues/818 [2] https://docs.clamav.net/faq/faq-freshclam.html?highlight=wget#http-error-codes___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Upgrade to 1.0.0
Hi, I've managed to solve the freshclam part, but not CLAMD has a new error: Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_loadinfo: Incorrect digital signature Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_loadinfo: Problem parsing database at line 25 Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: Can't load daily.info: Malformed database Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_tgzload: Can't load daily.info Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: Can't load /var/lib/clamav/daily.cld: Malformed database Jan 29 22:22:12 fastmail clamd[3497157]: LibClamAV Error: cli_loaddbdir: error loading database /var/lib/clamav/daily.cld What could it be? I see a few people with the same issue, but no answer, On 2023-01-27 12:22, Jorge Bastos wrote: Howdy, It's the debian binary, on sid, Should i ask the package maintainers to update it? On 2023-01-26 22:36, Micah Snyder (micasnyd) via clamav-users wrote: How did you install ClamAV? We had a similar issue in the release candidate for 1.0.0. As far as I know, that was completely resolved. Is this your github issue? https://github.com/Cisco-Talos/clamav/issues/818 [1] It sounds like the same issue, but I haven't observed it myself and haven't heard of any widespread issues. Yes, wget and similar tools are intentionally blocked and discouraged because they waste precious bandwidth by downloading whole signature databases when only a small update is required, or no update is required. See https://docs.clamav.net/faq/faq-freshclam.html?highlight=wget#http-error-codes [2] for more details. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. - From: clamav-users on behalf of Jorge Bastos Sent: Thursday, January 26, 2023 2:11 PM To: ClamAV users ML Subject: [clamav-users] Upgrade to 1.0.0 Hi Guys! I upgraded to 1.0.0, and boom, now I have a problem!! Freshclam can't download/verify signatures databases. I'm always getting this info below, the only thing that happened was the upgrade! For some reason I can't test the download with wget, maybe it's forbidden, if I try it on my windows desktop i can download it. Would it be some issue with freshclam with the user agent that is being issued when downloading? Thanks in avanced, root@fastmail:/var/log/clamav# freshclam --version ClamAV 1.0.0 root@fastmail:/var/log/clamav# Thu Jan 26 10:09:00 2023 -> -- Thu Jan 26 10:09:00 2023 -> freshclam daemon 1.0.0 (OS: Linux, ARCH: x86_64, CPU: x86_64) Thu Jan 26 10:09:00 2023 -> ClamAV update process started at Thu Jan 26 10:09:00 2023 Thu Jan 26 10:09:00 2023 -> daily database available for download (remote version: 26793) Thu Jan 26 10:09:02 2023 -> ERROR: Verification: Can't verify database integrity Thu Jan 26 10:09:02 2023 -> Trying again in 5 secs... Thu Jan 26 10:09:07 2023 -> daily database available for download (remote version: 26793) Thu Jan 26 10:09:08 2023 -> ^Can't download daily.cvd from https://database.clamav.net/daily.cvd ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat Links: -- [1] https://github.com/Cisco-Talos/clamav/issues/818 [2] https://docs.clamav.net/faq/faq-freshclam.html?highlight=wget#http-error-codes___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] About scanning files larger than 2 GB in size
Thank you for the information. I understand that files larger than 2GB will be treated as clean files without the "AlertExceedsMax yes" setting. I want to wait for the day when I can properly scan files larger than 2GB. T.O On Thu, 26 Jan 2023 22:27:12 + "Micah Snyder \(micasnyd\) via clamav-users" wrote: > > Tsutomu Oyamada asked what actually happens when a large file is > > scanned, not why the limit is there. > > The default behavior is to treat the file as clean if any of the scan limits > are exceeded (scan time, scan size, file size, etc). > > If you want an alert if the limits are exceeded, then you can use the > following options: > For ClamD, set "AlertExceedsMax yes" in the "clamd.conf" file. > For ClamScan, use the "--alert-exceeds-max" option on the command line. > > This will cause clamav to report one of the following signatures when the > limits are exceeded: > - Heuristics.Limits.Exceeded.MaxFileSize > - Heuristics.Limits.Exceeded.MaxScanSize > - Heuristics.Limits.Exceeded.MaxFiles > - Heuristics.Limits.Exceeded.MaxRecursion > - Heuristics.Limits.Exceeded.MaxScanTime > - Heuristics.Limits.Exceeded.EmailLineFoldcnt > - Heuristics.Limits.Exceeded.EmailHeaderBytes > - Heuristics.Limits.Exceeded.EmailHeaders > - Heuristics.Limits.Exceeded.EmailMIMEPartsPerMessage > - Heuristics.Limits.Exceeded.EmailMIMEArguments > and possibly more with the "Heuristics.Limits.Exceeded." prefix. > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > > > From: Andrew C Aitchison > Sent: Wednesday, January 25, 2023 10:59 PM > To: Micah Snyder (micasnyd) via clamav-users > Cc: Micah Snyder (micasnyd) > Subject: Re: [clamav-users] About scanning files larger than 2 GB in size > > On Thu, 26 Jan 2023, Micah Snyder (micasnyd) via clamav-users wrote: > > > Paul is sort-of correct but the 2GB limit isn't artificial as he has > > implied. > > Paul did not answer the original poster's question. > Tsutomu Oyamada asked what actually happens when a large file is > scanned, not why the limit is there. > > > On Sun, 22 Jan 2023 05:40:18 +0900 > > Tsutomu Oyamada wrote: > > > >> How do I set up clamd? > >> Setting MaxFileSize to "0" is unlimited, but internally files > >> larger than 2GB in size cannot be scanned. In this case, do you > >> treat the file as clean without scanning it at all? > > > ClamAV code contains a lot of signed and unsigned 32bit variables > > that must be upgraded to 64bit variables to support larger files. > > Before raising the limit, a tedious audit process must be completed > > to ensure that all variables are upgraded in all modules. We cannot > > simply remove the limit and cross our fingers. > > A static analyzer such as cppcheck, PVS-Studio or the ones built into > gcc and clang may be useful tools in the tedious audit. > > -- > Andrew C. Aitchison Kendal, UK > and...@aitchison.me.uk ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] ClamAV Private Mirror Question
Hello, I have setup a private mirror for ClamAV. I have pointed it to the private mirror on freshclam.conf. My question is how do i test this to make sure I am pulling the most up to date definitions from the private mirror to the server being scanned? Thanks in advance. Sent from my iPhone. Please excuse any typos. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
