Re: [clamav-users] IPv6 servers having problems?

[James Brown]

Yeah, I’ve been getting this for a few days:

main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
WARNING: getpatch: Can't download daily-21398.cdiff from db.JP.clamav.net
WARNING: getpatch: Can't download daily-21398.cdiff from db.JP.clamav.net
ERROR: getpatch: Can't download daily-21398.cdiff from db.JP.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from db.JP.clamav.net
Giving up on db.JP.clamav.net...
ClamAV update process started at Tue Feb 23 09:57:40 2016
securiteinfo.hdb is up to date (version: custom database)
securiteinfo.ign2 is up to date (version: custom database)
javascript.ndb is up to date (version: custom database)
spam_marketing.ndb is up to date (version: custom database)
securiteinfohtml.hdb is up to date (version: custom database)
securiteinfoascii.hdb is up to date (version: custom database)
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
WARNING: getpatch: Can't download daily-21398.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-21398.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-21398.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in 
/usr/local/etc/freshclam.conf is working. Check 
http://www.clamav.net/doc/mirrors-faq.html for possible reasons.

James.

> On 23 Feb 2016, at 8:25 AM, Joel Esler (jesler)  wrote:
> 
> Jay,
> 
> I’ve forwarded the email over to our Ops Team.
> 
> --
> Joel Esler
> Manager, Talos Group
> 
> 
> 
> 
> On Feb 22, 2016, at 4:06 PM, Jay Clubb 
> mailto:j...@clubbusa.com>> wrote:
> 
> Starting to see more and more of this:
> 
> ERROR: getpatch: Can't download daily-21400.cdiff from 
> db.us.ipv6.clamav.net
> ERROR: Can't download daily.cvd from 
> db.us.ipv6.clamav.net
> 
> 
> This weekend I was able to ping one of the ipv6 addresses but now neither one 
> responds.
> 
> TIA
> Jay
> 
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Where do I send the latest zip with a ransomware viri in it?

[James Brown]

http://www.clamav.net/reports/malware

Also email it to samp...@sanesecurity.me.uk

James.

> On 17 Mar 2016, at 9:30 AM, Gene Heskett  wrote:
> 
> Greetings all;
> 
> I got a zip this morning, addressed to me from me.  Dropped on 
> virustotal, show 9 hits from other viri detectors.
> 
> Opening this will ruin your day.  Its ransomware.
> 
> I'm now nuking that real source address on the mail server.  No clue if 
> that will help, but when a class D attacks me, that whole class C gets 
> sent to /dev/null on the mail server, forever.
> 
> But I have saved it, and you need to develop a detector pretty fast,  so 
> where do I send it?
> 
> Cheers, Gene Heskett
> -- 
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

[James Brown]

> On 29 May 2016, at 2:12 AM, Groach  
> wrote:
> 
> But with SANE DEFINITIONS:
> 
> --- SCAN SUMMARY ---
> Known viruses: 4512349
> Engine version: 0.99.1
> Scanned directories: 0
> Scanned files: 24
> **Infected files: 23**
> 
> Data scanned: 3.92 MB
> Data read: 1.48 MB (ratio 2.65:1)
> Time: 17.409 sec (0 m 17 s)
> 
> --
> Completed
> --

Have you submitted the one that got through to samp...@sanesecurity.me.uk?

James.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Startup crash on MacOS X - version 0.100.0

[James Brown]

I upgraded from 0.99.3 (which worked perfectly) to 0.100.0. Everything seemed 
to work but today I noticed that it wasn’t actually running. No mention of 
there being a problem in the logs:

Thu May 10 10:01:25 2018 -> +++ Started at Thu May 10 10:01:25 2018
Thu May 10 10:01:25 2018 -> Received 0 file descriptor(s) from systemd.
Thu May 10 10:01:25 2018 -> clamd daemon 0.100.0 (OS: darwin11.4.2, ARCH: 
x86_64, CPU: x86_64)
Thu May 10 10:01:25 2018 -> Log file size limited to 2097152 bytes.
Thu May 10 10:01:25 2018 -> Reading databases from /usr/local/clamav
Thu May 10 10:01:25 2018 -> Not loading PUA signatures.
Thu May 10 10:01:25 2018 -> Bytecode: Security mode set to "TrustSigned".
Thu May 10 10:02:13 2018 -> Loaded 13435987 signatures.
Thu May 10 10:02:17 2018 -> LOCAL: Removing stale socket file /tmp/clamd
Thu May 10 10:02:17 2018 -> LOCAL: Unix socket file /tmp/clamd
Thu May 10 10:02:17 2018 -> LOCAL: Setting connection queue length to 200
Thu May 10 10:02:17 2018 -> Limits: Global size limit set to 104857600 bytes.
Thu May 10 10:02:17 2018 -> Limits: File size limit set to 26214400 bytes.
Thu May 10 10:02:17 2018 -> Limits: Recursion level limit set to 16.
Thu May 10 10:02:17 2018 -> Limits: Files limit set to 1.
Thu May 10 10:02:17 2018 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Thu May 10 10:02:17 2018 -> Limits: MaxHTMLNormalize limit set to 10485760 
bytes.
Thu May 10 10:02:17 2018 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Thu May 10 10:02:17 2018 -> Limits: MaxScriptNormalize limit set to 5242880 
bytes.
Thu May 10 10:02:17 2018 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Thu May 10 10:02:17 2018 -> Limits: MaxPartitions limit set to 50.
Thu May 10 10:02:17 2018 -> Limits: MaxIconsPE limit set to 100.
Thu May 10 10:02:17 2018 -> Limits: MaxRecHWP3 limit set to 16.
Thu May 10 10:02:17 2018 -> Limits: PCREMatchLimit limit set to 10.
Thu May 10 10:02:17 2018 -> Limits: PCRERecMatchLimit limit set to 5000.
Thu May 10 10:02:17 2018 -> Limits: PCREMaxFileSize limit set to 26214400.
Thu May 10 10:02:17 2018 -> Archive support enabled.
Thu May 10 10:02:17 2018 -> Archive: Blocking encrypted archives.
Thu May 10 10:02:17 2018 -> BlockMax heuristic detection disabled.
Thu May 10 10:02:17 2018 -> Algorithmic detection enabled.
Thu May 10 10:02:17 2018 -> Portable Executable support enabled.
Thu May 10 10:02:17 2018 -> ELF support enabled.
Thu May 10 10:02:17 2018 -> Mail files support enabled.
Thu May 10 10:02:17 2018 -> Mail: RFC1341 handling enabled.
Thu May 10 10:02:17 2018 -> OLE2 support enabled.
Thu May 10 10:02:17 2018 -> OLE2: Blocking all VBA macros.
Thu May 10 10:02:17 2018 -> PDF support enabled.
Thu May 10 10:02:17 2018 -> SWF support enabled.
Thu May 10 10:02:17 2018 -> HTML support enabled.
Thu May 10 10:02:17 2018 -> XMLDOCS support enabled.
Thu May 10 10:02:17 2018 -> HWP3 support enabled.
Thu May 10 10:02:17 2018 -> Self checking every 600 seconds.
Thu May 10 10:02:17 2018 -> Set stacksize to 1048576
 
Mac OS cash report:



clamd_2018-05-10-100246_localhost.crash
Description: Binary data


Most useful part is probably this:

"Crashed Thread:  2

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x, 0x

Application Specific Information:
Assertion failed: (sp == 0), function yr_execute_code, file yara_exec.c, line 
177."


Any suggestions?

Thanks,

James.___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Startup crash on MacOS X - version 0.100.0

[James Brown]

Thanks for your replay Al.

Have just got it working. This was the clue:

Application Specific Information:
Assertion failed: (sp == 0), function yr_execute_code, file yara_exec.c, line 
177.”

I deleted all the .yar and .yara files from /usr/local/clamav and it started 
fine (and is still running).

Hope this helps someone else.

James.

> On 10 May 2018, at 11:34 am, Al Varnell  wrote:
> 
> OS X 10.7.5 is very old, but I know it's been done successfully for 10.6.8 by 
> using several work-arounds. Looks like you have PCRE working and assume you 
> got over any OpenSSL hurdles. 
> 
> Might help if you posted the output of 
> sudo clamconf
> 
> -Al-
> ClamXAV User
> 
> On Wed, May 09, 2018 at 05:40 PM, James Brown wrote:
>> I upgraded from 0.99.3 (which worked perfectly) to 0.100.0. Everything 
>> seemed to work but today I noticed that it wasn’t actually running. No 
>> mention of there being a problem in the logs:
>> 
>> Thu May 10 10:01:25 2018 -> +++ Started at Thu May 10 10:01:25 2018
>> Thu May 10 10:01:25 2018 -> Received 0 file descriptor(s) from systemd.
>> Thu May 10 10:01:25 2018 -> clamd daemon 0.100.0 (OS: darwin11.4.2, ARCH: 
>> x86_64, CPU: x86_64)
>> Thu May 10 10:01:25 2018 -> Log file size limited to 2097152 bytes.
>> Thu May 10 10:01:25 2018 -> Reading databases from /usr/local/clamav
>> Thu May 10 10:01:25 2018 -> Not loading PUA signatures.
>> Thu May 10 10:01:25 2018 -> Bytecode: Security mode set to "TrustSigned".
>> Thu May 10 10:02:13 2018 -> Loaded 13435987 signatures.
>> Thu May 10 10:02:17 2018 -> LOCAL: Removing stale socket file /tmp/clamd
>> Thu May 10 10:02:17 2018 -> LOCAL: Unix socket file /tmp/clamd
>> Thu May 10 10:02:17 2018 -> LOCAL: Setting connection queue length to 200
>> Thu May 10 10:02:17 2018 -> Limits: Global size limit set to 104857600 bytes.
>> Thu May 10 10:02:17 2018 -> Limits: File size limit set to 26214400 bytes.
>> Thu May 10 10:02:17 2018 -> Limits: Recursion level limit set to 16.
>> Thu May 10 10:02:17 2018 -> Limits: Files limit set to 1.
>> Thu May 10 10:02:17 2018 -> Limits: MaxEmbeddedPE limit set to 10485760 
>> bytes.
>> Thu May 10 10:02:17 2018 -> Limits: MaxHTMLNormalize limit set to 10485760 
>> bytes.
>> Thu May 10 10:02:17 2018 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
>> Thu May 10 10:02:17 2018 -> Limits: MaxScriptNormalize limit set to 5242880 
>> bytes.
>> Thu May 10 10:02:17 2018 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
>> Thu May 10 10:02:17 2018 -> Limits: MaxPartitions limit set to 50.
>> Thu May 10 10:02:17 2018 -> Limits: MaxIconsPE limit set to 100.
>> Thu May 10 10:02:17 2018 -> Limits: MaxRecHWP3 limit set to 16.
>> Thu May 10 10:02:17 2018 -> Limits: PCREMatchLimit limit set to 10.
>> Thu May 10 10:02:17 2018 -> Limits: PCRERecMatchLimit limit set to 5000.
>> Thu May 10 10:02:17 2018 -> Limits: PCREMaxFileSize limit set to 26214400.
>> Thu May 10 10:02:17 2018 -> Archive support enabled.
>> Thu May 10 10:02:17 2018 -> Archive: Blocking encrypted archives.
>> Thu May 10 10:02:17 2018 -> BlockMax heuristic detection disabled.
>> Thu May 10 10:02:17 2018 -> Algorithmic detection enabled.
>> Thu May 10 10:02:17 2018 -> Portable Executable support enabled.
>> Thu May 10 10:02:17 2018 -> ELF support enabled.
>> Thu May 10 10:02:17 2018 -> Mail files support enabled.
>> Thu May 10 10:02:17 2018 -> Mail: RFC1341 handling enabled.
>> Thu May 10 10:02:17 2018 -> OLE2 support enabled.
>> Thu May 10 10:02:17 2018 -> OLE2: Blocking all VBA macros.
>> Thu May 10 10:02:17 2018 -> PDF support enabled.
>> Thu May 10 10:02:17 2018 -> SWF support enabled.
>> Thu May 10 10:02:17 2018 -> HTML support enabled.
>> Thu May 10 10:02:17 2018 -> XMLDOCS support enabled.
>> Thu May 10 10:02:17 2018 -> HWP3 support enabled.
>> Thu May 10 10:02:17 2018 -> Self checking every 600 seconds.
>> Thu May 10 10:02:17 2018 -> Set stacksize to 1048576
>> 
>> Mac OS cash report:
>> 
>> 
>> 
>> Most useful part is probably this:
>> 
>> "Crashed Thread:  2
>> 
>> Exception Type:  EXC_CRASH (SIGABRT)
>> Exception Codes: 0x, 0x
>> 
>> Application Specific Information:
>> Assertion failed: (sp == 0), function yr_execute_code, file yara_exec.c, 
>> line 177."
>> 
>> 
>> Any suggestions?
>> 
>> Thanks,
>> 
>> James
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Startup crash on MacOS X - version 0.100.0

[James Brown]

Yeah, it was all these:

packer.yar
winnow_malware.yara
CVE-2010-0887.yar
maldoc_somerules.yar
CVE-2010-0805.yar
antidebug_antivm.yar
CVE-2010-1297.yar
CVE-2013-0074.yar
CVE-2013-0422.yar
CVE-2015-5119.yar
Maldoc_Hidden_PE_file.yar
EK_Zeus.yar
EK_Sakura.yar
EK_ZeroAcces.yar
EK_Zerox88.yar
EK_Fragus.yar
EK_Phoenix.yar
EK_BleedingLife.yar
EK_Crimepack.yar
EK_Eleonore.yar
EK_Angler.yar
EK_Blackhole.yar
Zeus_EK.yar
ZeroAcces_EK.yar
Zerox88_EK.yar
Phoenix_EK.yar
Sakura_EK.yar
Fragus_EK.yar
Crimepack_EK.yar
Eleonore_EK.yar
Blackhole_EK.yar
BleedingLife_EK.yar
Angler_EK.yar
EMAIL_Cryptowall.yar
malicious_document.yar
Sanesecurity_spam.yara
antidebug.yar
Sanesecurity_sigtest.yara


I don’t know if all of them would cause clamav to crash or just one particular 
one.

I probably downloaded them not long after this came out:

https://blog.clamav.net/2015/06/clamav-099b-meets-yara.html

The clamav-unofficial-sigs script by eXtremeShok has just re-downloaded 
Sanesecurity_sigtest.yara and Sanesecurity_spam.yara and clamd is still 
running, so I presume one of the other files was corrupt?

James

> On 10 May 2018, at 11:50 am, Al Varnell  wrote:
> 
> I'm guessing those came from some Unofficial signature database you subscribe 
> to as I've never seen any included in the Official database.
> 
> -Al-
> 
> On Wed, May 09, 2018 at 06:46 PM, James Brown wrote:
>> Thanks for your replay Al.
>> 
>> Have just got it working. This was the clue:
>> 
>> Application Specific Information:
>> Assertion failed: (sp == 0), function yr_execute_code, file yara_exec.c, 
>> line 177.”
>> 
>> I deleted all the .yar and .yara files from /usr/local/clamav and it started 
>> fine (and is still running).
>> 
>> Hope this helps someone else.
>> 
>> James.
>> 
>>> On 10 May 2018, at 11:34 am, Al Varnell >> <mailto:alvarn...@mac.com>> wrote:
>>> 
>>> OS X 10.7.5 is very old, but I know it's been done successfully for 10.6.8 
>>> by using several work-arounds. Looks like you have PCRE working and assume 
>>> you got over any OpenSSL hurdles. 
>>> 
>>> Might help if you posted the output of 
>>> sudo clamconf
>>> 
>>> -Al-
>>> ClamXAV User
>>> 
>>> On Wed, May 09, 2018 at 05:40 PM, James Brown wrote:
>>>> I upgraded from 0.99.3 (which worked perfectly) to 0.100.0. Everything 
>>>> seemed to work but today I noticed that it wasn’t actually running. No 
>>>> mention of there being a problem in the logs:
>>>> 
>>>> Thu May 10 10:01:25 2018 -> +++ Started at Thu May 10 10:01:25 2018
>>>> Thu May 10 10:01:25 2018 -> Received 0 file descriptor(s) from systemd.
>>>> Thu May 10 10:01:25 2018 -> clamd daemon 0.100.0 (OS: darwin11.4.2, ARCH: 
>>>> x86_64, CPU: x86_64)
>>>> Thu May 10 10:01:25 2018 -> Log file size limited to 2097152 bytes.
>>>> Thu May 10 10:01:25 2018 -> Reading databases from /usr/local/clamav
>>>> Thu May 10 10:01:25 2018 -> Not loading PUA signatures.
>>>> Thu May 10 10:01:25 2018 -> Bytecode: Security mode set to "TrustSigned".
>>>> Thu May 10 10:02:13 2018 -> Loaded 13435987 signatures.
>>>> Thu May 10 10:02:17 2018 -> LOCAL: Removing stale socket file /tmp/clamd
>>>> Thu May 10 10:02:17 2018 -> LOCAL: Unix socket file /tmp/clamd
>>>> Thu May 10 10:02:17 2018 -> LOCAL: Setting connection queue length to 200
>>>> Thu May 10 10:02:17 2018 -> Limits: Global size limit set to 104857600 
>>>> bytes.
>>>> Thu May 10 10:02:17 2018 -> Limits: File size limit set to 26214400 bytes.
>>>> Thu May 10 10:02:17 2018 -> Limits: Recursion level limit set to 16.
>>>> Thu May 10 10:02:17 2018 -> Limits: Files limit set to 1.
>>>> Thu May 10 10:02:17 2018 -> Limits: MaxEmbeddedPE limit set to 10485760 
>>>> bytes.
>>>> Thu May 10 10:02:17 2018 -> Limits: MaxHTMLNormalize limit set to 10485760 
>>>> bytes.
>>>> Thu May 10 10:02:17 2018 -> Limits: MaxHTMLNoTags limit set to 2097152 
>>>> bytes.
>>>> Thu May 10 10:02:17 2018 -> Limits: MaxScriptNormalize limit set to 
>>>> 5242880 bytes.
>>>> Thu May 10 10:02:17 2018 -> Limits: MaxZipTypeRcg limit set to 1048576 
>>>> bytes.
>>>> Thu May 10 10:02:17 2018 -> Limits: MaxPartitions limit set to 50.
>>>> Thu May 10 10:02:17 2018 -> Limits: MaxIconsPE limit set to 100.
>>>> Thu May 10 10:02:17 2018 -> Limits: MaxRecHWP3 limit set to 16.
>>>> Thu May 10 10:

Re: [clamav-users] Startup crash on MacOS X - version 0.100.0

[James Brown]

Yeah, it should just log the error. I put back EMAIL_Cryptowall.yar back in to 
test and restarted clamd. It didn’t complain about it. The 
clamav-unofficial-sigs script had since downloaded these yara files:

winnow_malwware.yara 
CVE-2015-5119.yar
CVE-2013-0074.yar
CVE-2013-0422.yar
CVE-2010-0887.yar
CVE-2010-1297.yar
CVE-2010-0805.yar
Maldoc_Hidden_PE_file.yar
maldoc_somerules.yar
EK_Zerox88.yar
EK_Zeus.yar
EK_Sakura.yar
EK_ZeroAcces.yar
EK_Fragus.yar
EK_Phoenix.yar
EK_BleedingLife.yar
EK_Crimepack.yar
EK_Eleonore.yar
EK_Angler.yar
EK_Blackhole.yar

And clamd starts with:

LibClamAV Error: yyerror(): /usr/local/clamav/maldoc_somerules.yar line 235 
undefined identifier "uint32be"
LibClamAV Warning: cli_loadyara: failed to parse or load 1 yara rules from file 
/usr/local/clamav/maldoc_somerules.yar, successfully loaded 14 rules.
LibClamAV Error: yyerror(): /usr/local/clamav/winnow_malware.yara line 84 
duplicate identifier "CryptoWall_Resume_phish"
LibClamAV Warning: cli_loadyara: failed to parse or load 1 yara rules from file 
/usr/local/clamav/winnow_malware.yara, successfully loaded 8 rules.

It seems to be OK, then after about 4 mins clamd has crashed.

James.

> On 10 May 2018, at 1:42 pm, Al Varnell  <mailto:alvarn...@mac.com>> wrote:
> 
> Lots of variables here, but there has to be an actual bug somewhere. A 
> corrupt yara file should just cause it to be ignored with a log entry 
> indicating what's wrong and not crash ClamAV. That's what happens with one of 
> the .yara files I've been using where I get:
> 
>> LibClamAV Error: yyerror(): /usr/local/clamXav/share/clamav/AlienVault.yara 
>> line 55 syntax error, unexpected _TEXT_STRING_, expecting _CONDITION_
>> LibClamAV Error: cli_loadyara: failed to parse rules file 
>> /usr/local/clamXav/share/clamav/AlienVault.yara, error count 1
> 
> 
> Yara appears to still be evolving since it's introduction maybe four years 
> ago? Apple began to include it as a PrivateFramework with the OS at some 
> point and currently uses it as a supplement to it's XProtect process. But I 
> think that the ClamAV capability is completely self-contained.
> 
> If all those except for the two Sanesecurity files are old, then it would 
> seem to be a 0.100.0 bug in not being able to parse something.
> 
> -Al-
> 
> On Wed, May 09, 2018 at 07:10 PM, James Brown wrote:
>> Yeah, it was all these:
>> 
>> packer.yar
>> winnow_malware.yara
>> CVE-2010-0887.yar
>> maldoc_somerules.yar
>> CVE-2010-0805.yar
>> antidebug_antivm.yar
>> CVE-2010-1297.yar
>> CVE-2013-0074.yar
>> CVE-2013-0422.yar
>> CVE-2015-5119.yar
>> Maldoc_Hidden_PE_file.yar
>> EK_Zeus.yar
>> EK_Sakura.yar
>> EK_ZeroAcces.yar
>> EK_Zerox88.yar
>> EK_Fragus.yar
>> EK_Phoenix.yar
>> EK_BleedingLife.yar
>> EK_Crimepack.yar
>> EK_Eleonore.yar
>> EK_Angler.yar
>> EK_Blackhole.yar
>> Zeus_EK.yar
>> ZeroAcces_EK.yar
>> Zerox88_EK.yar
>> Phoenix_EK.yar
>> Sakura_EK.yar
>> Fragus_EK.yar
>> Crimepack_EK.yar
>> Eleonore_EK.yar
>> Blackhole_EK.yar
>> BleedingLife_EK.yar
>> Angler_EK.yar
>> EMAIL_Cryptowall.yar
>> malicious_document.yar
>> Sanesecurity_spam.yara
>> antidebug.yar
>> Sanesecurity_sigtest.yara
>> 
>> 
>> I don’t know if all of them would cause clamav to crash or just one 
>> particular one.
>> 
>> I probably downloaded them not long after this came out:
>> 
>> https://blog.clamav.net/2015/06/clamav-099b-meets-yara.html 
>> <https://blog.clamav.net/2015/06/clamav-099b-meets-yara.html> 
>> <https://blog.clamav.net/2015/06/clamav-099b-meets-yara.html 
>> <https://blog.clamav.net/2015/06/clamav-099b-meets-yara.html>>
>> 
>> The clamav-unofficial-sigs script by eXtremeShok has just re-downloaded 
>> Sanesecurity_sigtest.yara and Sanesecurity_spam.yara and clamd is still 
>> running, so I presume one of the other files was corrupt?
>> 
>> James
>> 
>>> On 10 May 2018, at 11:50 am, Al Varnell >> <mailto:alvarn...@mac.com> <mailto:alvarn...@mac.com 
>>> <mailto:alvarn...@mac.com>>> wrote:
>>> 
>>> I'm guessing those came from some Unofficial signature database you 
>>> subscribe to as I've never seen any included in the Official database.
>>> 
>>> -Al-
>>> 
>>> On Wed, May 09, 2018 at 06:46 PM, James Brown wrote:
>>>> Thanks for your replay Al.
>>>> 
>>>> Have just got it working. This was the clue:
>>>> 
>>>> Application Specific Information:
>&g

[Clamav-users] v0.96 Compile error: floating constant exceeds range of 'float' on Mac OS X 10.4.11 (Intel)

[James Brown]

I asked this question last week, but haven't got any replies. I'm re-posting it 
because a) it will give everyone a break from the 0.94 EOL tweet wars :-) and 
b) I'll try to provide more info.

Any help  would be much appreciated, as obviously I want to run 0.96!

System is running Mac OS X 10.4.11 on an Intel-based Mac Mini.

./configure CFLAGS="-O0"

checking build system type... i386-apple-darwin8.11.1
checking host system type... i386-apple-darwin8.11.1
checking target system type... i386-apple-darwin8.11.1
creating target.h - canonical system defines
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... config/install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking how to create a ustar tar archive... gnutar
checking for gawk... (cached) awk
checking whether ln -s works... yes
checking whether make sets $(MAKE)... (cached) yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking dependency style of gcc... gcc3
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... no
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -p
checking the name lister (/usr/bin/nm -p) interface... BSD nm
checking the maximum length of command line arguments... 196608
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... no
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... no
checking how to recognize dependent libraries... pass_all
checking for ar... ar
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -p output from gcc object... ok
checking for dsymutil... no
checking for nmedit... nmedit
checking for lipo... lipo
checking for otool... otool
checking for otool64... otool64
checking for -single_module linker flag... yes
checking for -exported_symbols_list linker flag... yes
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fno-common -DPIC
checking if gcc PIC flag -fno-common -DPIC works... yes
checking if gcc static flag -static works... no
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... darwin8.11.1 dyld
checking how to hardcode library paths into programs... immediate
checking for dlopen in -ldl... yes
checking whether a program can dlopen itself... yes
checking whether a statically linked program can dlopen itself... yes
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking which extension is used for runtime loadable modules... .so
checking which variable specifies run-time module search path... 
DYLD_LIBRARY_PATH
checking for the default library search path... /usr/local/lib /lib /usr/lib
checking for library containing dlopen... none required
checking for dlerror... yes
checking for shl_load... no
checking for shl_load in -ldld... no
checking for dld_link in -ldld... no
checking for _ prefix in compiled symbols... yes
checking whether we have to add an underscore for dlsym... no
checking whether deplibs are loaded by dlopen... yes
checking for argz.h... no
checking for error_t... no
checking for argz_add... no
checking for argz_append... no
checking for argz_count... no
checking for argz_create_sep... no
checking for argz_insert... no
checking for argz_next... no
checking for argz_stringify... no
checking whether libtool supports -dlopen/-dlpreopen... yes
checking for ltdl.h... yes
checking whether lt_dlinterface_register is declare

Re: [Clamav-users] v0.96 Compile error: floating constant exceeds range of 'float' on Mac OS X 10.4.11 (Intel)

[James Brown]

Thanks Török.

On 19/04/2010, at 5:23 PM, Török Edwin wrote:

> On 04/19/2010 07:04 AM, James Brown wrote:
>> I asked this question last week, but haven't got any replies. I'm re-posting 
>> it because a) it will give everyone a break from the 0.94 EOL tweet wars :-) 
>> and b) I'll try to provide more info.
>> 
>> Any help  would be much appreciated, as obviously I want to run 0.96!
> 
> Which compiler version (g++ -v, gcc -v).

$ gcc -v
Using built-in specs.
Target: i686-apple-darwin8
Configured with: /private/var/tmp/gcc/gcc-5250.obj~20/src/configure 
--disable-checking -enable-werror --prefix=/usr --mandir=/share/man 
--enable-languages=c,objc,c++,obj-c++ 
--program-transform-name=/^[cg][^.-]*$/s/$/-4.0/ 
--with-gxx-include-dir=/include/c++/4.0.0 --build=powerpc-apple-darwin8 
--with-arch=pentium-m --with-tune=prescott --program-prefix= 
--host=i686-apple-darwin8 --target=i686-apple-darwin8
Thread model: posix
gcc version 4.0.1 (Apple Computer, Inc. build 5250)

$ g++ -v
Using built-in specs.
Target: i686-apple-darwin8
Configured with: /private/var/tmp/gcc/gcc-5250.obj~20/src/configure 
--disable-checking -enable-werror --prefix=/usr --mandir=/share/man 
--enable-languages=c,objc,c++,obj-c++ 
--program-transform-name=/^[cg][^.-]*$/s/$/-4.0/ 
--with-gxx-include-dir=/include/c++/4.0.0 --build=powerpc-apple-darwin8 
--with-arch=pentium-m --with-tune=prescott --program-prefix= 
--host=i686-apple-darwin8 --target=i686-apple-darwin8
Thread model: posix
gcc version 4.0.1 (Apple Computer, Inc. build 5250)


> 
> And does this patch help? (you can apply it with 'git apply', or 'patch
> -p1'):

'locate bin/git' finds nothing, but I have patch.

> 
> diff --git a/libclamav/c++/llvm/include/llvm/System/DataTypes.h.in
> b/libclamav/c++/llvm/include/llvm/System/DataTypes.h.in
> index 1f8ce79..879650b 100644
> --- a/libclamav/c++/llvm/include/llvm/System/DataTypes.h.in
> +++ b/libclamav/c++/llvm/include/llvm/System/DataTypes.h.in
> @@ -105,7 +105,11 @@ typedef u_int64_t uint64_t;
> #endif
> 
> #ifndef HUGE_VALF
> +#ifdef __GNUC__
> +#define HUGE_VALF __builtin_huge_valf()
> +#else
> #define HUGE_VALF (float)HUGE_VAL
> #endif
> +#endif
> 
> #endif  /* SUPPORT_DATATYPES_H */

Sorry if this is stupid question (I've never applied a patch before), what what 
is the file I'm patching? When I know this, do I just run 'patch -p1 
file_to_be_patched file_containing_above_diff_info ?

Thanks,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] v0.96 Compile error: floating constant exceeds range of 'float' on Mac OS X 10.4.11 (Intel)

[James Brown]

On 19/04/2010, at 6:01 PM, Török Edwin wrote:

> You don't need to tell 'patch' which file to patch, since it knows
> already: it is libclamav/c++/llvm/include/llvm/System/DataTypes.h.in.
> 
> So you do this: you copy+paste my patch to a file (lets say float.patch).
> Then cd into the clamav source directory.
> Then run 'patch -p1  
> Thats it, it should tell you it has successfully patched that file.

$ patch -p1 http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] v0.96 Compile error: floating constant exceeds range of 'float' on Mac OS X 10.4.11 (Intel)

[James Brown]

On 19/04/2010, at 6:12 PM, Török Edwin wrote:

> On 04/19/2010 11:08 AM, James Brown wrote:
>> 
>> On 19/04/2010, at 6:01 PM, Török Edwin wrote:
>> 
>>> You don't need to tell 'patch' which file to patch, since it knows
>>> already: it is libclamav/c++/llvm/include/llvm/System/DataTypes.h.in.
>>> 
>>> So you do this: you copy+paste my patch to a file (lets say float.patch).
>>> Then cd into the clamav source directory.
>>> Then run 'patch -p1 >> 
>>> Thats it, it should tell you it has successfully patched that file.
>> 
>> $ patch -p1 > patching file libclamav/c++/llvm/include/llvm/System/DataTypes.h.in
>> patch:  unexpected end of file in patch
> 
> Maybe email client messed with the patch.
> Download the patch from here: http://paste.debian.net/69675/plain/69675
> And try applying it.
> 


Thanks Edwin.

Ok. Was able to apply the patch.

Typed 'make' but the compile failed with the same error as before.

Do I need to run ./configure again? Do I need to start from a freshly unpacked 
folder?

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] v0.96 Compile error: floating constant exceeds range of 'float' on Mac OS X 10.4.11 (Intel)

[James Brown]

On 19/04/2010, at 7:54 PM, Török Edwin wrote:

> On 2010-04-19 12:35, James Brown wrote:
>> 
>> 
>> Thanks Edwin.
>> 
>> Ok. Was able to apply the patch.
>> 
>> Typed 'make' but the compile failed with the same error as before.
>> 
>> Do I need to run ./configure again? Do I need to start from a freshly 
>> unpacked folder?
> 
> Yes, you need to run configure again. I forgot to mention this.
> 
> Best regards,
> --Edwin

Ran configure and then make, got the same error.

Do I have to run make clean before the configure?

Or do I have to run configure, apply the patch, then run make?

Sorry for all the dumb questions - I do appreciate your help.

Thanks,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] v0.96 Compile error: floating constant exceeds range of 'float' on Mac OS X 10.4.11 (Intel)

[James Brown]

On 19/04/2010, at 9:09 PM, Török Edwin wrote:

> Does this compile correctly:
> $ cat >test.c < int main()
> {
> float x = __builtin_huge_valf();
> return
> }
> EOF
> $ gcc test.c

No.

I get:

test.c: In function 'main':
test.c:5: error: parse error before '}' token

I don't think I mistyped anything.

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] v0.96 Compile error: floating constant exceeds range of 'float' on Mac OS X 10.4.11 (Intel)

[James Brown]

On 19/04/2010, at 9:18 PM, Török Edwin wrote:

> On 2010-04-19 14:17, James Brown wrote:
>> 
>> On 19/04/2010, at 9:09 PM, Török Edwin wrote:
>> 
>>> Does this compile correctly:
>>> $ cat >test.c <>> int main()
>>> {
>>> float x = __builtin_huge_valf();
>>> return
>>> }
>>> EOF
>>> $ gcc test.c
>> 
>> No.
>> 
>> I get:
>> 
>> test.c: In function 'main':
>> test.c:5: error: parse error before '}' token
> 
> Try this:
> $ cat >test.c < int main()
> {
> float x = __builtin_huge_valf();
> return 0;
> }
> EOF
> $ gcc test.c

Yes, no errors there.

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] v0.96 Compile error: floating constant exceeds range of 'float' on Mac OS X 10.4.11 (Intel)

[James Brown]

On 19/04/2010, at 10:26 PM, Török Edwin wrote:

> On 2010-04-19 15:09, James Brown wrote:
>> 
>> On 19/04/2010, at 9:18 PM, Török Edwin wrote:
>>> Try this:
>>> $ cat >test.c <>> int main()
>>> {
>>> float x = __builtin_huge_valf();
>>> return 0;
>>> }
>>> EOF
>>> $ gcc test.c
>> 
>> Yes, no errors there.
> 
> Try this:
> cd libclamav/c++
> make CalcSpillWeights.lo CXXFLAGS=-save-temps
> 
> You should get a CalcSpillWeights.ii
> 
> Open a bugreport and attach it.

Done. It is Bug 1977.

Many thanks for all your help.

Regards,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] v0.96 Compile error: floating constant exceeds range of 'float' on Mac OS X 10.4.11 (Intel)

[James Brown]

On 19/04/2010, at 10:26 PM, Török Edwin wrote:

> Try this:
> cd libclamav/c++
> make CalcSpillWeights.lo CXXFLAGS=-save-temps
> 
> You should get a CalcSpillWeights.ii
> 
> Open a bugreport and attach it.
> 
> Best regards,
> --Edwin

For all those interested in getting 0.96 to compile under Mac OS X 11.4.11 
(Tiger) I managed to do it successfully by following the instructions here:

"Building ClamAV 0.96 on Mac OS X 10.4".


Basically the instructions show you how to compile ClamAV using llvm (Low Level 
Virtual Machine) rather than gcc.

Many thanks to Török Edwin and Eiichi Yokota for their help.

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Error compling 0.96.1 on OS X Tiger 10.4.11

[James Brown]

I had issues upgrading to 0.96 on my Intel OS X 10.4.11 (Tiger) machine, and 
now I'm having problems upgrading to 0.96.1.

If I run:

./configure CFLAGS="-O0"

it configures OK but 'make' ends in:

  CC libclamav_internal_utils_la-regfree.lo
  CCLD   libclamav_internal_utils.la
  CCLD   libclamav.la
ld: Undefined symbols:
__Unwind_Resume
/usr/libexec/gcc/i686-apple-darwin8/4.0.1/libtool: internal link edit command 
failed
make[4]: *** [libclamav.la] Error 1
make[3]: *** [all-recursive] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

To get 0.96 to compile I had to use:

./configure --build=i686-apple-darwin8.11.1 --enable-llvm

If I do this now configure fails with:

checking for inline... inline
checking whether FPU byte ordering is bigendian... no
checking whether byte ordering is bigendian... no
checking for a supported version of gcc... ok (4.0.1)
checking for gcc bug PR27603... ok, bug not present
checking for gcc bug PR26763-2... ok, bug not present
checking for valid code generation of CLI_ISCONTAINED... ok, bug not present
checking for gcc bug PR28045... configure: error: your compiler has gcc PR28045 
bug, use a different compiler, see 
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28045

If I add the CFLAGS setting, to give:

./configure --build=i686-apple-darwin8.11.1 --enable-llvm CFLAGS="=O0"

configure fails with:

checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... no
configure: error: in `/Users/jlbrown/.Trash/clamav-0.96.1':
configure: error: C compiler cannot create executables
See `config.log' for more details.

Any suggestions?

(Yes I know I should upgrade the server OS, it's on my To-Do list!)

Thanks,

James.___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Error compling 0.96.1 on OS X Tiger 10.4.11

[James Brown]

On 21/05/2010, at 5:10 PM, Török Edwin wrote:

> On 05/21/2010 07:10 AM, James Brown wrote:
>> 
>> To get 0.96 to compile I had to use:
>> 
>> ./configure --build=i686-apple-darwin8.11.1 --enable-llvm
>> 
>> If I do this now configure fails with:
>> 
>> checking for inline... inline
>> checking whether FPU byte ordering is bigendian... no
>> checking whether byte ordering is bigendian... no
>> checking for a supported version of gcc... ok (4.0.1)
>> checking for gcc bug PR27603... ok, bug not present
>> checking for gcc bug PR26763-2... ok, bug not present
>> checking for valid code generation of CLI_ISCONTAINED... ok, bug not present
>> checking for gcc bug PR28045... configure: error: your compiler has gcc 
>> PR28045 bug, use a different compiler, see 
>> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28045
>> 
>> If I add the CFLAGS setting, to give:
>> 
>> ./configure --build=i686-apple-darwin8.11.1 --enable-llvm CFLAGS="=O0"
> 
> You typoed the flag, it should be CFLAGS="-O0" (not =O0).
> 
> Best regards,
> --Edwin

How silly of me!

Thanks Edwin.

configure worked fine.

But make still fails at the same spot:

$ make
make  all-recursive
Making all in libltdl
make  all-am
  CC dlopen.lo
  CCLD   dlopen.la
  CC libltdlc_la-preopen.lo
  CC libltdlc_la-lt__alloc.lo
  CC libltdlc_la-lt_dlloader.lo
  CC libltdlc_la-lt_error.lo
  CC libltdlc_la-ltdl.lo
  CC libltdlc_la-slist.lo
  CCLD   libltdlc.la
Making all in libclamav
make  all-recursive
Making all in c++
make  all-am
  CXXlibclamavcxx_la-bytecode2llvm.lo
  CXXlibclamavcxx_la-ClamBCRTChecks.lo
  CXXMachineFunction.lo
  CXXIntercept.lo
  CXXJIT.lo
  CXXOProfileJITEventListener.lo
  CXXCommandLine.lo
  CXXGraphWriter.lo
  CXXManagedStatic.lo
  CXXraw_ostream.lo
  CXXLD  libllvmjit.la
  CXXScheduleDAGPrinter.lo
  CXXSelectionDAGPrinter.lo
  CXXLD  libllvmcodegen.la
  CXXAlarm.lo
  CXXAtomic.lo
  CXXDisassembler.lo
  CXXDynamicLibrary.lo
  CXXErrno.lo
  CXXHost.lo
  CXXMemory.lo
  CXXMutex.lo
  CXXPath.lo
  CXXProcess.lo
  CXXProgram.lo
  CXXRWMutex.lo
  CXXSignals.lo
  CXXThreadLocal.lo
  CXXThreading.lo
  CXXTimeValue.lo
  CXXLD  libllvmsystem.la
  CXXLD  libclamavcxx.la
  CC unrar15.lo
  CC unrar.lo
  CC unrar20.lo
  CC unrarppm.lo
  CC unrarvm.lo
  CC unrarcmd.lo
  CC unrarfilter.lo
  CC unrarhlp.lo
  CCLD   libclamunrar.la
warning: no debug map in executable (-arch i386)
  CC unrar_iface.lo
  CCLD   libclamunrar_iface.la
warning: no debug map in executable (-arch i386)
  CC libclamav_la-matcher-ac.lo
  CC libclamav_la-matcher-bm.lo
  CC libclamav_la-matcher.lo
  CC libclamav_la-others.lo
  CC libclamav_la-readdb.lo
  CC libclamav_la-cvd.lo
  CC libclamav_la-dsig.lo
  CC libclamav_la-scanners.lo
  CC libclamav_la-textdet.lo
  CC libclamav_la-filetypes.lo
  CC libclamav_la-rtf.lo
  CC libclamav_la-blob.lo
  CC libclamav_la-mbox.lo
  CC libclamav_la-message.lo
  CC libclamav_la-table.lo
  CC libclamav_la-text.lo
  CC libclamav_la-ole2_extract.lo
  CC libclamav_la-vba_extract.lo
  CC libclamav_la-msexpand.lo
  CC libclamav_la-pe.lo
  CC libclamav_la-pe_icons.lo
  CC libclamav_la-disasm.lo
  CC libclamav_la-upx.lo
  CC libclamav_la-htmlnorm.lo
  CC libclamav_la-chmunpack.lo
  CC libclamav_la-rebuildpe.lo
  CC libclamav_la-petite.lo
  CC libclamav_la-wwunpack.lo
  CC libclamav_la-unsp.lo
  CC libclamav_la-aspack.lo
  CC libclamav_la-packlibs.lo
  CC libclamav_la-fsg.lo
  CC libclamav_la-mew.lo
  CC libclamav_la-upack.lo
  CC libclamav_la-line.lo
  CC libclamav_la-untar.lo
  CC libclamav_la-unzip.lo
  CC libclamav_la-inflate64.lo
  CC libclamav_la-special.lo
  CC libclamav_la-binhex.lo
  CC libclamav_la-is_tar.lo
  CC libclamav_la-tnef.lo
  CC libclamav_la-autoit.lo
  CC libclamav_la-unarj.lo
  CC libclamav_la-bzlib.lo
  CC libclamav_la-nulsft.lo
  CC libclamav_la-pdf.lo
  CC libclamav_la-spin.lo
  CC libclamav_la-yc.lo
  CC libclamav_la-elf.lo
  CC libclamav_la-sis.lo
  CC libclamav_la-uuencode.lo
  CC libclamav_la-phishcheck.lo
  CC libclamav_la-phish_domaincheck_db.lo
  CC libclamav_la-phish_whitelist.lo
  CC libclamav_la-regex_list.lo
  CC libclamav_la-regex_suffix.lo
  CC libclamav_la-mspack.lo
  CC libclamav_la-cab.lo
  CC libclamav_la-entconv.lo
entconv.c: In function 'in_iconv_u16':
entconv.c:732: warning: passing argument 2 of 'libiconv' from incompatible 
pointer type
  CC libclamav_la-hashtab.lo
  CC libclamav_la-dconf.lo
  CC libclamav_la-lzma_ifa

Re: [Clamav-users] Error compling 0.96.1 on OS X Tiger 10.4.11

[James Brown]

On 21/05/2010, at 5:45 PM, Török Edwin wrote:

> On 05/21/2010 10:37 AM, James Brown wrote:
>>  CCLD   libclamav.la
>> ld: Undefined symbols:
>> __Unwind_Resume
> 
> This is bug #1995 (I'll add an entry to the wiki). Try --disable-llvm.
> 
> However I did add a configure check to try and link a C++ program, and
> that check passed (since it started building LLVM).
> I don't know why that test worked and linking libclamav itself failed,
> maybe I should try to throw an exception in my configure test.
> 
> Best regards,
> --Edwin

Perfect - that worked.

Thanks for your help Edwin.

James.___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Killed clamscan

[James Brown]

I have ClamAV 0.96.1/11559 on my vds-server under FreeBSD 8.1-STABLE and
on my laptop under Debian Lenny AMD64.
I have the next problem with my clamav on my vds under FreeBSD.
Some days ago my clamscan found the next:
clamscan -ir /
/home/user/data/email/somename.com/name_of_mailbox/mbox:
HTML.Phishing.Bank-485 FOUND
Killed
As we see after founding that virus my clamav was fallen.
Such problem was found and on my desktop under Debian because I receive
my mail from my server to my email-client (mozilla-thunderbird) on my
laptop.
But I have no problem with autokilling clamscan process on my laptop.
Furthermore, such autokilling happens with running commands clamscan
-[iv]r /, clamscan -[iv]r /home, clamscan -[iv]r /usr and clamscan
-[iv]r /var.
When I scanning other FS (/boot, /etc, /root, /tmp etc.) I have no such
problem too.
What can it be, how I can to fight with it?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Configure warning when compiling 0.96.3, 64-bit, on Mac OS X 10.5.8

[James Brown]

When I run configure I get warnings about cross compiling to a different host.

I set the flags before I run it, as I always do.

Any suggestions?

Thanks,

James.


mail:clamav-0.96.3 jlbrown$ CFLAGS="-arch x86_64"
mail:clamav-0.96.3 jlbrown$ CXXFLAGS="-arch x86_64"
mail:clamav-0.96.3 jlbrown$ ./configure
checking build system type... i386-apple-darwin9.8.0
checking host system type... i386-apple-darwin9.8.0
checking target system type... i386-apple-darwin9.8.0
creating target.h - canonical system defines
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... config/install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking how to create a ustar tar archive... gnutar
checking for gawk... (cached) awk
checking whether ln -s works... yes
checking whether make sets $(MAKE)... (cached) yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking dependency style of gcc... gcc3
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/libexec/gcc/i686-apple-darwin9/4.0.1/ld
checking if the linker (/usr/libexec/gcc/i686-apple-darwin9/4.0.1/ld) is GNU 
ld... no
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -p
checking the name lister (/usr/bin/nm -p) interface... BSD nm
checking the maximum length of command line arguments... 196608
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking for /usr/libexec/gcc/i686-apple-darwin9/4.0.1/ld option to reload 
object files... -r
checking for objdump... no
checking how to recognize dependent libraries... pass_all
checking for ar... ar
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -p output from gcc object... ok
checking for dsymutil... dsymutil
checking for nmedit... nmedit
checking for lipo... lipo
checking for otool... otool
checking for otool64... no
checking for -single_module linker flag... yes
checking for -exported_symbols_list linker flag... yes
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fno-common -DPIC
checking if gcc PIC flag -fno-common -DPIC works... yes
checking if gcc static flag -static works... no
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/libexec/gcc/i686-apple-darwin9/4.0.1/ld) 
supports shared libraries... yes
checking dynamic linker characteristics... darwin9.8.0 dyld
checking how to hardcode library paths into programs... immediate
checking for dlopen in -ldl... yes
checking whether a program can dlopen itself... yes
checking whether a statically linked program can dlopen itself... yes
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking which extension is used for runtime loadable modules... .so
checking which variable specifies run-time module search path... 
DYLD_LIBRARY_PATH
checking for the default library search path... /usr/local/lib /lib /usr/lib
checking for library containing dlopen... none required
checking for dlerror... yes
checking for shl_load... no
checking for shl_load in -ldld... no
checking for dld_link in -ldld... no
checking for _ prefix in compiled symbols... yes
checking whether we have to add an underscore for dlsym... no
checking whether deplibs are loaded by dlopen... yes
checking for argz.h... no
checking for error_t... no
checking for argz_add... no
checking for argz_append... no
checking for argz_count... no
checking for argz_create_sep... no
checking for argz_insert... no
checking for argz_next... no
checking for argz_stringify... no
checking whether libtool supports -dlopen/-dlpreopen.

Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)

[James Brown]

On 23/11/2010, at 1:12 AM, Tomasz Kojm wrote:

> 
> Dear Users,
> 
> we're going to release a new version of ClamAV on Monday, November 29.
> ClamAV 0.96.5 will include bugfixes and minor feature enhancements,
> such as improved handling of detection statistics, better file logging,
> and support for custom database URLs in freshclam. You can find more
> information in the ChangeLog:
> 
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=HEAD
> 
> and our Bugzilla:
> 
> https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXED&query_format=advanced&bug_status=RESOLVED&product=ClamAV&target_milestone=0.96.5
> 
> You can help by testing (or just running ./configure && make check) the
> latest code available in our Git repository - the latest snapshot
> tarball can be grabbed here:
> 
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;sf=tgz
> 
> Thank you in advance,
> 
> -- 
>   oo. Tomasz Kojm 
>  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
> \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
>   //\   /\  Mon Nov 22 15:02:23 CET 2010
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml


Mac OS X 10.4.11 (I know it's old).

bzip not updated.


Compiled using:

./configure CFLAGS="-O0" --disable-llvm


Output of make check:



$ make check
Making check in libltdl
/bin/sh /Users/jlbrown/Desktop/clamav-devel/config/install-sh -d . 
cp ./argz_.h argz.h-t
mv argz.h-t argz.h
make  check-am
  CC dlopen.lo
  CCLD   dlopen.la
  CC libltdlc_la-preopen.lo
  CC libltdlc_la-lt__alloc.lo
  CC libltdlc_la-lt_dlloader.lo
  CC libltdlc_la-lt_error.lo
  CC libltdlc_la-ltdl.lo
  CC libltdlc_la-slist.lo
  CC argz.lo
  CCLD   libltdlc.la
Making check in libclamav
make  check-recursive
  CC unrar15.lo
  CC unrar.lo
  CC unrar20.lo
  CC unrarppm.lo
  CC unrarvm.lo
  CC unrarcmd.lo
  CC unrarfilter.lo
  CC unrarhlp.lo
  CCLD   libclamunrar.la
warning: no debug map in executable (-arch i386)
  CC unrar_iface.lo
  CCLD   libclamunrar_iface.la
warning: no debug map in executable (-arch i386)
  CC libclamav_la-matcher-ac.lo
  CC libclamav_la-matcher-bm.lo
  CC libclamav_la-matcher-md5.lo
  CC libclamav_la-matcher.lo
matcher.c: In function 'cli_checkfp':
matcher.c:425: warning: pointer targets in passing argument 3 of 
'ctx->engine->cb_hash' differ in signedness
  CC libclamav_la-others.lo
others.c: In function 'cl_init':
others.c:267: warning: pointer targets in passing argument 2 of 
'cli_bcapi_version_compare' differ in signedness
others.c:267: warning: pointer targets in passing argument 4 of 
'cli_bcapi_version_compare' differ in signedness
  CC libclamav_la-readdb.lo
  CC libclamav_la-cvd.lo
  CC libclamav_la-dsig.lo
  CC libclamav_la-scanners.lo
  CC libclamav_la-textdet.lo
  CC libclamav_la-filetypes.lo
  CC libclamav_la-rtf.lo
  CC libclamav_la-blob.lo
  CC libclamav_la-mbox.lo
  CC libclamav_la-message.lo
  CC libclamav_la-table.lo
  CC libclamav_la-text.lo
  CC libclamav_la-ole2_extract.lo
  CC libclamav_la-vba_extract.lo
  CC libclamav_la-msexpand.lo
  CC libclamav_la-pe.lo
  CC libclamav_la-pe_icons.lo
  CC libclamav_la-disasm.lo
  CC libclamav_la-upx.lo
  CC libclamav_la-htmlnorm.lo
  CC libclamav_la-chmunpack.lo
  CC libclamav_la-rebuildpe.lo
  CC libclamav_la-petite.lo
  CC libclamav_la-wwunpack.lo
  CC libclamav_la-unsp.lo
  CC libclamav_la-aspack.lo
  CC libclamav_la-packlibs.lo
  CC libclamav_la-fsg.lo
  CC libclamav_la-mew.lo
  CC libclamav_la-upack.lo
  CC libclamav_la-line.lo
  CC libclamav_la-untar.lo
  CC libclamav_la-unzip.lo
  CC libclamav_la-inflate64.lo
  CC libclamav_la-special.lo
  CC libclamav_la-binhex.lo
  CC libclamav_la-is_tar.lo
  CC libclamav_la-tnef.lo
  CC libclamav_la-autoit.lo
  CC libclamav_la-unarj.lo
  CC libclamav_la-bzlib.lo
  CC libclamav_la-nulsft.lo
  CC libclamav_la-infblock.lo
  CC libclamav_la-pdf.lo
  CC libclamav_la-spin.lo
  CC libclamav_la-yc.lo
  CC libclamav_la-elf.lo
  CC libclamav_la-sis.lo
  CC libclamav_la-uuencode.lo
  CC libclamav_la-phishcheck.lo
  CC libclamav_la-phish_domaincheck_db.lo
  CC libclamav_la-phish_whitelist.lo
  CC libclamav_la-regex_list.lo
  CC libclamav_la-regex_suffix.lo
  CC libclamav_la-mspack.lo
  CC libclamav_la-cab.lo
  CC libclamav_la-entconv.lo
entconv.c: In function 'in_iconv_u16':
entconv.c:732: warning: passing argument 2 of 'libiconv' from incompatible 
pointer type
  CC libclamav_la-hashtab.lo
  CC libclamav_la-dconf.lo
  CC libclamav_la-LzmaDec.lo
  CC libclamav_la-lzma_iface.lo
  CC 

[Clamav-users] LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0

[James Brown]

When scanning, clamscan give me the above messages of errors.
What could it mean?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] [Clamav-users] LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0

[James Brown]

Török Edwin wrote:
> On Sat, 27 Nov 2010 05:24:19 +
> James Brown  wrote:
> 
>> When scanning, clamscan give me the above messages of errors.
>> What could it mean?
> 
> It probably means that the file changed its size while you were
> scanning it, i.e. clamscan thought the file still had 4077 more bytes,
> but when trying to read from it, it got an end-of-file (0 bytes).
> Or it could be a bug somewhere.
> 
How can I find what it is?

> Is this error reproducible?
> 
> Best regards,
> --Edwin
> 
Yes, many times. On my home laptop and on my vds (under Debian lenny).

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] Can't compile 0.97 as 64-bit on Mac OS 10.5.8

[James Brown]

I have been compiling clamav all day with a great many combinations of options.
No matter what I try, it won't build in 64bit.

I used:

./configure CFLAGS='-arch x86_64' --build=x86_64-apple-darwin9.8.0
make
sudo make install (after stopping clamd)

The configure output had:

=== configuring in llvm 
(/Users/jlbrown/Downloads/clamav-0.97/libclamav/c++/llvm)
configure: running /bin/sh ./configure --disable-option-checking 
'--prefix=/usr/local'  'CFLAGS=-arch x86_64' '--build=x86_64-apple-darwin9.8.0' 
'build_alias=x86_64-apple-darwin9.8.0' '--enable-ltdl-convenience' 
'--enable-optimized' 'llvm_cv_gnu_make_command=make' 
'--enable-targets=host-only' '--enable-bindings=none' '--enable-libffi=no' 
'--without-llvmgcc' '--without-llvmgxx' --cache-file=/dev/null --srcdir=.
checking build system type... x86_64-apple-darwin9.8.0
checking host system type... x86_64-apple-darwin9.8.0
checking target system type... x86_64-apple-darwin9.8.0
checking type of operating system we're going to host on... Darwin
checking type of operating system we're going to target... Darwin
checking target architecture... x86_64
checking for gcc... gcc

so that looks good.

But the output of 'make' was full of lines like this:

ld warning: in .libs/libclamav.lax/libclamavcxx.a/ValueSymbolTable.o, file is 
not of required architecture
ld warning: in .libs/libclamav.lax/libclamavcxx.a/ValueTracking.o, file is not 
of required architecture
ld warning: in .libs/libclamav.lax/libclamavcxx.a/ValueTypes.o, file is not of 
required architecture
ld warning: in .libs/libclamav.lax/libclamavcxx.a/Verifier.o, file is not of 
required architecture
ld warning: in .libs/libclamav.lax/libclamavcxx.a/VirtRegMap.o, file is not of 
required architecture

And the result is a 32-bit binary:

file /usr/local/sbin/clamd
/usr/local/sbin/clamd: Mach-O executable i386


I have tried CFLAGS, CXXFLAGS, LDFLAGS, CPPFLAGS and --build settings.
everything I tried either failed or built i386.

Does anyone have any suggestions?

Thanks,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Can't compile 0.97 as 64-bit on Mac OS 10.5.8

[James Brown]

Thanks TR and Edwin.

CFLAGS="-arch x86_64" CXXFLAGS="-arch x86_64" ./configure --enable-llvm 
--enable-clamdtop --with-user=_clamav --with-group=_clamav

worked perfectly.

Thanks again for your help.

James.


On 13/02/2011, at 1:28 AM, TR Shaw wrote:

> 
> You have to set CXXFLAGS
> 
> CFLAGS="-arch x86_64" CXXFLAGS="-arch x86_64" ./configure --enable-llvm 
> --enable-clamdtop --with-user=_clamav --with-group=_clamav
> 
> On Feb 12, 2011, at 9:16 AM, James Brown wrote:
> 
>> I have been compiling clamav all day with a great many combinations of 
>> options.
>> No matter what I try, it won't build in 64bit.
>> 
>> I used:
>> 
>> ./configure CFLAGS='-arch x86_64' --build=x86_64-apple-darwin9.8.0
>> make
>> sudo make install (after stopping clamd)
>> 
>> The configure output had:
>> 
>> === configuring in llvm 
>> (/Users/jlbrown/Downloads/clamav-0.97/libclamav/c++/llvm)
>> configure: running /bin/sh ./configure --disable-option-checking 
>> '--prefix=/usr/local'  'CFLAGS=-arch x86_64' 
>> '--build=x86_64-apple-darwin9.8.0' 'build_alias=x86_64-apple-darwin9.8.0' 
>> '--enable-ltdl-convenience' '--enable-optimized' 
>> 'llvm_cv_gnu_make_command=make' '--enable-targets=host-only' 
>> '--enable-bindings=none' '--enable-libffi=no' '--without-llvmgcc' 
>> '--without-llvmgxx' --cache-file=/dev/null --srcdir=.
>> checking build system type... x86_64-apple-darwin9.8.0
>> checking host system type... x86_64-apple-darwin9.8.0
>> checking target system type... x86_64-apple-darwin9.8.0
>> checking type of operating system we're going to host on... Darwin
>> checking type of operating system we're going to target... Darwin
>> checking target architecture... x86_64
>> checking for gcc... gcc
>> 
>> so that looks good.
>> 
>> But the output of 'make' was full of lines like this:
>> 
>> ld warning: in .libs/libclamav.lax/libclamavcxx.a/ValueSymbolTable.o, file 
>> is not of required architecture
>> ld warning: in .libs/libclamav.lax/libclamavcxx.a/ValueTracking.o, file is 
>> not of required architecture
>> ld warning: in .libs/libclamav.lax/libclamavcxx.a/ValueTypes.o, file is not 
>> of required architecture
>> ld warning: in .libs/libclamav.lax/libclamavcxx.a/Verifier.o, file is not of 
>> required architecture
>> ld warning: in .libs/libclamav.lax/libclamavcxx.a/VirtRegMap.o, file is not 
>> of required architecture
>> 
>> And the result is a 32-bit binary:
>> 
>> file /usr/local/sbin/clamd
>> /usr/local/sbin/clamd: Mach-O executable i386
>> 
>> 
>> I have tried CFLAGS, CXXFLAGS, LDFLAGS, CPPFLAGS and --build settings.
>> everything I tried either failed or built i386.
>> 
>> Does anyone have any suggestions?
>> 
>> Thanks,
>> 
>> James.
>> ___
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
> 
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] Crash on reload. Version 0.98.3. Mac OS X 10.7.5

[James Brown]

Have just upgraded to version 0.98.3 from 0.98.1.

Clamd starts fine, but anytime I reload the database (e.g. running freshclam) 
clamd will crash.

OS X’s crash log says:

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x, 0x

Application Specific Information:
*** error for object 0x7fff634fd2a8: pointer being freed was not allocated
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib  0x7fff8e81dce2 __pthread_kill + 10
1   libsystem_c.dylib   0x7fff9a4d47d2 pthread_kill + 95
2   libsystem_c.dylib   0x7fff9a4c5a7a abort + 143
3   libsystem_c.dylib   0x7fff9a52484c free + 389
4   libclamav.6.dylib   0x000103a00d0d clamav_stats_submit 
+ 413 (stats.c:410)
5   libclamav.6.dylib   0x000103939ddd cl_engine_free + 125 
(readdb.c:3269)
6   clamd   0x000103906db3 reload_db + 163 
(server-th.c:196)
7   clamd   0x000103908359 recvloop_th + 5145 
(server-th.c:1399)
8   clamd   0x000103903f4b main + 5323 
(clamd.c:721)
9   clamd   0x0001038febe4 start + 52


James.___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Crash on reload. Version 0.98.3. Mac OS X 10.7.5

[James Brown]

On 8 May 2014, at 11:42 am, Shawn Webb  wrote:

> Hey James,
> 
> Can you paste your clamd.conf file please?

Hi Shawn.

Below is my clamd.conf. The only difference is that I have now turned off the 
StatsEnabled. Hopefully this will fix it.

James.

##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##


# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes

# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
# rotation (the LogRotate option) will always be enabled.
# Default: 1M
LogFileMaxSize 2M

# Log time with each message.
# Default: no
LogTime yes

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes

# Use system logger (can work together with LogFile).
# Default: no
#LogSyslog yes

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable verbose logging.
# Default: no
#LogVerbose yes

# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
# Default: no
LogRotate yes

# Log additional information about the infected file, such as its
# size and hash, together with the virus name.
#ExtendedDetectionInfo yes
ExtendedDetectionInfo yes

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamd/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /usr/local/clamav

# Only load the official signatures published by the ClamAV project.
# Default: no
#OfficialDatabaseOnly no

# The daemon can work in local mode, network mode or both. 
# Due to security reasons we recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd

# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
#LocalSocketGroup virusgroup

# Sets the permissions on the unix socket to the specified mode.
# Default: disabled (socket is world accessible)
#LocalSocketMode 660

# Remove stale socket after unclean shutdown.
# Default: yes
#FixStaleSocket yes

# TCP port address.
# Default: no
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world. This option can be specified multiple
# times if you want to listen on multiple IPs. IPv6 is now supported.
# Default: no
#TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 200
#MaxConnectionQueueLength 30

# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 25M
#StreamMaxLength 10M

# Limit port range.
# Default: 1024
#StreamMinPort 3
# Default: 2048
#StreamMaxPort 32000

# Maximum number of threads running at the same time.
# Default: 10
#MaxThreads 20

# Waiting for data from a client socket will timeout after this time (seconds).
# Default: 120
#ReadTimeout 300

# This option specifies the time (in seconds) after which clamd should
# timeout if a client doesn't provide any initial command after connecting.
# Default: 5
#CommandReadTimeout 5

# This option specifies how long to wait (in miliseconds) if the send buffer is 
full.
# Keep this value low to prevent clamd hanging
#
# Default: 500
#SendBufTimeout 200

# Maximum number of queued items (including those being processed by MaxThreads 
threads)
# It is recommended to have this value at least twice MaxThreads if possible.
# WARNING: you shouldn't increase this too much to avoid running out  of file 
descriptors,
# the following condition should hold:
# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual 
max is

Re: [clamav-users] Crash on reload. Version 0.98.3. Mac OS X 10.7.5

[James Brown]

On 8 May 2014, at 11:45 am, James Brown  wrote:

> The only difference is that I have now turned off the StatsEnabled. Hopefully 
> this will fix it.

Yep, that was it.

With StatsEnabled left at the default of Disabled, Clamd was successfully 
notified about the update and duly reloaded the database without crashing.

James.___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Crash on reload. Version 0.98.3. Mac OS X 10.7.5

[James Brown]

On 8 May 2014, at 12:02 pm, Dennis Peterson  wrote:

> On 5/7/14, 6:38 PM, James Brown wrote:
>> Have just upgraded to version 0.98.3 from 0.98.1.
>> 
>> Clamd starts fine, but anytime I reload the database (e.g. running 
>> freshclam) clamd will crash.
>> 
>> 
> Would you mind pasting in the output of clamconf too, please. I'd like to see 
> the build options compared to my own.
> 
> dp

$ clamconf
Checking configuration files in /usr/local/etc

Config file: clamd.conf
---
LogFile = "/var/log/clamd.log"
StatsHostID disabled
StatsEnabled disabled
StatsPEDisabled disabled
StatsTimeout disabled
LogFileUnlock disabled
LogFileMaxSize = "2097152"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/var/run/clamd/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/usr/local/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/tmp/clamd"
LocalSocketGroup disabled
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "200"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "10"
ReadTimeout = "120"
CommandReadTimeout = "5"
SendBufTimeout = "500"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User disabled
AllowSupplementaryGroups disabled
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "5000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages = "yes"
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "1"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
ScanOnAccess disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled

Config file: freshclam.conf
---
StatsHostID disabled
StatsEnabled disabled
StatsTimeout disabled
LogFileMaxSize = "4294967295"
LogTime disabled
LogSyslog = "yes"
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate disabled
PidFile = "/var/run/freshclam.pid"
DatabaseDirectory = "/usr/local/clamav"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/freshclam.log"
DatabaseOwner = "clamav"
Checks = "48"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.AU.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "3"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/usr/local/etc/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats = "/usr/local/etc/clamd.conf"
DetectionStatsCountry disabled
DetectionStatsHostID disabled
Safe

[clamav-users] Freshclam failing

[James Brown]

Freshclam keeps failing for me. I delete the Mirrors.dat file and try again. 
Sometime it works, sometimes it claims that all of the mirrors are not 
synchronised. 

This is the sort of thing I get running freshclam:

$ sudo freshclam
Password:
ClamAV update process started at Thu Mar 12 09:56:45 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
WARNING: getfile: daily-20178.cdiff not found on remote server (IP: 
193.1.193.64)
WARNING: getpatch: Can't download daily-20178.cdiff from db.AU.clamav.net
Trying host db.AU.clamav.net (117.104.160.194)...
WARNING: getfile: daily-20178.cdiff not found on remote server (IP: 
117.104.160.194)
WARNING: getpatch: Can't download daily-20178.cdiff from db.AU.clamav.net
WARNING: getpatch: Can't download daily-20178.cdiff from db.AU.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
WARNING: Mirror 117.104.160.194 is not synchronized.
Trying again in 5 secs...
ClamAV update process started at Thu Mar 12 09:56:56 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Trying host db.AU.clamav.net (193.1.193.64)...
WARNING: getfile: daily-20178.cdiff not found on remote server (IP: 
193.1.193.64)
WARNING: getpatch: Can't download daily-20178.cdiff from db.AU.clamav.net
WARNING: getpatch: Can't download daily-20178.cdiff from db.AU.clamav.net
WARNING: getpatch: Can't download daily-20178.cdiff from db.AU.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
WARNING: Mirror 117.104.160.194 is not synchronized.
Trying again in 5 secs...
ClamAV update process started at Thu Mar 12 09:57:04 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Trying host db.AU.clamav.net (193.1.193.64)...
WARNING: getfile: daily-20178.cdiff not found on remote server (IP: 
193.1.193.64)
WARNING: getpatch: Can't download daily-20178.cdiff from db.AU.clamav.net
WARNING: getpatch: Can't download daily-20178.cdiff from db.AU.clamav.net
ERROR: getpatch: Can't download daily-20178.cdiff from db.AU.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
WARNING: Mirror 117.104.160.194 is not synchronized.
Giving up on db.AU.clamav.net...
ClamAV update process started at Thu Mar 12 09:57:06 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Trying host database.clamav.net (193.1.193.64)...
WARNING: getfile: daily-20178.cdiff not found on remote server (IP: 
193.1.193.64)
WARNING: getpatch: Can't download daily-20178.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-20178.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-20178.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
WARNING: Mirror 117.104.160.194 is not synchronized.
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in 
/usr/local/etc/freshclam.conf is working. Check 
http://www.clamav.net/doc/mirrors-faq.html for possible reasons.

Is it just the Australian mirrors that are the problem? Should I get my country 
to be somewhere else?

They are very unreliable - obviously running with outdated signatures is not 
good!

Any suggestions? 

Shouldn’t it try another server when db.AU.clamav.net 
 fails? Looks like in the above example it keeps 
trying 193.1.193.64 and 117.104.160.194.

Thanks,

James.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam failing

[James Brown]

OK, just deleted the Mirrors.dat file again and re-ran freshclam.

This time it managed to download the cdiff files, but fails on safe 
browsing.cvd:

$ sudo freshclam
Password:
ClamAV update process started at Thu Mar 12 10:07:04 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-20178.cdiff [100%]
Downloading daily-20179.cdiff [100%]
Downloading daily-20180.cdiff [100%]
Downloading daily-20181.cdiff [100%]
daily.cld updated (version: 20181, sigs: 1345679, f-level: 63, builder: neo)
Empty script safebrowsing-43085.cdiff, need to download entire database
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from db.AU.clamav.net (IP: 
193.1.193.64): Operation now in progress
WARNING: Can't download safebrowsing.cvd from db.AU.clamav.net
Trying again in 5 secs...
ClamAV update process started at Thu Mar 12 10:07:51 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20181, sigs: 1345679, f-level: 63, builder: 
neo)
Empty script safebrowsing-43085.cdiff, need to download entire database
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from db.AU.clamav.net (IP: 
193.1.193.64): Operation now in progress
WARNING: Can't download safebrowsing.cvd from db.AU.clamav.net
Trying again in 5 secs...
ClamAV update process started at Thu Mar 12 10:08:28 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20181, sigs: 1345679, f-level: 63, builder: 
neo)
Trying host db.AU.clamav.net (117.104.160.194)...
Empty script safebrowsing-43085.cdiff, need to download entire database
nonblock_recv: recv timing out (30 secs)
ERROR: getfile: Error while reading database from db.AU.clamav.net (IP: 
117.104.160.194): Operation now in progress
ERROR: Can't download safebrowsing.cvd from db.AU.clamav.net
Giving up on db.AU.clamav.net...
ClamAV update process started at Thu Mar 12 10:09:03 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20181, sigs: 1345679, f-level: 63, builder: 
neo)
Trying host database.clamav.net (117.104.160.194)...
Empty script safebrowsing-43085.cdiff, need to download entire database
nonblock_recv: recv timing out (30 secs)
ERROR: getfile: Error while reading database from database.clamav.net (IP: 
117.104.160.194): Operation now in progress
ERROR: Can't download safebrowsing.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in 
/usr/local/etc/freshclam.conf is working. Check 
http://www.clamav.net/doc/mirrors-faq.html for possible reasons.

Thanks,

James.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam failing

[James Brown]

> On 12 Mar 2015, at 10:11 am, Benny Pedersen  wrote:
> 
> James Brown skrev den 2015-03-12 00:04:
>> Freshclam keeps failing for me. I delete the Mirrors.dat file and try
>> again. Sometime it works, sometimes it claims that all of the mirrors
>> are not synchronised.
> 
> freshclam --list-mirrors
> 
> try change mirror country temporary, but mirror admins would solve from the 
> --list-mirrors

$ freshclam --list-mirrors
Mirror #1
IP: 193.1.193.64
Successes: 4
Failures: 2
Last access: Thu Mar 12 10:08:22 2015
Ignore: Yes
-
Mirror #2
IP: 117.104.160.194
Successes: 0
Failures: 2
Last access: Thu Mar 12 10:09:36 2015
Ignore: Yes

James.

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam failing

[James Brown]

Thanks Dennis, JP seems to be much better:

$ sudo freshclam
ClamAV update process started at Thu Mar 12 12:08:25 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-20182.cdiff [100%]
daily.cld updated (version: 20182, sigs: 1346196, f-level: 63, builder: neo)
Empty script safebrowsing-43085.cdiff, need to download entire database
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from db.JP.clamav.net (IP: 
219.94.128.99): Operation now in progress
WARNING: Can't download safebrowsing.cvd from db.JP.clamav.net
Trying again in 5 secs...
ClamAV update process started at Thu Mar 12 12:09:09 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20182, sigs: 1346196, f-level: 63, builder: 
neo)
Empty script safebrowsing-43085.cdiff, need to download entire database
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from db.JP.clamav.net (IP: 
203.178.137.175): Operation now in progress
WARNING: Can't download safebrowsing.cvd from db.JP.clamav.net
Trying again in 5 secs...
ClamAV update process started at Thu Mar 12 12:09:45 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20182, sigs: 1346196, f-level: 63, builder: 
neo)
Empty script safebrowsing-43085.cdiff, need to download entire database
Downloading safebrowsing.cvd [100%]
safebrowsing.cvd updated (version: 43119, sigs: 1223029, f-level: 63, builder: 
google)
bytecode.cld is up to date (version: 247, sigs: 41, f-level: 63, builder: 
dgoddard)
Database updated (4993491 signatures) from db.JP.clamav.net (IP: 27.96.54.66)
Clamd successfully notified about the update.

Thanks again,

James.

> On 12 Mar 2015, at 11:24 am, Dennis Peterson  wrote:
> 
> Try using db.jp.clamav.net. Lots of mirrors and they're practically next door 
> as under-sea cables go.
> 
> nslookup db.jp.clamav.net
> Server: 127.0.0.1
> Address:127.0.0.1#53
> 
> Non-authoritative answer:
> Name:   db.jp.clamav.net
> Address: 27.96.54.66
> Name:   db.jp.clamav.net
> Address: 120.29.176.126
> Name:   db.jp.clamav.net
> Address: 203.178.137.175
> Name:   db.jp.clamav.net
> Address: 203.212.42.128
> Name:   db.jp.clamav.net
> Address: 218.44.253.75
> Name:   db.jp.clamav.net
> Address: 219.94.128.99
> 
> The US list has some serious problems, too. Two sites with zero successes and 
> each with 10 or more failures. Surely Cisco can do better than this. The 
> internet runs on their hardware.
> 
> freshclam --list-mirrors |grep -B3 -A3 Failures:\ [12][0-9]
> Mirror #4
> IP: 209.198.147.20
> Successes: 10
> Failures: 12
> Last access: Mon Mar  2 03:14:39 2015
> Ignore: No
> -
> --
> Mirror #6
> IP: 78.46.84.244
> Successes: 0
> Failures: 25
> Last access: Wed Mar  4 04:38:58 2015
> Ignore: No
> -
> --
> Mirror #12
> IP: 65.19.179.67
> Successes: 0
> Failures: 23
> Last access: Mon Feb  9 03:45:32 2015
> Ignore: No
> -
> 
> 
> dp
> 
> On 3/11/15 4:14 PM, James Brown wrote:
>>> On 12 Mar 2015, at 10:11 am, Benny Pedersen  wrote:
>>> 
>>> James Brown skrev den 2015-03-12 00:04:
>>>> Freshclam keeps failing for me. I delete the Mirrors.dat file and try
>>>> again. Sometime it works, sometimes it claims that all of the mirrors
>>>> are not synchronised.
>>> freshclam --list-mirrors
>>> 
>>> try change mirror country temporary, but mirror admins would solve from the 
>>> --list-mirrors
>> $ freshclam --list-mirrors
>> Mirror #1
>> IP: 193.1.193.64
>> Successes: 4
>> Failures: 2
>> Last access: Thu Mar 12 10:08:22 2015
>> Ignore: Yes
>> -
>> Mirror #2
>> IP: 117.104.160.194
>> Successes: 0
>> Failures: 2
>> Last access: Thu Mar 12 10:09:36 2015
>> Ignore: Yes
>> 
>> James.
>> 
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-users] Greeting Card virus

[James Brown]

On 20/07/2007, at 4:31 AM, Jeff Thurston wrote:
>>
>
> No, they are not gzipped, I used the #2 download script and they  
> are stored
> in /usr/local/share/clamav/sanesecurity.inc/
>
> From my clamav.log:
>
> Thu Jul 19 10:31:14 2007 -> Database correctly reloaded (156058  
> signatures)
> Thu Jul 19 10:32:03 2007 ->
> /var/lib/amavis/tmp/amavis-20070719T102627-11606/parts/p002:
> Html.Phishing.Sanesecurity.TestSig FOUND
> Thu Jul 19 10:42:19 2007 -> Reading databases from /usr/local/share/ 
> clamav
> Thu Jul 19 10:42:26 2007 -> Database correctly reloaded (158975  
> signatures)
> Thu Jul 19 10:46:43 2007 ->
> /var/lib/amavis/tmp/amavis-20070719T104137-14452/parts/p003:
> MSRBL-Images/1-0-wsv6 FOUND
>
> So the signatures are loaded and presumably working.
> That report was simply from clamd --version and freshclam log output.

I'm using the sanesecurity and MSRBL files too and are getting the  
same spam.

I'll start sending them to Steve to incorporate.

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Greeting Card virus

[James Brown]

I've sent lots of these emails to Steve at Sane Security, and he has  
adjusted the sigs to stop them in the future.

If you have a string of similar spams get through, please forward  
them on to him - otherwise if no one tells him about them, they'll  
never get added.

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Compiling 0.91.1 for Intel Mac - problems

[James Brown]

I'm trying to upgrade an Intel-based  Mac Mini from 0.88.1 to 0.99.1.

Compiling is giving me errors. Make ends in:

ld: warning multiple definitions of symbol _BZ2_rNums
.libs/bzlib.o definition of _BZ2_rNums in section (__TEXT,__const)
/usr/lib/gcc/i686-apple-darwin8/4.0.1/../../../libbz2.dylib 
(randtable.o) definition of _BZ2_rNums
ld: common symbols not allowed with MH_DYLIB output format with the - 
multi_module option
/usr/local/lib/libgmp.a(mp_bpl.o) definition of common ___gmp_junk  
(size 16)
/usr/bin/libtool: internal link edit command failed
make[2]: *** [libclamav.la] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

Any suggestions?

I've done make uninstall from the old 0.88.1 folder first.

Thanks,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav gcc dependendencies ...

[James Brown]

On 19/12/2007, at 11:29 AM, fchan wrote:

> Hi,
> I just configure with CFLAGS="-O0" and did make and make install  
> and it worked on my Mac running 10.4.11!
> However we in the Apple user community are at the mercy of Apple as  
> to when Apple will update gcc to 4.1.1 or later. I had pre-release  
> version of gcc-4.2.1 from Apple which didn't work on compiling  
> clamav on my Mac running 10.4.11. This pre-release version of  
> gcc-4.2.1 was for a different project so I didn't think it would  
> work since it was partial release.
>
> Frank

Yes. This was a life saver for me! On Intel machine, changing  
compiler to gcc 3.3 did not work (it does on my PowerPC machine).  
Switched back to 4.0 and ran:

./configure --enable-experimental CFLAGS="-O0"

It compiled perfectly.

So thanks Frank and Trk Edwin.

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav gcc dependendencies ...

[James Brown]

On 11/01/2008, at 10:43 PM, G.W. Haywood wrote:

> Hi there,
>
> On Fri, 11 Jan 2008 James Brown wrote:
>
>> On Intel machine, changing compiler to gcc 3.3 did not work (it does
>> on my PowerPC machine).  Switched back to 4.0 and ran:
>>
>> ./configure --enable-experimental CFLAGS="-O0"
>>
>> It compiled perfectly.
>>
>> So thanks Frank and Trk Edwin.
>
> FWIW I've compiled ClamAV 0.92 with gcc 4.2.2 on x86 with no problems.
>
> --
>
> 73,
> Ged.

Sorry Ged, I forgot to mention that this was on a Mac OS X system,  
which ships with 4.0.1. I think the problem does not occur with  
versions of gcc greater than 4.10.

James.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Another error configuring ClamAV on FC4 :-(

[James Brown]

On 11/01/2008, at 6:46 PM, Jean Jacques Siebrits wrote:

>
> Hey everyone
>
> I got another error when configuring ClamAV on FC4.  During  
> configuration I get this:
>
> checking for a supported version of gcc... ok (4.0.2)checking for  
> gcc bug PR27603... ok, bug not presentchecking for gcc bug  
> PR28045... configure: error: your compiler has gcc PR28045 bug, use  
> a different compiler, see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28045
>
> Now we have tried to update GCC and even YUM but to no avail.
>
> Any ideas for me?
>
> Thanks
> _
> Get the next generation of Free Windows Live Services
> http://get.live.com
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html

I had just posted to say that using the CFLAGS="-O0" configure option  
fixed this problem for me on an Intel based Mac (using gcc 4.0.1).  
Switching to gcc 3.3 fixed things for my PowerPC based Mac, but not  
the Intel one.

I think gcc versions greater than 4.10 or less than 4 should work OK.

Anyway, perhaps give the ./configure CFLAGS="-O0" a try.

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Another error configuring ClamAV on FC4 :-(

[James Brown]

On 12/01/2008, at 12:03 AM, Jean Jacques Siebrits wrote:

>
> Thanks for the reply.
>
> The custom configuration line that we use is:
>
> ./configure --prefix=/usr --sysconfdir=/etc --datadir=/var/run/ 
> clamav --enable-milter --disable-clamuko --with-libcurl=no --disable- 
> zlib-vcheck
>
> Should I ad the   --CFLAGS="-O0"   parameter at the end?

No, just CFLAGS="-O0", ie no '--' at the front.

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] How to increase freshclam's log file limit

[James Brown]

My freshclam.log only shows entries like:

Log size = 11242653, max = 1048576
LOGGING DISABLED (Maximal log file size exceeded).

How can I increase the max log file size?

Thanks,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] How to increase freshclam's log file limit

[James Brown]

On 21/01/2008, at 4:03 PM, Dennis Peterson wrote:

> James Brown wrote:
>> My freshclam.log only shows entries like:
>>
>> Log size = 11242653, max = 1048576
>> LOGGING DISABLED (Maximal log file size exceeded).
>>
>> How can I increase the max log file size?
>
> The current build of ClamAV has this in the example freshclam.conf  
> file:
>
> # Maximum size of the log file.
> # Value of 0 disables the limit.
> # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
> # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
> # in bytes just don't use modifiers.
> # Default: 1M
> #LogFileMaxSize 2M

I looked for something like this, but I have nothing in the  
freshclam.conf file. I could not find any other freshclam.conf files  
on my system. (I have the text in clamd.conf).

I'll add that text to freshclam.conf, and then run freshclam again.

Thanks,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] How to increase freshclam's log file limit

[James Brown]

On 21/01/2008, at 4:45 PM, Dennis Peterson wrote:

> James Brown wrote:
>
>>
>> Added the above text, but with LogFileMaxSize 0, (without the '#' of
>> course!).
>>
>> ran /usr/local/bin/freshclam
>>
>> still got a LOGGING DISABLED error in freshclam.log
>>
>> Thanks Dennis & Bill,
>
> Did you stop and restart freshclam (assuming you run it as a daemon)?

i suppose it must run as a daemon, but I can't find it in my list of  
running processors. Would it have another name?
>
> What version of ClamAV?
>
0.92

> What do you get when you run clamconf?

clamconf
/usr/local/etc/clamd.conf: clamd directives
--
LogFile = "/var/log/clamd.log"
LogFileUnlock = no
LogFileMaxSize = 1048576
LogTime = yes
LogClean = no
LogVerbose = no
LogSyslog = no
LogFacility = "LOG_LOCAL6"
PidFile = "/var/run/clamd.pid"
TemporaryDirectory not set
ScanPE = yes
ScanELF = yes
DetectBrokenExecutables = no
ScanMail = yes
MailFollowURLs = no
MailMaxRecursion = 64
PhishingSignatures = yes
PhishingScanURLs = yes
PhishingAlwaysBlockCloak = no
PhishingAlwaysBlockSSLMismatch = no
PhishingRestrictedScan = yes
DetectPUA = no
AlgorithmicDetection = yes
ScanHTML = yes
ScanOLE2 = yes
ScanPDF = yes
ScanArchive = yes
ArchiveMaxFileSize = 10485760
ArchiveMaxRecursion = 8
ArchiveMaxFiles = 1000
ArchiveMaxCompressionRatio = 250
ArchiveLimitMemoryUsage = no
ArchiveBlockEncrypted = no
ArchiveBlockMax = no
DatabaseDirectory = "/usr/local/share/clamav"
TCPAddr not set
TCPSocket not set
LocalSocket = "/tmp/clamd.socket"
MaxConnectionQueueLength = 15
StreamMaxLength = 10485760
StreamMinPort = 1024
StreamMaxPort = 2048
MaxThreads = 10
ReadTimeout = 120
IdleTimeout = 30
MaxDirectoryRecursion = 15
FollowDirectorySymlinks = no
FollowFileSymlinks = no
ExitOnOOM = no
Foreground = no
Debug = no
LeaveTemporaryFiles = no
FixStaleSocket = yes
User not set
AllowSupplementaryGroups = no
SelfCheck = 1800
VirusEvent not set
ClamukoScanOnAccess not set
ClamukoScanOnOpen not set
ClamukoScanOnClose not set
ClamukoScanOnExec not set
ClamukoIncludePath not set
ClamukoExcludePath not set
ClamukoMaxFileSize = 5242880
DevACOnly not set
DevACDepth not set

/usr/local/etc/freshclam.conf: freshclam directives
--
LogFileMaxSize = 1048576
LogTime = no
LogVerbose = no
LogSyslog = no
LogFacility = "LOG_LOCAL6"
PidFile not set
DatabaseDirectory = "/usr/local/share/clamav"
Foreground = no
Debug = no
AllowSupplementaryGroups = no
DatabaseOwner = "clamav"
Checks = 12
UpdateLogFile = "/var/log/freshclam.log"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.au.clamav.net"
MaxAttempts = 3
ScriptedUpdates = yes
HTTPProxyServer not set
HTTPProxyPort not set
HTTPProxyUsername not set
HTTPProxyPassword not set
HTTPUserAgent not set
NotifyClamd = "/usr/local/etc/clamd.conf"
OnUpdateExecute not set
OnErrorExecute not set
OnOutdatedExecute not set
LocalIPAddress not set
ConnectTimeout = 30
ReceiveTimeout = 30

Engine and signature databases
--
Engine version: 0.92 (with experimental code)
Database directory: /usr/local/share/clamav
main db: Format: .inc, Version: 45, Build time: Mon Dec 10 02:50:53 2007
daily db: Format: .cvd, Version: 5505, Build time: Mon Jan 21  
10:48:59 2008


Thanks,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] How to increase freshclam's log file limit

[James Brown]

On 21/01/2008, at 4:03 PM, Dennis Peterson wrote:

> James Brown wrote:
>> My freshclam.log only shows entries like:
>>
>> Log size = 11242653, max = 1048576
>> LOGGING DISABLED (Maximal log file size exceeded).
>>
>> How can I increase the max log file size?
>
>
> The current build of ClamAV has this in the example freshclam.conf  
> file:
>
> # Maximum size of the log file.
> # Value of 0 disables the limit.
> # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
> # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
> # in bytes just don't use modifiers.
> # Default: 1M
> #LogFileMaxSize 2M
>
>
> The default as you have discovered is 1 meg. Edit your version of  
> the installed
> freshclam.conf file and make the LogFileMaxSize what ever you wish.

Added the above text, but with LogFileMaxSize 0, (without the '#' of  
course!).

ran /usr/local/bin/freshclam

still got a LOGGING DISABLED error in freshclam.log

Thanks Dennis & Bill,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] How to increase freshclam's log file limit

[James Brown]

On 21/01/2008, at 9:41 PM, Stephen Gran wrote:

> On Mon, Jan 21, 2008 at 05:22:34PM +1100, James Brown said:
>> /usr/local/etc/freshclam.conf: freshclam directives
>> --
>> LogFileMaxSize = 1048576
>
> That says it's not 0, as you said.  Did you edit the right file?

You are of course quite right.

I was editing /private/etc/freshclam.conf when I should have been  
editing /usr/local/etc/freshclam.conf

Thanks for all your help everyone.

I feel very silly for not realising.

Thanks.

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] help, can't compile clamav-0.92 ("gcc bug")

[James Brown]

On 27/01/2008, at 9:27 PM, Matthias Schmidt wrote:

> Am/On Tue, 18 Dec 2007 05:14:40 + schrieb/wrote Robert:
>
>>
>> On 17 Dec 2007, at 19:15, fchan wrote:
>>
>>> Hi,
>>> I have the same thing happening a my MacBookPro. I get this message
>>> also:
>>> checking for gcc bug PR28045... configure: error: your compiler has
>>> gcc PR28045 bug, use a different compiler, see
>>> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28045
>>>
>>> I'm using xcode_2.4.1_8m and I'm downloading xcode_3.0 to hopefully
>>> resolve this issue and hopefully that Apple updated gcc on this  
>>> newer
>>> xcode. Any other Mac people seen this issue?
>>>
>>> Thank you,
>>> Frank
>>
>>
>> Just got the same error running os x 10.4.11 (ppc).
>> Haven't tried under 10.5 yet...
>> Re-installed clam 0.91.2 and all is well again.
>
> I have the last version of XCode installed under Leopard.
> Just wanted to install on a 10.5.1 Server 0.92 and get the same error
> after running configure.
>
> Do I need to install gcc 4.2.2?
> Can that just be downloaded and installed?
>
> Thanks and all the best
>
> Matthias

Matthias, did you try adding CFLAGS="-O0" to your ./configure  
command? Eg:

./configure --enable-experimental CFLAGS="-O0"

This worked for me when I was getting the same errors. See the  
threads on this list on 11 and 12 January.

HTH,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] US-CERT alert regarding ClamAV

[James Brown]

On 16/04/2008, at 4:33 AM, fchan wrote:


This part of clamav-0.92 and new fix of a bug. 
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=613

And in short we need to get gcc4.1.1 or newer to get this work on  
Macintosh 10.4.11 and xcode 2.5 which only has an gcc 4.0.1. However  
Apple hasn't released gcc 4.1.1 or newer for the Mac 10.4.11 so we  
are left to use this an workaround for this an Japanese clamav user  
found this and here is the workaround:

export CFLAGS='-g'
"-g" means debug mode building. Then configure and make as you have  
done before.


I hope this helps.
Frank


John Rudd wrote:
Oh, and, while we're on the subject, what about 0.88.6?  is that  
version

vulnerable? (don't tell me to upgrade -- I haven't been able to get
newer versions to compile on Mac OS X 10.4.x)


Frank & John, I've used ./configure --enable-experimental CFLAGS="-O0"  
to get ClamAV (including 0.93 yesterday) to compile on Intel Macs (as  
have others).


James.

smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.93.1 RC1

[James Brown]

On 30/05/2008, at 1:34 AM, Ian Eiloart wrote:
>
> Fails to compile on OSX 10.5.2 and 10.5.3 (client and server) with  
> XCode
> 3.0. Apple's distributions include a version of gcc4.0.1 (yes, it's  
> very
> old), which ClamAV's configure script doesn't like that version of  
> gcc:
>
>
> % ./configure
> ...
> ...
> ...
> checking for a supported version of gcc... ok (4.0.1)
> checking for gcc bug PR27603... ok, bug not present
> checking for gcc bug PR26763-2... ok, bug not present
> checking for valid code generation of CLI_ISCONTAINED... ok, bug not  
> present
> checking for gcc bug PR28045... configure: error: your compiler has  
> gcc
> PR28045 bug, use a different compiler, see
> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28045
>
>
>
> /Developer/usr/bin/gcc-4.0 -v
> Using built-in specs.
> Target: i686-apple-darwin9
> Configured with: /var/tmp/gcc/gcc-5465~16/src/configure --disable- 
> checking
> -enable-werror --prefix=/usr --mandir=/share/man
> --enable-languages=c,objc,c++,obj-c++
> --program-transform-name=/^[cg][^.-]*$/s/$/-4.0/
> --with-gxx-include-dir=/include/c++/4.0.0 --with-slibdir=/usr/lib
> --build=i686-apple-darwin9 --with-arch=apple --with-tune=generic
> --host=i686-apple-darwin9 --target=i686-apple-darwin9
> Thread model: posix
> gcc version 4.0.1 (Apple Inc. build 5465)
>
>
> -- 
> Ian Eiloart

Ian, this worked for me to get earlier versions to compile under OS X:

did you try adding CFLAGS="-O0" to your ./configure
command? Eg:

./configure --enable-experimental CFLAGS="-O0"

This worked for me when I was getting the same errors. See the
threads on this list on 11 and 12 January.

I haven't tried it on 93.1 RC1, but have on 0.93 and some of the .92  
releases.

James.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Error with make on Mac OS X 10.4.11 Intel - 0.94

[James Brown]

Get this when I run make:

ld: warning can't open dynamic library: /usr/local/lib/libclamunrar. 
5.dylib referenced from: ../libclamunrar_iface/.libs/ 
libclamunrar_iface.dylib (checking for undefined symbols may be  
affected) (No such file or directory, errno = 2)

ld: Undefined symbols:
_ppm_constructor referenced from libclamunrar expected to be defined  
in /usr/local/lib/libclamunrar.5.dylib
_ppm_destructor referenced from libclamunrar expected to be defined  
in /usr/local/lib/libclamunrar.5.dylib
_rar_init_filters referenced from libclamunrar expected to be defined  
in /usr/local/lib/libclamunrar.5.dylib
_rar_unpack referenced from libclamunrar expected to be defined in / 
usr/local/lib/libclamunrar.5.dylib
_rarvm_free referenced from libclamunrar expected to be defined in / 
usr/local/lib/libclamunrar.5.dylib

/usr/bin/libtool: internal link edit command failed
make[4]: *** [libclamav.la] Error 1
make[3]: *** [all-recursive] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

Configure command used was:

./configure --enable-experimental CFLAGS="-O0"

Any suggestions?

Thanks,

James.

smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Error with make on Mac OS X 10.4.11 Intel - 0.94

[James Brown]

On 04/09/2008, at 4:26 PM, Török Edwin wrote:


On 2008-09-04 02:26, James Brown wrote:

Get this when I run make:

ld: warning can't open dynamic library:
/usr/local/lib/libclamunrar.5.dylib referenced from:
../libclamunrar_iface/.libs/libclamunrar_iface.dylib (checking for
undefined symbols may be affected) (No such file or directory,  
errno = 2)


Did libclamunrar get built correctly? Look in libclamunrar/.libs/
It should be using libclamunrar from .libs not from /usr/local/lib.
Also please show us the ld command that failed.

Best regards,
--Edwin


Thanks Edwin.

$ locate libclamunrar
/usr/local/lib/libclamunrar.4.0.1.dylib
/usr/local/lib/libclamunrar.4.0.3.dylib
/usr/local/lib/libclamunrar.4.0.4.dylib
/usr/local/lib/libclamunrar.4.dylib
/usr/local/lib/libclamunrar.a
/usr/local/lib/libclamunrar.dylib
/usr/local/lib/libclamunrar.la
/usr/local/lib/libclamunrar_iface.4.0.1.dylib
/usr/local/lib/libclamunrar_iface.4.0.3.dylib
/usr/local/lib/libclamunrar_iface.4.0.4.dylib
/usr/local/lib/libclamunrar_iface.4.dylib
/usr/local/lib/libclamunrar_iface.a
/usr/local/lib/libclamunrar_iface.dylib
/usr/local/lib/libclamunrar_iface.la

so looks like I have version 4 not 5 of libclamunrar?

Not sure what the ld command was. After the ./configure command I  
typed 'make' and that was the error it stopped with.


The bit before the ld warning was:

rm -fr .libs/libclamav.lax
mkdir .libs/libclamav.lax
rm -fr .libs/libclamav.lax/liblzma.a
mkdir .libs/libclamav.lax/liblzma.a
Extracting /Users/jlbrown/Desktop/clamav-0.94/libclamav/lzma/.libs/ 
liblzma.a
(cd .libs/libclamav.lax/liblzma.a && ar x /Users/jlbrown/Desktop/ 
clamav-0.94/libclamav/lzma/.libs/liblzma.a)
gcc -dynamiclib  -o .libs/libclamav.5.0.1.dylib  .libs/matcher- 
ac.o .libs/matcher-bm.o .libs/matcher.o .libs/md5.o .libs/ 
others.o .libs/readdb.o .libs/cvd.o .libs/dsig.o .libs/str.o .libs/ 
scanners.o .libs/textdet.o .libs/filetypes.o .libs/rtf.o .libs/ 
blob.o .libs/mbox.o .libs/message.o .libs/table.o .libs/text.o .libs/ 
ole2_extract.o .libs/vba_extract.o .libs/msexpand.o .libs/pe.o .libs/ 
disasm.o .libs/upx.o .libs/htmlnorm.o .libs/chmunpack.o .libs/ 
rebuildpe.o .libs/petite.o .libs/wwunpack.o .libs/unsp.o .libs/ 
aspack.o .libs/packlibs.o .libs/fsg.o .libs/mew.o .libs/upack.o .libs/ 
line.o .libs/untar.o .libs/unzip.o .libs/inflate64.o .libs/ 
special.o .libs/binhex.o .libs/is_tar.o .libs/tnef.o .libs/ 
autoit.o .libs/strlcpy.o .libs/regcomp.o .libs/regerror.o .libs/ 
regexec.o .libs/regfree.o .libs/unarj.o .libs/bzlib.o .libs/ 
nulsft.o .libs/infblock.o .libs/pdf.o .libs/spin.o .libs/yc.o .libs/ 
elf.o .libs/sis.o .libs/uuencode.o .libs/phishcheck.o .libs/ 
phish_domaincheck_db.o .libs/phish_whitelist.o .libs/ 
regex_list.o .libs/regex_suffix.o .libs/mspack.o .libs/cab.o .libs/ 
entconv.o .libs/hashtab.o .libs/dconf.o .libs/lzma_iface.o .libs/ 
explode.o .libs/textnorm.o .libs/dlp.o .libs/js-norm.o .libs/ 
uniq.o .libs/version.o  .libs/libclamav.lax/liblzma.a/ 
LzmaStateDecode.o   ../libclamunrar_iface/.libs/ 
libclamunrar_iface.dylib /usr/local/lib/libclamunrar.dylib -L/usr/ 
local/lib -lz -lbz2 /usr/local/lib/libgmp.dylib /usr/lib/ 
libiconv.dylib  -install_name  /usr/local/lib/libclamav.5.dylib - 
compatibility_version 6 -current_version 6.1 -Wl,-single_module



I did also see errors like this:

phishcheck.c: In function 'validate_uri_xalphas_nodot':
phishcheck.c:973: warning: pointer targets in initialization differ in  
signedness
phishcheck.c:974: warning: pointer targets in assignment differ in  
signedness

phishcheck.c: In function 'validate_uri_xpalphas_nodot':
phishcheck.c:983: warning: pointer targets in initialization differ in  
signedness
phishcheck.c:984: warning: pointer targets in assignment differ in  
signedness

phishcheck.c: In function 'validate_uri_ialpha':
phishcheck.c:995: warning: pointer targets in initialization differ in  
signedness


and lots of stuff warning re htmlnorm like this:

htmlnorm.c: In function 'html_tag_arg_value':
htmlnorm.c:326: warning: pointer targets in passing argument 1 of  
'strcmp' differ in signedness

htmlnorm.c:327: warning: pointer targets in return differ in signedness
htmlnorm.c: In function 'html_tag_arg_set':
htmlnorm.c:338: warning: pointer targets in passing argument 1 of  
'strcmp' differ in signedness
htmlnorm.c:340: warning: pointer targets in assignment differ in  
signedness

htmlnorm.c: In function 'html_tag_arg_add':
htmlnorm.c:369: warning: pointer targets in passing argument 1 of  
'cli_strdup' differ in signedness
htmlnorm.c:369: warning: pointer targets in assignment differ in  
signedness
htmlnorm.c:372: warning: pointer targets in passing argument 1 of  
'cli_strdup' differ in signedness
htmlnorm.c:372: warning: pointer targets in assignment differ in  
signedness
htmlnorm.c:373: warning: pointer targets in passing argument 1 of  
'strlen' diff

Re: [Clamav-users] Error with make on Mac OS X 10.4.11 Intel - 0.94

[James Brown]

On 04/09/2008, at 5:33 PM, Török Edwin wrote:



That is to be expected, since you are compiling version 5 right now.
Look in your build directory:
$ ls -l libclamunrar/.libs/



No such file or directory.



/usr/local/lib looks wrong there, can you open a bugreport and attach
your full build log, and your config.log?


Just tried, but it won't let me put that much info in because it is  
limited to 65K characters! Couldn't see anyway to attach a file.


Thanks again,

James.



smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Error with make on Mac OS X 10.4.11 Intel - 0.94

[James Brown]

On 04/09/2008, at 5:59 PM, Török Edwin wrote:


On 2008-09-04 10:56, James Brown wrote:


On 04/09/2008, at 5:33 PM, Török Edwin wrote:



That is to be expected, since you are compiling version 5 right now.
Look in your build directory:
$ ls -l libclamunrar/.libs/



No such file or directory.



/usr/local/lib looks wrong there, can you open a bugreport and  
attach

your full build log, and your config.log?


Just tried, but it won't let me put that much info in because it is
limited to 65K characters! Couldn't see anyway to attach a file.



You need to first write a description of the bug, commit, and *then*
you'll be able to attach files.



Great. Done.

It is bug #1162.

James.

smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] announcing ClamAV 0.94.1rc1

[James Brown]

On 17/10/2008, at 11:07 PM, aCaB wrote:


[EMAIL PROTECTED] wrote:

gcc 4.0.1 caused configuration failure with PR bug 28045


Just a FYI...
Apple has released a new Xcode pack with a working gcc. It's a bit
annoying as it requires to register on apple developers site and to
download a whole dvd image but it works perfectly with -O2


I can confirm this. Xcode 3.1.1 compiles with no need to use any CFAGS  
options on the ./configure.


0.94.1rc1 compiles and installs fine on OS X Leopard 10.5.5. (Intel).

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] GTUBE test pattern not being picked up

[James Brown]

ClamAV does not pick up the GTUBE test pattern.

GTUBE - the Generic Test for Unsolicited Bulk Email.

This is one of the tests that nospamtoday uses. See: 
http://www.nospamtoday.com/emailsecurity/

Is this because it is redundant because of the Eicar test signature?

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Keep getting this error: SubmitDetectionStats: Incorrect answer from server

[James Brown]

Looking at my Freshclam logs, since 8 Oct 09 I've been getting this error:

ERROR: SubmitDetectionStats: Incorrect answer from server

Could it be firewall issue on my part? Or something else?

I'm on latest stable version.

Thanks,

James.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Keep getting this error: SubmitDetectionStats: Incorrect answer from server

[James Brown]

On 12/03/2010, at 3:10 AM, Luca Gibelli wrote:

> Hello James,
> 
>> Looking at my Freshclam logs, since 8 Oct 09 I've been getting this error:
>> ERROR: SubmitDetectionStats: Incorrect answer from server
>> Could it be firewall issue on my part? Or something else?
>> I'm on latest stable version.
> 
> can you ping stats.clamav.net ? Are you using third party dbs?
> 
> Best regards
> 
> -- 
> Luca Gibelli 

Thanks Luca.

Yes to both questions.

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Keep getting this error: SubmitDetectionStats: Incorrect answer from server

[James Brown]

On 12/03/2010, at 11:40 PM, Luca Gibelli wrote:

> Hello James,
> 
> 
>>> can you ping stats.clamav.net ? Are you using third party dbs?
>> Yes to both questions.
> 
> it's possible that the stats server is rejecting virusnames that don't
> follow our guidelines. We have no control over the virusnames of third
> party dbs.
> 
> Could you do the following:
> 
> - try to submit your stats with freshclam --submit-stats

Thanks Luca.

sudo freshclam --submit-stats
 *** Virus databases are not updated in this mode ***
ERROR: SubmitDetectionStats: Incorrect answer from server

> - if it fails, send me your clamd.log (via private email) or even
>  better, open a bug report and attach the log.
> 

I'll send the log.

Thanks,

James.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Compile error: floating constant exceeds range of 'float' on Mac OS X 10.4.11 (Intel)

[James Brown]

I'm trying to upgrade from 0.94.2 to 0.96.

I configured using:

./configure CFLAGS="-O0"

But 'make' stops with:

 CXXCalcSpillWeights.lo
In file included from ./llvm/include/llvm/CodeGen/LiveIntervalAnalysis.h:25,
 from llvm/lib/CodeGen/CalcSpillWeights.cpp:15:
./llvm/include/llvm/CodeGen/LiveInterval.h:569: error: floating constant 
exceeds range of 'float'
./llvm/include/llvm/CodeGen/LiveInterval.h:574: error: floating constant 
exceeds range of 'float'
llvm/lib/CodeGen/CalcSpillWeights.cpp:111: error: floating constant exceeds 
range of 'float'
make[5]: *** [CalcSpillWeights.lo] Error 1
make[4]: *** [all] Error 2
make[3]: *** [all-recursive] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

Any suggestions?

Thanks,

James.___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Logging not working for scans

[James Brown]

clamd.log records info about shutting down and starting up, but not  
about scans.


I have uncommented LogClean and the log does not change when I run  
clamscan on a folder with 1 clean file in it. clamscan works - ie it  
says how many files were scanned, how long it took etc. But the log  
file does not get touched.


I have also set Verbose Logging on to no avail.

Ran clamscan on the Test folder, it found 5 infected files, but  
again, nothing was written to /tmp/clamd.log.


ClamAV is version 88.1

Permissions on clamd.log are 777.

Any suggestions?

Thanks,

James.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: Logging not working for scans

[James Brown]

Thanks René.

You are 100% correct. I did not know there was clamdscan as well as  
clamscan.


It works perfectly now I am using the correct command.

Thanks.

James.


On 21/04/2006, at 2:02 PM, René Berber wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

James Brown wrote:


clamd.log records info about shutting down and starting up, but not
about scans.

I have uncommented LogClean and the log does not change when I run
clamscan on a folder with 1 clean file in it. clamscan works - ie it
says how many files were scanned, how long it took etc. But the  
log file

does not get touched.

I have also set Verbose Logging on to no avail.

Ran clamscan on the Test folder, it found 5 infected files, but  
again,

nothing was written to /tmp/clamd.log.

ClamAV is version 88.1

Permissions on clamd.log are 777.

Any suggestions?


Use clamdscan.

The log is updated by clamd which is not used by clamscan.
- --
René Berber


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] OT: Download script

[James Brown]

Chris, thanks for posting this script.

I've set it up and it works great!

I don't have the perl skills to do it myself, so really appreciate  
that you've shared your knowledge.


Thanks also to Steve Basford for making the phish.ndb file.

James.

On 25/04/2006, at 6:18 AM, Christopher X. Candreva wrote:


On Mon, 24 Apr 2006, Steve Basford wrote:


The file you need is: http://www.sanesecurity.com/clamav/phish.ndb.gz


I've atached my updated Perl script. It will now check the compressed
archive, and if it is updated download and upcompress it.


==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/

___
http://lurker.clamav.net/list/clamav-users.html


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Disable Specific Document Scanning

[James Brown]

Why do you assume that Office docs are virus free? Does ClamAV not  
check for macro viruses?


James.

On 13/07/2006, at 5:37 AM, Nathan Tullis wrote:


Hello All,



I am new to ClamAV and am just trying to get my head straight!  The  
business
I work for currently uses a Postfix mail server, and we are running  
ClamSMTP
using ClamAV of course.  My problem is that we receive hundreds of  
emails
with Excel & Word document attachments daily.  Some of these  
"legitimate"
files often get blocked, preventing the entire email from going  
through.




My question is, how do I tweak ClamAV to allow Word and Excel  
documents to
get through, but still filter out executables and so forth.  Or how  
would I
go about creating a WhiteList of domain names that will be allowed  
to send

such attachments through?



Thanks for the help!



Nate

___
http://lurker.clamav.net/list/clamav-users.html



___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamd consumes more and more resources

[James Brown]

I've set up a new mail server, running on on an Intel Mac Mini.

Every now and then I notice that there are no new entries in my SMTP  
Proxy's log. Looking at Activity Monitor I notice that clamd and  
kernel_task are both running at about 57% of CPU. kernel_task usually  
runs at less than 1%.


As soon as I quit clamd, mail starts flowing flowing through the SMTP  
Proxy (after it realises that it can't connect to the socket and  
disables clamav filtering). clamd.log doesn't say anything, - the  
last entries say "SelfCheck: Database status OK".


Clamav is 0.88.6

Has anyone else had these problems? My previous mail server (running  
0.88.1) did not have this problem.


Thanks,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Help Please!

[James Brown]

On 07/12/2006, at 12:40 PM, Russell Bradley wrote:

Just installed ClamAV on an Mac (10.4.8 client not server). Clamd  
seems to

be running OK.

Kerio MailServer sees ClamAV just fine.


Some basic ClamAV questions:

How can I test to see if clamd is running properly?


Look in Activity Monitor to see if it is running.

Also email yourself the eicar test virus and watch the logs.



How do you restart the clamd daemon?


something like:

sudo /usr/local/sbin/clamd

Do:

locate bin/clamd

to find out where you installed it.



How can I test to see if freshclam is running properly & updating the
database?


Look at freshclamd.log & clamd.log in /Applications/Utilities/ 
Console.app






Are there any Mac-specific ClamAV resources available?


Not that I know of.


Appreciate any help offered.

Thanks


Good luck!

James.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Directory not locked

[James Brown]

I had the same problem.

Fixed it by starting clamd in single user mode.

Ie sudo /path/to/bin/clamd

HTH.

James.

On 16/02/2007, at 2:18 AM, Roger M wrote:


Hello All.

I have installed the latest version of clamav on my redhat server.

I keep getting this error on my server. Can anyone help

ERROR: chdir_inc: Can't create directory main.inc
ERROR: getfile: Can't create new
file ./clamav-d1baccbdbca7c6255cc93d7e80896256
in /usr/local/share/clamav
ERROR: Can't download main.cvd from db.uk.clamav.net
LibClamAV Error: Database Directory: /usr/local/share/clamav not  
locked


and in my log files i have this i.e clamd.log

LOGGING DISABLED (Maximal log file size exceeded).
Log size = 1058339, maximal = 1048576
LOGGING DISABLED (Maximal log file size exceeded).
Log size = 1058428, maximal = 1048576
LOGGING DISABLED (Maximal log file size exceeded).
Log size = 1058517, maximal = 1048576
LOGGING DISABLED (Maximal log file size exceeded).
Log size = 1058606, maximal = 1048576
LOGGING DISABLED (Maximal log file size exceeded).


___
Help us build a comprehensive ClamAV guide: visit http:// 
wiki.clamav.net

http://lurker.clamav.net/list/clamav-users.html


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Upgrading to 0.90

[James Brown]

Did the upgrade on 10.4.8, Intel-based Mac Mini yesterday.

There was a post on this mailing list today about a change you need  
to do to the Makefile if you are not running an Intel-based Mac.


I used
./configure --enable-experimental
then make
then sudo make install

Copy the clamd.conf and freshclam.conf files across, after making a  
note of what your current settings are. The format is slightly  
different, so watch out for that.


Yes, I'd first uninstall the old version. Go to your old source code  
folder (ie Clam 0.88.5) and do:


sudo make uninstall

I'm not unix expert either, but I managed to get it working.

James.

On 16/02/2007, at 3:03 AM, Mauricio Juarez wrote:


Hello,
I need to upgrade my CLAMAV to 0.90.
I have a Mac Os X Server with freeSbd, what is the procedure to  
upgrade the old version 0.88.5
I downloaded the file clamav-0.90.tar.gz, I know how decompress   
but Im not sure how to install. I need stop  the mail services or  
deinstall the old version.


TXS for your help


___
Help us build a comprehensive ClamAV guide: visit http:// 
wiki.clamav.net

http://lurker.clamav.net/list/clamav-users.html


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Compiling 0.90.1 on Mac OS X Server 10.3

[James Brown]

No problems here with 10.4.8 on Intel.

Just standard compile with experimental.

James.

On 16/03/2007, at 10:04 AM, John Rudd wrote:


Dana Kashubeck wrote:
I am not able to compile the latest stable version on Mac OS X  
Server 10.3.  There are a few different warnings here and there,  
most of them are shown while compiling unrar.c:


...


The compile ends with:
/usr/bin/libtool: no library created (no object files in input files)
make[1]: *** [libclamav.la] Error 1
make: *** [check-recursive] Error 1
Is anyone else having problems on Panther?


Yup, same exact problem.


I notice no one replied to your question.  Did you get it resolved?

Seems like, from reading this list, so far ClamAV 0.90.* is pretty  
much a disaster.  I don't think I'm aware of anyone having a smooth  
experience with it.


Can anyone out there contradict that?  Especially on Mac OS X  
10.3.9 and/or Solaris 8?


___
Help us build a comprehensive ClamAV guide: visit http:// 
wiki.clamav.net

http://lurker.clamav.net/list/clamav-users.html


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clam & File Vault

[James Brown]

On 21/03/2007, at 3:50 PM, Jason Edwards wrote:

I am a new Clam user so forgive me if this question has been  
addressed already. I use OS X and encrypt my home folder with File  
Vault. When I reviewed the log file for a scan I notice a lot of  
can't open file errors. Is this because of File Vault ?!?! What am  
I doing wrong?


Also, Is there a recommended  Sentry folder list for  OS X users?   
I run Safari, Firefox , Mail, Entourage and Thunderbird for my  
internet/mail apps.  Which folders should I add to Sentry to verify  
anything I come across or download using these programs?




I don't use FileVault.

For Mail, I use all the /Users/myshortname/Library/Mail/POP- 
myemailaddress/INBOX.mbox/Messages folders.


For your browsers you should use whatever you have set your Download  
folder to be.


HTH,

James.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [clamav-users] Scanning on Mac without installation

[James Brown via clamav-users]

Get ClamXAV

https://www.clamxav.com 

James

> On 11 May 2019, at 9:42 am, Dexter Rivera via clamav-users 
> mailto:clamav-users@lists.clamav.net>> wrote:
> 
> Hello All,
>  
> Is there a way to run a scan on a Mac without having to install Clam AV?  I 
> was able to scan a Windows machine with Clam AV as a stand-alone scanner and 
> it would be great if I can do the same on my Mac using command line.  Any 
> ideas, leads, or suggestions would be greatly appreciated.  Thank you in 
> advance.
>  
>  
>  
> Dexter R. Rivera 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net 
> https://lists.clamav.net/mailman/listinfo/clamav-users 
> 
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq 
> 
> 
> http://www.clamav.net/contact.html#ml 


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ***Spam 3.041*** clamd using 100% CPU in Fedora 30 with sendmail & clamav-milter, : Probe for slot 1 returned: failed

[James Brown via clamav-users]

6.0.1 is now out. (Fixes a logging issue).

The new version (6.0) has lots and lots of updates to the code. Mainly quicker 
and uses less bandwidth.

James.

> On 1 Aug 2019, at 1:21 am, Robert Kudyba  wrote:
> 
> Indeed we do use clamav-unofficial-sigs from 
> https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/README.md 
> .
> 
> And interesting timing just announced a new version:  
> Version 6.0 (30 July 2019)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-unofficial-sigs download script updated

[James Brown via clamav-users]

> On 5 Feb 2020, at 12:38 pm, Ralph Seichter via clamav-users 
>  wrote:
> 
> * Michael Orlitzky via clamav-users:
> 
>> I've been dragging my feet on these updates because I don't know how
>> to fix this. The least-bad idea I have so far is to just patch the
>> script to die if it's run as EUID == 0.
> 
> I have run the steps the script would perform when run as root manually
> because I refuse to run this particular script as root, ever. I have
> seen some risky scripts over the years, but this one should be tossed
> and rewritten in a secure fashion (quite possibly not in BASH).
> 
> -Ralph

The author of the script probably does not read this mailing list.

Have you put your concerns into the issue tracker on GitHub?

https://github.com/extremeshok/clamav-unofficial-sigs 
/issues

James.

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Clamd crashes frequently - macOS Catalina

[James Brown via clamav-users]

Getting lots of crashes of clamd. No indication of an issue in the clamd.log.

Installed via Homebrew.

Crash Report has:
Process:   clamd [29231]
Path:  /usr/local/Cellar/clamav/0.102.2/sbin/clamd
Identifier:clamd
Version:   0
Code Type: X86-64 (Native)

Crashed Thread:2

Exception Type:EXC_BAD_ACCESS (SIGBUS)
Exception Codes:   KERN_PROTECTION_FAILURE at 0x70a1cfa8
Exception Note:EXC_CORPSE_NOTIFY

Termination Signal:Bus error: 10
Termination Reason:Namespace SIGNAL, Code 0xa
Terminating Process:   exc handler [29231]

VM Regions Near 0x70a1cfa8:
Stack  7099a000-70a1c000 [  520K] rw-/rwx 
SM=COW  thread 1
--> STACK GUARD70a1c000-70a1d000 [4K] ---/rwx 
SM=NUL  stack guard for thread 2
Stack  70a1d000-70b1f000 [ 1032K] rw-/rwx 
SM=COW  thread 2

Application Specific Information:
crashed on child side of fork pre-exec

Thread 0:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib  0x7fff6f6883d6 poll + 10
1   clamd   0x0001001c2bbe fds_poll_recv + 426
2   clamd   0x0001001c06c1 recvloop_th + 9039
3   clamd   0x0001001bb76b main + 5428
4   libdyld.dylib   0x7fff6f540cc9 start + 1

Thread 1:
0   libsystem_kernel.dylib  0x7fff6f6883d6 poll + 10
1   clamd   0x0001001c2bbe fds_poll_recv + 426
2   clamd   0x0001001c0b57 acceptloop_th + 114
3   libsystem_pthread.dylib 0x7fff6f745109 _pthread_start + 148
4   libsystem_pthread.dylib 0x7fff6f740b8b thread_start + 15

Thread 2 Crashed:
0   libpcre.0.dylib 0x7fff6e41eae6 0x7fff6e40a000 + 
84710
1   libpcre.0.dylib 0x7fff6e41edea 0x7fff6e40a000 + 
85482
2   libpcre.0.dylib 0x7fff6e42d10c 0x7fff6e40a000 + 
143628
3   libpcre.0.dylib 0x7fff6e42d10c 0x7fff6e40a000 + 
143628
4   libpcre.0.dylib 0x7fff6e42d10c 0x7fff6e40a000 + 
143628

Etc

Thread 2 crashed with X86 Thread State (64-bit):
  rax: 0x076c  rbx: 0x7fda45f3b432  rcx: 0x0006  
rdx: 0x0001047437ab
  rdi: 0x000104743f2d  rsi: 0x7fda45f3b435  rbp: 0x70a1d0d0  
rsp: 0x70a1cec0
   r8: 0x70b196a0   r9: 0x0006  r10: 0x007e  
r11: 0x00800083
  r12: 0x000104743f2d  r13: 0x  r14: 0x  
r15: 0x
  rip: 0x7fff6e41eae6  rfl: 0x00010206  cr2: 0x70a1cfa8
  
Logical CPU: 8
Error Code:  0x0006 (no mapping for user data write)
Trap Number: 14


I use a number of the third party sigs, securite.info, sanesecurity, Malware 
Patrol, etc. Updating those or running Freshclam does not crash clamd. 

Any ideas what could be causing this?

Thanks,

James.

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamd crashes frequently - macOS Catalina

[James Brown via clamav-users]

On 1 May 2020, at 7:20 pm, G.W. Haywood via clamav-users 
 wrote:
> 
> it gave me the impression that the OS is "for entertainment only”


Some people think that, but it does have BSD Unix as its base. 

> Do the clamd crashes happen at particular times, such as when clamd is
> reloading its databases, or is it while scanning?

It doesn’t happen when loading the databases. It will go for sometime hours, 
sometimes less. It finds and blocks viruses, etc.

> How much RAM is in the machine?  You'll need at least 2G free before
> starting clamd and freshclam, likely more with many 3rd party sigs.


clamd is using 1.70GB of RAM. Machine has 34 GB total, of which there is still 
13 GB free.

I’ll try ignoring the signature that Mark suggested and hope that does the 
trick.

Thanks.

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamd crashes frequently - macOS Catalina

[James Brown via clamav-users]

> On 1 May 2020, at 8:31 pm, Mark Allan via clamav-users 
>  wrote:
> 
> Try excluding Email.Exploit.Efail-6641027-1 from the main ClamAV set. You can 
> do that by adding the signature name to a file called anything_you_like.ign2 
> and putting it in your database directory.
> 
> We had an issue with something crashing clamd and we strongly suspect that 
> signature is to blame. It hasn't crashed since we started excluding it from 
> the DB.
> 
> Mark

Thanks Mark. Have created the file with "Email.Exploit.Efail-6641027-1” in it. 
Databases have been reloaded. Will see how it goes over the next 12 hours.

Thanks again,

James.

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamd crashes frequently - macOS Catalina

[James Brown via clamav-users]

On 1 May 2020, at 8:31 pm, Mark Allan via clamav-users 
 wrote:
> 
> Try excluding Email.Exploit.Efail-6641027-1 from the main ClamAV set.

Thanks Mark. After over 12 hours clamd is still up and running. Looks like that 
sig was causing the problem.

James.

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamd crashes frequently - macOS Catalina

[James Brown via clamav-users]

On 2 May 2020, at 9:32 am, Micah Snyder (micasnyd) via clamav-users 
 wrote:
> 
> It doesn’t appear that there is a primary maintainer for homebrew’s clamav 
> package, so I’ve placed a PR with the homebrew-core project to try to switch 
> the brew clamav package from pcre to pcre2:
> https://github.com/Homebrew/homebrew-core/pull/54096 
> 
>  
> -Micah

Just checked and there is now 0.102.2_2 available on Homebrew. Hopefully it 
includes your pull request Micah.

(It’s been stable since ignoring that sig).

James.

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Clamav-safebrowsing failing

[James Brown via clamav-users]

Trying to get the Google Safebrowsing python script to work. 
https://github.com/Cisco-Talos/clamav-safebrowsing

It worked yesterday and downloaded the file, filled the database and created 
the gdb file. But since then I get:

sudo /usr/local/Cellar/python@3.9/3.9.2_4/bin/python3.9 ./clamsbsync.py 
--logfile /private/var/log/clamav_safebrowsing.log --debug
Password:
Traceback (most recent call last):
File "/Users/me/Downloads/clamav-safebrowsing-master/./clamsbsync.py", line 
599, in 
client.Sync()
File "/Users/me/Downloads/clamav-safebrowsing-master/./clamsbsync.py", line 
464, in Sync
updates = self.Update(lists=lists)
File "/Users/me/Downloads/clamav-safebrowsing-master/./clamsbsync.py", line 
340, in Update
return self._retrieve_updates(listobjs)
File "/Users/me/Downloads/clamav-safebrowsing-master/./clamsbsync.py", line 83, 
in _retrieve_updates
gapi_resp = self.gapi.get_threats_update(listobjs)
File "/Users/me/Downloads/clamav-safebrowsing-master/clamsb/googleapi.py", line 
38, in get_threats_update
response = self._service.threatListUpdates().fetch(body=request_body).execute()
File "/usr/local/lib/python3.9/site-packages/googleapiclient/_helpers.py", line 
134, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/googleapiclient/http.py", line 
920, in execute
resp, content = _retry_request(
File "/usr/local/lib/python3.9/site-packages/googleapiclient/http.py", line 
222, in _retry_request
raise exception
File "/usr/local/lib/python3.9/site-packages/googleapiclient/http.py", line 
191, in _retry_request
resp, content = http.request(uri, method, *args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/httplib2/init.py", line 1708, in 
request
(response, content) = self._request(
File "/usr/local/lib/python3.9/site-packages/httplib2/init.py", line 1424, in 
_request
(response, content) = self._conn_request(conn, request_uri, method, body, 
headers)
File "/usr/local/lib/python3.9/site-packages/httplib2/init.py", line 1346, in 
_conn_request
conn.connect()
File "/usr/local/lib/python3.9/site-packages/httplib2/init.py", line 1136, in 
connect
sock.connect((self.host, self.port))
socket.timeout: timed out

The log just shows:

2021-04-08 14:33:46,500 INFO:root:Running update.py CLI
2021-04-08 14:33:46,537 DEBUG:UpdateClient:retrieving threats updates...
2021-04-08 14:33:46,538 DEBUG:UpdateClient:retrieved MALWARE.URL.ALL_PLATFORMS 
@ Cg8IARAWTAEiAzAwMTABEMiJCRoQGAwrTbix
2021-04-08 14:33:46,538 DEBUG:UpdateClient:retrieved 
SOCIAL_ENGINEERING.URL.ALL_PLATFORMS @ Cg0IAhARRAEiAzAwMTABEJXiCxoCGAwP9SNj
2021-04-08 14:33:46,539 DEBUG:googleapiclient.discovery:URL being requested: 
POST 
https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?key=AIwzaSyTheRestOfMyKeyc&alt=json
 

Can anyone help me with this?

I posted on the Issues page in GitHub but got no reply.

Any help would be much appreciated.

Thanks,

James.
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav-safebrowsing failing

[James Brown via clamav-users]

> On 2 Jul 2021, at 6:06 pm, G.W. Haywood via clamav-users 
>  wrote:
> 
> Hi there,
> 
> On Fri, 2 Jul 2021, James Brown via clamav-users wrote:
> 
>> Trying to get the Google Safebrowsing python script to work. ...
>> 
>> It worked yesterday [...] But since then I get: [...]
>> 
>> 2021-04-08 14:33:46,539 DEBUG:googleapiclient.discovery:URL being requested: 
>> POST 
>> https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?key=AIwzaSyTheRestOfMyKeyc&alt=json
>>  
>> <https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?key=AIwzaSyTheRestOfMyKeyc&alt=json>
>> Can anyone help me with this?
>> 
>> I posted on the Issues page in GitHub but got no reply.
> 
> It seems you're running on a Mac but you don't mention that in your
> mail.  In your mail, which AFAICT was sent on 2 July 2021, you say
> 
> "It worked yesterday ..."
> 
> yet the log gives the date at 8th April 2021 and your Github issue is
> from the same date.
> 
> The posted log line which I haven't trimmed contains
> 
> ...Updates:fetch?key=AIwzaSyTheRestOfMyKeyc&alt=json
> 
> which looks like either you've redacted some of the text without
> telling us or you're sending an invalid request.  Either way, it
> appears that the request is being dropped by the server as the
> connection attempts (and retries) are failing.
> 
> Perhaps you can clarify all the above.
> 
> I should say that I haven't used safebrowsing since it was dropped
> from ClamAV's database servers in 2019; I've never tried to use the
> Python scripts.
> -- 
> 
> 73,
> Ged.

Thanks for replying Ged.

Yes, running on macOS.

Yes I redacted some of the key in the URL.

Everything looks fine on console.cloud.google.com.

Just tried it again and it worked:

after the URL POST request the log continues with:


2021-07-02 19:03:42,442 DEBUG:UpdateClient:retrieving threats updates success
2021-07-02 19:03:42,445 INFO:UpdateClient:processing changes for 
MALWARE.URL.ALL_PLATFORMS from Cg0IARAGGAEiAzAwMTABEMiJCRoCGAwrTbwx to 
Cg0IARAGGAEiAzAwMBABEKeKCRoCGMwUrkuJ
2021-07-02 19:03:42,445 DEBUG:UpdateClient:processing 251 indice removals for 
MALWARE.URL.ALL_PLATFORMS
2021-07-02 19:03:43,836 DEBUG:UpdateClient:rm 000464f4 :: 000464f4

etc.

Not sure what was causing the problem.

Glad it’s working now (for the moment anyway).

Thanks again for your help.

James.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav-safebrowsing failing

[James Brown via clamav-users]

> On 2 Jul 2021, at 7:19 pm, G.W. Haywood via clamav-users 
>  wrote:
> 
> Hi there,
> 
> On Fri, 2 Jul 2021, James Brown via clamav-users wrote:
> 
>> ...
>> Just tried it again and it worked:
>> …

I spoke too soon. Just timed out again. Last log lines were:

2021-07-02 19:30:33,539 DEBUG:UpdateClient:add b'0d5f1ddd'
2021-07-02 19:30:33,550 DEBUG:UpdateClient:add b'0d646934'
2021-07-02 19:30:33,553 DEBUG:googleapiclient.discovery:URL being requested: 
POST 
https://safebrowsing.googleapis.com/v4/fullHashes:find?key=AIzaSyTheRestOfMyKeyc&alt=json

and Terminals said:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/httplib2/__init__.py", line 
1376, in _conn_request
response = conn.getresponse()
  File 
"/usr/local/Cellar/python@3.9/3.9.5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/http/client.py",
 line 1345, in getresponse
response.begin()
  File 
"/usr/local/Cellar/python@3.9/3.9.5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/http/client.py",
 line 307, in begin
version, status, reason = self._read_status()
  File 
"/usr/local/Cellar/python@3.9/3.9.5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/http/client.py",
 line 276, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/me/Downloads/clamav-safebrowsing-master/clamsbsync.py", line 
599, in 
client.Sync()
  File "/Users/me/Downloads/clamav-safebrowsing-master/clamsbsync.py", line 
518, in Sync
self._handle_additions(session, listobj, list_update['additions'])
  File "/Users/me/Downloads/clamav-safebrowsing-master/clamsbsync.py", line 
419, in _handle_additions
hashes = self._retrieve_fullhashes([listobj], prefixset)
  File "/Users/me/Downloads/clamav-safebrowsing-master/clamsbsync.py", line 
104, in _retrieve_fullhashes
gapi_resp = self.gapi.get_full_hashes(listobjs, prefix_set)
  File "/Users/me/Downloads/clamav-safebrowsing-master/clamsb/googleapi.py", 
line 69, in get_full_hashes
response = self._service.fullHashes().find(body=request_body).execute()
  File "/usr/local/lib/python3.9/site-packages/googleapiclient/_helpers.py", 
line 134, in positional_wrapper
return wrapped(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/googleapiclient/http.py", line 
920, in execute
resp, content = _retry_request(
  File "/usr/local/lib/python3.9/site-packages/googleapiclient/http.py", line 
222, in _retry_request
raise exception
  File "/usr/local/lib/python3.9/site-packages/googleapiclient/http.py", line 
191, in _retry_request
resp, content = http.request(uri, method, *args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/httplib2/__init__.py", line 
1708, in request
(response, content) = self._request(
  File "/usr/local/lib/python3.9/site-packages/httplib2/__init__.py", line 
1424, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, 
headers)
  File "/usr/local/lib/python3.9/site-packages/httplib2/__init__.py", line 
1385, in _conn_request
conn.connect()
  File "/usr/local/lib/python3.9/site-packages/httplib2/__init__.py", line 
1136, in connect
sock.connect((self.host, self.port))
socket.timeout: timed out

So Google gets bored with me and hangs up?

Very hard to work out what is going on when you only see one side!

James.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav-safebrowsing failing

[James Brown via clamav-users]

> On 2 Jul 2021, at 7:19 pm, G.W. Haywood via clamav-users 
>  wrote:
> 
> Hi there,
> 
> On Fri, 2 Jul 2021, James Brown via clamav-users wrote:
> 
>> ...
>> Just tried it again and it worked:
>> ...
> 
> Did it really fail for nearly three months or did you just not try often?
> If the former perhaps better mention that in the Github issue, otherwise
> it's probably best to close it.

No, it didn’t work back in April and I just gave up on it.

Then this week I decided to retry.

James.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Errors making perl module File::Scan::ClamAV

[James Brown via clamav-users]

Hope this is not too far off-topic, but any help would be much appreciated. 
Trying to get Perl to link to clamd. (Used to work on my old mail server, but 
Homebrew has changed locations).

I’ve installed ClamAV using Homebrew on a Mac.

% locate bin/clamd
/opt/homebrew/Cellar/clamav/1.0.1/bin/clamdscan
/opt/homebrew/Cellar/clamav/1.0.1/bin/clamdtop
/opt/homebrew/Cellar/clamav/1.0.1/sbin/clamd
/opt/homebrew/bin/clamdscan
/opt/homebrew/bin/clamdtop
/opt/homebrew/sbin/clamd

I’ve edited Makefile.PL to start:

use ExtUtils::MakeMaker;

$ENV{CLAMD_PATH} ||= -e "/opt/homebrew/sbin/clamd" ? 
"/opt/homebrew/sbin" : -e "/opt/homebrew/sbin/clamd" ?
"/opt/homebrew/sbin" : -e "/opt/homebrew/sbin/clamd" ?
"/usr/local/bin" : -e "/usr/bin/clamd" ?
"/usr/bin" : "$ENV{HOME}/bin";

my $help = `$ENV{CLAMD_PATH}/clamd --help 2>&1` || '';
if ($help !~ /clam/i) {
  die "Cannot find clamd in $ENV{CLAMD_PATH} (or a number of other places)\n - 
are you sure clamav in installed?\n";
}

No problems creating the makefile, so it must find clamd:

% perl Makefile.PL
Generating a Unix-style Makefile
Writing Makefile for File::Scan::ClamAV
Writing MYMETA.yml and MYMETA.json

But when I run ‘make’ I get:

% make
Makefile:805: *** target file `Makefile' has both : and :: entries.  Stop.

Line 805 of the makefile is (after the comments):

# --- MakeMaker makefile section:
# We take a very conservative approach here, but it's worth it.
# We move Makefile to Makefile.old here to avoid gnu make looping.
$(FIRST_MAKEFILE) : Makefile.PL $(CONFIGDEP)

Any ideas what I’m doing wrong?

Thanks, James.___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Clamscan crash on Mac OS X - yara rules

[James Brown via clamav-users]

--- Begin Message ---
Although clamd is no longer crashing at startup (see thread "Startup crash on 
MacOS X - version 0.100.0” from about a week ago), I have lots of crash logs 
for clamscan. It looks like yara rules are the problem again:

Application Specific Information:
Assertion failed: (sp == 0), function yr_execute_code, file yara_exec.c, line 
177.
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib  0x7fff9895d82a __kill + 10
1   libsystem_c.dylib   0x7fff92ed6a9c abort + 177
2   libsystem_c.dylib   0x7fff92f095de __assert_rtn + 146
3   libclamav.7.dylib   0x00010eaa61ee yr_execute_code + 
4638 (yara_exec.c:177)
4   libclamav.7.dylib   0x00010e9c7560 cli_exp_eval + 928 
(matcher.c:817)
5   libclamav.7.dylib   0x00010e9c8bbc cli_fmap_scandesc + 
3900 (matcher.c:1220)
6   libclamav.7.dylib   0x00010e9de079 cli_scanraw + 153 
(scanners.c:2424)
7   libclamav.7.dylib   0x00010e9ddb4d magic_scandesc + 
10333 (scanners.c:3469)
8   libclamav.7.dylib   0x00010e9e000d cli_base_scandesc + 
365 (scanners.c:3616)
9   libclamav.7.dylib   0x00010e9e05df scan_common + 671 
(scanners.c:4016)
10  libclamav.7.dylib   0x00010e9e06b2 cl_scandesc_callback 
+ 34 (scanners.c:4030)
11  clamscan0x00010e9a1a95 scanfile + 741 
(manager.c:392)
12  clamscan0x00010e9a12a1 scanmanager + 5729 
(manager.c:1166)
13  clamscan0x00010e99f968 main + 680 
(clamscan.c:161)
14  clamscan0x00010e99aff4 start + 52

Let me know if there’s an email address I can send the full crash logs to if 
that would help.

Thanks,

James.--- End Message ---
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml