Mark, Thanks for the report. I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11896 for tracking. Please attach your "TooManyFilters" file there as well.
Steve On Sat, Aug 12, 2017 at 4:29 PM, Mark Allan <markjal...@gmail.com> wrote: > Hi all > > This email is two-part: an FP report and a bug report - both only > concerning 0.99.3 > > I just uploaded an FP which is only being detected by 0.99.3 beta 1. The > checksum for the submitted file (PDFSigQFormalRep.pdf) is > 1a29b1f3d6df9f1e47c8a77dde142238 > > It's part of Adobe Acrobat and is showing up as > Heuristic.PDF.TooManyFilters. > > Now the bug-report part. > > I added the relevant line to a local FP file exclude.fp in the clamav > database directory, and it correctly prevents the file from reporting as > being infected, however the summary still shows "1 infected file". > > $ clamscan ~/Desktop/temp/PDFSigQFormalRep.pdf > > ----------- SCAN SUMMARY ----------- > Known viruses: 7305825 > Engine version: 0.99.3-beta1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.22 MB > Data read: 0.45 MB (ratio 0.49:1) > Time: 21.459 sec (0 m 21 s) > > Cheers > Mark > > > > On 4 Aug 2017, at 12:04 am, Joel Esler (jesler) <jes...@cisco.com> > wrote: > > > > http://blog.clamav.net/2017/08/clamav-0993-beta-has-been-released.html > > > > ClamAV 0.99.3 beta has been released! > > Join us as we welcome ClamAV 0.99.3 beta for testing! Be sure and grab > the beta release on our official ClamAV download site< > http://www.clamav.net/downloads>. > > > > Welcome to ClamAV 0.99.3. In this release, we have included many code > > submissions from the ClamAV community: > > > > > > * Interfaces to the Prelude SIEM open source package for collecting > ClamAV virus events. > > * Visual Studio 2015 for building Microsoft Windows binaries. > > * Support libmspack internal code or as a shared object library. The > internal library is the default and contains additional integrity checks. > > * Linking with openssl 1.1.0. > > * Numerous code patches, typos, and compiler warning fixes. > > > > > > Additionally, we have introduced important changes and new features in > > ClamAV 0.99.3, including: > > > > > > * Deprecating internal LLVM code support. The configure script has > changed to search the system for an installed instance of the LLVM > development libraries, and to otherwise use the bytecode interpreter for > ClamAV bytecode signatures. To use the LLVM Just-In-Time compiler for > executing bytecode signatures, please ensure that the LLVM development > package at version 3.6 or lower is installed. Using the deprecated LLVM > code is possible with the command: './configure --with-system-llvm=3Dno', > but it no longer compile on all platforms. > > * Compute and check PE import table hash (a.k.a. "imphash") > signatures. > > * Support file property collection and analysis for MHTML files. > > * Raw scanning of PostScript files. > > * Fix clamsubmit to use the new virus and false positive submission > web interface. > > * Optionally, flag files with the virus "Heuristic.Limits.Exceeded" > when size limitations are exceeded. > > * Improve decoders for PDF files. > > > > > > The ClamAV community thanks the following individuals for their ClamAV > 0.99.3 code submissions: > > > > Sebastian Andrzej Siewior > > Keith Jones > > Bill Parker > > Chris Miserva > > Daniel J. Luke > > Matthew Boedicker > > Ningirsu > > Michael Pelletier > > Anthony Chan > > Stephen Welker > > > > Following are issues discovered during release testing. For additional > information, please review the corresponding tickets on > bugzilla.clamav.net<http://bugzilla.clamav.net>: > > > > 11879 - cli_scanmscan() Failed to extract 4 in Windows beta when > scanning cab files > > 11882 - ./configure does not automatically detect libxml2 on FreeBSD > 10.3 and 11.0 > > 11884 - 'sudo make install' on FreeBSD 10.3 and 11.0 leaves files owned > by root, subsequent make command fails > > 11885 - clamsubmit not building on FreeBSD 10.3 and 11.0 > > 11887 - Failures of 'make check VG=1' on FreeBSD 10.3 and 11.0 > > > > We ask that feedback be provided via the ClamAV mailing lists< > http://www.clamav.net/contact#ml>. > > > > > > -- > > Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> > > > > > > > > > > > > > > _______________________________________________ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
