Re: [clamav-users] LibClamAV Warning: Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0

2023-05-16 Thread Micah Snyder (micasnyd) via clamav-users 
It appears that this warning was added by accident while fixing a bug shortly 
before release and no one noticed in review.  We'll remove the warning in 1.1.1 
and 1.2.0.

Sorry for the confusion!

Regards,
Micah



Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of Ralf 
Hildebrandt via clamav-users 
Sent: Tuesday, May 16, 2023 1:08 AM
To: clamav-users@lists.clamav.net 
Cc: Ralf Hildebrandt 
Subject: [clamav-users] LibClamAV Warning: Don't know how to create filter for: 
Win.Downloader.LNKAgent-10001628-0

clamav-1.1.0-1:
===

May 16 10:00:23 de freshclam[864]: Tue May 16 10:00:23 2023 -> daily database 
available for update (local version: 26907, remote version: 26908)
May 16 10:00:23 de freshclam[864]: WARNING: Tue May 16 10:00:23 2023 ->  
*** RESULT 200, SIZE: 7213 ***

Why does an 200 return code ("OK") warrant a warning?

May 16 10:00:24 de freshclam[864]: Tue May 16 10:00:24 2023 -> Testing 
database: 
'/var/lib/clamav/tmp.c022cc91c3/clamav-9a70f6b397596656b8338e5caf1d6bc7.tmp-daily.cld'
 ...
May 16 10:00:27 de freshclam[816014]: Tue May 16 10:00:27 2023 -> [LibClamAV] 
Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0
May 16 10:00:27 de freshclam[816014]: Tue May 16 10:00:27 2023 -> [LibClamAV] 
cli_ac_addsig: cannot use filter for trie

Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0
sounds a bit worrying...

May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> Database test 
passed.

but alas, despite errors the Database test passed?

May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> daily.cld 
updated (version: 26908, sigs: 2034816, f-level: 90, builder: raynman)
May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> Clamd 
successfully notified about the update.
May 16 10:00:33 de clamd[686]: LibClamAV Warning: Don't know how to create 
filter for: Win.Downloader.LNKAgent-10001628-0
May 16 10:00:33 de clamd[686]: LibClamAV Warning: cli_ac_addsig: cannot use 
filter for trie

--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] LibClamAV Warning: Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0

2023-05-16 Thread Ralf Hildebrandt via clamav-users 
clamav-1.1.0-1:
===

May 16 10:00:23 de freshclam[864]: Tue May 16 10:00:23 2023 -> daily database 
available for update (local version: 26907, remote version: 26908)
May 16 10:00:23 de freshclam[864]: WARNING: Tue May 16 10:00:23 2023 ->  
*** RESULT 200, SIZE: 7213 ***

Why does an 200 return code ("OK") warrant a warning?

May 16 10:00:24 de freshclam[864]: Tue May 16 10:00:24 2023 -> Testing 
database: 
'/var/lib/clamav/tmp.c022cc91c3/clamav-9a70f6b397596656b8338e5caf1d6bc7.tmp-daily.cld'
 ...
May 16 10:00:27 de freshclam[816014]: Tue May 16 10:00:27 2023 -> [LibClamAV] 
Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0
May 16 10:00:27 de freshclam[816014]: Tue May 16 10:00:27 2023 -> [LibClamAV] 
cli_ac_addsig: cannot use filter for trie

Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0
sounds a bit worrying...

May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> Database test 
passed.

but alas, despite errors the Database test passed?

May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> daily.cld 
updated (version: 26908, sigs: 2034816, f-level: 90, builder: raynman)
May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> Clamd 
successfully notified about the update.
May 16 10:00:33 de clamd[686]: LibClamAV Warning: Don't know how to create 
filter for: Win.Downloader.LNKAgent-10001628-0
May 16 10:00:33 de clamd[686]: LibClamAV Warning: cli_ac_addsig: cannot use 
filter for trie

-- 
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file.

2022-12-12 Thread Kris Deugau 

Andrew C Aitchison via clamav-users wrote:

On Mon, 12 Dec 2022, newcomer01 wrote:


Well on my PC I changed a lot because the naming was too messy for me.

I have "program" clam*d*scan for which I have a clam*d*.conf and a 
"program" clamscan for which I have a clamscan.conf. And then the 
normal "program" freshclam with the freshclam.conf.

That is logic ;-)

To feed clam*d*scan and clamscan with the same conf is stupid, because 
both programs have different options.


clamscan (no 'd') does not have a config file at all.
Which options do you want to be different ?
Many of the options are the same. At least as a default I would expect the
  --scan-* --alert-* --max-* --*-pua options to be the same.

(Ignoring the freshclam config) clamscan *does not have a config file*
so there is curently no need for an option
 --config-file=FILE

As I asked before,
which settings do you expect clamscan to read from this config ?


I don't need this myself, but if you regularly set a lot of options for 
ad-hoc use it would be handy to have a config file to set them in the 
same way you do for clamdscan (and/or clamd, option depending) rather 
than typing them out all the time or dragging a wrapper script around.


Or, just have clamscan parse and use the same options from clamd.conf, 
because they ultimately trigger the same libclamav code paths.


-kgd
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file.

2022-12-12 Thread newcomer01 via clamav-users 

Sorry, I was busy writing this mail.

Well, I'm not ClamAV, but I would bring order into the file chaos.
clam*d*scan should have its own config and clamscan too, because the two 
configs are not compatible.
For this reason I would wish that there would be also the option 
--config-file=URL with clamscan, in order to be able to load then the ONLY FOR 
clamscan valid settings.
As I said, as soon as you want to use an option of clam*d* scan for clamdscan, 
the whole process stops, customer-friendly is so I think not.

If the daemon also has its own configuration, then you have to think about what 
the config file could be called.



Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Andrew C Aitchison <mailto:cla...@aitchison.me.uk>
Gesendet / Sent: Montag, Dezember 12, 2022 um 17:34 (at 05:34 PM) +0100
Betreff / Subject: Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early 
end-of-file.

On Mon, 12 Dec 2022, newcomer01 wrote:


Well on my PC I changed a lot because the naming was too messy for me.

I have "program" clam*d*scan for which I have a clam*d*.conf and a "program"
clamscan for which I have a clamscan.conf. And then the normal "program"
freshclam with the freshclam.conf.
That is logic ;-)

To feed clam*d*scan and clamscan with the same conf is stupid, because both
programs have different options.

clamscan (no 'd') does not have a config file at all.
Which options do you want to be different ?
Many of the options are the same. At least as a default I would expect the
   --scan-* --alert-* --max-* --*-pua options to be the same.

(Ignoring the freshclam config) clamscan *does not have a config file*
so there is curently no need for an option
--config-file=FILE

As I asked before,
which settings do you expect clamscan to read from this config ?



Now it would be still super, if one would have the option --config-file=FILE
with the clamscan, as it is also the case with the clam*d*scan. If I want to
use the clamscan mutze and --config-file=URL, then this is of course not
possible and it breaks everything!

Von / From: Andrew C Aitchison <mailto:and...@aitchison.me.uk>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
Gesendet / Sent: Montag, Dezember 12, 2022 um 16:33 (at 04:33 PM) +0100
Betreff / Subject: Re: [clamav-users] LibClamAV Warning: PNG: Unexpected
early end-of-file.

On Mon, 12 Dec 2022, newcomer01 via clamav-users wrote:


can nobody explain, what this message exactly mean?
I Get the on lot of my E-mails
LibClamAV Warning: PNG: Unexpected early end-of-file.

That just means that the PNG file is either not a PNG for or is corrupted
- perhaps truncated.


Should i change something in my config for clamscan?

No.


And mybe devs of clamav reas here to, it would be really nice, if you can
add
the optional paramteter "---cofig-file="FILE" to clamscan too. Currnty
only
cmab*d*scan has the option

The config file is for the clamd *daemon*.
clamd and clamdscan refer to it, but clamscan does not refer
this config file (although it *does* refer to freshclam.conf).

Which settings do you expect clamscan to read from this config ?


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file.

2022-12-12 Thread Andrew C Aitchison via clamav-users 

On Mon, 12 Dec 2022, newcomer01 wrote:


Well on my PC I changed a lot because the naming was too messy for me.

I have "program" clam*d*scan for which I have a clam*d*.conf and a "program" 
clamscan for which I have a clamscan.conf. And then the normal "program" 
freshclam with the freshclam.conf.

That is logic ;-)

To feed clam*d*scan and clamscan with the same conf is stupid, because both 
programs have different options.


clamscan (no 'd') does not have a config file at all.
Which options do you want to be different ?
Many of the options are the same. At least as a default I would expect the
 --scan-* --alert-* --max-* --*-pua options to be the same.

(Ignoring the freshclam config) clamscan *does not have a config file*
so there is curently no need for an option
--config-file=FILE

As I asked before,
which settings do you expect clamscan to read from this config ?


Now it would be still super, if one would have the option --config-file=FILE 
with the clamscan, as it is also the case with the clam*d*scan. If I want to 
use the clamscan mutze and --config-file=URL, then this is of course not 
possible and it breaks everything!


Von / From: Andrew C Aitchison <mailto:and...@aitchison.me.uk>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
Gesendet / Sent: Montag, Dezember 12, 2022 um 16:33 (at 04:33 PM) +0100
Betreff / Subject: Re: [clamav-users] LibClamAV Warning: PNG: Unexpected 
early end-of-file.

On Mon, 12 Dec 2022, newcomer01 via clamav-users wrote:


can nobody explain, what this message exactly mean?
I Get the on lot of my E-mails
LibClamAV Warning: PNG: Unexpected early end-of-file.

That just means that the PNG file is either not a PNG for or is corrupted
- perhaps truncated.


Should i change something in my config for clamscan?

No.

And mybe devs of clamav reas here to, it would be really nice, if you can 
add
the optional paramteter "---cofig-file="FILE" to clamscan too. Currnty 
only

cmab*d*scan has the option

The config file is for the clamd *daemon*.
clamd and clamdscan refer to it, but clamscan does not refer
this config file (although it *does* refer to freshclam.conf).

Which settings do you expect clamscan to read from this config ?


--
Andrew C. Aitchison  Kendal, UK
   and...@aitchison.me.uk
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file.

2022-12-12 Thread Andrew C Aitchison via clamav-users 



On Mon, 12 Dec 2022, newcomer01 via clamav-users wrote:


can nobody explain, what this message exactly mean?
I Get the on lot of my E-mails
LibClamAV Warning: PNG: Unexpected early end-of-file.


That just means that the PNG file is either not a PNG for or is corrupted
- perhaps truncated.


Should i change something in my config for clamscan?


No.

And mybe devs of clamav reas here to, it would be really nice, if you 

can add the optional
paramteter "---cofig-file="FILE" to clamscan too. Currnty only 

cmab*d*scan has the option

The config file is for the clamd *daemon*.
clamd and clamdscan refer to it, but clamscan does not refer
this config file (although it *does* refer to freshclam.conf).

Which settings do you expect clamscan to read from this config ?

--
Andrew C. Aitchison  Kendal, UK
   and...@aitchison.me.uk
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file.

2022-12-12 Thread newcomer01 via clamav-users 

can nobody explain, what this message exactly mean? I Get the on lot of my 
E-mails
LibClamAV Warning: PNG: Unexpected early end-of-file. Should i change something 
in my config for clamscan?

And mybe devs of clamav reas here to, it would be really nice, if you can add the optional 
paramteter "---cofig-file="FILE" to clamscan too. Currnty only cmab*d*scan has 
the option

kind regards
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] LibClamAV Warning: fmap_readpage: pread fail

2022-03-17 Thread Micah Snyder (micasnyd) via clamav-users 
Hi Stephen,

Based on this output:
Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Warning: fmap_readpage: 
pread fail: asked for 901703 bytes @ offset 4096, got 0
Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Error: fmap_get_MD5: error 
reading while generating hash!
... it looks to me like you're running into this issue: 
https://github.com/Cisco-Talos/clamav/issues/440

We are working on a fix for this and will include it in the 0.103.6 release 
planned for late April. Sorry about the frustration.

Regards,
Micah



Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of Stephen 
Scotter via clamav-users 
Sent: Thursday, March 17, 2022 4:25 AM
To: ClamAV Users ML 
Cc: Stephen Scotter 
Subject: [clamav-users] LibClamAV Warning: fmap_readpage: pread fail

Hi,

I noticed Clamd has unexpectantly died on two of my virtual machines. 
Investigating lead me to find similar errors in the logs on both hosts around 
the times I know clamd died (I'm monitoring for the existence of a clamd 
process with zabbix but only got around to investigating today due to other 
commitments)


System1
Virtual Machine
CPU : 1 socket / 2 cores
RAM : 2GB Ram (I must have been feeling frugal on the day I created that VM)
OS : Debian 10 / buster
Clam :  ClamAV 0.103.5/26484/Thu Mar 17 08:28:38 2022

Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Warning: fmap_readpage: pread 
fail: asked for 901703 bytes @ offset 4096, got 0
Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Error: fmap_get_MD5: error 
reading while generating hash!
Mar 13 13:14:27 System1 systemd[1]: clamav-daemon.service: Main process exited, 
code=killed, status=11/SEGV
Mar 13 13:14:27 System1 systemd[1]: clamav-daemon.service: Failed with result 
'signal'.

System2
Virtual Machine
1 socket / 2 cores
4GB Ram (This is our standard allocation; This VM isn't in production yet and 
isn't doing anything)
OS : Debian 11 / bullseye
Clam : ClamAV 0.103.5/26484/Thu Mar 17 08:28:38 2022


Mar  9 19:56:17 System2 clamd[541]: LibClamAV Warning: fmap_readpage: pread 
fail: asked for 455239 bytes @ offset 450560, got 0
Mar  9 19:56:17 System2 clamd[541]: LibClamAV Error: fmap_get_MD5: error 
reading while generating hash!
Mar  9 19:56:17 System2 kernel: [19292.532221] clamd[6494]: segfault at 0 ip 
7f73de568a08 sp 7f73777fd410 error 4 in 
libclamav.so.9.0.5[7f73de491000+11d000]
Mar  9 19:56:17 System2 systemd[1]: clamav-daemon.service: Main process exited, 
code=killed, status=11/SEGV
Mar  9 19:56:17 System2 systemd[1]: clamav-daemon.service: Failed with result 
'signal'.
Mar  9 19:56:17 System2 systemd[1]: clamav-daemon.service: Consumed 20min 
43.611s CPU time.

This feels like it could be related to a lack of RAM? Would anyone be able to 
confirm I'm on the right track before shutdown the VMs to I allocate Ram?

Cheers

Steve

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: fmap_readpage: pread fail

2022-03-17 Thread G.W. Haywood via clamav-users 

Hi there,

On Thu, 17 Mar 2022, Stephen Scotter via clamav-users wrote:


I noticed Clamd has unexpectantly died on two [VMs] ...

System1
Virtual Machine
CPU : 1 socket / 2 cores
RAM : 2GB Ram ...
OS : Debian 10 / buster
Clam :  ClamAV 0.103.5/26484/Thu Mar 17 08:28:38 2022

Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Warning: fmap_readpage: pread 
fail: asked for 901703 bytes @ offset 4096, got 0


This certainly seems to be saying that ClamAV asked for 900kB of RAM
and that it was disappointed.  If there's only 2G in the VM then I'd
expect this to happen more or less on every database reload if you're
(a) using the official signature database and (b) allowing clamd to
scan while reloading signatures - because it uses about 1G of RAM for
the official signatures and twice as much while reloading, unless you
configure it otherwise.


System2
Virtual Machine
1 socket / 2 cores
4GB Ram (This is our standard allocation; This VM isn't in production yet and 
isn't doing anything)
OS : Debian 11 / bullseye
Clam : ClamAV 0.103.5/26484/Thu Mar 17 08:28:38 2022


Mar  9 19:56:17 System2 clamd[541]: LibClamAV Warning: fmap_readpage: pread 
fail: asked for 455239 bytes @ offset 450560, got 0
...
This feels like it could be related to a lack of RAM?


Not so easy to explain if you have 4G of RAM unless it's doing
something else which uses quite a chunk of RAM too.


Mar  9 19:56:17 System2 systemd[1]: clamav-daemon.service: Consumed 20min 
43.611s CPU time.


OTOH if it isn't doing anything, how is it that clamd has managed to
use more than twenty minutes of CPU?

Are you perhaps scanning some large files?  What does 'top' say?

We only scan mail, never filesystems, and the mail server limits the
size of anything which might be scanned to a few megabytes.  Free RAM
is monitored by Icinga, giving confidence that nothing unexpected is
happening.  TTBOMK I've never seen the warnings from LibClamAV that
you're seeing.  I've just grepped 18 months worth of clamd logs and
found no example of 'readpage'.  We use a Raspberry Pi4B as a clamd
server, it has 4GB of RAM.  It's running several other memory-hungry
processes, although clamd tops the list at about 1.6GB resident - we
use dozens of third-party signature databases.  Most of the time free
RAM hovers around 2.2GB.  During signature database reloads that drops
by around 1G for a minute or so.

There are of course other reasons why clamd might die; I normally only
see that when I'm exprimenting with Yara rules.  Generally if I get a
rule horribly wrong[*] then after reloading the signatures clamd will
crash when it next tries to scan something.  IMO it's rather too easy
to crash it that way, but I haven't found any other reliable way to
crash it and under 'normal' circumstances.  When I'm not messing about
with Yara rules, I find it very stable.

[*] e.g. failing correctly to pair the curly braces...

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: fmap_readpage: pread fail

2022-03-17 Thread David Copeland via clamav-users 
I can't comment on this particular error but 2G of RAM is definitely
insufficient and I believe 4G would be as well when freshclam is
applying updates to the database as there would be 2 copies of it in RAM.

Dave.

On 2022-03-17 07:25, Stephen Scotter via clamav-users wrote:
> Hi,
>
> I noticed Clamd has unexpectantly died on two of my virtual machines. 
> Investigating lead me to find similar errors in the logs on both hosts around 
> the times I know clamd died (I'm monitoring for the existence of a clamd 
> process with zabbix but only got around to investigating today due to other 
> commitments)
>
>
> System1
> Virtual Machine
> CPU : 1 socket / 2 cores
> RAM : 2GB Ram (I must have been feeling frugal on the day I created that VM)
> OS : Debian 10 / buster
> Clam :  ClamAV 0.103.5/26484/Thu Mar 17 08:28:38 2022
>
> Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Warning: fmap_readpage: pread 
> fail: asked for 901703 bytes @ offset 4096, got 0
> Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Error: fmap_get_MD5: error 
> reading while generating hash!
> Mar 13 13:14:27 System1 systemd[1]: clamav-daemon.service: Main process 
> exited, code=killed, status=11/SEGV
> Mar 13 13:14:27 System1 systemd[1]: clamav-daemon.service: Failed with result 
> 'signal'.
>
> System2
> Virtual Machine
> 1 socket / 2 cores
> 4GB Ram (This is our standard allocation; This VM isn't in production yet and 
> isn't doing anything)
> OS : Debian 11 / bullseye
> Clam : ClamAV 0.103.5/26484/Thu Mar 17 08:28:38 2022
>
>
> Mar  9 19:56:17 System2 clamd[541]: LibClamAV Warning: fmap_readpage: pread 
> fail: asked for 455239 bytes @ offset 450560, got 0
> Mar  9 19:56:17 System2 clamd[541]: LibClamAV Error: fmap_get_MD5: error 
> reading while generating hash!
> Mar  9 19:56:17 System2 kernel: [19292.532221] clamd[6494]: segfault at 0 ip 
> 7f73de568a08 sp 7f73777fd410 error 4 in 
> libclamav.so.9.0.5[7f73de491000+11d000]
> Mar  9 19:56:17 System2 systemd[1]: clamav-daemon.service: Main process 
> exited, code=killed, status=11/SEGV
> Mar  9 19:56:17 System2 systemd[1]: clamav-daemon.service: Failed with result 
> 'signal'.
> Mar  9 19:56:17 System2 systemd[1]: clamav-daemon.service: Consumed 20min 
> 43.611s CPU time.
>
> This feels like it could be related to a lack of RAM? Would anyone be able to 
> confirm I'm on the right track before shutdown the VMs to I allocate Ram?
>
> Cheers
>
> Steve
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning: fmap_readpage: pread fail

2022-03-17 Thread Stephen Scotter via clamav-users 
Hi,

I noticed Clamd has unexpectantly died on two of my virtual machines. 
Investigating lead me to find similar errors in the logs on both hosts around 
the times I know clamd died (I'm monitoring for the existence of a clamd 
process with zabbix but only got around to investigating today due to other 
commitments)


System1
Virtual Machine
CPU : 1 socket / 2 cores
RAM : 2GB Ram (I must have been feeling frugal on the day I created that VM)
OS : Debian 10 / buster
Clam :  ClamAV 0.103.5/26484/Thu Mar 17 08:28:38 2022

Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Warning: fmap_readpage: pread 
fail: asked for 901703 bytes @ offset 4096, got 0
Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Error: fmap_get_MD5: error 
reading while generating hash!
Mar 13 13:14:27 System1 systemd[1]: clamav-daemon.service: Main process exited, 
code=killed, status=11/SEGV
Mar 13 13:14:27 System1 systemd[1]: clamav-daemon.service: Failed with result 
'signal'.

System2
Virtual Machine
1 socket / 2 cores
4GB Ram (This is our standard allocation; This VM isn't in production yet and 
isn't doing anything)
OS : Debian 11 / bullseye
Clam : ClamAV 0.103.5/26484/Thu Mar 17 08:28:38 2022


Mar  9 19:56:17 System2 clamd[541]: LibClamAV Warning: fmap_readpage: pread 
fail: asked for 455239 bytes @ offset 450560, got 0
Mar  9 19:56:17 System2 clamd[541]: LibClamAV Error: fmap_get_MD5: error 
reading while generating hash!
Mar  9 19:56:17 System2 kernel: [19292.532221] clamd[6494]: segfault at 0 ip 
7f73de568a08 sp 7f73777fd410 error 4 in 
libclamav.so.9.0.5[7f73de491000+11d000]
Mar  9 19:56:17 System2 systemd[1]: clamav-daemon.service: Main process exited, 
code=killed, status=11/SEGV
Mar  9 19:56:17 System2 systemd[1]: clamav-daemon.service: Failed with result 
'signal'.
Mar  9 19:56:17 System2 systemd[1]: clamav-daemon.service: Consumed 20min 
43.611s CPU time.

This feels like it could be related to a lack of RAM? Would anyone be able to 
confirm I'm on the right track before shutdown the VMs to I allocate Ram?

Cheers

Steve

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

2021-04-05 Thread Maarten Broekman via clamav-users 
While verbose (-v) is helpful in some cases, you probably want to use the debug 
option to get the large volume of LibClamAV messages. I find debug is far more 
useful than verbose most times.

Maarten
Sent from a tiny keyboard

> On Apr 5, 2021, at 04:17, Vivek Patil via clamav-users 
>  wrote:
> 
> 
> Oh yes, I have tried that too.
> But only the warning line was printing.
> 
> The command was:
> clamscan -v -i -r --cross-fs=no -f "$list_file"
> 
>> On Mon, Apr 5, 2021 at 12:49 PM Eero Volotinen  wrote:
>> Just add more verbose to your scanning parameters. I think it was -v, if I 
>> remember correctly.
>> 
>> Eero
>> 
>>> On Mon, Apr 5, 2021 at 9:20 AM Vivek Patil  
>>> wrote:
>>> Eero,
>>> 
>>> What more details do you want?
>>> I am scanning my system using "clamscan -i -r --cross-fs=no -f 
>>> "$list_file"" using a shell script.
>>> It giving only the warning message as follows:
>>> 
>>> LibClamAV Warning: PNG: Unexpected early end-of-file.
>>> 
>>> I just wanted to find the location/name of the file.
>>> 
 On Mon, Apr 5, 2021 at 11:42 AM Eero Volotinen  
 wrote:
 Just add more verbose?
 
 Eero
 
> On Mon 5. Apr 2021 at 8.58, Vivek Patil via clamav-users 
>  wrote:
> Hi Team,
> 
> I am getting a warning message while scanning the system.
> I used clamscan command to scan.
> 
> Details: 
> Warning message: LibClamAV Warning: PNG: Unexpected early end-of-file
> ClamAV version: ClamAV 0.103.1
> 
> How can we find more details, which file has the issue?
> 
> Email Disclaimer: http://www.forgeahead.io/disclaimer/
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
>>> 
>>> 
>>> -- 
>>> Regards,
>>> Vivek
>>> 
>>> Email Disclaimer: http://www.forgeahead.io/disclaimer/
> 
> 
> -- 
> Regards,
> Vivek
> 
> Email Disclaimer: http://www.forgeahead.io/disclaimer/
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

2021-04-05 Thread Vivek Patil via clamav-users 
Oh yes, I have tried that too.
But only the warning line was printing.

The command was:
clamscan -v -i -r --cross-fs=no -f "$list_file"

On Mon, Apr 5, 2021 at 12:49 PM Eero Volotinen 
wrote:

> Just add more verbose to your scanning parameters. I think it was -v, if I
> remember correctly.
>
> Eero
>
> On Mon, Apr 5, 2021 at 9:20 AM Vivek Patil 
> wrote:
>
>> Eero,
>>
>> What more details do you want?
>> I am scanning my system using "clamscan -i -r --cross-fs=no -f
>> "$list_file"" using a shell script.
>> It giving only the warning message as follows:
>>
>> LibClamAV Warning: PNG: Unexpected early end-of-file.
>>
>> I just wanted to find the location/name of the file.
>>
>> On Mon, Apr 5, 2021 at 11:42 AM Eero Volotinen 
>> wrote:
>>
>>> Just add more verbose?
>>>
>>> Eero
>>>
>>> On Mon 5. Apr 2021 at 8.58, Vivek Patil via clamav-users <
>>> clamav-users@lists.clamav.net> wrote:
>>>
 Hi Team,

 I am getting a warning message while scanning the system.
 I used *clamscan *command to scan.

 Details:
 Warning message: LibClamAV Warning: PNG: Unexpected early end-of-file
 ClamAV version: ClamAV 0.103.1

 How can we find more details, which file has the issue?

 Email Disclaimer: *http://www.forgeahead.io/disclaimer/
 *
 ___

 clamav-users mailing list
 clamav-users@lists.clamav.net
 https://lists.clamav.net/mailman/listinfo/clamav-users


 Help us build a comprehensive ClamAV guide:
 https://github.com/vrtadmin/clamav-faq

 http://www.clamav.net/contact.html#ml

>>>
>>
>> --
>> Regards,
>> Vivek
>>
>> Email Disclaimer: *http://www.forgeahead.io/disclaimer/
>> *
>
>

-- 
Regards,
Vivek

-- 
Email Disclaimer: *http://www.forgeahead.io/disclaimer/ 
*

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

2021-04-05 Thread Eero Volotinen 
Just add more verbose to your scanning parameters. I think it was -v, if I
remember correctly.

Eero

On Mon, Apr 5, 2021 at 9:20 AM Vivek Patil 
wrote:

> Eero,
>
> What more details do you want?
> I am scanning my system using "clamscan -i -r --cross-fs=no -f
> "$list_file"" using a shell script.
> It giving only the warning message as follows:
>
> LibClamAV Warning: PNG: Unexpected early end-of-file.
>
> I just wanted to find the location/name of the file.
>
> On Mon, Apr 5, 2021 at 11:42 AM Eero Volotinen 
> wrote:
>
>> Just add more verbose?
>>
>> Eero
>>
>> On Mon 5. Apr 2021 at 8.58, Vivek Patil via clamav-users <
>> clamav-users@lists.clamav.net> wrote:
>>
>>> Hi Team,
>>>
>>> I am getting a warning message while scanning the system.
>>> I used *clamscan *command to scan.
>>>
>>> Details:
>>> Warning message: LibClamAV Warning: PNG: Unexpected early end-of-file
>>> ClamAV version: ClamAV 0.103.1
>>>
>>> How can we find more details, which file has the issue?
>>>
>>> Email Disclaimer: *http://www.forgeahead.io/disclaimer/
>>> *
>>> ___
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>
> --
> Regards,
> Vivek
>
> Email Disclaimer: *http://www.forgeahead.io/disclaimer/
> *

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

2021-04-04 Thread Gary R. Schmidt 

On 05/04/2021 16:20, Vivek Patil via clamav-users wrote:

Eero,

What more details do you want?
I am scanning my system using "clamscan -i -r --cross-fs=no -f 
"$list_file"" using a shell script.

It giving only the warning message as follows:

LibClamAV Warning: PNG: Unexpected early end-of-file.

I just wanted to find the location/name of the file.

On Mon, Apr 5, 2021 at 11:42 AM Eero Volotinen > wrote:


Just add more verbose?

May I suggest that you read the "man" page for clamscan, which would 
have shown you the -v, --verbose Be verbose flag?


Although if you have the clamd daemon running it would be faster to use 
clamdscan, with the same "-v" option.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

2021-04-04 Thread Arnaud Jacques 

Hello Vivek,

I am scanning my system using "clamscan -i -r --cross-fs=no -f 
"$list_file"" using a shell script.


Please remove "-i" :

"clamscan -r --cross-fs=no -f "$list_file""

... and you will get all files scanned, including the one that trigger 
the warning


--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Signatures for ClamAV antivirus : http://ow.ly/LqfdL

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

2021-04-04 Thread Vivek Patil via clamav-users 
Eero,

What more details do you want?
I am scanning my system using "clamscan -i -r --cross-fs=no -f
"$list_file"" using a shell script.
It giving only the warning message as follows:

LibClamAV Warning: PNG: Unexpected early end-of-file.

I just wanted to find the location/name of the file.

On Mon, Apr 5, 2021 at 11:42 AM Eero Volotinen 
wrote:

> Just add more verbose?
>
> Eero
>
> On Mon 5. Apr 2021 at 8.58, Vivek Patil via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> Hi Team,
>>
>> I am getting a warning message while scanning the system.
>> I used *clamscan *command to scan.
>>
>> Details:
>> Warning message: LibClamAV Warning: PNG: Unexpected early end-of-file
>> ClamAV version: ClamAV 0.103.1
>>
>> How can we find more details, which file has the issue?
>>
>> Email Disclaimer: *http://www.forgeahead.io/disclaimer/
>> *
>> ___
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>

-- 
Regards,
Vivek

-- 
Email Disclaimer: *http://www.forgeahead.io/disclaimer/ 
*

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

2021-04-04 Thread Eero Volotinen 
Just add more verbose?

Eero

On Mon 5. Apr 2021 at 8.58, Vivek Patil via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi Team,
>
> I am getting a warning message while scanning the system.
> I used *clamscan *command to scan.
>
> Details:
> Warning message: LibClamAV Warning: PNG: Unexpected early end-of-file
> ClamAV version: ClamAV 0.103.1
>
> How can we find more details, which file has the issue?
>
> Email Disclaimer: *http://www.forgeahead.io/disclaimer/
> *
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

2021-04-04 Thread Vivek Patil via clamav-users 
Hi Team,

I am getting a warning message while scanning the system.
I used *clamscan *command to scan.

Details:
Warning message: LibClamAV Warning: PNG: Unexpected early end-of-file
ClamAV version: ClamAV 0.103.1

How can we find more details, which file has the issue?

-- 
Email Disclaimer: *http://www.forgeahead.io/disclaimer/ 
*

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: RWX mapping denied

2018-07-17 Thread tschmidt 
Unsatisfying as it may seem, the problem went away as it came, without
any obvious reason.

For the record, we do have SELinux active on those systems, so it is
(was) very likely an SELinux issue.

Thanks,
Tilman

Am 16.07.2018 um 17:07 schrieb Micah Snyder (micasnyd):
> Hi Tilman,
> 
> Sorry no one has responded to you yet.  I hate seeing questions go
> unanswered, but I truthfully don't know the answer.  
> 
> Did you find a solution?
> 
>  
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
> 
>> On Jul 10, 2018, at 4:46 AM, Tilman Schmidt > > wrote:
>>
>> This morning, a bunch of RHEL6 systems greeted me with mails saying:
>>
>> /etc/cron.daily/freshclam:
>>
>> ERROR: During database load : LibClamAV Warning: RWX mapping denied:
>> Can't allocate RWX Memory: Permission denied
>>
>> I found an old Red Hat Bugzilla entry (Bug 1172774) for Fedora 21 which
>> was closed as fixed by an selinux-policy update on 2015-08-14.
>> However the systems in question have been running for two years with
>> that configuration.
>>
>> This is RHEL6 with the ClamAV packages from EPEL:
>>
>> clamav-0.99.4-1.el6.x86_64
>> clamav-db-0.99.4-1.el6.x86_64
>> clamd-0.99.4-1.el6.x86_64
>>
>> Why would freshclam suddenly trigger that message now?
>>
>> Thanks,
>> Tilman
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net 
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> 
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: RWX mapping denied

2018-07-16 Thread Micah Snyder (micasnyd) 
Hi Tilman,

Sorry no one has responded to you yet.  I hate seeing questions go unanswered, 
but I truthfully don't know the answer.

Did you find a solution?


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 10, 2018, at 4:46 AM, Tilman Schmidt 
mailto:tschm...@cardtech.de>> wrote:

This morning, a bunch of RHEL6 systems greeted me with mails saying:

/etc/cron.daily/freshclam:

ERROR: During database load : LibClamAV Warning: RWX mapping denied:
Can't allocate RWX Memory: Permission denied

I found an old Red Hat Bugzilla entry (Bug 1172774) for Fedora 21 which
was closed as fixed by an selinux-policy update on 2015-08-14.
However the systems in question have been running for two years with
that configuration.

This is RHEL6 with the ClamAV packages from EPEL:

clamav-0.99.4-1.el6.x86_64
clamav-db-0.99.4-1.el6.x86_64
clamd-0.99.4-1.el6.x86_64

Why would freshclam suddenly trigger that message now?

Thanks,
Tilman
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning: RWX mapping denied

2018-07-10 Thread Tilman Schmidt 
This morning, a bunch of RHEL6 systems greeted me with mails saying:

/etc/cron.daily/freshclam:

ERROR: During database load : LibClamAV Warning: RWX mapping denied:
Can't allocate RWX Memory: Permission denied

I found an old Red Hat Bugzilla entry (Bug 1172774) for Fedora 21 which
was closed as fixed by an selinux-policy update on 2015-08-14.
However the systems in question have been running for two years with
that configuration.

This is RHEL6 with the ClamAV packages from EPEL:

clamav-0.99.4-1.el6.x86_64
clamav-db-0.99.4-1.el6.x86_64
clamd-0.99.4-1.el6.x86_64

Why would freshclam suddenly trigger that message now?

Thanks,
Tilman
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: Bytcode 73 failed to run: Time limit reached

2018-07-06 Thread Tilman Schmidt 
Just to let you know:
The daily messages have become too annoying so I cleared my Java cache
to get rid of the offending file.
Consequently I won't be available for testing a fix anymore, at least
until the problem reappears on some other file.

Am 25.06.2018 um 11:12 schrieb Tilman Schmidt:
> The problem still exists. All the messages turn out to be triggered by
> one single JAR file in the Java deployment cache:
> 
> ~/.java/deployment/cache/6.0/6/41d72bc6-2cd5ef82: OK
> 
> ~/.java/deployment/cache/6.0/6$ ls -l 41d72bc6-2cd5ef82
> -rw-rw-r-- 1 tschmidt tschmidt 6300341 Jun  8  2017 41d72bc6-2cd5ef82
> ~/.java/deployment/cache/6.0/6$ file 41d72bc6-2cd5ef82
> 41d72bc6-2cd5ef82: Java archive data (JAR)
> 
> Any thoughts?
> 
> Am 20.06.2018 um 10:41 schrieb Tilman Schmidt:
>> The last nightly ClamAV scan on one of my machines emitted a series of
>> error messages I'm not familiar with:
>>
>> LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
>> LibClamAV Warning: [Bytecode JIT]: recovered from error
>> LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error!
>> LibClamAV Warning: Bytcode 73 failed to run: Time limit reached
>>   ^
>> (sic!)
>>
>> These four lines repeat 60 times, followed by the usual four instances
>> of my old friend Bug 12002:
>>
>> LibClamAV Warning: Unsupported message format `http' - if you believe
>> this file contains a virus, submit it to www.clamav.net
>>
>> The scan in question covers local user home directories on the machine.
>> Regrettably, no hint as to which specific files triggered these messages.
>>
>> None of the new messages yield a hit in the ClamAV Bugzilla.
>>
>> What are those messages trying to tell me?
>> Should I worry?
>> Is it worth the effort to bisect the scan to find an actual file whose
>> scan triggers the messages?
>>
>> Thanks,
>> Tilman
>>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: Bytcode 73 failed to run: Time limit reached

2018-06-25 Thread Tilman Schmidt 
The problem still exists. All the messages turn out to be triggered by
one single JAR file in the Java deployment cache:

~/.java/deployment/cache/6.0/6/41d72bc6-2cd5ef82: OK

~/.java/deployment/cache/6.0/6$ ls -l 41d72bc6-2cd5ef82
-rw-rw-r-- 1 tschmidt tschmidt 6300341 Jun  8  2017 41d72bc6-2cd5ef82
~/.java/deployment/cache/6.0/6$ file 41d72bc6-2cd5ef82
41d72bc6-2cd5ef82: Java archive data (JAR)

Any thoughts?

Am 20.06.2018 um 10:41 schrieb Tilman Schmidt:
> The last nightly ClamAV scan on one of my machines emitted a series of
> error messages I'm not familiar with:
> 
> LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
> LibClamAV Warning: [Bytecode JIT]: recovered from error
> LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error!
> LibClamAV Warning: Bytcode 73 failed to run: Time limit reached
>   ^
> (sic!)
> 
> These four lines repeat 60 times, followed by the usual four instances
> of my old friend Bug 12002:
> 
> LibClamAV Warning: Unsupported message format `http' - if you believe
> this file contains a virus, submit it to www.clamav.net
> 
> The scan in question covers local user home directories on the machine.
> Regrettably, no hint as to which specific files triggered these messages.
> 
> None of the new messages yield a hit in the ClamAV Bugzilla.
> 
> What are those messages trying to tell me?
> Should I worry?
> Is it worth the effort to bisect the scan to find an actual file whose
> scan triggers the messages?
> 
> Thanks,
> Tilman
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning: Bytcode 73 failed to run: Time limit reached

2018-06-20 Thread Tilman Schmidt 
The last nightly ClamAV scan on one of my machines emitted a series of
error messages I'm not familiar with:

LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
LibClamAV Warning: [Bytecode JIT]: recovered from error
LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error!
LibClamAV Warning: Bytcode 73 failed to run: Time limit reached
  ^
(sic!)

These four lines repeat 60 times, followed by the usual four instances
of my old friend Bug 12002:

LibClamAV Warning: Unsupported message format `http' - if you believe
this file contains a virus, submit it to www.clamav.net

The scan in question covers local user home directories on the machine.
Regrettably, no hint as to which specific files triggered these messages.

None of the new messages yield a hit in the ClamAV Bugzilla.

What are those messages trying to tell me?
Should I worry?
Is it worth the effort to bisect the scan to find an actual file whose
scan triggers the messages?

Thanks,
Tilman
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning-messages

2018-05-19 Thread Micah Snyder (micasnyd) 
It appears as though the antivirus signatures written in bytecode ran longer 
than the default timeout.  If you wanted to try again with a longer timeout, 
that's an option.

To test with a longer bytecode timeout in clamscan, use the --bytecode-timeout 
flag and pass in the desired timeout in millisecond.  I believe the default is 
5000, so you could try maybe double, or triple that.


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On May 19, 2018, at 10:10 AM, Christian 
mailto:abelschre...@freenet.de>> wrote:

Hi altogether,

I wonder if you could help me with a particular warning-message I get
when scanning a certain pdf-file.

I downloaded a German-Russian study book as a pdf-file.
When scanning it I got the following output:

clamscan Russisch_bitte_von_BookFi.pdf
LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
LibClamAV Warning: [Bytecode JIT]: recovered from error
LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error!
LibClamAV Warning: Bytcode 20 failed to run: Time limit reached
Russisch_bitte_von_BookFi.pdf: OK

--- SCAN SUMMARY ---
Known viruses: 6512795
Engine version: 0.99.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 26.41 MB
Data read: 16.04 MB (ratio 1.65:1)
Time: 24.279 sec (0 m 24 s)


As can be seen the file was scanned and apparently successful so.
Nothing harmful could be found.
Yet I don´t know what to make of those LibClamAV Warning-messages. What
do they mean and are they something to be worried about?

Greetings
Rosika

P.S.:

I also sent the pdf-file to VirusTotal and all of the 57 virus-scanners
said O.K.
So it should definitely be alright.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning-messages

2018-05-19 Thread Christian 
Hi altogether,

I wonder if you could help me with a particular warning-message I get
when scanning a certain pdf-file.

I downloaded a German-Russian study book as a pdf-file.
When scanning it I got the following output:

clamscan Russisch_bitte_von_BookFi.pdf
LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
LibClamAV Warning: [Bytecode JIT]: recovered from error
LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error!
LibClamAV Warning: Bytcode 20 failed to run: Time limit reached
Russisch_bitte_von_BookFi.pdf: OK

--- SCAN SUMMARY ---
Known viruses: 6512795
Engine version: 0.99.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 26.41 MB
Data read: 16.04 MB (ratio 1.65:1)
Time: 24.279 sec (0 m 24 s)


As can be seen the file was scanned and apparently successful so.
Nothing harmful could be found.
Yet I don´t know what to make of those LibClamAV Warning-messages. What
do they mean and are they something to be worried about?

Greetings
Rosika

P.S.:

I also sent the pdf-file to VirusTotal and all of the 57 virus-scanners
said O.K.
So it should definitely be alright.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: Unsupported message format `http'

2017-12-22 Thread Steven Morgan 
Tilman,

Please attach here:

https://bugzilla.clamav.net/show_bug.cgi?id=12002

Thanks,
Steve


On Fri, Dec 22, 2017 at 9:35 AM, Steven Morgan 
wrote:

> Tilman,
>
> Thanks for the notification, we will check out the code. I'll open a bug
> report where you can post your sample.
>
> Steve
>
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: Unsupported message format `http'

2017-12-22 Thread Steven Morgan 
Tilman,

Thanks for the notification, we will check out the code. I'll open a bug
report where you can post your sample.

Steve

On Fri, Dec 22, 2017 at 9:03 AM, Tilman Schmidt 
wrote:

> ClamAV running on Ubuntu Xenial, package version
> 0.99.2+dfsg-0ubuntu0.16.04.2, emits the following warning message when
> scanning one of my Thunderbird IMAP mail folders:
>
> LibClamAV Warning: Unsupported message format `http' - if you believe
> this file contains a virus, submit it to www.clamav.net
>
> I whittled it down to a specific mail message which contained in its
> body an HTTP header including the line "Content-Type: message/http"
> (quite legitimately - it was a discussion of a web server's behaviour)
> and have produced a minimal file (25 lines, 773 bytes) exhibiting the
> problem.
>
> IMHO this warning is spurious. The file in question does not in fact
> contain anything in "message format `http'".
>
> How can I contribute to getting this fixed?
> Anyone interested in my minimal sample file?
>
> Thanks,
> Tilman
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning: Unsupported message format `http'

2017-12-22 Thread Tilman Schmidt 
ClamAV running on Ubuntu Xenial, package version
0.99.2+dfsg-0ubuntu0.16.04.2, emits the following warning message when
scanning one of my Thunderbird IMAP mail folders:

LibClamAV Warning: Unsupported message format `http' - if you believe
this file contains a virus, submit it to www.clamav.net

I whittled it down to a specific mail message which contained in its
body an HTTP header including the line "Content-Type: message/http"
(quite legitimately - it was a discussion of a web server's behaviour)
and have produced a minimal file (25 lines, 773 bytes) exhibiting the
problem.

IMHO this warning is spurious. The file in question does not in fact
contain anything in "message format `http'".

How can I contribute to getting this fixed?
Anyone interested in my minimal sample file?

Thanks,
Tilman
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning

2017-10-17 Thread Steven Morgan 
Hi,

Thanks for the report. Tracking the issue here:

https://bugzilla.clamav.net/show_bug.cgi?id=11930


Steve


On Tue, Oct 17, 2017 at 2:46 AM, Hajo Locke  wrote:

> Hello,
>
> today i see a warning when starting a manuell clamscan:
>
> # clamscan -ir
> LibClamAV Warning: Don't know how to create filter for:
> Win.Trojan.Dovs-6343034-0
> LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie
>
>
> Version is 0.99.2  included in Ubuntu 16.04
>
> Thanks,
> Hajo
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning

2017-10-17 Thread Al Varnell 
Confirmed.

I see the same warnings just running freshclam when attempting to download and 
process daily-23959.cdiff which contains that signature. It looks to be a 
relatively complex logical signature that I suspect is malformed.

-Al-

On Mon, Oct 16, 2017 at 11:46 PM, Hajo Locke wrote:
> today i see a warning when starting a manuell clamscan:
> 
> # clamscan -ir
> LibClamAV Warning: Don't know how to create filter for: 
> Win.Trojan.Dovs-6343034-0
> LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie
> 
> 
> Version is 0.99.2  included in Ubuntu 16.04
> 
> Thanks,
> Hajo



smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning

2017-10-16 Thread Hajo Locke 

Hello,

today i see a warning when starting a manuell clamscan:

# clamscan -ir
LibClamAV Warning: Don't know how to create filter for: 
Win.Trojan.Dovs-6343034-0

LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie


Version is 0.99.2  included in Ubuntu 16.04

Thanks,
Hajo
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning

2017-05-09 Thread Matthew Molyett 
The bytecode signature behind this runtime error has been removed.

On Sat, May 6, 2017 at 2:13 PM, Rudy Stebih  wrote:

> As I didn't hear back from anyone, I placed an exclude statement for the
> file just so that I could finish the scan. These warnings are halting the
> scan!
>
> Turns out I got a second LibClamAV warning after I excluded the first one:
>
> Scanning C:\Program Files (x86)\InstallShield Installation
> Information\{1FA41DBD-E8F8-46B1-A90C-1FA7E823DA58}\ISSetup.dll
> LibClamAV Warning: Bytecode runtime error at line 968, col 5
>
> Cheers,
> Rudy
>
>
>
>
> On Sat, May 6, 2017 at 11:07 AM, Joel Esler (jesler) 
> wrote:
>
> > I thought this was fixed.
> >
> > --
> > Sent from my iPhone
> >
> > > On May 6, 2017, at 14:01, Rudy Stebih  wrote:
> > >
> > > I filed a bug report for this.  Bug #11837
> > >
> > > Cheers,
> > > Rudy
> > >
> > >
> > >> On Wed, May 3, 2017 at 1:25 PM, David Raynor 
> > wrote:
> > >>
> > >> Bump for visibility. I figure someone from your team should get in
> touch
> > >> with him, since it is not exactly an FP report. Maybe he can still
> > submit
> > >> it as FP. Don't know.
> > >>
> > >> Dave R.
> > >>
> > >> On Tue, May 2, 2017 at 10:05 PM, Rudy Stebih 
> > >> wrote:
> > >>
> > >>> Hi Folks,
> > >>>
> > >>> I've been getting the following error for a week or so:
> > >>>
> > >>> 'LibClamAV Warning: Bytecode runtime error at line 1226, col 4'
> > >>>
> > >>> I finally found the time to run ClamAV in verbose mode and believe
> this
> > >> is
> > >>> the culprit:
> > >>>
> > >>> 'Scanning C:\Program Files (x86)\Applian Director\ClearRegCode.exe'
> > >>>
> > >>> At least that was the last file being scanned right before the error.
> > >>>
> > >>> I can upload the file somewhere if you like...
> > >>>
> > >>> Cheers,
> > >>> Rudy
> > >>> ___
> > >>> clamav-users mailing list
> > >>> clamav-users@lists.clamav.net
> > >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > >>>
> > >>>
> > >>> Help us build a comprehensive ClamAV guide:
> > >>> https://github.com/vrtadmin/clamav-faq
> > >>>
> > >>> http://www.clamav.net/contact.html#ml
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >> ---
> > >> Dave Raynor
> > >> Talos Security Intelligence and Research Group
> > >> dray...@sourcefire.com
> > >> ___
> > >> clamav-users mailing list
> > >> clamav-users@lists.clamav.net
> > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > >>
> > >>
> > >> Help us build a comprehensive ClamAV guide:
> > >> https://github.com/vrtadmin/clamav-faq
> > >>
> > >> http://www.clamav.net/contact.html#ml
> > >>
> > > ___
> > > clamav-users mailing list
> > > clamav-users@lists.clamav.net
> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > >
> > >
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > >
> > > http://www.clamav.net/contact.html#ml
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



-- 

Matthew Molyett
Malware Researcher

mmoly...@cisco.com
Phone:  (410) 309-4834
Mobile: (410) 674-2049

Cisco.com - http://www.cisco.com

This email may contain confidential and privileged material for the sole
use of the intended recipient. Any review, use, distribution or disclosure
by others is strictly prohibited. If you are not the intended recipient (or
authorized to receive for the recipient), please contact the sender by
reply email and delete all copies of this message.

For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning

2017-05-06 Thread Rudy Stebih 
As I didn't hear back from anyone, I placed an exclude statement for the
file just so that I could finish the scan. These warnings are halting the
scan!

Turns out I got a second LibClamAV warning after I excluded the first one:

Scanning C:\Program Files (x86)\InstallShield Installation
Information\{1FA41DBD-E8F8-46B1-A90C-1FA7E823DA58}\ISSetup.dll
LibClamAV Warning: Bytecode runtime error at line 968, col 5

Cheers,
Rudy




On Sat, May 6, 2017 at 11:07 AM, Joel Esler (jesler) 
wrote:

> I thought this was fixed.
>
> --
> Sent from my iPhone
>
> > On May 6, 2017, at 14:01, Rudy Stebih  wrote:
> >
> > I filed a bug report for this.  Bug #11837
> >
> > Cheers,
> > Rudy
> >
> >
> >> On Wed, May 3, 2017 at 1:25 PM, David Raynor 
> wrote:
> >>
> >> Bump for visibility. I figure someone from your team should get in touch
> >> with him, since it is not exactly an FP report. Maybe he can still
> submit
> >> it as FP. Don't know.
> >>
> >> Dave R.
> >>
> >> On Tue, May 2, 2017 at 10:05 PM, Rudy Stebih 
> >> wrote:
> >>
> >>> Hi Folks,
> >>>
> >>> I've been getting the following error for a week or so:
> >>>
> >>> 'LibClamAV Warning: Bytecode runtime error at line 1226, col 4'
> >>>
> >>> I finally found the time to run ClamAV in verbose mode and believe this
> >> is
> >>> the culprit:
> >>>
> >>> 'Scanning C:\Program Files (x86)\Applian Director\ClearRegCode.exe'
> >>>
> >>> At least that was the last file being scanned right before the error.
> >>>
> >>> I can upload the file somewhere if you like...
> >>>
> >>> Cheers,
> >>> Rudy
> >>> ___
> >>> clamav-users mailing list
> >>> clamav-users@lists.clamav.net
> >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >>>
> >>>
> >>> Help us build a comprehensive ClamAV guide:
> >>> https://github.com/vrtadmin/clamav-faq
> >>>
> >>> http://www.clamav.net/contact.html#ml
> >>>
> >>
> >>
> >>
> >> --
> >> ---
> >> Dave Raynor
> >> Talos Security Intelligence and Research Group
> >> dray...@sourcefire.com
> >> ___
> >> clamav-users mailing list
> >> clamav-users@lists.clamav.net
> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >>
> >>
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
> >>
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning

2017-05-06 Thread Joel Esler (jesler) 
I thought this was fixed.  

--
Sent from my iPhone

> On May 6, 2017, at 14:01, Rudy Stebih  wrote:
> 
> I filed a bug report for this.  Bug #11837
> 
> Cheers,
> Rudy
> 
> 
>> On Wed, May 3, 2017 at 1:25 PM, David Raynor  wrote:
>> 
>> Bump for visibility. I figure someone from your team should get in touch
>> with him, since it is not exactly an FP report. Maybe he can still submit
>> it as FP. Don't know.
>> 
>> Dave R.
>> 
>> On Tue, May 2, 2017 at 10:05 PM, Rudy Stebih 
>> wrote:
>> 
>>> Hi Folks,
>>> 
>>> I've been getting the following error for a week or so:
>>> 
>>> 'LibClamAV Warning: Bytecode runtime error at line 1226, col 4'
>>> 
>>> I finally found the time to run ClamAV in verbose mode and believe this
>> is
>>> the culprit:
>>> 
>>> 'Scanning C:\Program Files (x86)\Applian Director\ClearRegCode.exe'
>>> 
>>> At least that was the last file being scanned right before the error.
>>> 
>>> I can upload the file somewhere if you like...
>>> 
>>> Cheers,
>>> Rudy
>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>>> 
>> 
>> 
>> 
>> --
>> ---
>> Dave Raynor
>> Talos Security Intelligence and Research Group
>> dray...@sourcefire.com
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning

2017-05-06 Thread Rudy Stebih 
I filed a bug report for this.  Bug #11837

Cheers,
Rudy


On Wed, May 3, 2017 at 1:25 PM, David Raynor  wrote:

> Bump for visibility. I figure someone from your team should get in touch
> with him, since it is not exactly an FP report. Maybe he can still submit
> it as FP. Don't know.
>
> Dave R.
>
> On Tue, May 2, 2017 at 10:05 PM, Rudy Stebih 
> wrote:
>
> > Hi Folks,
> >
> > I've been getting the following error for a week or so:
> >
> > 'LibClamAV Warning: Bytecode runtime error at line 1226, col 4'
> >
> > I finally found the time to run ClamAV in verbose mode and believe this
> is
> > the culprit:
> >
> > 'Scanning C:\Program Files (x86)\Applian Director\ClearRegCode.exe'
> >
> > At least that was the last file being scanned right before the error.
> >
> > I can upload the file somewhere if you like...
> >
> > Cheers,
> > Rudy
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
>
>
>
> --
> ---
> Dave Raynor
> Talos Security Intelligence and Research Group
> dray...@sourcefire.com
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning

2017-05-03 Thread David Raynor 
Bump for visibility. I figure someone from your team should get in touch
with him, since it is not exactly an FP report. Maybe he can still submit
it as FP. Don't know.

Dave R.

On Tue, May 2, 2017 at 10:05 PM, Rudy Stebih  wrote:

> Hi Folks,
>
> I've been getting the following error for a week or so:
>
> 'LibClamAV Warning: Bytecode runtime error at line 1226, col 4'
>
> I finally found the time to run ClamAV in verbose mode and believe this is
> the culprit:
>
> 'Scanning C:\Program Files (x86)\Applian Director\ClearRegCode.exe'
>
> At least that was the last file being scanned right before the error.
>
> I can upload the file somewhere if you like...
>
> Cheers,
> Rudy
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



-- 
---
Dave Raynor
Talos Security Intelligence and Research Group
dray...@sourcefire.com
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning

2017-05-02 Thread Rudy Stebih 
Hi Folks,

I've been getting the following error for a week or so:

'LibClamAV Warning: Bytecode runtime error at line 1226, col 4'

I finally found the time to run ClamAV in verbose mode and believe this is
the culprit:

'Scanning C:\Program Files (x86)\Applian Director\ClearRegCode.exe'

At least that was the last file being scanned right before the error.

I can upload the file somewhere if you like...

Cheers,
Rudy
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning

2017-04-20 Thread Angel Villegas 
This is caused by a subset of the detection pattern used in the bytecode
signature BC.Win.Exploit.CVE_2017_0060-6099223-0. This is a warning and
doesn't impact detection of the bytecode in ClamAV. An updated version of
this signature was pushed out this morning in the latest bytecode CVD. You
may need to run freshclam to update to the latest bytecode cvd.

Hope that helps,
Angel M. Villegas

On Thu, Apr 20, 2017 at 12:27 PM, mario jayamaha 
wrote:

> Hi,
>
> I'm very new to Linux and have little technical knowledge.
>
> I installed ClamAV and ran a scan (sudo clamscan). I received the
> following warnings:
>
> LibClamAV Warning: Don't know how to create filter for:
> BC.Win.Exploit.CVE_2017_0060-6099223-0.{}
> LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie
>
> Could a kind soul please explain what they are and how I may fix them?
> Thank you for your attention to my post.
>
> With best wishes,Mario
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning

2017-04-20 Thread mario jayamaha 
Hi,

I'm very new to Linux and have little technical knowledge.

I installed ClamAV and ran a scan (sudo clamscan). I received the following 
warnings: 

LibClamAV Warning: Don't know how to create filter for: 
BC.Win.Exploit.CVE_2017_0060-6099223-0.{}
LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie

Could a kind soul please explain what they are and how I may fix them? Thank 
you for your attention to my post.

With best wishes,Mario
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV warning, cli_pdf unimplemented filter DCTDECODE

2016-05-21 Thread Rick Valenzuela 
Thank you for the detailed answer; I am using the HEAD version from an
OSX Homebrew install; I recently changed from stable, and had not had
this warning before.

Cheers,
Rick

On 5/20/16 02:58, Kevin Lin wrote:
> This warning occurs in the new experimental pdf filter rework that is not
> part of any existing ClamAV releases (as of 0.99.2). Thus as a disclaimer,
> it must be stated that the version of ClamAV being used may be unstable or
> incomplete especially with the experimental section that this warnings is
> related to.
> 
> A little background on PDFs:
> PDF documents are made up of entities called objects which store that
> various bits of content that make up the document. Taken from the PDF spec:
> "A *filter *is an optional part of the specification of a stream,
> indicating how the data in the stream must be decoded before it is used". As
> a result, in order to properly scan the objects of a PDF document, the
> objects need to be decoded according to their list of filters.
> DCTDecode is one of a number of PDF filters that can be applied to PDF
> objects; in particular: "grayscale or color image data that has been encoded
> in the JPEG baseline format" (PDF Spec). If you are interested in more
> about filters or PDFs, the PDF specification is freely available online and
> explains things in greater detail.
> 
> On LibClamAV and cli_pdf:
> LibClamAV's internal function to handle PDF documents is cli_pdf.
> 
> 
> In a nutshell, this warning occurs because ClamAV encountered a DCTDecode
> filter but does not have a implementation to decode that filter yet. It is
> possible but unlikely that associated document is malicious.
> 
> -Kevin
> 
> On Thu, May 19, 2016 at 12:43 AM, Rick Valenzuela  wrote:
> 
>> Hi,
>>
>> Where can I find info on this warning when running clamscan?:
>>
>> LibClamAV Warning: cli_pdf: unimplemented filter type [10] => DCTDECODE
>>
>> I've been searching, but I can't find much on LibClamAV and filters,
>> much less cli_pdf or DCTDECODE.
>>
>> Best regards,
>> Rick
>>
>> --
>> Rick Valenzuela
>> Videojournalist
>> Shanghai, China
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 

-- 
Rick Valenzuela
Videojournalist
Shanghai, China
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV warning, cli_pdf unimplemented filter DCTDECODE

2016-05-19 Thread Kevin Lin 
This warning occurs in the new experimental pdf filter rework that is not
part of any existing ClamAV releases (as of 0.99.2). Thus as a disclaimer,
it must be stated that the version of ClamAV being used may be unstable or
incomplete especially with the experimental section that this warnings is
related to.

A little background on PDFs:
PDF documents are made up of entities called objects which store that
various bits of content that make up the document. Taken from the PDF spec:
"A *filter *is an optional part of the specification of a stream,
indicating how the data in the stream must be decoded before it is used". As
a result, in order to properly scan the objects of a PDF document, the
objects need to be decoded according to their list of filters.
DCTDecode is one of a number of PDF filters that can be applied to PDF
objects; in particular: "grayscale or color image data that has been encoded
in the JPEG baseline format" (PDF Spec). If you are interested in more
about filters or PDFs, the PDF specification is freely available online and
explains things in greater detail.

On LibClamAV and cli_pdf:
LibClamAV's internal function to handle PDF documents is cli_pdf.


In a nutshell, this warning occurs because ClamAV encountered a DCTDecode
filter but does not have a implementation to decode that filter yet. It is
possible but unlikely that associated document is malicious.

-Kevin

On Thu, May 19, 2016 at 12:43 AM, Rick Valenzuela  wrote:

> Hi,
>
> Where can I find info on this warning when running clamscan?:
>
> LibClamAV Warning: cli_pdf: unimplemented filter type [10] => DCTDECODE
>
> I've been searching, but I can't find much on LibClamAV and filters,
> much less cli_pdf or DCTDECODE.
>
> Best regards,
> Rick
>
> --
> Rick Valenzuela
> Videojournalist
> Shanghai, China
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV warning, cli_pdf unimplemented filter DCTDECODE

2016-05-18 Thread Rick Valenzuela 
Hi,

Where can I find info on this warning when running clamscan?:

LibClamAV Warning: cli_pdf: unimplemented filter type [10] => DCTDECODE

I've been searching, but I can't find much on LibClamAV and filters,
much less cli_pdf or DCTDECODE.

Best regards,
Rick

-- 
Rick Valenzuela
Videojournalist
Shanghai, China
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: cli_tnef: file truncated, returning CLEAN

2016-04-07 Thread Steven Morgan 
Hi,

Looking in the code, the file was truncated, as the warning message states.
The message is issued by the TNEF file parser. Returning CLEAN from the
parser tells the caller(the TNEF scanner) to scan all of the previously
extracted parts of the TNEF message for viruses.

Hope this helps,
Steve
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning: cli_tnef: file truncated, returning CLEAN

2016-04-07 Thread Marco 

Hello,

 I would like to know what this clamd warn means:

"LibClamAV Warning: cli_tnef: file truncated, returning CLEAN"


I run

ClamAV 0.99.1/21486/Tue Apr  5 22:19:10 2016

on amavisd and clamav-milter.

In deep, I would like to know if this warning could be a issue  
allowing some malwares to bypass a scan.


Thank you very much
Marco





___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning in conjunction with SWF Files

2015-12-11 Thread Joel Esler (jesler) 


On Dec 11, 2015, at 1:58 PM, Andreas van Ohlen 
mailto:a.vanoh...@posteo.de>> wrote:

LibClamAV Warning: SWF: declared output length != inflated stream size, 486465 
!= 795244

I am guessing that the Flash file being analyzed declared the length to be 
795244 for a compressed section, however, when inflated, only equalled 486465.

--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning in conjunction with SWF Files

2015-12-11 Thread Andreas van Ohlen 

Hi Guys,

since the update to 0.99 on my Manjaro Linux System I get the warning

LibClamAV Warning: SWF: declared output length != inflated stream size, 
486465 != 795244


when scanning with "clamscan -ri". What does this mean and how can I fix 
it? Thanks!

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: cli_scanxz: decompress file size exceeds limits

2014-09-26 Thread Steven Morgan 
Chamal,

Have a look at the --max-filesize parameter on the clamscan man page and
try using with a value that accommodates your file size.

Steve

On Fri, Sep 26, 2014 at 1:09 AM, chamal desilva  wrote:

> Hi,
>
> OS: Ubuntu 14.04 64 bit
> ClamAv Version: ClamAV 0.98.1/19437/Fri Sep 26 04:06:13 2014
>
> 1. Download http://llvm.org/releases/3.5.0/cfe-3.5.0.src.tar.xz
> 2. Scan - clamscan cfe-3.5.0.src.tar.xz
> 3. Receive this warning and output.
> LibClamAV Warning: cli_scanxz: decompress file size exceeds limits -
> only   scanning 27262976 bytes
> cfe-3.5.0.src.tar.xz: OK
>
> Best Regards,
> Chamal.
>
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] LibClamAV Warning: cli_scanxz: decompress file size exceeds limits

2014-09-25 Thread chamal desilva 
Hi,

OS: Ubuntu 14.04 64 bit
ClamAv Version: ClamAV 0.98.1/19437/Fri Sep 26 04:06:13 2014

1. Download http://llvm.org/releases/3.5.0/cfe-3.5.0.src.tar.xz
2. Scan - clamscan cfe-3.5.0.src.tar.xz
3. Receive this warning and output.
LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only   
scanning 27262976 bytes
cfe-3.5.0.src.tar.xz: OK

Best Regards,
Chamal.

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: fmap_unneed: unneed on a unlocked page LibClamAV Warning: fmap_unneed: unneed on a unlocked page

2013-11-26 Thread David Raynor 
This warning is related to file map handling. This message will appear when
ClamAV tried to unlock the wrong locked page of the file map. It is a
temporary issue, since the page will be unlocked when the file is closed
and map is unmapped anyway. There is one known issue that can lead to this
warning being reported by ClamAV 0.98 in a case that is preventable, which
is probably what you are seeing. We will have a patch that will handle this
more cleanly in a future release.

Dave R.


On Tue, Nov 26, 2013 at 9:37 AM, René Bellora
wrote:

> hi!
>
> scanning a samba share gives me this warning:
>
> LibClamAV Warning: fmap_unneed: unneed on a unlocked page LibClamAV
> Warning: fmap_unneed: unneed on a unlocked page
>
>
>
> does anyone know what does it mean?
>
>
> thanks in advance,
> René
>
>
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>



-- 
---
Dave Raynor
Sourcefire Vulnerability Research Team
dray...@sourcefire.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[clamav-users] LibClamAV Warning: fmap_unneed: unneed on a unlocked page LibClamAV Warning: fmap_unneed: unneed on a unlocked page

2013-11-26 Thread René Bellora 

hi!

scanning a samba share gives me this warning:

LibClamAV Warning: fmap_unneed: unneed on a unlocked page LibClamAV Warning: 
fmap_unneed: unneed on a unlocked page



does anyone know what does it mean?


thanks in advance,
René


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] libclamav warning

2011-11-22 Thread Török Edwin 
On 11/20/2011 12:45 AM, Ben Stuyts wrote:
> 
> On 19 nov. 2011, at 17:19, Ben Stuyts wrote:
> 
>>
>> On 18 nov. 2011, at 21:20, René Bellora wrote:
>>
>>> hi!
>>>
>>> i'm getting some warnings when scanning a directory:
>>>
>>> LibClamAV Warning: Bytcode 4 failed to run: Error during bytecode execution
>>>
>>> LibClamAV Warning: Bytecode run timed out in interpreter after 221135000 
>>> opcodes
>>>
>>> LibClamAV Warning: Bytcode 4 failed to run: Unknown error code
>>>
>>>
>>> what are these?
>>>
>>> i'm running ClamAV 0.97.3
>>
>> Similar problems here:
>>
>> LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
>> LibClamAV Warning: [Bytecode JIT]: recovered from error
>> LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error!
>> LibClamAV Warning: Bytcode 11 failed to run: Unknown error code
>> ...
>>
>> clamscan -V:
>> ClamAV 0.97/13965/Sat Nov 19 00:09:18 2011
>>
>> I'll upgrade to 0.97.3 and see if that makes a difference.
> 
> Just tried, same result.
> 
> clamscan -V
> ClamAV 0.97.3/13966/Sat Nov 19 21:07:07 2011

I've dropped the bytecode (in bytecode.cvd 154), it will get added back once 
its fixed.
Those warnings simply mean that one particular bytecode encountered an error 
and was stopped,
but all the other signatures and bytecodes should still work as normal.

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] libclamav warning

2011-11-19 Thread Ben Stuyts 

On 19 nov. 2011, at 17:19, Ben Stuyts wrote:

> 
> On 18 nov. 2011, at 21:20, René Bellora wrote:
> 
>> hi!
>> 
>> i'm getting some warnings when scanning a directory:
>> 
>> LibClamAV Warning: Bytcode 4 failed to run: Error during bytecode execution
>> 
>> LibClamAV Warning: Bytecode run timed out in interpreter after 221135000 
>> opcodes
>> 
>> LibClamAV Warning: Bytcode 4 failed to run: Unknown error code
>> 
>> 
>> what are these?
>> 
>> i'm running ClamAV 0.97.3
> 
> Similar problems here:
> 
> LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
> LibClamAV Warning: [Bytecode JIT]: recovered from error
> LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error!
> LibClamAV Warning: Bytcode 11 failed to run: Unknown error code
> ...
> 
> clamscan -V:
> ClamAV 0.97/13965/Sat Nov 19 00:09:18 2011
> 
> I'll upgrade to 0.97.3 and see if that makes a difference.

Just tried, same result.

clamscan -V
ClamAV 0.97.3/13966/Sat Nov 19 21:07:07 2011

Ben

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] libclamav warning

2011-11-19 Thread Ben Stuyts 

On 18 nov. 2011, at 21:20, René Bellora wrote:

> hi!
> 
> i'm getting some warnings when scanning a directory:
> 
> LibClamAV Warning: Bytcode 4 failed to run: Error during bytecode execution
> 
> LibClamAV Warning: Bytecode run timed out in interpreter after 221135000 
> opcodes
> 
> LibClamAV Warning: Bytcode 4 failed to run: Unknown error code
> 
> 
> what are these?
> 
> i'm running ClamAV 0.97.3

Similar problems here:

LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
LibClamAV Warning: [Bytecode JIT]: recovered from error
LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error!
LibClamAV Warning: Bytcode 11 failed to run: Unknown error code
...

clamscan -V:
ClamAV 0.97/13965/Sat Nov 19 00:09:18 2011

I'll upgrade to 0.97.3 and see if that makes a difference.

Kind regards,
Ben

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] libclamav warning

2011-11-18 Thread René Bellora 

hi!

i'm getting some warnings when scanning a directory:

LibClamAV Warning: Bytcode 4 failed to run: Error during bytecode execution

LibClamAV Warning: Bytecode run timed out in interpreter after 221135000 opcodes

LibClamAV Warning: Bytcode 4 failed to run: Unknown error code


what are these?

i'm running ClamAV 0.97.3


thanks in advance,
René


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] [Clamav-users] LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0

2010-12-03 Thread Török Edwin 
On Fri, 03 Dec 2010 09:50:22 +
James Brown  wrote:

> Török Edwin wrote:
> > On Sat, 27 Nov 2010 05:24:19 +
> > James Brown  wrote:
> > 
> >> When scanning, clamscan give me the above messages of errors.
> >> What could it mean?
> > 
> > It probably means that the file changed its size while you were
> > scanning it, i.e. clamscan thought the file still had 4077 more
> > bytes, but when trying to read from it, it got an end-of-file (0
> > bytes). Or it could be a bug somewhere.
> > 
> How can I find what it is?

If you are running 0.96.5, then you can set 'DevLiblog yes' in
clamd.conf, set a 'LogFile /tmp/clamd.log' (or some other path), and
run a clamdscan, it will log the filename next to the warning message.

If not (or the problem doesn't occur with clamd) then run 
clamscan -rvi /path/to/directory >log 2>&1

The file causing it is the last one shown as 'Scanning' prior to the
warning message.

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] [Clamav-users] LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0

2010-12-03 Thread James Brown 
Török Edwin wrote:
> On Sat, 27 Nov 2010 05:24:19 +
> James Brown  wrote:
> 
>> When scanning, clamscan give me the above messages of errors.
>> What could it mean?
> 
> It probably means that the file changed its size while you were
> scanning it, i.e. clamscan thought the file still had 4077 more bytes,
> but when trying to read from it, it got an end-of-file (0 bytes).
> Or it could be a bug somewhere.
> 
How can I find what it is?

> Is this error reproducible?
> 
> Best regards,
> --Edwin
> 
Yes, many times. On my home laptop and on my vds (under Debian lenny).

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0

2010-11-26 Thread Török Edwin 
On Sat, 27 Nov 2010 05:24:19 +
James Brown  wrote:

> When scanning, clamscan give me the above messages of errors.
> What could it mean?

It probably means that the file changed its size while you were
scanning it, i.e. clamscan thought the file still had 4077 more bytes,
but when trying to read from it, it got an end-of-file (0 bytes).
Or it could be a bug somewhere.

Is this error reproducible?

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0

2010-11-26 Thread James Brown 
When scanning, clamscan give me the above messages of errors.
What could it mean?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] LibClamAV Warning: Bad compression in flate stream

2008-07-08 Thread Veselin Kantsev 
Thank you much Tomasz.

Veselin
On Tue, Jul 08, 2008 at 07:09:31PM +0200, Tomasz Kojm wrote:
> On Tue, 8 Jul 2008 18:01:57 +0100
> Veselin Kantsev <[EMAIL PROTECTED]> wrote:
> 
> > Hello,
> > I get this in my daily scan reports: 
> > "LibClamAV Warning: Bad compression in flate stream"
> > 
> > Could you please advise what is causing this?
> > 
> > 
> > ClamAV 0.92.1
> 
> That's from the pdf handler, upgrade to 0.93.3 and this warning
> will disappear.
> 
> -- 
>oo. Tomasz Kojm <[EMAIL PROTECTED]>
>   (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
>  \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
>//\   /\  Tue Jul  8 19:08:32 CEST 2008
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] LibClamAV Warning: Bad compression in flate stream

2008-07-08 Thread Tomasz Kojm 
On Tue, 8 Jul 2008 18:01:57 +0100
Veselin Kantsev <[EMAIL PROTECTED]> wrote:

> Hello,
> I get this in my daily scan reports: 
> "LibClamAV Warning: Bad compression in flate stream"
> 
> Could you please advise what is causing this?
> 
> 
> ClamAV 0.92.1

That's from the pdf handler, upgrade to 0.93.3 and this warning
will disappear.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Jul  8 19:08:32 CEST 2008
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] LibClamAV Warning: Bad compression in flate stream

2008-07-08 Thread Veselin Kantsev 
Hello,
I get this in my daily scan reports: 
"LibClamAV Warning: Bad compression in flate stream"

Could you please advise what is causing this?


ClamAV 0.92.1
Debian Lenny 2.6.21-2-686

-- 
Regards,

Veselin Kantsev
[EMAIL PROTECTED]
Campbell-Lange Workshop

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] LibClamAV Warning: read 278 macro_entries failed

2008-06-18 Thread daz 
Török Edwin wrote:
> daz wrote:
>> Török Edwin wrote:
>>   
>>> daz wrote:
>>> 
 Hello, Everyone.

 We've recently updated our CentOS-5 machine to clamav-0.93.1 
 from clamav-0.93. We're using the rpms from the dag repo here:
 http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/

 We have a nightly cron job on the machine that does this:
 clamscan -i -r  /some/where/

 Since upgrading, we've been receiving these errors after
 each scan:

 LibClamAV Warning: read 278 macro_entries failed
 LibClamAV Warning: read 278 macro_entries failed
 LibClamAV Warning: read 278 macro_entries failed
 LibClamAV Warning: read 278 macro_entries failed
 LibClamAV Warning: read 278 macro_entries failed
 LibClamAV Warning: read 278 macro_entries failed
 LibClamAV Warning: read 278 macro_entries failed


 What do they mean?

   
   
>>> Hello,
>>>
>>> There can be a number of causes, such as file truncated, different file
>>> format, or a bug in the code.
>>>
>>> Please open a bugreport on bugs.clamav.net, and attach a sample.
>>>
>>> Thanks,
>>> --Edwin
>>> 
>> Thank you for the response, Edwin.
>> Looking closer at the flagged files, it appears they're all .xls files
>> with macros. I've submitted this as Bug #1071.
>>   
> 
> Please attach an .xls file that causes the above messages (a sample to
> reproduce the problem).
> 
> Best regards,
> --Edwin

Sorry. I didn't see the option to attach a file earlier.
I have uploaded test.xls

Thank you.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] LibClamAV Warning: read 278 macro_entries failed

2008-06-18 Thread Török Edwin 
daz wrote:
> Török Edwin wrote:
>   
>> daz wrote:
>> 
>>> Hello, Everyone.
>>>
>>> We've recently updated our CentOS-5 machine to clamav-0.93.1 
>>> from clamav-0.93. We're using the rpms from the dag repo here:
>>> http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/
>>>
>>> We have a nightly cron job on the machine that does this:
>>> clamscan -i -r  /some/where/
>>>
>>> Since upgrading, we've been receiving these errors after
>>> each scan:
>>>
>>> LibClamAV Warning: read 278 macro_entries failed
>>> LibClamAV Warning: read 278 macro_entries failed
>>> LibClamAV Warning: read 278 macro_entries failed
>>> LibClamAV Warning: read 278 macro_entries failed
>>> LibClamAV Warning: read 278 macro_entries failed
>>> LibClamAV Warning: read 278 macro_entries failed
>>> LibClamAV Warning: read 278 macro_entries failed
>>>
>>>
>>> What do they mean?
>>>
>>>   
>>>   
>> Hello,
>>
>> There can be a number of causes, such as file truncated, different file
>> format, or a bug in the code.
>>
>> Please open a bugreport on bugs.clamav.net, and attach a sample.
>>
>> Thanks,
>> --Edwin
>> 
>
> Thank you for the response, Edwin.
> Looking closer at the flagged files, it appears they're all .xls files
> with macros. I've submitted this as Bug #1071.
>   

Please attach an .xls file that causes the above messages (a sample to
reproduce the problem).

Best regards,
--Edwin

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] LibClamAV Warning: read 278 macro_entries failed

2008-06-18 Thread daz 
Török Edwin wrote:
> daz wrote:
>> Hello, Everyone.
>>
>> We've recently updated our CentOS-5 machine to clamav-0.93.1 
>> from clamav-0.93. We're using the rpms from the dag repo here:
>> http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/
>>
>> We have a nightly cron job on the machine that does this:
>> clamscan -i -r  /some/where/
>>
>> Since upgrading, we've been receiving these errors after
>> each scan:
>>
>> LibClamAV Warning: read 278 macro_entries failed
>> LibClamAV Warning: read 278 macro_entries failed
>> LibClamAV Warning: read 278 macro_entries failed
>> LibClamAV Warning: read 278 macro_entries failed
>> LibClamAV Warning: read 278 macro_entries failed
>> LibClamAV Warning: read 278 macro_entries failed
>> LibClamAV Warning: read 278 macro_entries failed
>>
>>
>> What do they mean?
>>
>>   
> 
> Hello,
> 
> There can be a number of causes, such as file truncated, different file
> format, or a bug in the code.
> 
> Please open a bugreport on bugs.clamav.net, and attach a sample.
> 
> Thanks,
> --Edwin

Thank you for the response, Edwin.
Looking closer at the flagged files, it appears they're all .xls files
with macros. I've submitted this as Bug #1071.

daz

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] LibClamAV Warning: read 278 macro_entries failed

2008-06-18 Thread Török Edwin 
daz wrote:
> Hello, Everyone.
>
> We've recently updated our CentOS-5 machine to clamav-0.93.1 
> from clamav-0.93. We're using the rpms from the dag repo here:
> http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/
>
> We have a nightly cron job on the machine that does this:
> clamscan -i -r  /some/where/
>
> Since upgrading, we've been receiving these errors after
> each scan:
>
> LibClamAV Warning: read 278 macro_entries failed
> LibClamAV Warning: read 278 macro_entries failed
> LibClamAV Warning: read 278 macro_entries failed
> LibClamAV Warning: read 278 macro_entries failed
> LibClamAV Warning: read 278 macro_entries failed
> LibClamAV Warning: read 278 macro_entries failed
> LibClamAV Warning: read 278 macro_entries failed
>
>
> What do they mean?
>
>   

Hello,

There can be a number of causes, such as file truncated, different file
format, or a bug in the code.

Please open a bugreport on bugs.clamav.net, and attach a sample.

Thanks,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] LibClamAV Warning: read 278 macro_entries failed

2008-06-18 Thread daz 
Hello, Everyone.

We've recently updated our CentOS-5 machine to clamav-0.93.1 
from clamav-0.93. We're using the rpms from the dag repo here:
http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/

We have a nightly cron job on the machine that does this:
clamscan -i -r  /some/where/

Since upgrading, we've been receiving these errors after
each scan:

LibClamAV Warning: read 278 macro_entries failed
LibClamAV Warning: read 278 macro_entries failed
LibClamAV Warning: read 278 macro_entries failed
LibClamAV Warning: read 278 macro_entries failed
LibClamAV Warning: read 278 macro_entries failed
LibClamAV Warning: read 278 macro_entries failed
LibClamAV Warning: read 278 macro_entries failed


What do they mean?

Thank you,

daz
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] LibClamAV Warning

2008-04-02 Thread Mishustin Alexey 

>From: [EMAIL PROTECTED]
> I am no expert but if I had to guess I would say it means you scanned
> a file that was utf16 and also less then 2 bytes.  I don't think this
> is a bug but just a special case when the length of a utf16 file to
> be converted to ascii is less than 2 bytes.  This looks to avoid
> unnecessary code execution further in the function.  I am not sure of
> the reason to throw a warning message though.  I would ignore it.

>[EMAIL PROTECTED] wrote:
>The message has already been degraded to debug message, don't worry
>about it:
>https://wwws.clamav.net/bugzilla/show_bug.cgi?id=892

Thank you!

Best regards,
Alexey Mishustin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning

2008-04-01 Thread Török Edwin 
[EMAIL PROTECTED] wrote:
> Mishustin Alexey wrote:
>   
>> Hello,
>>
>> what's about my question? (I wrote 23 March)
>>
>> After the full system scan I've got console reports as follows:
>>
>> LibClamAV Warning: cli_utf16toascii: length < 2
>>
>> What does it mean? Is this a bug? How to fix the problem?
>> 
>
> I am no expert but if I had to guess I would say it means you scanned
> a file that was utf16 and also less then 2 bytes.  I don't think this
> is a bug but just a special case when the length of a utf16 file to
> be converted to ascii is less than 2 bytes.  This looks to avoid
> unnecessary code execution further in the function.  I am not sure of
> the reason to throw a warning message though.  I would ignore it.
>   

The message has already been degraded to debug message, don't worry
about it:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=892

--Edwin


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning

2008-04-01 Thread kwijibo 
Mishustin Alexey wrote:
> Hello,
> 
> what's about my question? (I wrote 23 March)
> 
> After the full system scan I've got console reports as follows:
> 
> LibClamAV Warning: cli_utf16toascii: length < 2
> 
> What does it mean? Is this a bug? How to fix the problem?

I am no expert but if I had to guess I would say it means you scanned
a file that was utf16 and also less then 2 bytes.  I don't think this
is a bug but just a special case when the length of a utf16 file to
be converted to ascii is less than 2 bytes.  This looks to avoid
unnecessary code execution further in the function.  I am not sure of
the reason to throw a warning message though.  I would ignore it.

Steven




___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamAV Warning

2008-04-01 Thread Mishustin Alexey 

Hello,

what's about my question? (I wrote 23 March)

After the full system scan I've got console reports as follows:

LibClamAV Warning: cli_utf16toascii: length < 2

What does it mean? Is this a bug? How to fix the problem?

Clamav version: 0.92.1
LibClamAV version: 0.92.1~dfsg-1volatile1
OS: Debian Etch 4, kernel 2.6.18-686

Best regards,
Alexey Mishustin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamAV Warning

2008-03-23 Thread Mishustin Alexey 
Hello,

after the full system scanning (with -i option) I've got many console
reports as follows:

LibClamAV Warning: cli_utf16toascii: length < 2

Please tell me what does it mean and what should I do to fix the
problem.

Clamav version: 0.92.1
LibClamAV version: 0.92.1~dfsg-1volatile1 (downloaded from
Debian-etch-volatile)
OS: Debian Etch 4.0, kernel 2.6.18

Regards,
Alex

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamAV Warning : RAR code not compiled-in

2007-12-27 Thread Arnaud Jacques 
Hello,

Before Debian users (and others ?) flood the mailing list with this message, 
one possible solution is here :

http://www.securiteinfo.com/divers/Clamav_LibClamAV_Warning_RAR_code_not_compiled-in.shtml

-- 
Cordialement / Best regards,

Arnaud Jacques
Consultant Sécurité
SecuriteInfo.com
http://www.securiteinfo.com
http://www.securiteinfo.net
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning

2007-07-12 Thread Jose Julian Buda 
> At 01:15 PM 7/12/2007, Jose Julian Buda wrote:
>> > At 10:35 AM 7/12/2007, Jose Julian Buda wrote:
>> >>Hi , i am new with this soft , i have installed
>> >>postfix+mailscanner+clamav  on debian "sarge" server.
>> >>
>> >>I've installed ClamAV 0.91 from source, run freshclam and the virus
>> >>database is updated.
>> >>
>> >>As you can see:
>> >>
>> >>serverna:~# clamscan -V
>> >>ClamAV 0.91/955/Thu Jun 23 18:08:42 2005
>> >>serverna:~# freshclam -V
>> >>ClamAV 0.91/955/Thu Jun 23 18:08:42 2005
>> >
>> > The above show database version "955" dated "18:08:42 2005" - two
>> > years old.  Updates aren't working, despite what you say.
>> >
>> >>The freshclam procces download ok the daily diff file
>> >>But when i run clamscan just to test it on some test files:
>> >>
>> >>serverna:~# clamscan
>> >>LibClamAV Warning: **
>> >>LibClamAV Warning: ***  The virus database is older than 7 days.  ***
>> >>LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
>> >>LibClamAV Warning: **
>> >
>> > Maybe you need to run "ldconfig".  Maybe you need to uninstall your
>> > old version of clam.  Maybe freshclam doesn't have permission to
>> > write to the database directory.  Maybe your freshclam.conf specifies
>> > a different DatabaseDirectory than the compiled-in default of clamscan.
>> > # clamconf
>> > and
>> > # clamscan --debug
>> > might show something interesting, or at least will show where clam is
>> > looking for the databases.
>> >
>> > --
>> > Noel Jones
>> >
>> > ___
>> > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> > http://lurker.clamav.net/list/clamav-users.html
>>
>>
>>Thank you, when i run clamscan --debug
>>  i see
>>...
>>LibClamAV debug: Loading databases from /usr/local/share/clamav
>>...
>>i have two files over there
>>
>>  148 -rw-rw-r--  1 clamav clamav  151524 Jun 27  2005 daily.cvd
>>2148 -rw-rw-r--  1 clamav clamav 2196392 Jun 27  2005 main.cvd
>>
>>as i can see , they are very old
>>but why clamscan look in there for this files?
>>i have /usr/local/etc/clamd.conf with this configuration :
>>...
>>DatabaseDirectory /var/lib/clamav/
>>...
>>
>>and /usr/local/etc/freshclam.conf with this :
>>
>>...
>>DatabaseDirectory /var/lib/clamav/
>>...
>>
>>How can i see where clamscan take the configuration from?
>>Obviously, are not this files.
>>
>>
>>when i run this, everything work fine :
>>
>>serverna:~# clamscan -d /var/lib/clamav/
>>
>>
>>
>>so , how can i set the DatabaseDirectory ? where?
> 
> 
> Clamscan does not use a config file - the default database directory 
> is set at compile-time.  Either recompile clamav with the desired 
> --with-dbdir=/some/path or adjust freshclam.conf and clamd.conf to 
> agree with clamscan on the database location.
> 
> Your previous post showed that freshclam is also using the antique 
> database, so something still wrong there.  Maybe freshclam doesn't 
> have write permission in the database directory.
> 
> -- 
> Noel Jones 
> 
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html

if i run 

serverna:~# clamscan -d /var/lib/clamav/  
/usr/local/copiasbackups/cables/eicar_com.zip: Eicar-Test-Signature FOUND

--- SCAN SUMMARY ---
Known viruses: 137301
Engine version: 0.91
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Time: 4.939 sec (0 m 4 s)


it works fine, just scan the files, no one error, so i set the variable

 ScanOptions="-d /var/lib/clamav/"

in the /etc/MailScanner/wrapper/clamav-wrapper   file and i think it will work 
fine...
i hope so...

Thank you
Jose Julian Buda

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning

2007-07-12 Thread Noel Jones 
At 01:15 PM 7/12/2007, Jose Julian Buda wrote:
> > At 10:35 AM 7/12/2007, Jose Julian Buda wrote:
> >>Hi , i am new with this soft , i have installed
> >>postfix+mailscanner+clamav  on debian "sarge" server.
> >>
> >>I've installed ClamAV 0.91 from source, run freshclam and the virus
> >>database is updated.
> >>
> >>As you can see:
> >>
> >>serverna:~# clamscan -V
> >>ClamAV 0.91/955/Thu Jun 23 18:08:42 2005
> >>serverna:~# freshclam -V
> >>ClamAV 0.91/955/Thu Jun 23 18:08:42 2005
> >
> > The above show database version "955" dated "18:08:42 2005" - two
> > years old.  Updates aren't working, despite what you say.
> >
> >>The freshclam procces download ok the daily diff file
> >>But when i run clamscan just to test it on some test files:
> >>
> >>serverna:~# clamscan
> >>LibClamAV Warning: **
> >>LibClamAV Warning: ***  The virus database is older than 7 days.  ***
> >>LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
> >>LibClamAV Warning: **
> >
> > Maybe you need to run "ldconfig".  Maybe you need to uninstall your
> > old version of clam.  Maybe freshclam doesn't have permission to
> > write to the database directory.  Maybe your freshclam.conf specifies
> > a different DatabaseDirectory than the compiled-in default of clamscan.
> > # clamconf
> > and
> > # clamscan --debug
> > might show something interesting, or at least will show where clam is
> > looking for the databases.
> >
> > --
> > Noel Jones
> >
> > ___
> > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> > http://lurker.clamav.net/list/clamav-users.html
>
>
>Thank you, when i run clamscan --debug
>  i see
>...
>LibClamAV debug: Loading databases from /usr/local/share/clamav
>...
>i have two files over there
>
>  148 -rw-rw-r--  1 clamav clamav  151524 Jun 27  2005 daily.cvd
>2148 -rw-rw-r--  1 clamav clamav 2196392 Jun 27  2005 main.cvd
>
>as i can see , they are very old
>but why clamscan look in there for this files?
>i have /usr/local/etc/clamd.conf with this configuration :
>...
>DatabaseDirectory /var/lib/clamav/
>...
>
>and /usr/local/etc/freshclam.conf with this :
>
>...
>DatabaseDirectory /var/lib/clamav/
>...
>
>How can i see where clamscan take the configuration from?
>Obviously, are not this files.
>
>
>when i run this, everything work fine :
>
>serverna:~# clamscan -d /var/lib/clamav/
>
>
>
>so , how can i set the DatabaseDirectory ? where?


Clamscan does not use a config file - the default database directory 
is set at compile-time.  Either recompile clamav with the desired 
--with-dbdir=/some/path or adjust freshclam.conf and clamd.conf to 
agree with clamscan on the database location.

Your previous post showed that freshclam is also using the antique 
database, so something still wrong there.  Maybe freshclam doesn't 
have write permission in the database directory.

-- 
Noel Jones 

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning

2007-07-12 Thread Jose Julian Buda 
> At 10:35 AM 7/12/2007, Jose Julian Buda wrote:
>>Hi , i am new with this soft , i have installed 
>>postfix+mailscanner+clamav  on debian "sarge" server.
>>
>>I've installed ClamAV 0.91 from source, run freshclam and the virus 
>>database is updated.
>>
>>As you can see:
>>
>>serverna:~# clamscan -V
>>ClamAV 0.91/955/Thu Jun 23 18:08:42 2005
>>serverna:~# freshclam -V
>>ClamAV 0.91/955/Thu Jun 23 18:08:42 2005
> 
> The above show database version "955" dated "18:08:42 2005" - two 
> years old.  Updates aren't working, despite what you say.
> 
>>The freshclam procces download ok the daily diff file
>>But when i run clamscan just to test it on some test files:
>>
>>serverna:~# clamscan
>>LibClamAV Warning: **
>>LibClamAV Warning: ***  The virus database is older than 7 days.  ***
>>LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
>>LibClamAV Warning: **
> 
> Maybe you need to run "ldconfig".  Maybe you need to uninstall your 
> old version of clam.  Maybe freshclam doesn't have permission to 
> write to the database directory.  Maybe your freshclam.conf specifies 
> a different DatabaseDirectory than the compiled-in default of clamscan.
> # clamconf
> and
> # clamscan --debug
> might show something interesting, or at least will show where clam is 
> looking for the databases.
> 
> -- 
> Noel Jones 
> 
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html


Thank you, when i run clamscan --debug
 i see 
...
LibClamAV debug: Loading databases from /usr/local/share/clamav
...
i have two files over there

 148 -rw-rw-r--  1 clamav clamav  151524 Jun 27  2005 daily.cvd
2148 -rw-rw-r--  1 clamav clamav 2196392 Jun 27  2005 main.cvd

as i can see , they are very old
but why clamscan look in there for this files?
i have /usr/local/etc/clamd.conf with this configuration :
...
DatabaseDirectory /var/lib/clamav/
...

and /usr/local/etc/freshclam.conf with this :

...
DatabaseDirectory /var/lib/clamav/
...

How can i see where clamscan take the configuration from?
Obviously, are not this files.


when i run this, everything work fine :

serverna:~# clamscan -d /var/lib/clamav/



so , how can i set the DatabaseDirectory ? where?

Tnak you
Jose Julian Buda



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning

2007-07-12 Thread Noel Jones 
At 10:35 AM 7/12/2007, Jose Julian Buda wrote:
>Hi , i am new with this soft , i have installed 
>postfix+mailscanner+clamav  on debian "sarge" server.
>
>I've installed ClamAV 0.91 from source, run freshclam and the virus 
>database is updated.
>
>As you can see:
>
>serverna:~# clamscan -V
>ClamAV 0.91/955/Thu Jun 23 18:08:42 2005
>serverna:~# freshclam -V
>ClamAV 0.91/955/Thu Jun 23 18:08:42 2005

The above show database version "955" dated "18:08:42 2005" - two 
years old.  Updates aren't working, despite what you say.

>The freshclam procces download ok the daily diff file
>But when i run clamscan just to test it on some test files:
>
>serverna:~# clamscan
>LibClamAV Warning: **
>LibClamAV Warning: ***  The virus database is older than 7 days.  ***
>LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
>LibClamAV Warning: **

Maybe you need to run "ldconfig".  Maybe you need to uninstall your 
old version of clam.  Maybe freshclam doesn't have permission to 
write to the database directory.  Maybe your freshclam.conf specifies 
a different DatabaseDirectory than the compiled-in default of clamscan.
# clamconf
and
# clamscan --debug
might show something interesting, or at least will show where clam is 
looking for the databases.

-- 
Noel Jones 

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamAV Warning

2007-07-12 Thread Jose Julian Buda 
Hi , i am new with this soft , i have installed postfix+mailscanner+clamav  on 
debian "sarge" server.

I've installed ClamAV 0.91 from source, run freshclam and the virus database is 
updated.

As you can see:

serverna:~# clamscan -V
ClamAV 0.91/955/Thu Jun 23 18:08:42 2005
serverna:~# freshclam -V
ClamAV 0.91/955/Thu Jun 23 18:08:42 2005

The freshclam procces download ok the daily diff file 
But when i run clamscan just to test it on some test files:

serverna:~# clamscan
LibClamAV Warning: **
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
LibClamAV Warning: **
...
...


Why this message? 
How can i be sure that is working fine on the mails server?

Thank you in advance and sorry for my english.
Jose Julian Buda
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamAV Warning

2007-07-12 Thread Jose Julian Buda 
Hi , i am new with this soft , i have installed postfix+mailscanner+clamav  on 
debian "sarge" server.

I've installed ClamAV 0.91 from source, run freshclam and the virus database is 
updated.

As you can see:

serverna:~# clamscan -V
ClamAV 0.91/955/Thu Jun 23 18:08:42 2005
serverna:~# freshclam -V
ClamAV 0.91/955/Thu Jun 23 18:08:42 2005

The freshclam procces download ok the daily diff file 
But when i run clamscan just to test it on some test files:

serverna:~# clamscan
LibClamAV Warning: **
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
LibClamAV Warning: **
...
...


Why this message? 
How can i be sure that is working fine on the mails server?

Thank you in advance and sorry for my english.
Jose Julian Buda
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamAV Warning: pdf: after writing 0 bytes...

2007-02-24 Thread Sebastian Deiszner 
Hello together,

I am using ClamAv 0.9 on Debian Sarge.

:~# clamscan -r -i /home

LibClamAV Warning: pdf: after writing 0 bytes, got error
"invalid distance too far back" inflating PDF attachment
LibClamAV Warning: pdf: after writing 0 bytes, got error
"invalid distance too far back" inflating PDF attachment

What does this message mean?
What is wrong?

Thanx

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamAV Warning Can I switch them off?

2006-09-04 Thread David Woolley 
Hello clamav-users,

On my contribs.org SME version 7.0 I get the following log entries
every day.

I didn't find an answer in
http://www.clamav.net/doc/0.88.4/clamdoc.pdf, so can someone here
advise how I can configure the report to exclude these types of
warnings. Because without clam telling me which files the warnings
refer to, it is hard for me to interpret this log as anything other
than noise.

Why does LibClamAV want to warn me about these conditions?

I want to know about files infected with viruses, but do I care about
files having minor syntax errors?

Many thanks

David.

LibClamAV Warning: Multipart MIME message contains no boundaries
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 5b 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 5b 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 5c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 59 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 5c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 5c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 5c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 5b 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 5c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 5c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 58 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 58 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Error: cli_untar: only standard T

Re: [Clamav-users] LibClamAV Warning: The virus database is older than 7 days.

2006-05-21 Thread Dennis Peterson 

Noah wrote:

On Fri, 19 May 2006 11:54:43 -0400, Guillaume Vachon wrote

Noah wrote:
clamav-0.88.2_1 
freeBSD-4.11



so I just upgraded to clamav-0.88.2_1
and find myself with the following error when starting clamd.



The last couple hundred times this came up the problem was the user 
didn't configure the freshclam.conf and the clamd.conf files with the 
local system requirements, so freshclam was looking one place, and clamd 
was looking in another. Occasionally the ownerships of directories/files 
is incorrect. Sometimes the needed directories don't exist.


Examine your config files and your startup scripts (the command line 
options override the config files) and make sure your files and your 
system agree on where everything goes and who owns it and that the 
permissions are correct.


Also make damned sure you have only one instance of each file in you 
entire system as the other 200 or so complaints were traced to multiple 
installations with various binaries looking in unexpected places for 
config files.


Finally - the next 200 or so complaints had to do with the fact that the 
user did not stop the old instance when installing an upgrade, and the 
old version was confusing the error reporting.


dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning: The virus database is older than 7 days. [solved]

2006-05-19 Thread Noah 
On Fri, 19 May 2006 11:19:01 -0500 (CDT), C. Bensend wrote
> > Okay I did that and still the same warning message.
> >
> >
> >  snip 
> >
> > # cd /usr/local/share/clamav
> > # ls -l
> > total 4544
> > -rw-r--r--  1 clamav  clamav   641509 May 19 08:48 daily.cvd
> > -rw-r--r--  1 clamav  clamav  3950054 Apr 22 01:11 main.cvd
> > # date
> > Fri May 19 08:55:13 PDT 2006
> > # freshclam
> > ClamAV update process started at Fri May 19 08:55:36 2006
> > main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder:
> > tkojm)
> > daily.cvd is up to date (version: 1471, sigs: 4433, f-level: 8, builder:
> > ccordes)
> > # /usr/local/etc/rc.d/clamav-clamd.sh restart
> > Stopping clamav_clamd.
> > Waiting for PIDS: 49921.
> > Starting clamav_clamd.
> > LibClamAV Warning: **
> > LibClamAV Warning: ***  The virus database is older than 7 days.  ***
> > LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
> > LibClamAV Warning: **
> 
> I'd check your clamd.conf and freshclam.conf...  I wonder if
> clamd is not using the database files you think it may be.
> 

Hi there,

That fixed is.  The clamd.conf was pointing to a different Database Directory
than where freshclam was keeping its data files.

Cheers,

Noah



> Benny
> 
> -- 
> "God help us all if cats had thumbs." -- Me, 2006
> 
> ___
> http://lurker.clamav.net/list/clamav-users.html

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning: The virus database is older than 7 days.

2006-05-19 Thread C. Bensend 

> Okay I did that and still the same warning message.
>
>
>  snip 
>
> # cd /usr/local/share/clamav
> # ls -l
> total 4544
> -rw-r--r--  1 clamav  clamav   641509 May 19 08:48 daily.cvd
> -rw-r--r--  1 clamav  clamav  3950054 Apr 22 01:11 main.cvd
> # date
> Fri May 19 08:55:13 PDT 2006
> # freshclam
> ClamAV update process started at Fri May 19 08:55:36 2006
> main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder:
> tkojm)
> daily.cvd is up to date (version: 1471, sigs: 4433, f-level: 8, builder:
> ccordes)
> # /usr/local/etc/rc.d/clamav-clamd.sh restart
> Stopping clamav_clamd.
> Waiting for PIDS: 49921.
> Starting clamav_clamd.
> LibClamAV Warning: **
> LibClamAV Warning: ***  The virus database is older than 7 days.  ***
> LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
> LibClamAV Warning: **

I'd check your clamd.conf and freshclam.conf...  I wonder if
clamd is not using the database files you think it may be.

Benny


-- 
"God help us all if cats had thumbs." -- Me, 2006

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning: The virus database is older than 7 days.

2006-05-19 Thread Richard Feldmann 
Noah spake thusly on Fri, May 19, 2006 at 07:57:15AM -0800:
> 
> Okay I did that and still the same warning message.
> 
--- end quoted text ---

Delete the old databases and run freshclam again.

Regards,
Richard

-- 
Did this email or post help you? If so, please rate
me at affero: http://rate.affero.net/RhunDraco


pgpjNH4rGKjG2.pgp
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning: The virus database is older than 7 days.

2006-05-19 Thread Noah 
On Fri, 19 May 2006 11:54:43 -0400, Guillaume Vachon wrote
> Noah wrote:
> > clamav-0.88.2_1 
> > freeBSD-4.11
> >
> >
> > so I just upgraded to clamav-0.88.2_1
> > and find myself with the following error when starting clamd.
> >
> >
> > ---s nip ---
> >
> > Starting clamav_clamd.
> > LibClamAV Warning: **
> > LibClamAV Warning: ***  The virus database is older than 7 days.  ***
> > LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
> > LibClamAV Warning: **
> >
> > --- snip ---
> >
> >
> > What is going on here?
> >
> >
> > CHeers,
> >
> > Noah
> >
> >


Okay I did that and still the same warning message.


 snip 

# cd /usr/local/share/clamav
# ls -l
total 4544
-rw-r--r--  1 clamav  clamav   641509 May 19 08:48 daily.cvd
-rw-r--r--  1 clamav  clamav  3950054 Apr 22 01:11 main.cvd
# date
Fri May 19 08:55:13 PDT 2006
# freshclam
ClamAV update process started at Fri May 19 08:55:36 2006
main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder: tkojm)
daily.cvd is up to date (version: 1471, sigs: 4433, f-level: 8, builder: 
ccordes)
# /usr/local/etc/rc.d/clamav-clamd.sh restart
Stopping clamav_clamd.
Waiting for PIDS: 49921.
Starting clamav_clamd.
LibClamAV Warning: **
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
LibClamAV Warning: **


--- snip ---

Cheers,

Noah



> >
> > ___
> > http://lurker.clamav.net/list/clamav-users.html
> >
> 
> Try freshclam
> then start it back
> ___
> http://lurker.clamav.net/list/clamav-users.html

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning: The virus database is older than 7 days.

2006-05-19 Thread Guillaume Vachon 
Noah wrote:
> clamav-0.88.2_1 
> freeBSD-4.11
>
>
> so I just upgraded to clamav-0.88.2_1
> and find myself with the following error when starting clamd.
>
>
> ---s nip ---
>
> Starting clamav_clamd.
> LibClamAV Warning: **
> LibClamAV Warning: ***  The virus database is older than 7 days.  ***
> LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
> LibClamAV Warning: **
>
> --- snip ---
>
>
> What is going on here?
>
>
> CHeers,
>
> Noah
>
>
>
> ___
> http://lurker.clamav.net/list/clamav-users.html
>   

Try freshclam
then start it back
___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamAV Warning: The virus database is older than 7 days.

2006-05-19 Thread Noah 
clamav-0.88.2_1 
freeBSD-4.11


so I just upgraded to clamav-0.88.2_1
and find myself with the following error when starting clamd.


---s nip ---

Starting clamav_clamd.
LibClamAV Warning: **
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
LibClamAV Warning: ***Please update it IMMEDIATELY!   ***
LibClamAV Warning: **

--- snip ---


What is going on here?


CHeers,

Noah



___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamAV Warning: Unknown VBA version signature 6c 0 0 1

2005-12-19 Thread James Courtier-Dutton 

When doing a clamscan I see this in the log:
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian

Should I be worried?
clamscan --version
ClamAV 0.87.1/1213/Mon Dec 19 14:48:34 2005

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning: Ignoring empty field in " charset="

2005-12-12 Thread Chris Purves 

Nigel Horne wrote:


I receive the following output from a daily clamscan:

  
/etc/cron.daily/clamscan:

LibClamAV Warning: Ignoring empty field in " charset="
LibClamAV Warning: Ignoring empty field in " charset="

--- SCAN SUMMARY ---
Known viruses: 41434
Engine version: 0.87.1
Scanned directories: 6566
Scanned files: 71132
Infected files: 0
Data scanned: 1894.82 MB
Time: 1962.246 sec (32 m 42 s)


It means that a header within the email is syntactically wrong, and that 
clamAV has

made a guess at what it should be.



I was able to track the warning down to the offending file which, as you 
said, was an e-mail that did not properly specify the charset.  Thanks 
for your help.


--
Good day, eh.
Chris

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning: Ignoring empty field in " charset="

2005-12-11 Thread Nigel Horne 

Chris Purves wrote:


I receive the following output from a daily clamscan:

   


/etc/cron.daily/clamscan:
LibClamAV Warning: Ignoring empty field in " charset="
LibClamAV Warning: Ignoring empty field in " charset="

--- SCAN SUMMARY ---
Known viruses: 41434
Engine version: 0.87.1
Scanned directories: 6566
Scanned files: 71132
Infected files: 0
Data scanned: 1894.82 MB
Time: 1962.246 sec (32 m 42 s)
<<<
   


Has anyone else experienced this problem?
 


It is not a problem, it is a warning that you can ignore, unless a virus
has slipped though
unnoticed, in which case you must submit it to www.clamav.net.

Can you tell me what the warning means?  If a virus had slipped through,
how would I be able to check since the warning does not specify to which
file it belongs?
   

It means that a header within the email is syntactically wrong, and that 
clamAV has

made a guess at what it should be.

--
Nigel Horne. Arranger, Adjudicator, Band Trainer, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning: Ignoring empty field in " charset="

2005-12-10 Thread Chris Purves 
On Sat, December 10, 2005 2:49 pm, Nigel Horne said:
> Chris Purves wrote:
>
>>On Tue, December 6, 2005 11:15 am, Chris Purves said:
>>
>>
>>>I receive the following output from a daily clamscan:
>>>
>>> >>>
>>>/etc/cron.daily/clamscan:
>>>LibClamAV Warning: Ignoring empty field in " charset="
>>>LibClamAV Warning: Ignoring empty field in " charset="
>>>
>>>--- SCAN SUMMARY ---
>>>Known viruses: 41434
>>>Engine version: 0.87.1
>>>Scanned directories: 6566
>>>Scanned files: 71132
>>>Infected files: 0
>>>Data scanned: 1894.82 MB
>>>Time: 1962.246 sec (32 m 42 s)
>>><<<
>>>
>>>
>>>
>>
>>Has anyone else experienced this problem?
>>
>>
> It is not a problem, it is a warning that you can ignore, unless a virus
> has slipped though
> unnoticed, in which case you must submit it to www.clamav.net.
>

Can you tell me what the warning means?  If a virus had slipped through,
how would I be able to check since the warning does not specify to which
file it belongs?

-- 
Good day, eh.
Chris

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning: Ignoring empty field in " charset="

2005-12-09 Thread Nigel Horne 

Chris Purves wrote:


On Tue, December 6, 2005 11:15 am, Chris Purves said:
 


I receive the following output from a daily clamscan:

>>>
/etc/cron.daily/clamscan:
LibClamAV Warning: Ignoring empty field in " charset="
LibClamAV Warning: Ignoring empty field in " charset="

--- SCAN SUMMARY ---
Known viruses: 41434
Engine version: 0.87.1
Scanned directories: 6566
Scanned files: 71132
Infected files: 0
Data scanned: 1894.82 MB
Time: 1962.246 sec (32 m 42 s)
<<<

   



Has anyone else experienced this problem?
 

It is not a problem, it is a warning that you can ignore, unless a virus 
has slipped though

unnoticed, in which case you must submit it to www.clamav.net.

--
Nigel Horne. Arranger, Adjudicator, Band Trainer, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamAV Warning: Ignoring empty field in " charset="

2005-12-09 Thread Chris Purves 
On Tue, December 6, 2005 11:15 am, Chris Purves said:
> I receive the following output from a daily clamscan:
>
>  >>>
> /etc/cron.daily/clamscan:
> LibClamAV Warning: Ignoring empty field in " charset="
> LibClamAV Warning: Ignoring empty field in " charset="
>
> --- SCAN SUMMARY ---
> Known viruses: 41434
> Engine version: 0.87.1
> Scanned directories: 6566
> Scanned files: 71132
> Infected files: 0
> Data scanned: 1894.82 MB
> Time: 1962.246 sec (32 m 42 s)
> <<<
>

Has anyone else experienced this problem?

-- 
Good day, eh.
Chris

___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamAV Warning: Ignoring empty field in " charset="

2005-12-05 Thread Chris Purves 

I receive the following output from a daily clamscan:

>>>
/etc/cron.daily/clamscan:
LibClamAV Warning: Ignoring empty field in " charset="
LibClamAV Warning: Ignoring empty field in " charset="

--- SCAN SUMMARY ---
Known viruses: 41434
Engine version: 0.87.1
Scanned directories: 6566
Scanned files: 71132
Infected files: 0
Data scanned: 1894.82 MB
Time: 1962.246 sec (32 m 42 s)
<<<


I have found other people that have reported the same problem, but never 
an explanation that I could understand.


Could someone tell my why I get these warnings and is there anything I 
can do about it?


Thank you.

--
Good day, eh.
Chris

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamav warning & errors on FC3 with 0.87 version

2005-11-15 Thread ankush grover 
On 11/14/05, Tomasz Papszun <[EMAIL PROTECTED]> wrote:
>
> On Mon, 14 Nov 2005 at 14:22:47 +0100, Richard Pijnenburg wrote:
> > Have you also tried to update to version 0.87.1 ?
> >
> > ankush grover wrote:
> [...]
> > >___
> >


hey,

I will update it to version 0.87.1 .

Thanks & Regards

Ankush Grover
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamav warning & errors on FC3 with 0.87 version

2005-11-14 Thread Tomasz Papszun 
On Mon, 14 Nov 2005 at 14:22:47 +0100, Richard Pijnenburg wrote:
> Have you also tried to update to version 0.87.1 ?
> 
> ankush grover wrote:
[...]
> >___
> >http://lurker.clamav.net/list/clamav-users.html
> >
> 
> -- 
> 
> Met vriendelijke groet,
> 
> Richard Pijnenburg
> PremiumXS B.V.
> 
> Bouwerij 4
> 1185 XX
> Amstelveen
> 
> T: 020 386 84 05
> F: 020 386 84 04
> G: 06 47 92 85 28
> E: [EMAIL PROTECTED]
> ___
> http://lurker.clamav.net/list/clamav-users.html


Richard,

you notoriously top-post.

I have already asked you to stop doing this - *in a private message*,
but your server was refusing the mail service for full 5 days, till my
message was returned to me as undeliverable.

Please, don't "top-post" - reply _below_ previous messages, not above
them.
http://www.catb.org/~esr/jargon/html/T/top-post.html

Remove unneeded fragments of previous messages - especially commercial
footers, mailing list footers, long signatures.

Shorten your signature, please.

http://www.xs4all.nl/~hanb/documents/quotingguide.html
http://www.netmeister.org/news/learn2quote.html

-- 
 Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
 tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
 tomek at clamav.net   http://www.ClamAV.net/   A GPL virus scanner
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] LibClamav warning & errors on FC3 with 0.87 version

2005-11-14 Thread Richard Pijnenburg 

Have you also tried to update to version 0.87.1 ?

ankush grover wrote:

hey,

I am using clamav 0.87 on Fedora Core3.Since I have updated to 0.87 I
am getting this error.Actually I have set a cron job for scanning
whole system
at midnight through clamscan.

LibClamAV Error: cli_untar: only standard TAR files are currently supported

LibClamAV Warning: Multipart MIME message contains no boundaries
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1

LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian

LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Error: cli_untar: only standard TAR files are currently supported


Any pointers why these warnings &  errors are generated ?

Thanks & Regards

Ankush Grover
___
http://lurker.clamav.net/list/clamav-users.html




--

Met vriendelijke groet,

Richard Pijnenburg
PremiumXS B.V.

Bouwerij 4
1185 XX
Amstelveen

T: 020 386 84 05
F: 020 386 84 04
G: 06 47 92 85 28
E: [EMAIL PROTECTED]
___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] LibClamav warning & errors on FC3 with 0.87 version

2005-11-14 Thread ankush grover 
hey,

I am using clamav 0.87 on Fedora Core3.Since I have updated to 0.87 I
am getting this error.Actually I have set a cron job for scanning
whole system
at midnight through clamscan.

LibClamAV Error: cli_untar: only standard TAR files are currently supported

LibClamAV Warning: Multipart MIME message contains no boundaries
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1

LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian

LibClamAV Warning: Unknown VBA version signature 6c 0 0 1
LibClamAV Warning: Guessing little-endian
LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Error: cli_untar: only standard TAR files are currently supported


Any pointers why these warnings &  errors are generated ?

Thanks & Regards

Ankush Grover
___
http://lurker.clamav.net/list/clamav-users.html

  1   2   >