Re: [clamav-users] i have often an error in the scan
Hi Dorian, all: The error you found is this issue: https://github.com/Cisco-Talos/clamav/issues/604 The certificate verification feature is essentially broken because of this bug. It isn't letting malware slip by, but it is preventing us from trusting software signed by trusted signing certificates. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of G.W. Haywood via clamav-users Sent: Tuesday, October 18, 2022 4:05 AM To: Dorian ROSSE via clamav-users Cc: G.W. Haywood Subject: Re: [clamav-users] i have often an error in the scan Hi there, On Tue, 18 Oct 2022, Dorian ROSSE via clamav-users wrote: > I have often an error in the scan below on my windows system : > LibClamAV Warning: crtmgr_rsa_verify: verification failed: fp_exptmod failed > with 1 > I don't understand why I am got this error often, > If this is a bad error thanks you in advance to repair it, The message would not normally mean that ClamAV is broken, but it's possible; at present there are ongoing changes in this part of ClamAV. The developers read this list and I would expect that they would tell us if they knew that something was broken. When ClamAV gives you that message, it is telling you something about "signed" code. Signed code was introduced by Microsoft many years ago: https://blog.clamav.net/2013/02/authenticode-certificate-chain.html Unfortunately I think it's fair to say that the signed code feature has not been a great success: https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/ I personally would ignore the ClamAV message, but you do need to know that I use no Windows machines, and only very rarely scan filesystems; I only scan mail. If someone sent me some code in a mail message, it would automatically, without the involvement of a human, be reported to several anti-virus organizations and then be sent to the trash can. > Does this is dangerous to use this option for pass the errors: > > '--nocerts' You need to make that judgement for yourself. ClamAV can alert you to something which it thinks isn't right. Whether or not you then choose to do anything about it is up to you. Be aware that a *lot* of things are "not right" in most computer systems, but that doesn't necessarily mean that they are dangerous problems. Forged signatures in drivers and other code is a very well-known problem, but as you can see from the article above, checks which use the proper methods of verification do not necessarily protect you. I'm afraid it's a minefield. > Thanks you in advance for your answer smart, May I suggest that you try to use a translation Website? I have had good results from this one, at least for a few languages: https://www.deepl.com/en/translator -- 73, Ged. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] i have often an error in the scan
On 18/10/2022 22:05, G.W. Haywood via clamav-users wrote: [SNIP] May I suggest that you try to use a translation Website? I have had good results from this one, at least for a few languages: https://www.deepl.com/en/translator Also, please write your messages in your native language as well as English, nuance is often lost when translated, either by the initial writer or translation software. Cheers, GaryB-) ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] i have often an error in the scan
Hi there, On Tue, 18 Oct 2022, Dorian ROSSE via clamav-users wrote: I have often an error in the scan below on my windows system : LibClamAV Warning: crtmgr_rsa_verify: verification failed: fp_exptmod failed with 1 I don't understand why I am got this error often, If this is a bad error thanks you in advance to repair it, The message would not normally mean that ClamAV is broken, but it's possible; at present there are ongoing changes in this part of ClamAV. The developers read this list and I would expect that they would tell us if they knew that something was broken. When ClamAV gives you that message, it is telling you something about "signed" code. Signed code was introduced by Microsoft many years ago: https://blog.clamav.net/2013/02/authenticode-certificate-chain.html Unfortunately I think it's fair to say that the signed code feature has not been a great success: https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/ I personally would ignore the ClamAV message, but you do need to know that I use no Windows machines, and only very rarely scan filesystems; I only scan mail. If someone sent me some code in a mail message, it would automatically, without the involvement of a human, be reported to several anti-virus organizations and then be sent to the trash can. Does this is dangerous to use this option for pass the errors: '--nocerts' You need to make that judgement for yourself. ClamAV can alert you to something which it thinks isn't right. Whether or not you then choose to do anything about it is up to you. Be aware that a *lot* of things are "not right" in most computer systems, but that doesn't necessarily mean that they are dangerous problems. Forged signatures in drivers and other code is a very well-known problem, but as you can see from the article above, checks which use the proper methods of verification do not necessarily protect you. I'm afraid it's a minefield. Thanks you in advance for your answer smart, May I suggest that you try to use a translation Website? I have had good results from this one, at least for a few languages: https://www.deepl.com/en/translator -- 73, Ged. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] i have often an error in the scan
Does this is dangerous to use this option for pass the errors: '--nocerts' Thanks you in advance for your answer smart, Regards. Dorian Rosse. From: Dorian ROSSE Sent: Tuesday, October 18, 2022 8:13:33 AM To: ClamAV users ML Subject: i have often an error in the scan Hello, I have often an error in the scan below on my windows system : ‘’’ LibClamAV Warning: crtmgr_rsa_verify: verification failed: fp_exptmod failed with 1 ‘’’ I don’t understand why I am got this error often, If this is a bad error thanks you in advance to repair it, Regards. Dorian ROSSE. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] i have often an error in the scan
Hello, I have often an error in the scan below on my windows system : ''' LibClamAV Warning: crtmgr_rsa_verify: verification failed: fp_exptmod failed with 1 ''' I don't understand why I am got this error often, If this is a bad error thanks you in advance to repair it, Regards. Dorian ROSSE. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
