Re: [clamav-users] clamav malware reports Notify Me

2016-05-05 Thread Joel Esler (jesler)
No, I wouldn’t think so. But that’s that our bug is hoping to find out. -- Joel Esler Manager, Talos Group On May 5, 2016, at 2:15 PM, C.D. Cochrane mailto:c...@post.com>> wrote: Ah, okay. A bug could explain a lack of notifications. Must one ALSO be subscribed to the clamav-virusdb mailin

Re: [clamav-users] clamav malware reports Notify Me

2016-05-05 Thread C.D. Cochrane
Ah, okay. A bug could explain a lack of notifications. Must one ALSO be subscribed to the clamav-virusdb mailing list in order to receive notifications? thanks, Chris  > Understood, hence the second part of my statement in my email: > > "We have a bug open with our team to check and see what the

Re: [clamav-users] clamav malware reports Notify Me

2016-05-05 Thread Joel Esler (jesler)
Understood, hence the second part of my statement in my email: "We have a bug open with our team to check and see what the issue is with individual notification.” -- Joel Esler Manager, Talos Group On May 5, 2016, at 1:17 PM, C.D. Cochrane mailto:c...@post.com>> wrote: I was on the clamav

Re: [clamav-users] clamav malware reports Notify Me

2016-05-05 Thread C.D. Cochrane
I was on the clamav-virusdb mailing list at one time, but no longer. I recall getting daily email, regardless of whether I had submitted a sample that day or not, which means "Notify Me" has no effect. Also, that email contains absolutely no information to correlate with my virus submission th

Re: [clamav-users] clamav malware reports Notify Me

2016-05-05 Thread Joel Esler (jesler)
After many complaints, we aren’t publishing the names in the virusdb email anymore. We have a bug open with our team to check and see what the issue is with individual notification. -- Joel Esler Manager, Talos Group On May 5, 2016, at 11:21 AM, Al Varnell mailto:alvarn...@mac.com>> wrote:

Re: [clamav-users] ScanOnAccess issue when clamd launched from systemd

2016-05-05 Thread Mikko Caldara
Hi Mickey, I tried disabling SELinux and will report back later on that issue. I understand OnAccess cannot prevent access or write attempts if OnAccessMountPath is enabled: not a problem for us, will disable OnAccessPrevention. So I changed my config to: ScanOnAccess yes OnAccessMountPath / O

Re: [clamav-users] ScanOnAccess issue when clamd launched from systemd

2016-05-05 Thread Mickey Sola
Mikko, I know you didn't find anything in audit.log, but is your primary issue resolved when you set SELinux to Permissive? Looking at the code, and the debug output, so far everything points to this being an issue with permissions. Regarding your secondary problems: As documented, OnAccess scan

Re: [clamav-users] clamav malware reports Notify Me

2016-05-05 Thread Al Varnell
You must join the clamav-virusdb list in order to be notified. Did you do that? -Al- On Thu, May 05, 2016 at 06:06 AM, C.D. Cochrane wrote: > > Hi, > I have been submitting virus samples for several months now and I always > che

[clamav-users] clamav malware reports Notify Me

2016-05-05 Thread C.D. Cochrane
Hi, I have been submitting virus samples for several months now and I always check the "Notify Me" box on the submission page at clamav.net/reports/malware. I have not received any notification. So, I am wondering (1) if my samples are actually being received or (2) if "Notify Me" is not being

Re: [clamav-users] ScanOnAccess issue when clamd launched from systemd

2016-05-05 Thread Mikko Caldara
I currently have these options enabled: ScanOnAccess yes OnAccessMountPath / OnAccessExcludeUID 0 OnAccessPrevention yes the user is root. I guess there's a bug then? From: clamav-users [clamav-users-boun...@lists.clamav.net] on behalf of Virgo Pärna [vi

Re: [clamav-users] ScanOnAccess issue when clamd launched from systemd

2016-05-05 Thread Virgo Pärna
On Thu, 5 May 2016 09:50:03 +, Mikko Caldara wrote: > Not sure if it's related, but when I launch clamd *without* systemd and then > try to access an "infected" file, 2 problems occur: > > - clamd does not prevent access, despite having the option enabled > - clamd goes into an infinite loop

Re: [clamav-users] ScanOnAccess issue when clamd launched from systemd

2016-05-05 Thread Mikko Caldara
Not sure if it's related, but when I launch clamd *without* systemd and then try to access an "infected" file, 2 problems occur: - clamd does not prevent access, despite having the option enabled - clamd goes into an infinite loop and hogs the CPU: Logs: Thu May 5 09:42:20 2016 -> ScanOnAccess

Re: [clamav-users] ScanOnAccess issue when clamd launched from systemd

2016-05-05 Thread Mikko Caldara
SELinux is indeed enabled, but there's no blocking message in audit.log when the error occurs. After further retries, it seems the error sometimes occurs a while after clamd has started, even 2 minutes: Thu May 5 08:25:38 2016 -> ScanOnAccess: notifying only for access attempts. Thu May 5 08: