Re: [clamav-users] Bytecode run timed out

2017-07-21 Thread Al Varnell
Yes, they can be added to a local .ign2 file, but the last time it was discussed here, the entry needed to be followed by {} for some unknown reason, to make it work. -Al- On Fri, Jul 21, 2017 at 10:29 PM, Mark Foley wrote: > > Are bytecodes individually blockable? > > --Mark > > On Fri, 21

Re: [clamav-users] Bytecode run timed out

2017-07-21 Thread Mark Foley
Are bytecodes individually blockable? --Mark On Fri, 21 Jul 2017 21:10:13 -0700 Al Varnell wrote: > > FYI, the following were added by bytecode 306: > >* BC.Multios.Exploit.CVE_2017_2816-6329916-0 >* BC.Pdf.Exploit.CVE_2017_2818-6331913-0 >*

Re: [clamav-users] Bytecode run timed out

2017-07-21 Thread Al Varnell
FYI, the following were added by bytecode 306: * BC.Multios.Exploit.CVE_2017_2816-6329916-0 * BC.Pdf.Exploit.CVE_2017_2818-6331913-0 * BC.Pdf.Exploit.CVE_2017_2862-6331914-0 -Al- On Fri, Jul 21, 2017 at 08:36 PM, Mark Foley wrote: > > I ran clamscan by hand on the files before and

Re: [clamav-users] Bytecode run timed out

2017-07-21 Thread Mark Foley
I ran clamscan by hand on the files before and after the error, and it's the file after the error. I've bumped the --bytecode-timeout to 12, 18 and finally 60 (10 minutes) and it fails for all these values, even though the file itself is not that big (1.2M). This is a pretty recent

Re: [clamav-users] Bytecode run timed out

2017-07-21 Thread Al Varnell
It's almost certainly a file that follows S=12386 since that one is being reported as "OK". The file that failed might not even be listed, having failed the scan, although I suppose it's possible for it to be the next one shown. It's my understanding that not all files receive a bytecode

[clamav-users] Trouble catching eicar signatures

2017-07-21 Thread Colin Rogers
Hello Everyone, I am stumped here. I have c-icap setup on Ubuntu using clamav-daemon. Everything appears to be working correctly other than the fact that clamav does not pick up any of the eicar test files as virus' but clamscan does. I have tried many things to remedy this with no luck. I am

Re: [clamav-users] Bytecode run timed out

2017-07-21 Thread Mark Foley
Here's the partial output from clamscan w/o the --infected option: /home/HPRS/charmaine/Maildir/.INBOX.Audit-CAFR-OBM/cur/1424057307.M683247P23198.mail,S=12386,W=12657:2,RS: OK LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set LibClamAV Warning: [Bytecode JIT]:

[clamav-users] Fwd: [clamav-virusdb] Signatures Published daily - 23583

2017-07-21 Thread Rafael Ferreira
looks like the signatures are stuck again, the appear to be empty since yesterday. > Begin forwarded message: > > From: nore...@sourcefire.com > Subject: [clamav-virusdb] Signatures Published daily - 23583 > Date: July 21, 2017 at 1:17:47 AM PDT > To: clamav-viru...@lists.clamav.net > > >