Just upgraded to 0.100.1, but still seeing the same issue.
Looks like this is going to require debugging at the network level.
Thanks,
DR
On 07/30/2018 04:27 PM, Joel Esler (jesler) wrote:
Try the freshclam that is included with version 0.100.1 and see if you still
see the error.
On Jul 3
> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Paul Kosinski
> Sent: Tuesday, July 31, 2018 2:42 PM
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] After 0.100.1 Update, clamd crashes
<...>
> Software should *never*
Thanks Paul, this is super useful.
> On Jul 31, 2018, at 1:47 PM, Paul Kosinski wrote:
>
> There are still over 1/3 signature update sync errors with the new
> ClamAV mirrors.
>
> You may remember that I previously added code to our ClamAV update
> protocol to verify that the actually available
I must say that I agree. To have ClamAV crash on a badly formed
signature is as bad (or worse) as having it crash while scanning.
Since ClamAV tends to be run with automatic updates to its DB, having a
bad signature cause it to crash can result in email blockage or a total
lack of AV service (incl
Ged,
Meaning no offense here - but not every crash is a security vulnerability. You
shouldn't trust 3rd party signatures unless you trust the source of the
signatures.
We take vulnerabilities in parsing untrusted user input (such as when scanning
a file or email) very seriously. Signature da
There are still over 1/3 signature update sync errors with the new
ClamAV mirrors.
You may remember that I previously added code to our ClamAV update
protocol to verify that the actually available daily.cvd etc. matched
the version number reported by the DNS TXT record. (This is done by
using curl
Hi there,
On Tue, 31 Jul 2018, Steve Basford wrote:
My little issue is with this statement:
"It wasn't quite clear at the offset of this bug, but ClamAV cannot
support unofficial signatures from a development standpoint. For numerous
reasons, we do not regress against those signatures, and in
Micah,
Running master branch from GitHub: ClamAV 0.101.0/24799/Tue Jul 31 04:44:57 2018
It doesn’t seem to have an issue, as far as I can tell.
# clamscan --debug 2>&1 /dev/null | grep "loaded" | grep yara
LibClamAV debug: load_oneyara: successfully loaded YARA.AnglerEKredirector
LibCl
Thanks for the analysis, Steve. That is a step towards understanding how to
fix it.
I don't believe it's a new bug in 0.100, but was merely revealed due to
legitimate improvements in the yara sig loading behavior.
Copypaste'd from my comments in the ticket you linked:
> In 0.99.x some of the r
Just posting a little regarding the Yara issue with 0.100.x:
After a little bit of testing last week... here's what was found:
It seems that in ClamAV 0.100.x if the yara file uses pe.imports *and* has
*multiple* rules inside the single Yara file, it seems to crash linux
versions of ClamAV.
If
Thanks, Vladislav for the quick reply!
That´s exactly the problem, deleting *.yar and *.yara solved it!
Cheers,
Martin
-Ursprüngliche Nachricht-
Von: clamav-users Im Auftrag von
Vladislav Kurz
Gesendet: Dienstag, 31. Juli 2018 11:22
An: clamav-users@lists.clamav.net
Betreff: Re: [clama
On 07/31/18 11:10, Fraenzl, Martin wrote:
> Hi all,
>
>
>
> I’m using clamav as scanner for my Exim MTA.
>
> Since I updated from 0.99.4 to 0.100.1, Exim is not able to connect to
> clamd.
If you are using unofficial rules, disable yara rules.
https://github.com/extremeshok/clamav-unofficial
It helps the signature team locate those submitted files faster if you post
their hash values here.
-Al-
On Tue, Jul 31, 2018 at 01:53 AM, Albrecht, Peter wrote:
> Hello,
>
> Since Saturday (2018-07-28) we are seeing many reports from clamscan having
> found (possibly) infected files. I suspect
Hi all,
I'm using clamav as scanner for my Exim MTA.
Since I updated from 0.99.4 to 0.100.1, Exim is not able to connect to clamd.
ps -afe | grep clam
clamav 19586 1 0 10:32 ?00:00:00 /usr/sbin/clamd
clamav 19596 1 0 10:32 ?00:00:00 /usr/bin/freshclam -d
After the
Hello,
Since Saturday (2018-07-28) we are seeing many reports from clamscan having
found (possibly) infected files. I suspect these are false positives because
checking
the files on virustotal.com returns only clamav reporting them as infected.
The reported files are mostly jar files used by our
15 matches
Mail list logo
