On 3/4/19 9:28 PM, Jobst Schmalenbach via clamav-users wrote:
>
> This is really confusing as datadir points DATAROOTDIR.
>
> Can I make them the same?
>
It's confusing in clamav because it's confusing everywhere. Those
directories and their meanings' come from autotools:
On Wed, 2019-03-06 at 17:55 -0500, Maarten Broekman via clamav-users
wrote:
> I have 48472 and 48473. The 48474 I got was the gdb file that was
> downloaded as part of the cdiff. The freshclam process hung after
> downloading though. The order of the 48474 gdb file was no different
> from the
>From my local validation with ClamAV, I can confidently say that
safebrowsing CVD 48474 will load much faster than safebrowsing CVD 48473.
It's all in the ordering. We'll be keeping track of that going forward.
Safebrowsing 48474 is available from the mirror network now.
Dave R.
On Wed, Mar 6,
I have 48472 and 48473. The 48474 I got was the gdb file that was
downloaded as part of the cdiff. The freshclam process hung after
downloading though. The order of the 48474 gdb file was no different from
the order of the 48473 file.
Freshclam gets this far before hanging after the download.
That's strange, the 48474 I have should have the sorting changed and has
the improved loading time we're talking about.
$ sigtool --info safebrowsing.cvd
File: safebrowsing.cvd
Build time: 06 Mar 2019 13:24 -0500
Version: 48474
Signatures: 3232286
Functionality level: 63
Builder: google
MD5:
The new safebrowsing cvd (starting with version 48473) seems to be sorted
in a way that increases the load time of that file by several orders of
magnitude.
I have a previous version from February where the entries in the gdb
section are sorted like this:
Hi Dave,
I noticed that the safebrowsing CVD was updated (I'm seeing version 48474
now) but the cdiff takes a VERY long time to apply and the new gdb file
takes about the same time to load.
Freshclam hangs at this point:
Wed Mar 6 16:03:05 2019 -> *Retrieving
I spoke too soon! Although 0.100.2 didn't hang, it did have to download
25380 several times -- while claiming success each time!
On Wed, 6 Mar 2019 15:54:04 -0500
Paul Kosinski via clamav-users wrote:
> For once (?) we're not having any problem with this update. Maybe it's
> because we're
For once (?) we're not having any problem with this update. Maybe it's
because we're still running 0.100.2?
On Wed, 6 Mar 2019 14:05:30 +
"Micah Snyder \(micasnyd\) via clamav-users"
wrote:
> I also am seeing the same thing.
> Killing freshclam an starting it again reproduces the process
Maarten,
Thanks for reporting that. There is an ordering difference of the content
in the latest GDB file which is affecting the load time, and we will be
fixing that in the next safebrowsing CVD version.
Dave R.
On Wed, Mar 6, 2019 at 10:42 AM Maarten Broekman via clamav-users <
Great, thanks!
All I had to do was writing an new.ldb rule with hex patterns to
search for:
Sig1;Target:4;(0|1|2|3|4|5|6|7|8|9|10|11|12);e2e5ede0eb;c2c5cdc0cb;fe32
;de32;d7c5cec1cc;f7e5eee1ec;c032;e032;d0b2d0b5d0bdd0b0d0bb;d092d095d09d
d090d09b;d18e32;d0ae32;7576656e616c
and run clamscan:
Henrik,
The reference file that we have for that signature appears to
contain CVE-2006-3227.
If you can share the file then use the FP reporting option <
http://www.clamav.net/reports/fp> to have the signature reassessed.
Thank you.
On Mon, Mar 4, 2019 at 3:57 AM Al Varnell via clamav-users <
I'm not sure if the safebrowsing.cld is included in the daily cdiff, but
the current safebrowsing.cld takes between 50 and 70 seconds to *load* into
clamscan, where a copy from February loads in <5 seconds.
safebrowsing data:
Old (fast): ClamAV-VDB:13 Feb 2019 13-16
I confirmed with our signature management team that the extended time
processing daily-25380 is because this change is significantly larger than a
standard update.
This update drops 768053 hash-based signatures for malware that is detected by
other more efficient logical signatures. The net
On Wed, 2019-03-06 at 14:20 +, Micah Snyder (micasnyd) via clamav-
users wrote:
> Pierre,
>
> So you're saying it actually did finish after 3 hours, 15 minutes on
> its own? That is good news for all of the automated systems, even if
> this is a potentially terrible bug.
>
> I'm still
Yes Micah, it finished while I was checking the computer because of the
messages received
on the mailing list.
$ tail -50 /var/log/freshclam.log
...
--
ClamAV update process started at Wed Mar 6 11:37:46 2019
WARNING: Your ClamAV installation is OUTDATED!
Pierre,
So you're saying it actually did finish after 3 hours, 15 minutes on its own?
That is good news for all of the automated systems, even if this is a
potentially terrible bug.
I'm still investigating the cause, and asking our signature management team if
they have any additional
Seems like this has been fixed.
Remove /var/lib/clamav/daily.* (either cld or cvd) and run freshclam again.
When freshclam failed to update, it was stuck on a .cld file. After removing
it, it downloaded daily.cvd and could be updated afterwards.
Dennis Hermannsen
System administrator |
I also am seeing the same thing.
Killing freshclam an starting it again reproduces the process (and locks up
again).
You may have to delete daily.cld/cvd from your database directory in order to
get past this.
For those who are interested in the code, it is caught in a loop here:
Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 11,
v0.100.0)... without noticiable error in freshclam.log.
On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:
> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff
> So basically it does nothing extra, just has more definitions
> which I can import to clamav anyway?
You can download the program and look it over without installing, it's
just bash scripts. It does appear in its own sigs directory there are
additional signature files:
-rw-r--r-- 1 root root
Same here ..
On 06/03/2019 11:31, Vijayakumar U via clamav-users wrote:
Yes. Same here too...
On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez
mailto:carlos.gar...@f-integra.org>> wrote:
Hello,
When crontab execs freshclam
CPU server goes to 100%
Hanged finishing
> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]
Just checked my server and it happened to me too! A little after 5am
central time. :(
___
clamav-users mailing list
Yes. Same here too...
On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez <
carlos.gar...@f-integra.org> wrote:
> Hello,
>
> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]
>
>
>
> /home/vmail/antivirus/clamav/bin/freshclam -v --debug
>
Thanks for the reply.So basically it does nothing extra, just has more definitions which I can import to clamav anyway?On Mar 6, 2019 4:01 AM, "J.R. via clamav-users" wrote:> does anyone here have experience/knowledge about LMD/maldet?
>
> What I don't understand is whether it provides any
Garon Govender
Green Swan Infrastructure
Mobile: +2778678
*Sent from my iPhone*
On 06 Mar 2019, at 12:53, Carlos García Gómez
wrote:
Hello,
When crontab execs freshclam
CPU server goes to 100%
Hanged finishing Downloading daily-25380.cdiff [100%]
Hello,
When crontab execs freshclam
CPU server goes to 100%
Hanged finishing Downloading daily-25380.cdiff [100%]
/home/vmail/antivirus/clamav/bin/freshclam -v --debug
Current working dir is /home/vmail/antivirus/clamav-0.101.1/share/clamav
ClamAV update process started at Wed Mar 6
On 2019/03/06 05:01, J.R. via clamav-users wrote:
I'm pretty sure the clamav-unofficial-sigs script downloads the same
signature files as maldet. The maldet program itself gives you
turn-key ability for various scanning, logging, and cleaning
options...
clamav-unofficial-sigs does
Hello,
https://www.clamav.net/documents/doc is broken.
Link found at https://www.clamav.net/documents/miscellaneous-faq.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web :
Hello Alex,
We do have a large IMAP ~200GB, and in order to find letters
containing specific "keyword",
grep is not good because of base64 encoding. So the idea is to look
through with antivirus scanner for "virus" inside letters, which is
not a virus but a (not sure, may be) "bytecode
Hi all,
is it worth trying?
We do have a large IMAP ~200GB, and in order to find letters containing
specific "keyword",
grep is not good because of base64 encoding. So the idea is to look
through with antivirus scanner for "virus" inside letters, which is not
a virus but a (not sure, may be)
31 matches
Mail list logo
