[clamav-users] Support for GPFS / real-time antivirus checks

Hi all, we have a server operating RHEL 6.x and which is using GPFS as a file system. We process high volume data on this server and are evaluating whether clamAV / clamd is a feasible solution to run AV scans against the processed data. As I could not find an official page that lists features /

Re: [clamav-users] Support for GPFS / real-time antivirus checks

Hi there, On Thu, 17 Mar 2022, An Schall via clamav-users wrote: we have a server operating RHEL 6.x and which is using GPFS as a file system. We process high volume data on this server and are evaluating whether clamAV / clamd is a feasible solution to run AV scans against the processed data.

Re: [clamav-users] Disk space utilization ever increasing until I kill clamonacc

I just wanted to close the loop on this for anyone else who follows in my footsteps. Since upgrading to 0.103.5 I've not had any more problems with disk utilization seemingly increasing. Thanks for your assistance. Regards Steve On Tuesday, 22 February 2022, 11:57:46 GMT, Stephen Scotter

[clamav-users] LibClamAV Warning: fmap_readpage: pread fail

Hi, I noticed Clamd has unexpectantly died on two of my virtual machines. Investigating lead me to find similar errors in the logs on both hosts around the times I know clamd died (I'm monitoring for the existence of a clamd process with zabbix but only got around to investigating today due to

Re: [clamav-users] LibClamAV Warning: fmap_readpage: pread fail

I can't comment on this particular error but 2G of RAM is definitely insufficient and I believe 4G would be as well when freshclam is applying updates to the database as there would be 2 copies of it in RAM. Dave. On 2022-03-17 07:25, Stephen Scotter via clamav-users wrote: > Hi, > > I noticed Cl

Re: [clamav-users] LibClamAV Warning: fmap_readpage: pread fail

Hi there, On Thu, 17 Mar 2022, Stephen Scotter via clamav-users wrote: I noticed Clamd has unexpectantly died on two [VMs] ... System1 Virtual Machine CPU : 1 socket / 2 cores RAM : 2GB Ram ... OS : Debian 10 / buster Clam : ClamAV 0.103.5/26484/Thu Mar 17 08:28:38 2022 Mar 13 13:14:27 Syste

[clamav-users] Amazon/SpoofedDomain FP

Hi, The link description is a URL and apparently doesn't match the link itself, resulting in email from Amazon Business being marked as malicious. Do I just add this to some kind of allow/bypass list? How do I go about doing that? $ clamscan -v amazon-fp.eml Scanning /home/alex/quarantine/amazon-

Re: [clamav-users] LibClamAV Warning: fmap_readpage: pread fail

Hi Stephen, Based on this output: Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Warning: fmap_readpage: pread fail: asked for 901703 bytes @ offset 4096, got 0 Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Error: fmap_get_MD5: error reading while generating hash! ... it looks to me lik

Re: [clamav-users] Amazon/SpoofedDomain FP

That's indicating that there is a link in the email that's displaying " www.americanexpress.com" but is actually going to "www.amazonbusiness.com". It's hard to help without seeing the original email code. On Thu, Mar 17, 2022 at 12:55 PM Alex via clamav-users < clamav-users@lists.clamav.net> wrot

Re: [clamav-users] Amazon/SpoofedDomain FP

You can create allow-list rules for this sort of phishing heuristic alert using WDB signatures: https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format Phishing Signatures - ClamAV Documentation The names of the cons

Re: [clamav-users] Amazon/SpoofedDomain FP

Hi there, On Thu, 17 Mar 2022, Alex via clamav-users wrote: The link description is a URL and apparently doesn't match the link itself, resulting in email from Amazon Business being marked as malicious. Do I just add this to some kind of allow/bypass list? How do I go about doing that? Micah

Re: [clamav-users] Amazon/SpoofedDomain FP

Hi, > Micah has given you plenty to go on. I'd add that you can search the > docs online, for example: > > https://docs.clamav.net/?search=false%20positive > > To prevent all such detections, see 'PhishingScanURLs' in the man page > for clamd.conf. Thank you both for your help. The following pat