Hi ClamAV team and users,
Another update on slow scanning of PDF files. My team and I have discovered the
potential root cause. In
https://github.com/Cisco-Talos/clamav/blob/5f934c16b47591157a7082b71e751c45f095e2c8/libclamav/pdf.c#L1984,
ClamAV handles PDF document tags. This function comes wi
Hi Ralf,
There are 3 bytecode rules for detecting CVE's that seem to take a rather long
time to run, particularly as the file grows in size. I'm discussing with our
threat research team if we can remove them as CVE's are old enough that no one
should reasonably still be affected by the vulnera
In yesterdays logs I found this:
Feb 19 12:18:35 mail-cbf-int clamd[4147902]: LibClamAV Warning: Bytecode run
timed out in interpreter after 5000 opcodes
Feb 19 12:18:35 mail-cbf-int clamd[4147902]: LibClamAV Warning: Bytecode
'BC.Img.Exploit.CVE-2017-16386-6404655-1.{}' (id: 77) failed to run:
> - Sanesecurity (https://sanesecurity.com) provider default
> configuration overhaul. Switch to a less congested mirror site,
> add/remove several signature URLs.
Thanks for that!
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-
