Re: [clamav-users] clamav preventing CLion from working properly

On 25/07/2024 01:03, Giacomazzi Gabriele Antonio wrote: That's the strangest reply i ever received in a community lol. You're new. Fortunately my boss is not only paper and stuff, he is very technical. So are they. They are not VMs, they are physical PCs. We are required to get the ISO

Re: [clamav-users] clamav preventing CLion from working properly

My advice is not to use the Prevention option because it slows everything down too much, and to make sure it is configured properly so that the on-access scanning service does not monitor the scanning process because that causes an infinite loop. Micah Snyder (they/them) ClamAV Development

Re: [clamav-users] clamav preventing CLion from working properly

That's the strangest reply i ever received in a community lol. Fortunately my boss is not only paper and stuff, he is very technical. They are not VMs, they are physical PCs. We are required to get the ISO 27001 certification, so we need to install anti-viruses on all employees workstations. The

Re: [clamav-users] clamav preventing CLion from working properly

On 25/07/2024 00:26, Giacomazzi Gabriele Antonio wrote: Hi, thanks for replying. The on-access feature it's required by the company i work for. I don't understand where the problem is since i've done the same configuration on all workstations, but in some of them there is this problem. Oh,

Re: [clamav-users] clamav preventing CLion from working properly

So your advice is to just don't use the on-access feature, am i right? But why on some workstations it works like a charm and on others it just does not let you work? Regards, Gabriele Il giorno mer 24 lug 2024 alle ore 16:39 Micah Snyder (micasnyd) < micas...@cisco.com> ha scritto: > The

Re: [clamav-users] clamav preventing CLion from working properly

The "OnAccessPrevention" feature will really slow down other programs, especially software that touches a lot of files like CLion, VSCode, Git. I cannot recommend it. Even with this disabled, ClamAV on-access scanning probably won't keep up with your activity and will likely monopolize at

Re: [clamav-users] clamav preventing CLion from working properly

Hi, thanks for replying. The on-access feature it's required by the company i work for. I don't understand where the problem is since i've done the same configuration on all workstations, but in some of them there is this problem. Regards, Gabriele Il giorno mer 24 lug 2024 alle ore 15:45 Gary

Re: [clamav-users] clamav preventing CLion from working properly

On 24/07/2024 23:35, Giacomazzi Gabriele Antonio via clamav-users wrote: Hi everyone, I'm running into some problems with clamav and CLion. For context, we are talking about a workstation running fedora 40. I activated clamonacc and, since I was monitoring /home and every CLion project was in

[clamav-users] clamav preventing CLion from working properly

Hi everyone, I'm running into some problems with clamav and CLion. For context, we are talking about a workstation running fedora 40. I activated clamonacc and, since I was monitoring /home and every CLion project was in that directory, CLion was building very slowly. I excluded the path where

Re: [clamav-users] Seeking GUI alternative while learning how to use clamAV

Thank you for all this information Scott Original message From: Scott Kitterman via clamav-users Date: 24/07/2024 12:59 am (GMT+12:00) To: ClamAV users ML Cc: Scott Kitterman Subject: Re: [clamav-users] Seeking GUI alternative while learning how to use clamAV For Debian

Re: [clamav-users] Seeking GUI alternative while learning how to use clamAV

For Debian and its derivatives, which includes Pop OS via Ubuntu, when you install the clamav-freshclam package, it is configured to run in background and periodically check for signature updates. You can, and should, ignore ClamTK's update mechanisms. To test if scanning is working, you can

Re: [clamav-users] Seeking GUI alternative while learning how to use clamAV

Thank you Masaru. I visited the webpage you sent me below. I looked in the Download and Install drop down lists (which are both the same as far as I can see) and have identified what looks like the right URL to the right and most recent version of KDE's ClamAV-GUI for my Ubuntu-based Pop OS

Re: [clamav-users] Seeking GUI alternative while learning how to use clamAV

Hello, In the Message; Subject: Re: [clamav-users] Seeking GUI alternative while learning how to use clamAV Message-ID : <4bb2ac67-39ae-4449-9931-91ad2437e...@orcon.net.nz> Date & Time: Tue, 23 Jul 2024 20:30:31 +1200 [SA] == "Ayre, Sarah via clamav-users" has written: [...] SA>

Re: [clamav-users] Seeking GUI alternative while learning how to use clamAV

Thank you Rainer. That is hopeful. I tried using ClamTK today. I updated the signatures that it said were out of date. Some updates were downloaded. However, the description of this software in the PopShop for PopOS says that ClamTK does not support the use of ClamAV database. Do you or

Re: [clamav-users] Seeking GUI alternative while learning how to use clamAV

Hello, In the Message; Subject: [clamav-users] Seeking GUI alternative while learning how to use clamAV Message-ID : Date & Time: Mon, 22 Jul 2024 18:02:52 +1200 [SA] == sarahayre via clamav-users has written: SA> Hello again I can see that I have a fair way to go as a newbie

Re: [clamav-users] Seeking GUI alternative while learning how to use clamAV

Sarah, On Mon, 22 Jul 2024 18:02:52 +1200 you wrote: > ... > I understand that clamTK is no longer maintained. That's right. But that doesn't mean it will stop working in the near future. Just use it as long as it still works and in the meantime also make yourself familiar with ClamAV's

[clamav-users] Seeking GUI alternative while learning how to use clamAV

Hello again I can see that I have a fair way to go as a newbie learning to use clamAV. Do any of you have a recommendation of a GUI alternative suitable for a Linux Pop OS as a stopgap in the meantime?  I understand that clamTK is no longer maintained.Best wishes 

[clamav-users] Re Seeking newbie level help with setting up and using clam AV

Thank you both, Masaru and Rainer, for your separate kind efforts to help me. I need to take some time to absorb and understand what each of you have written and to integrate it with my other sources of help. I am quite a bit out of my depth but hope to get there in the end.In the meantime and

Re: [clamav-users] Seeking newbie level help with setting up and using ClamAV

Hello, I'm resending this because I seem to have made a mistake. In the Message; Subject: Re: [clamav-users] Seeking newbie level help with setting up and using ClamAV Message-ID : <87r0bnf2la.wl-nom...@lake.dti.ne.jp> Date & Time: Sun, 21 Jul 2024 19:42:41 +0900 [MN] == Masaru

Re: [clamav-users] Seeking newbie level help with setting up and using ClamAV

Sarah, On Sun, 21 Jul 2024 16:08:30 +1200 you wrote: > ... > $ sudo clamscan --recursive --infected /home/sarah I would not recommend scanning the complete home directory on a regular basis. You can do that once after you have everything set-up, but it may take quite some time ...

Re: [clamav-users] Seeking newbie level help with setting up and using ClamAV

Hello, In the Message; Subject: [clamav-users] Seeking newbie level help with setting up and using ClamAV Message-ID : Date & Time: Sun, 21 Jul 2024 16:08:30 +1200 [SA] == "Ayre, Sarah via clamav-users" has written: [...] SA> Then, to *achieve number 1* in my list of uses of

[clamav-users] Seeking newbie level help with setting up and using ClamAV

Hello I am a newbie to both ClamAV and ClamAV Users forum. I would like to set up and use ClamAV on a System76 Kudu laptop running PopOS 22.04 based on Ubuntu. I have been using Linux for 8 years, but unfortunately have yet to develop sufficient skill and confidence in using the command line

Re: [clamav-users] Issue getting private local mirror to work

Thanks Micah. That fixed it. Deleting freshclam.dat allowed it to connect to the local mirror. cheers On Thu, Jul 18, 2024 at 6:25 AM Micah Snyder (micasnyd) wrote: > Hi j, > > I see you are seeing this error, even though you're having it use your own > private database mirror: > "FreshClam

Re: [clamav-users] Problems subscribing to lists

Yes, you should now see the announcement emails. We also CC the clamav-users and clamav-devel mailing lists with most announcements. The "[clamav-users]" in the email subject happens automatically when you send an email to clamav-users@lists.clamav.net. Discord is just an instant messenger

Re: [clamav-users] Issue getting private local mirror to work

On Wed, 17 Jul 2024, j via clamav-users wrote: Hello, I have set up cvdupdate on my server and apache to serve the files - no issues there, cvdupdate checks and gets the latest updates. Issue is with downstream servers. I can curl the files directly, but freshclam wont get them. I've set the

Re: [clamav-users] Issue getting private local mirror to work

Hi j, I see you are seeing this error, even though you're having it use your own private database mirror: "FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN)." When freshclam fails to download because of a 429 or 403 error code the database

Re: [clamav-users] Issue getting private local mirror to work

You don't need to enter any of those mirrors. All you need is the main database, and you’ll be routed to the nearest POP to your location. The regional mirrors were decommissioned years ago. > On Jul 17, 2024, at 08:40, newcomer01 via clamav-users > wrote: > > Hi, > > curl or something is

Re: [clamav-users] Issue getting private local mirror to work

Hi, curl or something is permitted! Try this ones in your freshclam.conf UpdateLogFile /var/log/clamav/freshclam.log LogVerbose no LogSyslog no LogFacility LOG_LOCAL6 LogFileMaxSize 0 LogRotate no LogTime yes Foreground no Debug no MaxAttempts 12 ScriptedUpdates yes DatabaseOwner clamav

Re: [clamav-users] Problems subscribing to lists

Thank you so much for your kind help Micah.Do I understand correctly that clam AV update announcements will now be sent to me automatically by email?Do I now send my specific questions regarding installing and using clam AV to Clam AV users email address ?  and should I put clamav-users in

[clamav-users] Issue getting private local mirror to work

Hello, I have set up cvdupdate on my server and apache to serve the files - no issues there, cvdupdate checks and gets the latest updates. Issue is with downstream servers. I can curl the files directly, but freshclam wont get them. I've set the following in freshclam.conf: DNSDatabaseInfo no

Re: [clamav-users] Question about future expected Main + Daily CVD size

Hi Mikhail, The growing size of the main and daily databases is a concern for me as well and has been for a few years. I have a plan to archive older signatures that do not appear to be relevant anymore. This plan requires some extensive changes to some SQL databases and middleware that builds

Re: [clamav-users] Problems subscribing to lists

Hi Sarah, Our clamav-announce emailer isn't supposed to require approval from the list admin in order to subscribe, thought it does require confirmation from an email so others can't just sign you up. It seems like that setting changed on its own somewhere around early October, 2023. I

[clamav-users] Problems subscribing to lists

Hello I sent the following request for help to the ClamAV announce owners email address a few days ago and I'm now sending it to the Clam users list in case the first one did not reach its destination and in case anyone that is on this list also can help in any way.Please can you help me

Re: [clamav-users] Question about additional processing on Documents in Clamd Configuration File

Hi Paul, Yes, that is correct. In the case of PDF processing, cli_scanpdf()​ has logic to extract additional content from PDF such as decompressing attached images, javascript, etc. It may also decrypt password protected PDF's where the password is empty. The scanraw()​ function is

[clamav-users] Question about future expected Main + Daily CVD size

Hello, Are there any guidelines or restrictions about what the size of the main and daily databases will look like in the future? I found this blog from 3 years ago (ClamAV(r) blog: ClamAV, CVDs, CDIFFs and the magic behind the

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

If you want a one server set up it might be possible to start/stop clamdscan faster than start clamscan if you cron job freshclam (db update daemon) each day. I've never looked into doing it, but you might be able to run a bash script that does that. On Jul 6, 2024, 5:22 PM -0400, Khodor

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

Thank you, what you have described below is an option i am thinking of in case i go for 2 server setup I am also looking and testing if i can still run clam daemon service locally while controlling the clamd consumption and having a best tuning where it does not overwhelm my system

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

Sorry if I'm misunderstanding, but if i think the best situation for you is the following: Server A is running your production application. Server B has two services running: an express application that can securely handle traffic (npm module) and the clamdscan daemon. Server A sends the file

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

Thanks Paul for the clarification, There is a misunderstanding, initially our developers are using the "clamscan -" to scan the streamed data in the upload form of the app, as i mentioned earlier clamscan has to load the entire virus database and initialize the scanning engine from scratch on

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

It shouldn't be doing that. You sound like you have the wrong configuration option for clamscan npm package. You need to be using the clamdscan configuration option. It sounds like you're using the clamscan option. Clamdscan uses the already running Daemon (only loads the database once).

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

Thanks for sharing this , I am currently using clamscan within my app, but the problem with clamscan has to load the entire virus database and initialize the scanning engine from scratch. Scanning a file with few kb took what a mb file would need for scanning around 20 to 30s

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

If I'm understanding your use case correctly you may want to use this tool: https://www.npmjs.com/package/clamscan Create an express app and run the daemon locally on the same server. The express app is essentially a glorified local proxy. On Jul 5, 2024, 4:46 PM -0400, Khodor Barakat via

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

Thanks Paul, This was something i was looking into, like building an ssh tunnel , but it is a burden as tunnel failure would broke the entire process , I might reconsider running clamdscan locally while tunning the config and using systemd unit param to limit the resources used by clamdscan

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

On Fri, 5 Jul 2024, Khodor Barakat wrote: What i am trying to implement is to avoid running clamd as daemon locally and want to use a dedicated server for the scan that will be used by multiple server the scan will be done within the intranet so traffic is not exposed , but wanted to see if

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

I don't think there is anything builtin to clamd, but you might consider setting up a secure tunnel(s) from the client machine(s) to the scanning machine. For example, each client machine has a little daemon that listens on a UNIX socket and is connected securely (SSH, OpenVPN etc.) to the

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

Thanks for the reply , What i am trying to implement is to avoid running clamd as daemon locally and want to use a dedicated server for the scan that will be used by multiple server the scan will be done within the intranet so traffic is not exposed , but wanted to see if there is a way that i

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

On Tue, 2 Jul 2024, Khodor Barakat via clamav-users wrote: Hi, everyone I am writing to inquire about the security measures implemented when using ClamAV's clamdscan for remote scanning, particularly when streaming to port 3310. clamdscan -c /etc/clamd.d/remote-scan.conf --fdpass --stream

Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

Anyone has encountered this, i can see the transfer is not encrypted and secure when doing a remote scan , I captured the packet on the remote server and i can see the data as clear text , [Timestamps] [Time since first frame in this TCP stream: 0.000209756 seconds] [Time

[clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan

Hi, everyone I am writing to inquire about the security measures implemented when using ClamAV's clamdscan for remote scanning, particularly when streaming to port 3310. clamdscan -c /etc/clamd.d/remote-scan.conf --fdpass --stream /tmp/testfile.txt cat /etc/clamd.d/remote-scan.conf LogSyslog

Re: [clamav-users] Debian 12.6 - clamav-deamon does not use a socket

On Sun, 30 Jun 2024, christian via clamav-users wrote: Am 30.06.2024 um 20:06 schrieb Paul Kosinski via clamav-users: Did you check the permissions on the clamd socket to see if it allows access by rspamd? (I sometimes get burned by mismatched permissions.) It should work with

Re: [clamav-users] Debian 12.6 - clamav-deamon does not use a socket

Am 30.06.2024 um 20:06 schrieb Paul Kosinski via clamav-users: Did you check the permissions on the clamd socket to see if it allows access by rspamd? (I sometimes get burned by mismatched permissions.) It should work with clamav:clamav and 666 ? Help us build a comprehensive

Re: [clamav-users] Debian 12.6 - clamav-deamon does not use a socket

Did you check the permissions on the clamd socket to see if it allows access by rspamd? (I sometimes get burned by mismatched permissions.) On Sun, 30 Jun 2024 17:45:17 +0200 christian via clamav-users wrote: > Am 30.06.2024 um 17:28 schrieb Matus UHLAR - fantomas via clamav-users: > > > >

Re: [clamav-users] Debian 12.6 - clamav-deamon does not use a socket

Am 30.06.2024 um 17:28 schrieb Matus UHLAR - fantomas via clamav-users: why should clamav connect to rspamd, shouldn't it be the other way? RSPAMD accesses the socket, correct. But the socket doesn't work. I don't use sockstat, but did you run "lsof /var/run/clamav/clamd.ctl"? lsof

Re: [clamav-users] Debian 12.6 - clamav-deamon does not use a socket

On 30.06.24 15:55, christian via clamav-users wrote: I'm currently struggling with the problem that my clamav daemon creates /var/run/clamav/clamd.ctl as a socket, but I can't connect to Rspamd. why should clamav connect to rspamd, shouldn't it be the other way? At first I thought that

[clamav-users] Debian 12.6 - clamav-deamon does not use a socket

Hello, I'm currently struggling with the problem that my clamav daemon creates /var/run/clamav/clamd.ctl as a socket, but I can't connect to Rspamd. At first I thought that rspamd wasn't sending anything, but clamav isn't addressing any socket. When I check this using sockstat, no active

[clamav-users] Question about additional processing on Documents in Clamd Configuration File

Hello everyone, In the clamd.conf file there are several different document types (PDF, SWF, OLE2, etc.) that have an option for additional processing. For example: # This option enables scanning within PDF files. > # If you turn off this option, the original files will still be scanned, > but >

[clamav-users] clamav-1.3.1 daemon panic

Hi, I've been running clamav-1.3.1 for 10 days, virus-scanning incoming e-mail via mimedefang, and got this crash this morning. This was built locally on CentOS-7, nothing special, and otherwise seems to be fine. Jun 26 10:51:29 clamd: thread '' panicked at 'byte index 22 is not a char

Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

Hi Micah, Thank you for your response. I have been actually trying what you suggested with the sigtool command, and when removing Windows signatures from both daily.cvd and main.cvd, we saw a memory savings of about 1 GB during the scan, from 1.5 GB to 500-600 MB. However, I still haven’t

Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

Hi Mikhail, As you probably know, the clamav signature database is comprised of daily.cvd, main.cvd, and bytecode.cvd. Note: I say "cvd" but the file will have a "cld" extension if freshclam has updated it from an older version using our cdiff patching update mechanism. Daily.cvd is updated

Re: [clamav-users] Feedback: Confusing branding, off putting to new users

On 6/24/2024 9:19 AM, Joel Esler via clamav-users wrote: Not being the manager for ClamAV anymore, but we now have four threads about the logo.  Feedback is appreciated, but the mail threading breaking is driving me crazy! I wonder how many here understand how threading works and how many

Re: [clamav-users] False positive?

What file did it hit on?? Sent from Proton Mail Android Original Message On 6/24/24 12:54 PM, Orion Poplawski via clamav-users wrote: > *INFECTED*: > Virus Win.Malware.Agent3100026061/CRDF-1: > > >

[clamav-users] False positive?

*INFECTED*: Virus Win.Malware.Agent3100026061/CRDF-1: https://assets.thdstatic.com/core/thd-new-relic/v2.1.2/thdNewRelic.lite.umd.js virus total: https://www.virustotal.com/gui/url-analysis/u-a780cb161d405c977403ec663761cd209081e5163763e1ee41567ceaac502e6d-1719247959 shows clean Any other

Re: [clamav-users] Feedback: Confusing branding, off putting to new users

* andre nz: > The logo (in general ) and images on the current homepage are telling > people clamav is malicious, clamav is the monster. You keep trying to sell *your* opinion as facts, that's all it boils down to, as far as I can tell. You try to hide *your* POV behind nebulous "new users" and

Re: [clamav-users] Feedback: Confusing branding, off putting to new users

Not being the manager for ClamAV anymore, but we now have four threads about the logo. Feedback is appreciated, but the mail threading breaking is driving me crazy! > On Jun 23, 2024, at 22:20, Kenneth Porter via clamav-users > wrote: > > On 6/23/2024 7:02 PM, andre.nz--- via clamav-users

Re: [clamav-users] [External] Re: Question on ClamAV memory usage with respect to the signature database

On Tue, 18 Jun 2024, Mikhail Soumar via clamav-users wrote: Thank you both for your responses. Regarding the centralized server (or just running it remotely in general), is there a certain limit for how many VM's a central VM running ClamAV can scan? I'm guessing it's a function of disk

Re: [clamav-users] Feedback: Confusing branding, off putting to new users

On 6/23/2024 7:02 PM, andre.nz--- via clamav-users wrote: Thankyou for clarifying that it is meant to look like malware. But that is the opposite of what the software does and the impression you want to give. It should be the cure, that's why so many security products use a shield. The ClamWin

[clamav-users] Feedback: Confusing branding, off putting to new users

* Ralph Search malware online and look at the images in articles in and image search, malware is represented as monsters and insects. Like this: https://www.pngwing.com/en/free-png-sgbcn * Joel Thankyou for clarifying that it is meant to look like malware. But that is the opposite of what the

Re: [clamav-users] Feedback: Confusing branding, off putting to new users

Just to give you some background on the design choice: We originally had a clam as the logo, but when we decided to update the website and blog, we thought it was the perfect time to change the logo too. We wanted something that represented malware better. We went through a few designs and

[clamav-users] Recommendation for Installation Guide under rhel8

Hi, Can someone recommend a setup guide to install clamav as a daemon , i am using freshclam to update virus definitions every day but i am having a problem when running clamscan where clamscan takes time to reload the virus definition on every call , i read that clamdscan is faster but wanted

Re: [clamav-users] Feedback: Confusing branding, off putting to new users

* andre nz: > It's just that it literally looks like it is malware [...] You may think that, and you are free to express that opinion. I don't feel reminded of malware, however. Impasse. Out of curiosity, what does "literally looks like malware" even mean? Your individual perception certainly

[clamav-users] Feedback: Confusing branding, off putting to new users

I appreciate that this may seem like an unnecessary distraction, thanks for replying. I wouldn't have sent this I thought it was an unprofessional, dated or silly logo/mascot, I've never done anything like this before. It's just that it literally looks like it is malware, if you look at other

Re: [clamav-users] Feedback: Confusing branding, off putting to new users

> > * andre nz: > > > Just in regards to the website and logo etc it comes across as quite > > odd. [...] > > That may be your personal, non-representative opinion, to which you are > of course entitled. I don't personally find anything odd about the > website or logo, and the latter in

Re: [clamav-users] Feedback: Confusing branding, off putting to new users

* andre nz: > Just in regards to the website and logo etc it comes across as quite > odd. [...] That may be your personal, non-representative opinion, to which you are of course entitled. I don't personally find anything odd about the website or logo, and the latter in particular does not affect

Re: [clamav-users] Feedback: Confusing branding, off putting to new users

On 6/23/2024 9:28 AM, andre.nz--- via clamav-users wrote: I'm a big fan of clamav and really appreciate all the work that goes into it. So I hope this doesn't come across as rude. Just in regards to the website and logo etc it comes across as quite odd. Other av's and security software use

[clamav-users] Feedback: Confusing branding, off putting to new users

I'm a big fan of clamav and really appreciate all the work that goes into it. So I hope this doesn't come across as rude. Just in regards to the website and logo etc it comes across as quite odd. Other av's and security software use monsters, insects, bugs etc on there website and images etc

Re: [clamav-users] Img.Packed.PngContainsDownloadCmd-6786216-0 virus definition

Hello, Img.Packed.PngContainsDownloadCmd-6786216-0 has been dropped. If you use the latest signatures from ClamAV official, you should not be worried about that. -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail :

[clamav-users] Img.Packed.PngContainsDownloadCmd-6786216-0 virus definition

Hi On 19th June 2024, clamAV database of virus definition was updated with this definition *Img.Packed.PngContainsDownloadCmd-6786216-0*. Due to this, my bunch of png files are now being flagged as infected by CLAMAV. Need to understand what kind of signature is this and what is different in my

Re: [clamav-users] [External] Re: Question on ClamAV memory usage with respect to the signature database

On the central server, I'm not sure what the limits are. Our server is busy 24x7 and we've got a couple of hundred hosts pointed at it. Jon Schewe Principal Software Systems Technologist C: +1 612.263.2718 O: +1 952.545.5720 jon.sch...@rtx.com RTX BBN

Re: [clamav-users] [External] Re: Question on ClamAV memory usage with respect to the signature database

Thank you both for your responses. Regarding the centralized server (or just running it remotely in general), is there a certain limit for how many VM's a central VM running ClamAV can scan? I'm guessing it's a function of disk space on the machines to be scanned + memory/cores on the host

Re: [clamav-users] [External] Re: Question on ClamAV memory usage with respect to the signature database

Another option is to use a centralized scanning server. We've done that for our hosts. That central host has lots of memory and cores and the individual systems don't need nearly as much resources. https://www.libellux.com/clamav/ has some notes

Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

On Tue, 18 Jun 2024, Mikhail Soumar via clamav-users wrote: We are a team from Microsoft Azure running ClamAV on small Linux VMs, and due to business and cost reasons we cannot use larger VMs. Peak memory usage of ClamAV is between 1.2GB and 1.5GB, which is unsustainable on our VMs, and we are

[clamav-users] Question on ClamAV memory usage with respect to the signature database

Hello, We are a team from Microsoft Azure running ClamAV on small Linux VMs, and due to business and cost reasons we cannot use larger VMs. Peak memory usage of ClamAV is between 1.2GB and 1.5GB, which is unsustainable on our VMs, and we are looking for ways to reduce this. There are some tips

[clamav-users] Consistent hits for DROVORUB in clamd process memory

Among other things. I apologize if this is the wrong venue to ask for help, but figured it's better than creating an issue on Github. But, using Nextron's Thor-lite scan on Linux instances (Arch and Clear) I'm getting detection's for.. This may be easier: Alert 1 Apr 29 14:24:51

Re: [clamav-users] Suppress warning logs

There are multiple github issues referencing this warning. My best guess as to the cause is one of these two: * attempting to scan a file that is in a mounted volume where our "file descriptor to file path lookup" feature does not work * attempting to scan a file that has been deleted

[clamav-users] Suppress warning logs

Hello, I have configured the on-access scanning in ClamAV in this way: ``` OnAccessIncludePath /home/lmirabella/Downloads/test OnAccessPrevention yes OnAccessDisableDDD yes OnAccessExcludeRootUID yes OnAccessExcludeUID 0 OnAccessExcludeUname clamav ``` and I started clamonacc in this way: ```

Re: [clamav-users] Using clamd@ service vs launching clamd from command line

I am using EPEL version and I dont think I have a choice. But it _might_ be worth looking at difference. Thanks in advance, -Neel. From: Andrew C Aitchison and...@aitchison.me.uk Sent: Mon, 10 Jun 2024 16:42:49 To: neel roy via clamav-users clamav-users@lists.clamav.net Cc: neel roy

Re: [clamav-users] Using clamd@ service vs launching clamd from command line

Thanks. There is one difference I managed to find which is related to services in general not just clamav - clamd will be restarted on failure if its running as service. This can be an advantage, and pretty big one, because otherwise we end up creating watchdog framework which itself ends up

Re: [clamav-users] Using clamd@ service vs launching clamd from command line

On Mon, 10 Jun 2024, neel roy via clamav-users wrote: Thanks. On selinux, which is the case with me, running clamd as *standalone process* is more advantageous than running as systemd service. The reason is mentioned in the post by someone else couple of years back. I am facing similar

Re: [clamav-users] Using clamd@ service vs launching clamd from command line

On 10.06.24 10:29, neel roy via clamav-users wrote: On selinux, which is the case with me, running clamd as *standalone process* is more advantageous than running as systemd service. The reason is mentioned in the post by someone else couple of years back. I am facing similar

Re: [clamav-users] Using clamd@ service vs launching clamd from command line

Thanks. On selinux, which is the case with me, running clamd as *standalone process* is more advantageous than running as systemd service. The reason is mentioned in the post by someone else couple of years back. I am facing similar issue:https://github.com/Cisco-Talos/clamav/issues/582 In

Re: [clamav-users] Using clamd@ service vs launching clamd from command line

On 10.06.24 05:57, neel roy via clamav-users wrote: There might be possibility that we will use more services from clamd in the future. So we want to use clamd + clamdscan instead of clamscan. In which case I wanted to know the difference between running clamd@scan service vs running clamd.

Re: [clamav-users] Using clamd@ service vs launching clamd from command line

Hello, There might be possibility that we will use more services from clamd in the future. So we want to use clamd + clamdscan instead of clamscan. In which case I wanted to know the difference between running clamd@scan service vs running clamd. Whats the difference and what is recommended?

[clamav-users] clamAV to Windows 10 Help, please!

Hello there! Already downloaded three times this antivirus, and not once could open an exe file to use it. First time, because, apparently it needs to be installed step by step and I am not an expert or soever, so I trully need help this time! Second time, because the installer apparently does not

Re: [clamav-users] Using clamd@ service vs launching clamd from command line

If you only want to do one scan per day, you may wish to use clamscan instead of clamd + clamdscan. If you're doing scans on the commandline, the advantage to using clamd is to reduce load time. You can load once, and then use clamdscan to target multiple files or directories with multiple

Re: [clamav-users] Can clamdscan scan directory recursively?

clamdscan scans recursively by default, while clamscan requires the -r option to recursively scan. Brendan From: clamav-users on behalf of Wei Huang via clamav-users Sent: Tuesday, June 4, 2024 2:37 PM To: clamav-users@lists.clamav.net Cc: Wei Huang Subject:

[clamav-users] Using clamd@ service vs launching clamd from command line

Hello, https://docs.clamav.net/manual/Usage/Scanning.html#clamd reads Once you have set up your configuration to your liking, and understand how you will be sending commands to the daemon, running clamd itself is simple. Simply execute the command: clamd But after installation I also get

Re: [clamav-users] New Tool: ClamAV Large Archive Scanner

A good start, and the ISO should be good for scanning CDs and such. I wonder if it could find (given the right signature) the malware on Sony's old music CDs that AV companies ignored, but some independent researcher discovered, and then the DHS (!) cited as being a nasty security issue. On

[clamav-users] Can clamdscan scan directory recursively?

I know clamscan -r can scan directory recursively. Can clamdscan do the same thing? If not, is there any way to work around this? Thanks for any response. Wei ___ Manage your clamav-users mailing list subscription / unsubscribe:

Re: [clamav-users] reject/flag files based on extension

On 6/4/2024 9:27 AM, Micah Snyder (micasnyd) via clamav-users wrote: I don't think there is any mechanism in clamav-milter or clamd to alert/convinct/block attachments scans based on file extension. Perhaps there is an option in Sendmail? MIMEDefang and MailMunge do this. They're milters

[clamav-users] New Tool: ClamAV Large Archive Scanner

As many of you know, ClamAV has a limit on the maximum file size that may be scanned. The default max file size is 100MB in the latest release. You can raise the limit up to 2000MB (2GB). But it cannot be set higher at this time. Some users who have a requirement to scan much larger files (and

  1   2   3   4   5   6   7   8   9   10   >