on your mirror may be
working now, but don't try it too frequently
or you will be blocked again.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription
and decrypting the data would change the load.
Interesting experiment ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https
, server,
Client attacking server, server accessing files on client ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net
with clamav:clamav and 666 ?
No. IIUC rspamd needs *write* access !
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net
he curated database.
How much memory does Microsoft Defender use on Linux ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.
y.)
I don't know how viable this is, but you do not have to run the ClamAV
daemon on every VM; you can use a remote daemon and pass files to be
scanned with clamdscan. This would also save you more than 10 seconds
at startup.
How much memory does Microsoft Defender use on Linux ?
--
Andrew C. Ait
with Ubuntu that I stick with the Ubuntu version,
even though it is not as up-to-date.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe
they didn't put it there) so still wont allow you to install clamav.
( I'm not used to .a libraries in rpms (except in -devel packages)
and guess that the installer confirms that a .a library has the
required object inside, and then installs the whole library.)
--
Andrew C. Aitchison
On Thu, 2 May 2024, Andrew C Aitchison wrote (but the list bounced):
On Thu, 2 May 2024, Brendan Walsh via clamav-users wrote:
Hi guys,
I have been trying to install the IBM version of ClamAV.0.103.11 which I
downloaded from IBMs open source page :
https://www.ibm.com/support/pages/node
erent clam scans on all my vms.
That is likely the price you pay for a scan that doesn't require that
you send the whole disk over the network.
-Original Message-
From: clamav-users On Behalf Of Andrew
C Aitchison via clamav-users
Sent: 05 April 2024 19:49
To: Nathan Millard via clamav
:
Win.Virus.Expiro-10026576-0 FOUND
Richard
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo
g out ? There are several timeouts in my freshclam.conf.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mail
ed by
them.
-Original Message-
From: clamav-users On Behalf Of Andrew
C Aitchison via clamav-users
Sent: 05 April 2024 17:21
To: Nathan Millard via clamav-users
Cc: Andrew C Aitchison
Subject: Re: [clamav-users] Help with clamav
On Fri, 5 Apr 2024, Nathan Millard via clamav-users
it for a fee ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build
rsion: 27229, sigs: 2057112, f-level: 90,
builder: raynman)
ClamAV update process started at Fri Mar 29 08:05:26 2024”
Which database server are you using ?
How are you updating ?
As far as I am aware, freshclam and cvdupdate don't use squid.
--
Andrew C. Aitchison Kenda
;
that will get you blocked, since there has been a history
of misuse. Only freshclam and cvdupdate are exempt from this block.
Unless you allow sneaker-net - USB sticks and the like - you should
not actually need an anti-malware app on your air-gapped machines.
--
Andrew C. Aitchison
Thanks Scott.
Glad to hear that this is under control.
On Thu, 29 Feb 2024, Scott Kitterman via clamav-users wrote:
On February 29, 2024 12:56:47 PM UTC, Andrew C Aitchison via clamav-users
wrote:
I haven't fully understood this yet, but Debian is planning a flag-day
on 29 March to fix
plications are for Ubuntu, but the next release
- 24.04 LTS, "Noble Numbat" - will have 15 years paid support, which
is beyond the y2038 bug.
I guess that the ClamAV and the Debian packages will need to be given
separate consideration.
--
Andrew C. Aitchison
ons?
Where did you get this version ?
In my experience you can't simply replace a Ubuntu package of clamav
with a version built or packaged from the clamav site, or vice versa.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me
2GB limit
though I can see that it could require changes throughout the code
and break backward compatibility.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list su
desktop e remotamente fazer
um scan ao telemovel.
for example: clamscan -r -i remove=yes ipaddress root.of.cellphone
Rahim 00351 933 5959 74 is bugged
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
M
be useful in docker or a similar container,
but it would be a lot if work to do it on every platform
and unless you include the right optional features, a lot
of people will use logrotate anyway.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
gcc-7.3.1
I never used CentOS 7, RHEL7 or other clones, but newer versions of gcc
are available for that too.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list
ate: 2023:10:11 08:27:34
* I'm still waiting for Ubuntu to upgrade to 0.103.10 or better.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription
9:02 2023 -> !check_for_new_database_version: Failed to find daily
database using server https://database.clamav.net. Mon Sep 11 09:09:02 2023 ->
*updatedb: daily database update failed.
Mon Sep 11 09:09:02 2023 -> Trying again in 5secs...
--
Andrew C. Aitchison Kendal, UK
and.
that there could be a macro virus in a large spreadsheet
but IIRC some virus checkers only look at the first so much of a file
since malware deeper into the file cannot (or could not) be executed.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
able?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a c
://docs.clamav.net/faq/faq-pua.html
might help.
clamd.conf does have option "ScanHTML" which doesn't do what you want
but may help if you are not using it already.
--
Andrew C. Aitchison Kendal, UK
and...@aitch
; makes me think a private mirror
https://docs.clamav.net/appendix/CvdPrivateMirror.html
might be useful to you.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users ma
uses/EICAR.COM
The echo is needed to show the name of the file inside the archive.
This appears not to write the unpacked files to disk.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Man
I think scanning inside large archives might solve many of the
reasons for scanning large files.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubsc
Thanks,
--
Tim McConnell
On Sun, 2023-03-19 at 21:40 +0000, Andrew C Aitchison wrote:
On Sun, 19 Mar 2023, Tim McConnell via clamav-users wrote:
Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away
(for
now).
The big problem is I want Clam to do what Clamona
/files/
/tmp/files/EICAR.COM: Eicar-Signature FOUND
/tmp/files/clean.txt: OK
And this is exactly what we like to see using clamdscan.
Any hints are appreciated ...
Thanks
Andreas
- Intern -
clamdscan --verbose
--
Andrew C. Aitchison Kendal, UK
(I may not), EPEL rules say that packages cannot be built with
devtools, so I am not sure what EPEL will be doing when 0.103 reaches
EOL in September.
I will ask on the mailing list
epel-de...@lists.fedoraproject.org
--
Andrew C. Aitchison Kendal,
hing wrong.
Drop the '-f' - it says read the filenames from some-file.eml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.
Sorry thi is coming sd an attachment.
I sent this with the wrong from address
so it didn't reach the list the first time.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk--- Begin Message ---
On Mon, 13 Feb 2023, newcomer01 via clamav-users wrote
like to try it with the latest version.
From 0.104 onwards ClamAV uses Rust.
Rust on AIX appears to be a work in progress:
https://github.com/rust-lang/compiler-team/issues/553
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
rom ClamAV ?
Reading about @system cron events, I would not use it to
update the clamav database. Instead I would rely on anacron
noticing that we missed running freshclam at the proper time,
so start it now if appropriate.
That or stick with the clamv-freshclam daemon/service.
Von / From: Andrew C
read from this config ?
Now it would be still super, if one would have the option --config-file=FILE
with the clamscan, as it is also the case with the clam*d*scan. If I want to
use the clamscan mutze and --config-file=URL, then this is of course not
possible and it breaks everything!
*daemon*.
clamd and clamdscan refer to it, but clamscan does not refer
this config file (although it *does* refer to freshclam.conf).
Which settings do you expect clamscan to read from this config ?
--
Andrew C. Aitchison Kendal, UK
and...@
-and-01051-patch.html
ClamAV build Ubuntu packages which are available at
https://www.clamav.net/downloads
- though the 0.103.7 Linux packages seem to be hiding (Micah ?).
I do not know of a PPA for these.
--
Andrew C. Aitchison Kendal, UK
and...@aitch
analysis ? If so I wonder whether it is
attempting to access the same file, or worse same file-handle, for
each mpi thread, simultaneously.
If I remember correctly "fabric" can be a technical term to do with
message passing, parallelism and networking.
Is that how you are using it ?
-
~500GB.
I really appreciate any kind of support here. It helps alot.
Thanks,
Vijay
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
are looking good, but I managed to
fall foul of the rate limit so cannot confirm for 24 hours :-(
____
From: Andrew C Aitchison
Sent: Wednesday, November 2, 2022 8:40 AM
To: Micah Snyder (micasnyd)
Cc: ClamAV users ML ; Andrew C Aitchison
Subject: Re: [clamav
bytecode.cld database is up-to-date (version: 333,
sigs: 92, f-level: 63, builder: awillia2)
Sun Oct 30 09:23:10 2022 -> Clamd successfully notified about the update.
Sun Oct 30 09:28:04 2022 -> ----------
---
Thanks,
--
Andrew C. Aitchis
or an OS packager trying to upgrade from one LTS to the
next (0.103 to 1.0).
Thanks,
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https:
/clamav/issues/564
which it seems you have already found.
I guess that including an internal implementation of md5 would
enable ClamAV to run on FIPS enabled/compliant machines,
but that even so, this would not be the right thing to do ?
--
Andrew C. Aitchison Kendal, UK
requirement). Would it make
sense to be able to load the cdiff and avoid reloading from sratch ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
descriptive text
"0.103.7:62:26615:1659362400:1:90:49192:333"
# date -u -d "1970-01-01 UTC 1659362400 seconds"
Mon Aug 1 14:00:00 UTC 2022
... so the magic DNS timestamp is being updated,
but the daily version number has not changed since Thursday.
--
ENABLE_MOLTER_DEFAULT
So I would say that your issue is fixed by the switch to cmake.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
ht
ere we're at and I don't know what to check to see where it
stopped working.
Any guidance would be greatly appreciated.
Thanks
JP
On Tue, May 31, 2022 at 7:32 AM John Paul Guay
wrote:
Thanks for replying Andrew. I realize I didn’t provide much regarding the
needle or the haystack. I will gat
find out whether the master is supposed to request each scan,
or whether the VMs/agents start the scans on their own initiative ?
Which platforms are in use could help too - all of them, as we don't know
which machine broke.
--
Andrew C. Aitchison Kendal, UK
ehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
^^
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_
e reported that
ClamAV with default definitions catches less than 10% of what they see !)
Thanks in advance
Best Regards,
Nuno Almeida
SAP Basis Senior Architect
Infrastructure & Operations, One ERP
--
Andrew C. Aitchison
scan still uses the old ones :-(
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/cl
p us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users ma
?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build
or example).
However something which is executed is likely to have done its damage
before the EOF is processed.
Clamd should detect signatures whether or not they are at the end of the
"file". False positives are undesireble but still better than false
negat
s like a useful project.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav
net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison Kendal, UK
or even network share /var/lib/clamav/
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman
On Wed, 9 Feb 2022, Marc wrote:
Is there a command that can make a running freshclam daemon do an update
request instantly?
sudo service clamav-freshclam restart
works on Ubuntu.
--
Andrew C. Aitchison Kendal, UK
On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
On 17/01/2022 14:33, Andrew C Aitchison wrote:
Not quite. I have taken over the packaging of this and the justification of
packaging the sigs is partly that the tool will work and scan out of the box,
partly for the offline
m/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clam
?
If not, you could build a clamav rpm.
Perhaps start with the epel clamav.spec file, or maybe clamav has one since
they now ship Red Hat and Fedora binaries.
That way the cmake "install" happens inside rpmbuild, under your id
so root is only needed for the yum/dnf install.
--
Andrew C.
about clamav.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help
take is that it means that the robot failed to spot any issue,
but a human will read your message anyway and decide whether to
investigate further.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.m
an/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
__
processes to access it.
But then, I know little about docker or any other container system.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users
a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
iling list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison
stretch install isn't doing
one a bit of good unless perchance you are rebooting.
Now that we have the announcement of ClamAV 0.103 LTS, supported until
August?September 2023, I think Stretch users should stay with ClamAV 0.103
rather than shifting to 104 and CMake.
--
Andrew C. Aitchison
-track Ubuntu (not specifically with clamav)
is that you need the package which matches the python you wish
to use to run the tests.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
nd add an end-of-life version
table to https://docs.clamav.net/faq/faq-eol.html.
Thanks,
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-use
e no timeout, right?
I would add a line
ReceiveTimeout 0
to be sure. Sometimes the commented out line reflects that actual default.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
added to main 60. There was a glitch and main 61 was created to flush
caches on some of the mirrors.
Not sure whether you sould do something, or wait patiently ...
--
Andrew C. Aitchison Kendal, UK
and...@aitchison
requiring an uptodate CMake and an obsolete, 6 year old,
LLVM, I worry that the ClamAV team is spread too thin.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing l
(kitware.com/cmake).
https://blog.kitware.com/cmake-3-21-1-available-for-download/
Which operating system are you building on ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav
error report is
correct.
No. IIUC the *test* failed not because the command failed,
but because the error message reported the wrong filename.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison
https://en.wikipedia.org/wiki/Signature_block#Standard_delimiter
says that the Standard delimiter is the *four* characters
dash dash space end-of-line
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_
__
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
me message on the official clamav archive (which I find
easier to read), or the blog post
https://blog.clamav.net/2021/06/clamav-01033-patch-release.html
which Joel's email was repeating.
All three have rather longer lines than are convenient on a small screen.
--
Andrew C. Aitchison
(single) crossed low threshold
-> signaling
Mon Jun 21 16:50:30 2021 -> $THRMGR: queue (bulk) crossed low threshold ->
signaling
What does that mean?
Best regards, Roger
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me
2GB files).
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help
client running freshclam ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav
uled
scans. However, that could make the machine feel sluggish, or actually perform
poorly.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
cl
rs" :
It seems the package is now signed with a different PGP key. Is there a
location from where I can directly download the public key, rather than copying
it from the webpage?
Best regards, Arjen
--
Andrew C. Aitchison Kendal, UK
an
com/micahsnyder/cvdupdate
to update.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listin
.
Please. Please upgrade.
https://packages.ubuntu.com/search?suite=hirsute=clamav
suggests that Ubuntu Hirsute, due out this month, will still have ClamAV
0.103.0.
Is it worth giving them a prod ?
--
Andrew C. Aitchison Kendal, UK
bout this as it is open source, but if I were paying for
the software I would expect them to liase with the AV companies.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
have ?
Is something else using much RAM ?
Ideally I wouldn't run clamd on a machine with less than 4GB RAM.
If you are running freshclam and clamd, there is a setting which
will stop them using double memory while updating.
--
Andrew C. Aitchison Kendal, UK
.7 x32
or to solve those errors?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listin
an older, supported, OpenSuSE
which might be more like your SuSE 12.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https
scriminating between them?
If I remember correctly, I used to do this in my MTA - exim,
filtering in the ACL based on the text wjich you are logging.
--
Andrew C. Aitchison Kendal, UK
an
that there has been ongoing work to remove old, ineffective sigs
to reduce the download size a bit.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users
was being reviewed
which sounds like a good idea
(except of course when there has been a large daily -> main migration).
Is it possible to configure freshclam to keep the (verified) cdiffs if the
update fails, so that they don't have to be downloaded on the next update
attempt ?
Thanks,
for possible reasons.
However, many of QNAP devices have obsolete clamav version:
[~] # freshclam -V
ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013
--
Andrew C. Aitchison Kendal, UK
an
nk about how and why
they are attempting to run clamav, or perhaps persuade the suppliers
of the container images not to include a local clam service.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_
*
the message when it detects the infection.
This leaves the problem with the sending system.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clama
correctly and performing properly,
I expect each one of these programs to be easily understood by their
intended users.
I guess he dismissed ClamAV because it is command line.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
1 - 100 of 116 matches
Mail list logo
