Re: [clamav-users] Questions about the operating platform

On Wed, 7 Aug 2024 17:29:46 +0900 tomoe via clamav-users wrote: > Does ClamAntiVirus work on Ubuntu 24.04LTS ? > I look forward to Answer from you. Yep. Ubuntu provides ClamAV packages - https://packages.ubuntu.com/source/clamav You'll see that for Ubuntu 24.04 (Noble Numbat) they provide 1.0.5

Re: [clamav-users] False positive?

On Mon, 8 Apr 2024 11:26:15 -0400 Richard wrote: > After updating to the latest virus signature files using > freshclam, I am suddenly getting infected file reports > that I never got before. Almost certainly yes. This seems to happen periodically, for those same Python PIP exe files (which I

Re: [clamav-users] Assistance needed with "LOCAL: Socket file /var/run/clamav/clamd.ctl is in use" error in Debian Docker image

On Mon, 3 Jul 2023 11:18:47 + Parmeshwar G via clamav-users wrote: > Docker file: > FROM debian:latest > RUN apt-get update && \ > apt-get install -y clamav-daemon clamav-freshclam > RUN mkdir -p /var/run/clamav && chown -R clamav:clamav /var/run/clamav > RUN freshclam > CMD ["/usr/sbin/cl

Re: [clamav-users] Segfaults with database version 26908

Based on these reports we've started a take-back of the signature, so it will be dropped in the next daily CVD publish. We'll also analyze to see why this signature is triggering that behavior on some platforms. Dave R. On Tue, May 16, 2023 at 2:53 PM Claudio Cuqui wrote: > Same here..same

Re: [clamav-users] False Positive?

t to <https://www.clamav.net/reports/fp >> <https://www.clamav.net/reports/fp>>? >> >> -Al- >> -- >> ClamXAV user >> >> On Aug 11, 2022, at 11:01 AM, David Laxer > <mailto:dav...@softintel.com>> wrote: >>> Clamav 0.105.1 >>

[clamav-users] False Positive?

Clamav 0.105.1 Xls.Downloader.Emotet-fe81817e7e81807e-9951541-0 FOUND /Applications/Keynote.app/Contents/SharedSupport/Templates/New_Template9/Wide.kth: Xls.Downloader.Emotet-fe81817e7e81807e-9951541-0 FOUND /Applications/Keynote.app/Contents/SharedSupport/Templates/New_Template9_RTL/Wide.kth:

Re: [clamav-users] LibClamAV Warning: fmap_readpage: pread fail

I can't comment on this particular error but 2G of RAM is definitely insufficient and I believe 4G would be as well when freshclam is applying updates to the database as there would be 2 copies of it in RAM. Dave. On 2022-03-17 07:25, Stephen Scotter via clamav-users wrote: > Hi, > > I noticed Cl

Re: [clamav-users] Error 403 downloading virus updates

Hi Paul, According to _https://docs.clamav.net/faq/faq-eol.html_ , version 102 reached EOL Jan 3, with database downloads no longer permitted. Dave. On 2022-02-10 10:25, Paul Furnival via clamav-users wrote: > I am running CLAMAV on a number of servers running different linux > distributions an

Re: [clamav-users] what initiates freshclam?

Is it a systemd timer? It is on my OpenSuse system. Try "systemctl list-timers". Or "systemctl status freshclam.timer". Dave. On 2022-01-06 11:15, novpenguincne via clamav-users wrote: > OEL = Oracle Enterprise Linux > > Under /usr/lib/systemd/system, there are the four clam*.service files. Bu

Re: [clamav-users] RClam AV installation with Postfix in RHEL

Le 18/05/2021 à 11:59, Eero Volotinen a écrit : Read the documentation http://books.msspace.net/mirrorbooks/linuxcookbook/0596006403/linuxckbk-CHP-21-SECT-8.html Typical way is use amavis with postfix

Re: [clamav-users] Need help | Install clamav from source package

Yes. I had just assumed they would be. They were from the package I installed. Dave. On 2021-03-26 1:24 p.m., Eero Volotinen wrote: > Well. You need to install systemd service files. They are probably > included in source package? > > Eero > > On Fri, Mar 26, 2021 at 6:37

Re: [clamav-users] Need help | Install clamav from source package

I think that you would review it's config file, probably located at _/etc/clamd.conf_  (which is it's location in opensuse 15.2) , then start the service with _systemctl start clamd_ and also if you want it to start at boot up. _systemctl enable clamd_ On 2021-03-26 11:28 a.m., amit.a.singh--

Re: [clamav-users] Re :Re: Re :Re: Offline Updating

>From Canada: Firefox on Linux => Okay, Chrome on Android Phone => Error 1020. On 2021-03-18 8:08 a.m., Rick Cooper wrote: > Just verified if I change chrome's agent string to Internet Explorer 11 can > access the page just fine > > > ___ clamav-u

Re: [clamav-users] Help please

You might have a look at: https://www.clamav.net/documents/installation-on-debian-and-ubuntu-linux-distributions Dave C. On 2021-01-05 2:29 p.m., Mark Burzenski via clamav-users wrote: > Hello, > > I downloaded the tar.gz for Clamav, then gunzipped it, then moved it > to its own directory and un

[clamav-users] Pop! OS

Hi, i'm having problems installing ClamAV following the method shown in: https://www.clamav.net/documents/installation-on-debian-and-ubuntu-linux-distributions I stopped at "Install the unit testing dependencies" sudo apt-get install valgrind check check-devel Reading package lists...

[clamav-users] milter

ered the milter book from amazon and am waiting for it's arrival. Thank you so much, in advance for your input. David signature.asc Description: OpenPGP digital signature ___ clamav-users mailing list clamav-users@lists.clamav.net https://lis

Re: [clamav-users] Failing eicarcom2.zip test after recent DB update

So the "testfile" is Sample ID 33522083, which is 44d88612fea8a8f36de82e1278abb02f and 68 bytes. Researching. Dave R. On Sat, Feb 8, 2020 at 1:57 AM Al Varnell via clamav-users < clamav-users@lists.clamav.net> wrote: > A bit of a guess on my part, but I since the hash values for both > signature

Re: [clamav-users] clamd.exe becomes unresponsive

that's our culprit. In fact, the unresponsiveness was apparent before I was even running freshclam daily. I went several days without running freshclam during initial implementation and the unresponsiveness was already there. Have a great day! Thanks, -Dave On Wed, Aug 14, 2019 at 8:23 AM Davi

Re: [clamav-users] clamd.exe becomes unresponsive

bled. Tue Aug 13 23:55:56 2019 -> HWP3 support enabled. Tue Aug 13 23:55:56 2019 -> Self checking every 1200 seconds. Tue Aug 13 23:55:56 2019 -> Listening daemon: PID: 7132 Tue Aug 13 23:55:56 2019 -> MaxQueue set to: 100 Wed Aug 14 00:16:50 2019 -> SelfCheck: Database status OK.

Re: [clamav-users] clamd.exe becomes unresponsive

the PINGs were added as a result of the unresponsiveness. I'm optimistic, but still stumped. I suspect the change relates to the less frequent SelfCheck calls. Thoughts/suggestions/etc. very appreciated! Thanks, -Dave On Tue, Aug 13, 2019 at 1:15 PM David Miller wrote: > > Hello, All:

[clamav-users] clamd.exe becomes unresponsive

Hello, All: clamav-0.101.2-win-x64-portable clamav-0.101.3-win-x64-portable After clamd.exe runs successfully for several hours, it becomes unresponsive. Hosted on 2 Windows 2016 Servers and a Windows 10 - all respond the same. Last log entry for clamd shows: "SelfCheck: Database status OK." An

Re: [clamav-users] ClamAV independent assessment?

rms of efficacy. > Either way, the answer is the same. > > Sent from my  iPhone > > > On Jul 24, 2019, at 15:00, David Cantrell via clamav-users > > wrote: > > > > Has ClamAV been independently assessed by a third party? > > > >

[clamav-users] ClamAV independent assessment?

Has ClamAV been independently assessed by a third party? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that was published on the morning of the 28th. If you got that version or 25464 from this morning you should be fine. Dave R. On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users < clamav-users@lists.clamav.net> wrote: > Since 25

Re: [clamav-users] PDF Scanning

Hi Arnaud, Thank you very much. Just a question, would this be the same on the Windows port as we're running in Windows? Many thanks, David On Thu 11 Apr 2019, 19:35 Arnaud Jacques, wrote: > David, > > Here is an example : > > Create a file pdf.ndb in your clamav signature

Re: [clamav-users] PDF Scanning

Hi Arnaud, Could you explain how I do this? If this something I can add to clamd.conf? Many thanks, David -Original Message- From: clamav-users On Behalf Of Arnaud Jacques Sent: Thursday 11 April 2019 18:27 To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] PDF Scanning

[clamav-users] PDF Scanning

Hi there, Does anyone know if there's a way to have ClamAV detect PDF files that have items such as "OpenAction" or "JavaScript" or "JS"? Thanks, David ___ clamav-users mailing list clamav-users@lists.clamav.n

[clamav-users] Security 3310 SSL/TLS

Hi there, I was wondering if there's any way to introduce any sort of encryption on the requests sent to ClamAV using port 3310? Thanks, David ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/ma

Re: [clamav-users] Scan very slow

The code for loading the data directories will give priority to loading the ignore list (from ign2 files and from the daily.ign2 inside daily.cvd) before loading signatures, which is just a list of signature names. The rest of the signatures are loaded after that. Then every signature name is chec

Re: [clamav-users] Malformed pattern daily.ldb version 25410

Is the failing machine running out of memory running engine = cl_engine_new() David Shrimpton ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive

Re: [clamav-users] Malformed pattern daily.ldb version 25410

g freshclam --datadir I think any settings other than database location from freshclam.conf would apply. So if you were just trying to get an example main.cvd you might see side effects you don't want like freshclam writing to a configu

Re: [clamav-users] Malformed pattern daily.ldb version 25410

sigtool. We do ongoing signature load testing with several different versions of ClamAV, but focus on scan testing. It does still happen with the latest release so I'll talk with the team about opening this as a bug. Thanks for the report. Dave R. On Fri, Apr 5, 2019 at 11:12 AM David Shrimpto

Re: [clamav-users] Malformed pattern daily.ldb version 25410

are obfuscated and likely will vary with each sample. A regex signature to get any variable name would be better. David Shrimpton From: clamav-users on behalf of Arnaud Jacques Sent: Saturday, April 6, 2019 12:27 AM To: clamav-users@lists.clamav.

[clamav-users] Malformed pattern daily.ldb version 25410

gs shows sensible output for the above signature, so I am not sure this is the exact one causing the sigtool error. The problem started from database version 25410 upgrade , so it appears one (or more) sigs are Malformed in 25410 ClamAV 0.100.2/25410/Fri

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

On Wed, Mar 6, 2019 at 12:19 PM David Raynor wrote: > Maarten, > > Thanks for reporting that. There is an ordering difference of the content > in the latest GDB file which is affecting the load time, and we will be > fixing that in the next safebrowsing CVD version. > > Dave R

Re: [clamav-users] Problem with new safebrowsing file

That's strange, the 48474 I have should have the sorting changed and has the improved loading time we're talking about. $ sigtool --info safebrowsing.cvd File: safebrowsing.cvd Build time: 06 Mar 2019 13:24 -0500 Version: 48474 Signatures: 3232286 Functionality level: 63 Builder: google MD5: 70c61

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

Maarten, Thanks for reporting that. There is an ordering difference of the content in the latest GDB file which is affecting the load time, and we will be fixing that in the next safebrowsing CVD version. Dave R. On Wed, Mar 6, 2019 at 10:42 AM Maarten Broekman via clamav-users < clamav-users@li

[clamav-users] "URI" in PrivateMirror?

lamav, which is currently 0.99.2-8.el7 in the EPEL 7 repository. If I need to fight my Cyber organization for permission to create a YUM repository for clamav-0.101.0, I can do that. But, I'd rather not use that political capital if I can avoid it. Thanks! David PS. Current versions of bas

[clamav-users] Ios.Trojan.FakeTelegram-6736161-0 FOUND

Hi, I am running clamav-0.100.beta on OS X 10.11.6 and got the following messages Ios.Trojan.FakeTelegram-6736161-0 FOUND Here’s my clamscan invocation: $ clamscan/clamscan -i -r --exclude-dir=/Volumes --exclude-dir=/dev --exclude-dir=/Users/davidlaxer/clamav-0.100.0-beta/test --max-filesize=1

Re: [clamav-users] Partial downloads of updates

On 08/03/2018 02:42 PM, G.W. Haywood wrote: Hello again, On Fri, 3 Aug 2018, David Rosenstrauch wrote: ... wireshark screenshot at http://darose.net/packets-dropped.png which shows a download ... humming along nicely, when all of a sudden it looks like the that remote host seems to jump way

Re: [clamav-users] Partial downloads of updates

On 2018-07-30 12:39 pm, G.W. Haywood wrote: Hi there, On Mon, 30 Jul 2018, David Rosenstrauch wrote: I've been having some issues over the last few weeks with freshclam failing to download updates. FWIW here in the UK I see no problems with IPv6 downloads. This is the log for July

Re: [clamav-users] Many reports / false positives since a couple of days

On 07/31/2018 04:53 AM, Albrecht, Peter wrote: Hello, Since Saturday (2018-07-28) we are seeing many reports from clamscan having found (possibly) infected files. I suspect these are false positives because checking the files on virustotal.com returns only clamav reporting them as infected.

Re: [clamav-users] Partial downloads of updates

30, 2018, at 12:14 PM, David Rosenstrauch wrote: On 07/30/2018 11:28 AM, David Rosenstrauch wrote: I've been having some issues over the last few weeks with freshclam failing to download updates. It appears that it downloads the updates the majority of the way (e.g., 95-99%) but then time

Re: [clamav-users] Partial downloads of updates

On 07/30/2018 11:28 AM, David Rosenstrauch wrote: I've been having some issues over the last few weeks with freshclam failing to download updates.  It appears that it downloads the updates the majority of the way (e.g., 95-99%) but then times out before it finishes the download.  (See ex

[clamav-users] Partial downloads of updates

I've been having some issues over the last few weeks with freshclam failing to download updates. It appears that it downloads the updates the majority of the way (e.g., 95-99%) but then times out before it finishes the download. (See example log output below.) This may not necessarily be an

[clamav-users] Upgrade to 0.100.0 disables CL_TYPE_ZIP regex signatures for Office files

t are now CL_TYPE_SWF so some sigs for flash using CL_TYPE_ZIP may no longer work. David Shrimpton ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive Cl

[clamav-users] Updating from 0.99.4 to 0.100.0 on Ubuntu 16.04

I have a requirement to update our current version of ClamAV (0.99.4) to the latest release (0.100). However due to the change in the name of the required socket file (from clamd.ctl to clamav-daemon.socket), the running system seems to be requiring a system reboot. The issue at hand is that the

Re: [clamav-users] Problem with Max Open desciptor Files limit

: NONE +-> DECODED SUBSIGNATURE: = "re" end if * SUBSIG ID 3 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: exe /c start David Shrimpton From: clamav-users on behalf of Carlos García Gómez Sent: Saturday, January

Re: [clamav-users] FreshClam - DNS issues since October 31st

The DNS records are being updated at the source properly now. If you are still seeing an error, then the proper record is not reaching the server you are contacting for DNS or not propagating correctly to your area or something like that. If you are still seeing those errors, let us know what the

Re: [clamav-users] temporary directories left in /var/lib/clamav

these boxes to issue kill signals). Any suggestions on confirming the cause? Thanks! On Wed, Jun 28, 2017 at 9:22 AM, David Pullman wrote: > We've updated the cron script to capture the result code and finding that > where we are getting the failures, it's consistently 137. I would g

[clamav-users] clamav-0.99.2 Installation

te and install the build. (It's on a machine running Server 2012 R2 Standard.) Best regards, (kingletit) ___ David Stocks SQHP, GHR(Reg), CNHC, RSM email: davidstocks...@aol.com ___ clamav-users mailing list clamav-user

Re: [clamav-users] temporary directories left in /var/lib/clamav

We've updated the cron script to capture the result code and finding that where we are getting the failures, it's consistently 137. I would guess this is an OOM situation, but does anyone know if there are other reasons we might be getting a 137 from a freshclam run? Thanks! David O

Re: [clamav-users] temporary directories left in /var/lib/clamav

the documented codes. Just so we have that info. David On Wed, Jun 21, 2017 at 7:35 AM, David Pullman wrote: > Yes, there were no new temp dirs left after the successful run. I'm > wondering if it's a time of day network issue, or perhaps a mirror? I've > seen some complaint

Re: [clamav-users] temporary directories left in /var/lib/clamav

Yes, there were no new temp dirs left after the successful run. I'm wondering if it's a time of day network issue, or perhaps a mirror? I've seen some complaints about a mirror IP that is also in our logs. Don't know. David On Tue, Jun 20, 2017 at 6:25 PM, Steven Mor

Re: [clamav-users] temporary directories left in /var/lib/clamav

completed successfully as well. The version is the package install on Ubuntu of clamav and clamav-freshclam: 0.99.2+addedllvm-0ubuntu0.14.04.1. Thanks! David On Tue, Jun 20, 2017 at 11:03 AM, Steven Morgan wrote: > David, > > So freshclam runs every day at ~00:03:00, and to confirm,

Re: [clamav-users] temporary directories left in /var/lib/clamav

6249, f-level: 60, builder: sigmgr) Mon Jun 19 00:03:08 2017 -> Downloading daily-23452.cdiff [100%] Mon Jun 19 00:03:09 2017 -> Downloading daily-23453.cdiff [100%] Mon Jun 19 00:03:11 2017 -> Downloading daily-23454.cdiff [100%] Cheers! David On Mon, Jun 19, 2017 at 1:15 PM, Steven Morgan w

[clamav-users] temporary directories left in /var/lib/clamav

logs or in configuration regarding this? Or is it simply a need to run a clean up process? Thanks very much! David $ ls -alR /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/ /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/: total 12 drwxr-xr-x 3 clamav clamav 4096 Jun 19

Re: [clamav-users] daily-23474 & daily-23475 updates are failing to load

Thanks for reporting it. That signature is marked with the wrong "Engine" limits, so that error message only affects some point releases of 0.98. We are dropping that signature in the next daily CVD and will add a replacement later. To work around the trouble, you can add the "Win.Worm.Fadok-63289

Re: [clamav-users] LibClamAV Warning

Bump for visibility. I figure someone from your team should get in touch with him, since it is not exactly an FP report. Maybe he can still submit it as FP. Don't know. Dave R. On Tue, May 2, 2017 at 10:05 PM, Rudy Stebih wrote: > Hi Folks, > > I've been getting the following error for a week o

Re: [clamav-users] Error when using a private mirror

On Fri, Mar 24, 2017 at 8:31 AM, Matus UHLAR - fantomas wrote: > On 22.03.17 12:05, David Pullman wrote: > > I’m trying to avoid having the instances running freshclam go out to the >> Internet. >> > > what kind of problem does one DNS request cause? In some

Re: [clamav-users] Error when using a private mirror

custom URL but some of it is hardcoded to a document root? I appreciate the help and the quick replies! Cheers, David ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help u

[clamav-users] Error when using a private mirror

ust not supported to use a path in the private mirror specification? It seems to work for the download, but the check may be using a different file spec? Thanks very much! David ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clama

[clamav-users] ClamAV private mirror

The ClamAV docs on private local mirrors recommends using a proxy server and mentions squid. Anybody any experience of using squid to do this? Even better does anybody have the important parts of squid.conf they could share with me? We already run our ClamAV updates through squid as part of a w

Re: [clamav-users] No notice of OLE2.ContainsMacros

a newline (to mark the end of headers) (Use qf instead of hf for a non quarantine queue file, but also bear in mind that queue processing by the mail daemon may be writing to a qf but not a hf file.) Rescan and clamav should recognize as email file and extract and scan any attachments

Re: [clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

27;d speculate that is the tip of iceberg and scanning from above 1 may reveal many more. Is there some where I can send this info when I do 1+ David 785 broken sigs for null byte files sizes 1 to 1 Win.Trojan.Agent-1695127 Win.Trojan.Agent-1696476 Win.Trojan.Agent-1696477 Win.T

Re: [clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

n.Trojan.Agent-1697875 Win.Trojan.Agent-1697950 Win.Trojan.Agent-1698234 Win.Trojan.Agent-1698242 I'd speculate that all these sigs are broken any maybe many more for other null byte file sizes not present in my pdf. David ___ Help us build a compreh

Re: [clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

uses the hit on Win.Trojan.Agent-1696554. Might be something wrong with many more sigs from Version: 9 ? Might be worth doing all the null byte files from 1 to X in size and running clamscan against them. David Shrimpton ___ Help us build a compr

Re: [clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

7 Deal.pdf Is the original malware sample for which the signature was intended still available and does it have the above sha256sum ? -- David Shrimpton ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www

Re: [clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

ening the same pdf. -- David Shrimpton ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

[clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

. -- David Shrimpton ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to trick clamav

/var/ > drwxr-xr-x 26 root root 4096 Jun 5 02:36 /var/ > > // > > Thanks, David ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Understanding OLE2BlockMacros

iscard if a 'real' virus or just add a warning if only Heuristics.OLE2.ContainsMacros was returned. Or you could treat unofficial hits with more caution eg add warning only and official hits more aggressively eg discard. But -z is broken with OLE2 ,so you must decide to use OLE2BlockMacros

Re: [clamav-users] Sigtool parsing issues

The same problem occurs with .docx which are zip but not with .doc which are 'CDF V2 Document' which are the OLE2 file itself. -- David Shrimpton ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Sigtool parsing issues

ot sigtool. clamav appears to still extract the macros and signatures written against the macro code still work. -- David Shrimpton ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

If you run clamscan with "--debug" it will tell you which files it is loading, even the files inside a cvd or cld file. It will also remark about which signatures is skips when loading. You should see these lines within your debug output: ... LibClamAV debug: daily.ign2 loaded ... LibClamAV debug

[clamav-users] yara #match does not work with regex

Using #match as a condition in a yara rule to count the occurences of $match doesn't appear to work where $match is a regex. #match only appears to work if $match is a string literal eg "abc123" Is #match intended to work with a regex ? --

[clamav-users] Unscannable MS Office files?

726]: ^ clamd[7726]: fd[14]: Can't parse data ERROR Any suggestions where to go from here? The error itself seems fairly straightforward, but these are standard MS Office files, generated by MS Office, so it's not clear what, if anything, I can change on that

[clamav-users] What does TargetType 10 for a signature mean ?

a hit on Heuristics.OLE2.ContainsMacros. -- David Shrimpton ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

[clamav-users] heuristic-scan-precedence is broken

encrypted zip or ole2 with macros, differently to files that matched a real sig. eg do logging only instead of discarding. -- David Shrimpton ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

On Tue, 9 Feb 2016, Steven Morgan wrote: > David, > > I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11498 to > investigate and track the issue. Plz sign up for an account at > https://bugzilla.clamav.net and send me the user id and I will CC you on > the bug. On

[clamav-users] clamscan doesn't have a BlockMacros option

es however have a --heuristic-scan-precedence equivalent to HeuristicScanPrecedence from clamd.conf which controls behaviour of OLE2BlockMacros if file is detected by both Heuristic and real signatures. Is there a way to turn on the OLE2BlockMacros behaviour with clamscan ? -- David Shrimpton I

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

or not. I note the same md5sum:size in winnow_malware.hdb 924d8e14ccb2604effc455e1a584cb80:93184:winnow.malware.135963 Seems like some sort of weird bug exercised by the signature set in my local databases when scan-ole2=yes . I'll keep trying to narrow it down. -- David Shrimpto

Re: [clamav-users] ScanOLE2 yes disables macro virus detection

from badmacro are detected -- David Shrimpton Information Technology Services | The University of Queensland ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

[clamav-users] ScanOLE2 yes disables macro virus detection

false positive. If it can't be fixed then ome clearer explanation of the OLE2 scanning would be helpful as its misleading at present. -- David Shrimpton Information Technology Services | The University of Queensland ___ Help us build a c

Re: [clamav-users] Mirrors access

Try using a higher value for MaxAttempts in your freshclam.conf. Dave R. On Wed, Sep 2, 2015 at 6:54 AM, VILLARD, Pierre < pierre.vill...@capgemini.com> wrote: > Hello, > > Because of some security requirements I am not authorized to use DNS for > resolving hostnames. Consequently, in my freshcl

Re: [clamav-users] Freshclam problem

Thanks for letting us know. We think we see where it's going wrong, so we'll get that fixed for a future release. Dave R. On Thu, Aug 13, 2015 at 10:08 AM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: > > On Thu, August 13, 2015 2:20 pm, Paul wrote: > > > > > If I use DatabaseCustomURL

Re: [clamav-users] Streaming support in ClamD

Henrik's right. The simple answer is that ClamAV does not do any "status for each segment". It scans files, including support for some filetypes that have to be read back-to-front and using some virus signatures that are full-file hashes. For that and more, it has to know where EOF is. So even thou

Re: [clamav-users] Submission status

unsubscribe The information contained in this e-mail and in any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in relia

Re: [clamav-users] unsubscribe

unsubscribe The information contained in this e-mail and in any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance u

Re: [clamav-users] daily.cvd out of date?

some troubleshooting, we’ve removed this one from the mirror pool. Thanks David. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group On Mar 16, 2015, at 9:14 AM, Joel Esler (jesler) mailto:jes...@cisco.com>> wrote: David, I forwarded this on to the ops team for

Re: [clamav-users] daily.cvd out of date?

...@lists.clamav.net] On Behalf Of Jason Haar Sent: Sunday, March 1, 2015 6:29 PM To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] daily.cvd out of date? On 27/02/15 08:49, Smith, David wrote: > Nope .. not yet! :) Try wget --header="Pragma: no-cache" http://databas

Re: [clamav-users] daily.cvd out of date?

Thank you for pointing it out. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Security Intelligence and Research Group On Feb 26, 2015, at 12:23 PM, Smith, David mailto:drsm...@fsu.edu>> wrote: Looks to be database.clamav.net<http://database.clamav.net>|150.214.142.

Re: [clamav-users] daily.cvd out of date?

x27;s worth, works fine here. 26.2.2015, 18.14, Smith, David kirjoitti: > Interestingly I just ran it on one more server and got the correct date... > > Could it be that the Mirrors at Clamav.net are out of sync? > > Thanks! > > Dave Smith

Re: [clamav-users] daily.cvd out of date?

out of date? Which mirror(s) do you suspect to be out of sync? > On Feb 26, 2015, at 11:14 AM, Smith, David wrote: > > Interestingly I just ran it on one more server and got the correct date... > > Could it be that the Mirrors at Clamav.net are out of sync? > > Th

Re: [clamav-users] daily.cvd out of date?

      its-unixadm...@fsu.edu      (850)644-2591 Information Technology Services     Florida State University -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Smith, David Sent: Thursday, February

Re: [clamav-users] daily.cvd out of date?

date? I just did the same operation and pulled this mornings. Can you try again? > On Feb 26, 2015, at 10:50 AM, Smith, David wrote: > > Just did a wget http://database.clamav.net/daily.cvd and am getting a > daily.cvd dated Aug 28 is there something going on with the servers??

[clamav-users] daily.cvd out of date?

Just did a wget http://database.clamav.net/daily.cvd and am getting a daily.cvd dated Aug 28 is there something going on with the servers??? [root@SOMESERVER freshclam]# ls -la total 90288 drwxr-xr-x 2 root root 4096 Feb 26 10:43 . drwxr-xr-x 4 root root 4096 Feb 23 15:01 .. -rw-r--r--

[clamav-users] Locked freshclam.log error msg

ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). ERROR: /var/log/clamav/freshclam.log is locked by another process DC ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.

[clamav-users] Freshclam.log locked weekly

Hi all, I'm running ClamAV work amavisd-new on a Debian Wheezy server. I update the serve with security and s/w updates weekly, so it's on the latest now for the distro. Every Sunday at exactly 9PM EDT (0100 UTC), cron sends me an email that freshclam.log is locked. Thing is, I'm not running f

Re: [clamav-users] clamav-milter: Failed to create temporary file

On Tuesday 02 September 2014 23:12, Steven Morgan wrote: > Hi J. David, > > Thanks for the additional analysis and information. I've been looking at > this for a bit today. I have opened a ticket in the ClamAV bugzilla system > to track the issue. The ticket number is 11089. Ho

  1   2   3   4   5   6   7   >