Re: [clamav-users] [External] xlsm files

On 12/22/2020 6:08 PM, Joe Acquisto-j4 wrote: Joe, you might look at enabling the OLEVBMacro plugin and adding the KAM Ruleset,https://mcgrail.com/template/kam.cf_channel, which has rules to help combat these type of spam emails. Regards, KAM Kevin, I hesitate to ask here, but, you refer to SA

Re: [clamav-users] [External] xlsm files

On 12/22/2020 5:51 PM, Joe Acquisto-j4 wrote: Quite new to clamav. Using with Spamassassin on Linux and it appears to scan properly and detects EICAR as an attachment. For last several weeks have been getting SPAM with xlsm file attached, claiming to be invoice or payment receipt or whatever

Re: [clamav-users] [External] Re: ClamAV® blog: ClamAV 0.103.0 released!

Hi All, Just a note here that I was able to install the 0.103.0 release without problems on the same box I've been doing the rc testing.  I show that the logging is working to both syslog and freshclam.log simultaneously.  The daemon starts in a normal 58 seconds.  I've also seen it do the backgro

Re: [clamav-users] [External] Re: [SUSPECTED SPAM] Re: ClamAV 0.103.0 rc2

On 9/8/2020 6:40 PM, Micah Snyder (micasnyd) wrote: > Yeah it didn’t help with my centos 7 box either. :-/  For what it’s > worth, I had no issue building with CMake (installed using python3 > pip) on that machine. 😃  Of course that doesn’t help with verifying a > bugfix for our autotools build sys

Re: [clamav-users] [External] Re: [SUSPECTED SPAM] Re: ClamAV 0.103.0 rc2

gt; > Then retry autogen.sh > > Regards, > Micah > > -----Original Message- > From: clamav-users On Behalf Of Kevin > A. McGrail via clamav-users > Sent: Tuesday, September 8, 2020 3:19 PM > To: clamav-users@lists.clamav.net > Cc: Kevin A. McGrail > Subject

Re: [clamav-users] [External] Re: [SUSPECTED SPAM] Re: ClamAV 0.103.0 rc2

On 9/8/2020 6:11 PM, Micah Snyder (micasnyd) via clamav-users wrote: > If you're interested, we found the cause of the freshclam SysLog issue. The > source ended up being an issue with our autotools build system and how we > link freshclam. > If any of you are willing to try this patch, it'd be n

Re: [clamav-users] [External] Re: ClamAV 0.103.0 rc2

On 9/3/2020 4:12 AM, Arjen de Korte via clamav-users wrote: > Citeren Arjen de Korte via clamav-users : > >> I seem to have missed the announcement of clamav-0.103.0-rc2. The >> problems I reported earlier with clamav-0.103.0-rc seem to be >> resolved now. All is well again. > > Correction: *almost

Re: [clamav-users] [External] ClamAV 0.103.0 rc2

On 9/2/2020 4:44 PM, Arjen de Korte via clamav-users wrote: > I seem to have missed the announcement of clamav-0.103.0-rc2. The > problems I reported earlier with clamav-0.103.0-rc seem to be resolved > now. All is well again. Same & Same! Regards, KAM _

Re: [clamav-users] [External] Re: ClamAV 0.103.0 release candidate - systemd service start fails

NOTE: I can't speak to systemd intricacies but I can relay this information Centos 6.6 & 6.10 (current) which is a current, in maintenance period OS systemd script worked for 0.102.4 and before. script at http://talonator.pccc.com/clamav/ systemd script does NOT work for 0.103.0-rc on either 6.6

Re: [clamav-users] [External] Re: [External] Re: ClamAV® blog: ClamAV 0.103.0 release candidate

On 8/20/2020 8:26 PM, G.W. Haywood via clamav-users wrote: > Your kernel is five years old and your compiler is vintage 2012.  I'd > almost be surprised if anything works.  I think you probably need to > do some upgrading but I'll take a closer look when I get a chance. > > The libcurl requirements

Re: [clamav-users] [External] RE: [External] Re: [External] Re: [External] Re: [External] ClamAV® blog: ClamAV 0.103.0 release candidate

On 8/20/2020 2:49 PM, Micah Snyder (micasnyd) wrote: > Re: the clamd startup issue, Kevin can you confirm if clamd behaves as > expected without using systemd or another service manager? I'll test with > system now on my machines. We don’t at present have any automated systemd > tests (an obvi

Re: [clamav-users] [External] Re: ClamAV® blog: ClamAV 0.103.0 release candidate

OFF-LIST, I'm sight impaired so that would be a needle in a haystack for me, sorry. On 8/20/2020 2:34 PM, G.W. Haywood via clamav-users wrote: > Hi there, > > On Thu, 20 Aug 2020, Kevin A. McGrail via clamav-users wrote: >> On 8/20/2020 9:13 AM, G.W. Haywood vi

Re: [clamav-users] [External] Re: [External] Re: [External] Re: [External] ClamAV® blog: ClamAV 0.103.0 release candidate

On 8/20/2020 9:13 AM, G.W. Haywood via clamav-users wrote: > ./configure > make > make check > > See what happens. Same behavior.  Clean untar ends in make[1]: Entering directory `/usr/src/clamav-0.103.0-rc/unit_tests' make  check_clamav check_clamd check_fpu_endian check_freshclam.sh check_sigto

Re: [clamav-users] [External] Re: [External] Re: [External] ClamAV® blog: ClamAV 0.103.0 release candidate

On 8/20/2020 5:14 AM, G.W. Haywood via clamav-users wrote: > You might want to try 'make check' before 'make install'. > > At least if the tests don't fail we'll know they need work. :) > Looks to fail badly at even starting the check: check_clamav_skip.c:4:20: error: clamav.h: No such file or dire

Re: [clamav-users] [External] RE: [External] ClamAV® blog: ClamAV 0.103.0 release candidate

Hi Micah, I just posted a detailed response to G.W.'s thoughts but from my POV, clamd is not starting up after waiting 29 minutes. If a ticket is not open, I'll get a BZ filed after the next round of debugging.  Want to make sure it isn't something stupid on my end. On 8/19/2020 2:46 PM, Micah Sny

Re: [clamav-users] [External] Re: [External] ClamAV® blog: ClamAV 0.103.0 release candidate

>> I tested the RC on a machine with 0.102.4 on it. > > Could you tell us what operating system you're using? CentOS 6 > >> I did the same configure line, make, make install and ldconfig -v and > > Please give the full, precise details.  ./configure --prefix=/usr/local/clamav --with-user=defang -

Re: [clamav-users] [External] ClamAV® blog: ClamAV 0.103.0 release candidate

Morning All, I tested the RC on a machine with 0.102.4 on it. I did the same configure line, make, make install and ldconfig -v and then tried to start the clamd daemon.  After 29 minutes i gave up and reverted to 0.102.4.  What can I get from the system that might be helpful for debugging purpo

Re: [clamav-users] [External] Re: Problems compiling 0.102.4 on OLD system

On 7/30/2020 8:17 PM, Micah Snyder (micasnyd) wrote: > It looks like the openat and unlinkat system calls were added to Linux in > kernel 2.6.16; library support was added to glibc in version 2.4. Hi Micah, thank you for that guidance.  It looks like this is too high a hill to fight.  Better to u

Re: [clamav-users] [External] Re: Problems compiling 0.102.4 on OLD system

On 7/17/2020 3:38 PM, Micah Snyder (micasnyd) via clamav-users wrote: > Kevin: Any chance you can upgrade those old systems? We try to support > roughly the last 2 LTS releases for major distros / operating systems but > don't have time to go out of our way to maintain compatibility with really

[clamav-users] Problems compiling 0.102.4 on OLD system

Hi, I have an old system I'm compiling. I have 0.102.3 working on it. Here's the config line: CC=/usr/local/gcc4.2.4/bin/gcc ./configure --prefix=/usr/local/clamav --with-user=defang --with-group=defang --enable-llvm=no --with-openssl=/usr/local/ssl --with-pcre=/usr/local/pcre2 --with-zlib=/usr/

Re: [clamav-users] [External] Re: ClamAV® blog: ClamAV 0.102.2 security patch released

On 2/6/2020 3:59 AM, G.W. Haywood via clamav-users wrote: > Hi there, > > On Wed, 5 Feb 2020, Michael Orlitzky via clamav-users wrote: >> On 2/5/20 12:29 PM, Joel Esler (jesler) via clamav-users wrote: >>> >>> ClamAV 0.102.2 is a security patch release to address the following >>> issues. >> >> Of

Re: [clamav-users] [External] Freshclam not working on freshly build source 0.102.1 on Debian 10

Off-list, I've had similar issues and used the older freshclam instead from 0.100.3. Seems to work fine. On 1/31/2020 8:14 AM, Thomas Plant via clamav-users wrote: > Hello, > > kindly asking advice for my problem in the subject. > > I compiled Clamav 0.102.1 from source on a freshly installed Deb

Re: [clamav-users] SOLVED Re: Fri Apr 12 08:46:13 2019 -> !Verification: Malformed database

Not so much old as hodge podge. But yes that seems to be similar and does recommend that the make should check for a zlib minimum version. Regards, KAM On April 18, 2019 3:37:25 PM EDT, "J.R. via clamav-users" wrote: >> Just an FYI thatclamav was linking to libz.so.1.1.4 and upgrading to >> li

[clamav-users] SOLVED Re: Fri Apr 12 08:46:13 2019 -> !Verification: Malformed database

Hi All, Just an FYI thatclamav was linking to libz.so.1.1.4 and upgrading to libz.so.1.2.11 resolved the issue with being unable to verify updates. Might need to be a check for a minimum zlip version though I don't have input which version specifically demonstrates the issue. Also note that --wi

[clamav-users] Fri Apr 12 08:46:13 2019 -> !Verification: Malformed database

Hi All, I'm still seeing this Malformed database error with freshclam on an older system.  Going back prior to 25410 seems to resolve the issue. I'd like to work on the code and see if I can find the bug or system library causing the issue.  Can anyone help give me a pointer where I can drill int

Re: [clamav-users] Malformed pattern daily.ldb version 25410

On 4/5/2019 9:40 PM, David Shrimpton via clamav-users wrote: > This appears to be a different problem than the sigtool --list problem on > daily Thanks for the impressive list of debug ideas.  Whatever this is, it's a bug in clamav or an underlying library.  The machine with the issue is a hodgep

Re: [clamav-users] Malformed pattern daily.ldb version 25410

On 4/5/2019 12:16 PM, David Raynor wrote: > I can recreate that same issue with daily cvd 25410, using ClamAV > 0.100.1. That was the first 0.100.X I had handy to do a quick test. > The problem is something specific to sigtool and only the list-sigs > feature. It does not affect clamscan or clamd,

Re: [clamav-users] File that bombs my clamd. How to submit for review?

--- Begin Message --- On 5/15/2018 11:41 PM, Al Varnell via clamav-users wrote: > https://bugzilla.clamav.net Thanks.  I was afraid that would be public but I marked it as a security component. --- End Message --- ___ clam

[clamav-users] File that bombs my clamd. How to submit for review?

--- Begin Message --- Hi, I have a file that bombs my clamd pretty instantly.  I've attempted to narrow things down with debug, etc.  I don't believe it's a virus but if it crashes clamd, it could be used for DOS purposes.  How do I safely get this to a good actor to review? regards, KAM --- End