[clamav-users] Thank You

Hello all, My name is Matthew Olney and I’m the manager of the VRT Research Development team. Among other things, my group is responsible for ClamAV engine development. I just wanted to take a moment to express my appreciation for those in the community who have worked with us to ensure a qualit

Re: [clamav-users] SOLVED: freshclam checks database every time

To track this and your other feature request, please put a ticket in at https://bugzilla.clamav.net. Matt On Tue, Nov 5, 2013 at 8:29 AM, Andreas Schulze wrote: > Am 21.06.2013 13:28 schrieb Andreas Schulze: > > Am 10.04.2013 15:05 schrieb Andreas Schulze: > > > > > symptom: freshclam needs 3..

Re: [clamav-users] Compilation failed for ClamAV 0.98 on AIX 6.1

Added information to bug https://bugzilla.clamav.net/show_bug.cgi?id=8993in case the failures are related. We'll provide info here when we resolve the issues. On Wed, Sep 25, 2013 at 8:34 AM, ANANT S ATHAVALE wrote: > Dear List, > > Compilation of ClamAV 0.98 fails on AIX 6.1 with gcc 4.2.0. >

Re: [clamav-users] clamd taking too long to restart?

This is actually really good data. Thanks for taking the time out to evaluate these files. First, have you modified bofhland_cracked_URL.ndb at all? I'm getting 20+ seconds to load that. On the flip side, I'm getting sub-second loading times for winnow_phish_complete.ndb, winnow_phish_complete_

Re: [clamav-users] clamd taking too long to restart?

Nope. 0.98 is getting patches applied to it and will then move to QA & regression and finally to release engineering. There is a lot going on in 0.98, and we'll have more information once we finalize a build. Matt On Wed, Aug 14, 2013 at 5:03 PM, A K Varnell wrote: > On Aug 14, 2013, at 1:54

Re: [clamav-users] clamd taking too long to restart?

OK, we've been able to reproduce the problem and it is, as you all suspected revolving around the www. matching. I've asked one of the developers to look at it, and we should be able to provide some best-practice guidelines on how to construct rules to avoid this situation. We'll also review if c

Re: [clamav-users] clamd taking too long to restart?

OK...I'll do some testing tomorrow and see if we can't come up with some information for you. Matt On Wed, Aug 14, 2013 at 12:12 AM, Vincent Fox wrote: > On 8/13/2013 8:49 PM, Matt Olney wrote: > >> Sowhat qualifies as a kitchen sink-load? >> >> >>

Re: [clamav-users] clamd taking too long to restart?

Sowhat qualifies as a kitchen sink-load? Matt On Tue, Aug 13, 2013 at 11:25 PM, Vincent Fox wrote: > Hi, > > Previously I was using a short list of signatures and startup time of 30 > seconds > which was acceptable. Well it didn't get noticed much. > > However recently I added a kitchen s

Re: [clamav-users] news: Cisco Announces Agreement to Acquire Sourcefire

What exactly did you need to know re:: database types. The format for the signatures are detailed, per database type, in this document: http://www.clamav.net/doc/latest/signatures.pdf Matt On Thu, Jul 25, 2013 at 2:11 PM, Benny Pedersen wrote: > Greg Folkert skrev den 2013-07-25 16:45: > >

Re: [clamav-users] freshclam can't download daily.cvd

Please review the information here and let us know if this addresses your problem: http://blog.clamav.net/2013/02/resolving-issues-with-freshclam.html I'll get with the appropriate person and see if updating the mirror-problem page is appropriate. Matt On Fri, May 17, 2013 at 10:32 AM, Cedric

Re: [clamav-users] looking for Bill Landry

Hey Paul, You asked about the status of ClamAV supporting third party signatures. As far as I know there is no barrier to entry, other than an understanding the signature format, to creating a third-party signature set. We always welcome people that enhance the value of the engine by contributin

Re: [clamav-users] Memory level

All of that is being looked at in the freshclam rewrite portion of the next version of ClamAV. On Tue, Mar 26, 2013 at 11:33 AM, Benny Pedersen wrote: > Matt Olney skrev den 2013-03-26 14:10: > > Not really sure what other people are thinking. ClamAV is built into >> Source

Re: [clamav-users] http://blog.clamav.net/2013/02/resolving-issues-with-freshclam.html

Benny, I don't completely understand what you're saying. Do you have an issue and you tried the fix? I'm not sure which URL you'r talking about that says 73, so I'm sort of at a loss as to how to help you. Matt On Sun, Mar 24, 2013 at 10:22 AM, Benny Pedersen wrote: > daily.cvd is still her

Re: [clamav-users] Memory level

Not really sure what other people are thinking. ClamAV is built into Sourcefire's advanced malware protection product (FireAMP). So we use it, at least. Matt On Sun, Mar 24, 2013 at 10:19 AM, Benny Pedersen wrote: > Matt Olney skrev den 2013-03-22 18:49: > > > Yep, we'

Re: [clamav-users] SubmitDetectionStats error message after update

Jerry, is this still an issue for you? Our systems team says there was an issue with the box but that has been resolved. Please let us know, Matt On Sun, Mar 24, 2013 at 7:15 AM, Jerry wrote: > Ever since I updated "clamav" the other day, the "freshclam.log" has > been filling up with the fo

Re: [clamav-users] Memory level

HI Christian, Yep, we've heard that a couple of times. We'll do our best to address it. Matt On Fri, Mar 22, 2013 at 12:40 PM, Christian Salway wrote: > In your new version, can you please consider how to run it on low memory > systems (<512MB) for spamassassin other than direct from the comm

Re: [clamav-users] New Version of ClamAV

Ian, if you can put more detail about your zombie issue into a bug, it would be easier for us to deal with it. Thanks, Matt On Thu, Mar 21, 2013 at 7:57 AM, Ian Eiloart wrote: > > On 20 Mar 2013, at 14:35, Matt Olney wrote: > > > efore you ask, we don't have a lot of in

Re: [clamav-users] New Version of ClamAV

Spiro, a messenger has just arrived by horse. Apparently we have released ClamAV 0.97.7 :) We'll do better next time :) Matt On Wed, Mar 20, 2013 at 8:45 PM, Spiro Harvey wrote: > > We're currently scoping out the next version of ClamAV. We have a > > number of ideas in house, but I wanted

[clamav-users] New Version of ClamAV

Hey all, We're currently scoping out the next version of ClamAV. We have a number of ideas in house, but I wanted to solicit some feedback from our users about what you might be interested in seeing. Before you ask, we don't have a lot of information that we're ready to share on our end abou

Re: [clamav-users] ClamAV 0.97.7 available?

Yeah, we could have done better on this. I'll review the release procedures and see if we can't improve them. More info tomorrow, this is just an informal note :) Matt On Thu, Mar 14, 2013 at 6:03 PM, Lawrence K. Chen, P.Eng. wrote: > > > - Original Message - > > On Mar 14, 2013, at 1

Re: [clamav-users] SourceFire support - signature file updates

(Dennis Peterson)++ On Tue, Nov 27, 2012 at 8:29 PM, Dennis Peterson wrote: > On 11/27/12 2:19 PM, Nigel Houghton wrote: >> >> >> On Nov 27, 2012, at 2:17 PM, Dennis Peterson wrote: >> >>> I was hoping to hear from someone higher up than a mentalist time lord. >> >> >> Well, if Rassilon wasn't i

Re: [clamav-users] SourceFire support - signature file updates

OK, there is a bit of a translation error here. We are no longer selling commercial support for deployments of ClamAV. We do of course continue to produce signatures that are available to all users of ClamAV. Robin, can you email me privately the name of your sales manager so I can get in touch

Re: [clamav-users] PHP.Exploit.CVE_2011_4153-3 false positive

Can you zip these up, password protect the zip and email them to v...@sourcefire.com? Matt On Tue, Nov 20, 2012 at 4:23 AM, Anssi Johansson wrote: > Hi, > > $ clamscan php*.bz2 > php-5.4.0.tar.bz2: PHP.Exploit.CVE_2011_4153-3 FOUND > php-5.4.1.tar.bz2: PHP.Exploit.CVE_2011_4153-3 FOUND > php-5.4

Re: [clamav-users] LibClamAV Warnings

-- >> From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users- >> boun...@lists.clamav.net] On Behalf Of Matt Olney >> Sent: Friday, November 16, 2012 11:33 AM >> To: ClamAV users ML >> Subject: Re: [clamav-users] LibClamAV Warnings >> >> Can you attach that

Re: [clamav-users] LibClamAV Warnings

clamav-users- >> boun...@lists.clamav.net] On Behalf Of Matt Olney >> Sent: Friday, November 16, 2012 11:15 AM >> To: ClamAV users ML >> Subject: Re: [clamav-users] LibClamAV Warnings >> >> We're looking into it, guys. Don't have an answer right now,

Re: [clamav-users] LibClamAV Warnings

We're looking into it, guys. Don't have an answer right now, but thanks for the info. By chance, do you have a sample that triggers this behavior? Matt On Fri, Nov 16, 2012 at 11:04 AM, Maarten Broekman wrote: >> -Original Message- >> LibClamAV Warning: Bytecode run timed out in interp

Re: [clamav-users] Problems with signature mirrors today?

Folks, We seem to have resolved the issue. Mirrors should be syncing now. Let us know if you see anything else. Matt On Fri, Nov 9, 2012 at 12:51 PM, Nigel Houghton wrote: > > On Nov 9, 2012, at 12:38 PM, José Celestino wrote: > > > On Sex, 2012-11-09 at 10:23 -0700, Chris Stone wrote: > >>

Re: [clamav-users] Problems with signature mirrors today?

Hey guys, thanks for the heads up. We're checking into it now. Matt On Fri, Nov 9, 2012 at 12:38 PM, José Celestino wrote: > On Sex, 2012-11-09 at 10:23 -0700, Chris Stone wrote: > > Seeing a lot of: > > > > Current working dir is /usr/local/share/clamav > > Max retries == 3 > > ClamAV update

Re: [clamav-users] Deep scanning of image files

Maarten, can you help us track this by adding a bug at https://bugzilla.clamav.net/? Thanks, Matt On Tue, Oct 23, 2012 at 2:18 PM, Maarten Broekman wrote: > One thing I'm seeing more and more of is malware code (be it PHP or ASP) > embedded after GIF headers. ClamAV sees the GIF header and tre

Re: [clamav-users] Communigate Pro parser fails

Can you submit a bug through https://bugzilla.clamav.net/ please? Shawn will keep working with you, but this will allow us to track this issue. Matt On Thu, Sep 6, 2012 at 10:28 PM, Victor Sudakov wrote: > Shawn Webb wrote: > > > > > > > AFAIK clamd can parse Communigate Pro message spool fo

Re: [clamav-users] Communigate Pro parser fails

I'll have someone contact you directly. Matt On Thu, Sep 6, 2012 at 6:15 AM, Victor Sudakov wrote: > Colleagues, > > AFAIK clamd can parse Communigate Pro message spool format, where the > message itself is preceded by several extra lines like > > P I 06-09-2012 08:53:14 > O LH

Re: [clamav-users] Many false positives: MBL_312128 / MBL_303159

We've heard similar complaints on IRC. It looks like downloads may be broken from MBL. You'll have to work with them to address the issue. Matt On Tue, Aug 7, 2012 at 2:38 PM, Laurent CARON wrote: > Hi, > > I'm currently experiencing lots of FP. > > Those FP range from automatic apticron debia

Re: [clamav-users] update clamav

Bruno, Nigel Houghton replied on Jun 27th: "Here's the relevant information from the wiki: Solution 1: Use an HTTP proxy This solution is really easy to implement and is bandwidth efficient. Install a proxy server (i.e. squid) and then tell your freshclam clients to use it. This can be done by

Re: [clamav-users] Clam virus database for test purposes

You can create a file called test.ndb and add the following lines to it: Eicar-Test-Signature:0:0:58354f2150254041505b345c505a58353428505e2937434329377d2445494341522d5354414e444152442d414e544956495255532d544553542d46494c452124482b482a Eicar-Test-Signature-1:0:*:574456504956416c51454651577a52635546

Re: [clamav-users] current version

Thanks Florian, I'll kick this over to the ops team to make sure it gets updated. On Wed, Jun 20, 2012 at 1:02 AM, sys...@ra-schaal.de wrote: > could you please update your dns? > > sometimes "host -t txt current.cvd.clamav.net" reports 0.97.4 > > regards > florian >

[clamav-users] Known issue -- LZX compression

All, We wanted to bring to your attention an issue that we have been made aware of in ClamAV 0.97.5. As part of this release, we tightened the malformed compression checks in LZX compressed files. CAB, CHM and Install Shield file formats may use this compression. In previous versions of Cla

Re: [clamav-users] Latest Clam PGP key?

A, On this release, one of the changes you will notice is that the signing key is now the Sourcefire VRT key which can be found here: http://labs.snort.org/contact.html This key can also be imported via the M.I.T. key server using the key id 15497F03. The key fingerprint is 9851 AE1B 3C52 0

Re: [clamav-users] Help to download ClamAV 0.97.5

On Fri, Jun 15, 2012 at 9:46 AM, Brian Morrison wrote: > On Fri, 15 Jun 2012 09:13:30 -0400 > Matt Olney wrote: > > > We're having some trouble with our freshmeat account. You can > > download the latest here, until we get it fixed up: > > > > https:/

Re: [clamav-users] WARNING: Your ClamAV installation is OUTDATED!

Bill, Can you submit a sample or two here: http://cgi.clamav.net/sendvirus.cgi So we can look at it? Thanks, Matt On Fri, Jun 15, 2012 at 1:40 AM, Bill Maidment wrote: > I've updated to clamav-0.97.5 and now I'm getting lots of rejections like > Clamd ret

Re: [clamav-users] ClamAV 0.97.5 download

We're having some trouble with our freshmeat account. You can download the latest here, until we get it fixed up: https://sourceforge.net/projects/clamav/files/ On Thu, Jun 14, 2012 at 4:04 PM, Bowie Bailey wrote: > I see that the text on the download page of the website has changed to > 0.97.

Re: [clamav-users] Help to download ClamAV 0.97.5

We're having some trouble with our freshmeat account. You can download the latest here, until we get it fixed up: https://sourceforge.net/projects/clamav/files/ On Thu, Jun 14, 2012 at 10:07 PM, Michael Wu wrote: > Hello, > >We try to download ClamAV 0.97.5 from " > http://www.clamav.net/l

Re: [clamav-users] Deprecation of "Basic signature format"

Nathan, There are no current plans to remove support for that signature format. However, you should investigate the alternate formats in case that changes in a future version of ClamAV. In particular look at the .hdb format that matches both size and MD5. Matt On Wed, Jun 13, 2012 at 12:29 PM,

Re: [clamav-users] WARNING: Your ClamAV installation is OUTDATED!

0.97.5 is now available on Sourceforge. The outbound synchronization process for the new build is ongoing and should be complete today. Once it is complete the standard notifications will go out. Sorry for any confusion. Matthew Olney Sourcefire VRT ClamAV Team On Wed, Jun 13, 2012 at 7:38 PM,

Re: [clamav-users] Massive bugzilla notifications

Nope, no problem. We have some new developers on board and we're doing some administrative stuff on the back end. Matt On Wed, Jun 13, 2012 at 11:55 AM, Gianluigi Tiesi wrote: > Hi, > I'm receiving a lot of bugzilla emails from clamav bugzilla, bugs are > rather old, there is some problem? > >

Re: [clamav-users] Identifying all infections in a file...

Maarten, There currently isn't a way to do this. We could look at doing that in a future release. Feel free to put a bug in https://bugzilla.clamav.net/ and we'll consider it. Thanks, Matthew Olney Sourcefire VRT On Thu, Jun 7, 2012 at 3:36 PM, Maarten Broekman wrote: > Is there any way to g