Re: [clamav-users] remove me

But seriously, ... please don't throw insults here. If I see mild insults from users here, I will moderate those accounts. If I see more serious insults, repeated bad behavior, or get tired of moderating a lot of email, I will block those accounts. Regards, Micah Micah Snyder ClamAV

Re: [clamav-users] remove me

Hopefully this helps: https://github.com/Cisco-Talos/clamav-documentation/commit/b89efe513dd34689cf7b47e73ba2e96fd9561906 Changing the contact page takes a little more effort. I'll put in a ticket with our web team. Micah Snyder ClamAV Development Talos Cisco Systems, Inc.

Re: [clamav-users] Inquiry about ClamAV's clamdscan scan timeout

Hi Nozomi Tachibanaki, You may add this option to your clamd.conf​ to enable alerts when the scan limits are exceeded: AlertExceedsMax yes​ It should cause signature alerts like these when one of the limits causes the scan to end early: - Heuristics.Limits.Exceeded.MaxFileSize​ FOUND -

Re: [clamav-users] Meaning of the exit code -1073740791

Hi Anastasiia, The exit code `-1073740791` means the program crashed (on Windows). This type of issue may be a security vulnerability, depending on what is going on. If you could share the PDF file with my team privately, I would like to investigate. You can email it to me directly in an

Re: [clamav-users] freshclam error - ^downloadFile: Unexpected response (502) ...Can't Download CVD

An HTTP 502 error is a "bad gateway error" or "proxy error". I suspect either the proxy settings are misconfigured, or the proxy settings in freshclam.conf are misconfigured. Ganesh, did you say you're using a proxy and a private mirror? What sort of proxy are you using? Maybe if you could

Re: [clamav-users] No daily sig since July 28th

Hi all, There was a server outage in our primary datacenter on Friday that left the signature database build server's database in a bad state. Unfortunately, I'm told that it also impacted the service responsible for alerting us to the problem and so we didn't realize until yesterday morning.

Re: [clamav-users] Inquire about clamav latest stable version -

Hi Ged, Jiayi, > I don't know what will happen > if a serious vulnerability is found before the stated end of support > for 0.104.x in the support matrix and I doubt that Talos does either. > My guess is that support would be withdrawn immediately rather than as > stated in the support matrix.

[clamav-users] ClamAV 0.103.7, 0.104.1 and 0.105.1 patch versions published

​View this post on https://blog.clamav.net/2022/07/clamav-01037-01041-and-01051-patch.html ClamAV 0.103.7, 0.104.1 and 0.105.1 patch versions published Today, we are releasing the following critical patch versions: * 0.103.7 * 0.104.4 * 0.105.1 As a friendly reminder, 0.104.4

Re: [clamav-users] clamav overload ec2 instances

Hi Emanuel, I see you mention clamd and provide a clamd.conf file. But then you say you're running clamscan, which doesn't require clamd and loads the databases itself. So, if you have clamd running (uses a bunch of RAM to load databases) and then use clamscan (also uses a bunch of RAM to

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

, but why would this by itself cause a trigger? Is there something wrong with the mpress packer? or with using that packer? All The Best Yaron Elharar On Thu, Jul 14, 2022 at 8:04 PM Micah Snyder (micasnyd) via clamav-users mailto:clamav-users@lists.clamav.net>> wrote: Since Mond

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Since Monday, we investigated a little further and found that the executable is extracted by the MPRESS unpacker a part of our bytecode.cvd signature set, and then once unpacked it alerted with the Win.Dropper.Tinba-9943147-0 signature. It makes sense that if it could be unpacked with the

Re: [clamav-users] ClamAV does not detect viruses in "ar archive" file format

Schroeffu, Ged, ClamAV does not include support for parsing the old AR archive format used for DEB archives ( https://en.wikipedia.org/wiki/Ar_(Unix) ). Adding AR archive parsing would be a new feature. You are welcome to create a feature request issue using the bug report queue on Github

Re: [clamav-users] 404 in list "signature" and submitting FP info

a Sent: Monday, May 23, 2022 8:42 PM To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] 404 in list "signature" and submitting FP info On 5/18/2022 5:04 PM, Micah Snyder (micasnyd) via clamav-users wrote: > Hi Joe, > > Our FAQ moved to be under > https://github.

Re: [clamav-users] 404 in list "signature" and submitting FP info

Hi Joe, Our FAQ moved to be under https://github.com/Cisco-Talos/clamav-documentation/tree/main/src/faq

[clamav-users] ClamAV 0.105.0, 0.104.3, 0.103.6 released

Read this post online, at: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html ClamAV 0.105.0, 0.104.3, 0.103.6 released The ClamAV 0.105.0 feature release is now stable and available for download on ClamAV.net or through Docker

Re: [clamav-users] error files in /

Hi Jeff, I think you may have run into this issue with ClamOnAcc's --log=FILE​ option https://github.com/Cisco-Talos/clamav/issues/168

Re: [clamav-users] clamav/safebrowsing updates?

No new effort is being put into the clamav-safebrowsing project. And it clamav-safebrowsing project gets less attention, for sure. Please do as Joel recommends and add an issue to the repo, and feel free to ping it a bit if it's a serious/breaking issue and the issue report didn't get any

[clamav-users] Second release candidate for ClamAV 0.105.0

Today, we are publishing a second release candidate for ClamAV 0.105.0. Please help us validate this release by providing feedback via the ClamAV mailing list or on our

Re: [clamav-users] can you get sudan out of the blocked country

Hi Mahmoud, I will investigate your request and get back to you. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Mahmoud Aidroos via clamav-users Sent: Tuesday, March 29, 2022 2:14 AM To:

Re: [clamav-users] Amazon/SpoofedDomain FP

You can create allow-list rules for this sort of phishing heuristic alert using WDB signatures: https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format Phishing Signatures - ClamAV Documentation The names of the

Re: [clamav-users] LibClamAV Warning: fmap_readpage: pread fail

Hi Stephen, Based on this output: Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Warning: fmap_readpage: pread fail: asked for 901703 bytes @ offset 4096, got 0 Mar 13 13:14:27 System1 clamd[9495]: LibClamAV Error: fmap_get_MD5: error reading while generating hash! ... it looks to me

Re: [clamav-users] ClamAV 0.105 release candidate

On Friday last week we opened it up to allow wget and curl to download the ClamAV release packages. I was told yesterday that Cloudflare blocked downloads after those changes were made, in order to protect against an alleged DoS event. I'll check in with our Cloudflare admins again tomorrow

Re: [clamav-users] human friendly signatures

> Well I can understand that features which are unique to ClamAV might > demand something more flexible than the Yara specification, although I > don't profess to have great insight into that. I wonder if this means > there's a case for "ClamAV *extensions* to the Yara language" or some >

Re: [clamav-users] human friendly signatures

Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: Micah Snyder (micasnyd) Sent: Wednesday, March 16, 2022 12:10 PM To: ClamAV users ML ; Laurent S. <110ef9e3086d8405c2929e34be5b4...@protonmail.ch> Subject: Re: [clamav-users] human friendly sign

Re: [clamav-users] human friendly signatures

-users on behalf of Laurent S. via clamav-users Sent: Tuesday, March 15, 2022 3:42 AM To: ClamAV users ML Cc: Laurent S. <110ef9e3086d8405c2929e34be5b4...@protonmail.ch> Subject: Re: [clamav-users] human friendly signatures On Tuesday, March 15th, 2022 at 00:36, Micah Snyder (micasnyd)

Re: [clamav-users] ClamAV 0.105 release candidate

. From: Andrew C Aitchison Sent: Tuesday, March 15, 2022 3:06 AM To: Micah Snyder (micasnyd) via clamav-users Cc: ClamAV Development ; ClamAV Announcements ML ; Micah Snyder (micasnyd) Subject: Re: [clamav-users] ClamAV 0.105 release candidate On Mon, 14 Mar 2022

[clamav-users] human friendly signatures

Hi all, Sorry that this response come so late that is nearly a necro-thread. Things have been busy. I've been thinking about some of the thing you all have said. And we've talked about it a bit as a team. We know there is a lot of interest in having better Yara support, not only because it

[clamav-users] ClamAV 0.105 release candidate

Read this announcement online at https://blog.clamav.net/2022/03/clamav-01050-release-candidate-now.html We are excited to announce the ClamAV 0.105.0 release candidate. Please help us validate this release. We need your feedback, so let us know what you find

Re: [clamav-users] Minor bug or working as intended?

> Execution time will be important for scanning filesystems, less so for > scanning mail (at least for scanning low-volume mail) and readability > can be hugely important if you're writing a lot of rules. Perhaps we > should be asking the development team for readable LDB rules? :) Creating a

Re: [clamav-users] CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities for Busy Box

lution for the issue, it's still good to make the issue and submit your solution in a pull-request. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: Marc Sent: Sunday, February 13, 2022 5:02 AM To: ClamAV users ML Cc: Micah Snyder (micasnyd) ;

Re: [clamav-users] CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities for Busy Box

Hi Jaspal, My apologies for the late reply. Thank you for raising this to our attention. In the future, please consider submitting an issue via https://github.com/Cisco-Talos/clamav/issues/new/choose to get our attention. My team is new to maintaining images on Docker Hub. We hadn't yet

Re: [clamav-users] Locating clamav-milter to match v0.104.2

HI Michael, Ged, clamav-milter is indeed a part of the clamav project. As Ged notes, it hasn't changed in many years - at least not since I started here over 4 years ago. Unfortunately, the clamav-milter daemon is not included with the 0.104 DEB and RPM packages we provide on

Re: [clamav-users] FreshClam is unable to access Mirror sites in our production...

Jaspal, If you only just started having trouble updating the virus signature databases, it's because we blocked version 0.102 and 0.101 from downloading new signatures just yesterday. I see that your log includes this line "Ignoring mirror 104.16.219.84 (due to previous errors)". This

Re: [clamav-users] "BZIP2_LIBRARIES" breaks cmake build

We use CMake's FindBZip2 module. It looks to me like there are two issues: 1. You must specify BZIP2_INCLUDE_DIR= 2. Setting "BZIP2_LIBRARIES" does not work and you must instead set BZIP2_LIBRARY_RELEASE. I found that these options works on my system where I've installed libbz2 to

Re: [clamav-users] ClamAV 0.103.5 and 0.104.2 security patch release; 0.102 past EOL

ML Cc: ClamAV Announcements ML ; ClamAV Development ; Micah Snyder (micasnyd) Subject: Re: [clamav-users] ClamAV 0.103.5 and 0.104.2 security patch release; 0.102 past EOL Hi, We are using Docker Image for 1.104 version at Roberthalf Is that image updated too with this patch? Thanks

[clamav-users] ClamAV 0.103.5 and 0.104.2 security patch release; 0.102 past EOL

Find this announcement online at: https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html ClamAV versions 0.103.5 and 0.104.2 are now available for download on the clamav.net Downloads page. We would also like to take this opportunity to

[clamav-users] ClamAV Bugzilla new ticket creation will redirect to GitHub Issues

ClamAV Bugzilla new ticket creation will redirect to GitHub Issues In early 2021, we made a decision to switch to using GitHub directly. Before then, our primary Git repository was sequestered to the Cisco corporate network. The public GitHub repository was just a mirror. That made it tougher

Re: [clamav-users] clamAV On-Access Scanning problem

Curl is used for both TCP sockets and local unix sockets. Outside of building a newer version of curl yourself, or installing using our RPM for ClamAV 0.104.1 from https://www.clamav.net/downloads, I don't have a good solution for you. As Ged noted, other RHEL users on the list may have

Re: [clamav-users] Lot of false positives detected from signature Java.Malware.CVE_2021_44228-9915814-0

Hi Puneet, Thank you for submitting the FP reports through our web form. Our malware research team is actively working on improving the signatures related to CVE-2021-44228. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From:

[clamav-users] Reminder: ClamAV 0.102, 0.101 End of Life is Jan 3, 2022

Reminder: ClamAV 0.102, 0.101 End of Life is Jan 3, 2022 As a reminder, the ClamAV 0.102 and 0.101 releases will reach its end of life (EOL) in less than one month's time on Jan. 3, 2022. After this date, ClamAV 0.102, and 0.101 and all patch versions will be blocked from downloading new

Re: [clamav-users] [ext] ERROR: listdb: Error listing database /var/lib/clamav/daily.cvd

This issue was fixed 0.104.0 with this commit: https://github.com/Cisco-Talos/clamav/commit/13af789f4ed

Re: [clamav-users] MS Windows clamav-0.104.1.win.x64.msi broke freshclam.exe and clamscan.exe - .dll errors [?]

Hi, The statement "The software listed in this section is authored by third parties -- not by the ClamAV team. Compatibility may vary." is misleading and only applies to the linux packages that you'd install with apt get​ / dnf install​ / pkg add​ / etc. I've been trying to get the Downloads

Re: [clamav-users] Extremely slow PDF file scanning

of scan time. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: Nikolay Belaevski Sent: Thursday, November 4, 2021 2:31 PM To: Micah Snyder (micasnyd) ; ClamAV users ML Subject: Re: [clamav-users] Extremely slow PDF file scanning

Re: [clamav-users] Solaris users in a bind

Hey Ged, Per your comments about INSTALL.md: The fix was made in our "main" branch which goes towards all future feature releases. We always fix things in "main" first, then backport to the published releases as needed. This way we don't accidentally fix things in a patch release but

Re: [clamav-users] Extremely slow PDF file scanning

Hi Nikolay, Sorry this slipped by me. I'd be happy to take a look at the PDF you were having scan speed issues with. I see that it's no longer available with the URL you originally provided. If you could share it again, I'll spend some time with it to try to see what's going on. As a heads

Re: [clamav-users] Missing Mac OS .pkg installer

ystems, Inc. From: clamav-users on behalf of Micah Snyder (micasnyd) via clamav-users Sent: Sunday, October 31, 2021 12:46 PM To: ClamAV users ML Cc: Micah Snyder (micasnyd) Subject: Re: [clamav-users] Missing Mac OS .pkg installer I think maybe there is an

Re: [clamav-users] Issues with freshclam

. From: Alan Sparks Sent: Sunday, October 31, 2021 12:49 PM To: Micah Snyder (micasnyd) ; clamav-users@lists.clamav.net Subject: Re: [clamav-users] Issues with freshclam Thanks for the reply. Yes, I saw that document, but it does say 0.99 down, not 0.100 down. -Alan On 10

Re: [clamav-users] Missing Mac OS .pkg installer

I think maybe there is an issue on the website. I believe Joel is saying the macOS installer PKG should appear under "macOS" in the "alternate versions of ClamAV" section. However, it does seem to be missing. I'll check with the web team about it. Micah Snyder ClamAV Development Talos Cisco

Re: [clamav-users] Issues with freshclam

Hi Alan, I'm sorry to say, but yes 0.100 is too old. As of October 29, 0.100 has exceeded end of life and is now actively blocked from downloading signature updates. Please see the EOL policy in the online docs for more info: https://docs.clamav.net/faq/faq-eol.html ClamAV EOL Policy -

Re: [clamav-users] clamav freshclam.conf error code 58 -- help

Hi Alex, I don't see anything wrong off-hand with your config file, except that you're attempting to download from a "/repos/avdailies" subdirectory, which I believe didn't work in 0.101 and prior. The message "Your network may be down or none of the mirrors listed" also no longer exists in

Re: [clamav-users] Build instructions in 0.104.0

Fixed! https://github.com/Cisco-Talos/clamav/pull/327 Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Micah Snyder (micasnyd) via clamav-users Sent: Monday, October 11, 2021 5:56 PM To: clamav-users@lists.clamav.net

Re: [clamav-users] Build instructions in 0.104.0

Hi Ged, That's a typo, it should say "-G​ option." -Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of G.W. Haywood via clamav-users Sent: Sunday, October 10, 2021 7:34 AM To: clamav-users@lists.clamav.net Cc:

Re: [clamav-users] Windows Side of Clamav

Hi Marcy, I will revisit your GitHub issue after I share this response here. The default config directory on Windows is the directory containing clamscan.exe / clamd.exe. The default database directory on Windows is named "database" and is located next to clamscan.exe / clamd.exe. The

Re: [clamav-users] clamav static binary

Hi Eero, Sorry about the delay. Building clamav binaries statically is simple when using the new CMake build system. And you're welcome to use ClamAV in this way but please do not distribute ClamAV builds in this way. This will also link the UnRAR library statically with libclamav. UnRAR's

Re: [clamav-users] Why does clamonacc says /var/www does not exist (among other things)?

Hi! No worries about sounding complainy. I'm glad you're reaching out for help. I recommend always running clamonacc using the --fdpass command line argument, provided it is available on your system Some older systems (RHEL 7, etc) may not be able to use it. With fd-passing enabled,

Re: [clamav-users] clamAV .104.0

Hi Marcy, It appears the Windows MSI installer is missing just about all of the clamav program files: https://github.com/Cisco-Talos/clamav/issues/285 Our automated tests use the ZIP package, so we missed the packaging issue, which I suspect was introduced during between the release candidates

Re: [clamav-users] buiding 0.104.0

Hi John, If you're seeing a test failure, please submit an issue on the clamav github issues page https://github.com/Cisco-Talos/clamav/issues and include the test results (log file, or a copy paste from the terminal when using the verbose option). The test results should help us identify

Re: [clamav-users] New Cmake options?

Hi Ake, The new build system doesn't have an equivalent option for "--disable-clamav". But that should be okay. You shouldn't need it. The previous Autotools build system had a feature to check the current machine for a clamav user and clamav group and would fail the build if the user or

Re: [clamav-users] Configuration Error

Hi Vaughn, Thanks for testing the RC2 and for writing in! The intention is to install the macOS packages under /usr/local/clamav so they can be easily removed, because there is no easy way to uninstall the macOS package at this time other than to rm​ the files (or if it had installed as

Re: [clamav-users] Configuration Error

"As of 0.103.x, a from-source install requires the user create a config for FreshClam, ClamD, and ClamAV-Milter in order to use each application. A package install, however, is likely to come pre-configured. Users may wish to modify the configs as needed." It was an accident that I found this,

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Second Release Candidate is here!

Hi Mark, Thanks for the feedback on the Windows packages! We should probably include the README.md and NEWS.md files. Whoops. Thanks for highlighting the discrepancy. Regarding being down to 30 exe/dll files from 71 -- we used to bundle in a copy of the VC redistributable DLLs somewhat

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Second Release Candidate is here!

This conversation is a fun read! But don't worry really no point removing the docs from the source package or the pre-compiled packages. Including it is painless at this point. If you're curious why, here's the process... The documentation website source is hosted in our

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Second Release Candidate is here!

Thanks Yasuhiro! Jerry: Our ability to easily build installers/packages for different operating systems is enabled by CMake's CPack tool. The CMake/CPack documentation has instructions for a FreeBSD package generator (https://cmake.org/cmake/help/latest/cpack_gen/freebsd.html), but when I

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Second Release Candidate is here!

Thanks for the report Bowie. Yes, static json-c library is recommended to prevent possible crashes in downstream applications that use other json libs (like libjansson, others), but it will work with a shared json-c lib if needed. Micah Snyder ClamAV Development Talos Cisco Systems, Inc.

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Second Release Candidate is here!

I've run into this issue with the fixed port # on our test systems occasionally as well. I think I can identify an open port in the python code to make it more reliable, but haven't have time to try it. Micah Snyder ClamAV Development Talos Cisco Systems, Inc.

Re: [clamav-users] database updates blocked

If you're running into the CA cert problem with FreshClam because your CA certificate bundle is in a non-standard place, you can also set the CURL_CA_BUNDLE environment to point to the file holding one or more certificates. FreshClam and ClamSubmit will check that environment variable and use

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Frans, Yes sorry haven't fixed the clamd test symlink issue yet. It's next on my to-do list. It will be fixed before we publish RC2. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Frans de Boer Sent:

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

On 05/08/2021 10:53, Henrik K wrote: > On Sat, Jul 24, 2021 at 08:17:19PM +, Micah Snyder (micasnyd) via > clamav-users wrote: > > No problems on Solaris 11.4.32.0.1.88.3 (SPARC) here with latest fixes, > 0.104 actually works stable and fast so far. Some more ancient versions

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Hi Henrik, Thanks for confirming that you can make it work. I've had very poor luck finding the required Solaris packages to include the packages from OpenCSW. Would you be willing to share instructions for how you install the required dependencies on Solaris 11.4? It may help other Solaris

Re: [clamav-users] PATCH[2]: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

that PR now. Thanks again for your help! -Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: Mark Fortescue Sent: Thursday, August 5, 2021 3:09 AM To: Micah Snyder (micasnyd) ; ClamAV users ML Subject: Re: PATCH[2]: Re: ClamAV® blog: ClamAV

Re: [clamav-users] Opinion wanted: Change default config directory usr/clamav

m: clamav-users on behalf of G.W. Haywood via clamav-users Sent: Saturday, July 31, 2021 1:18 PM To: Micah Snyder (micasnyd) via clamav-users Cc: G.W. Haywood Subject: Re: [clamav-users] Opinion wanted: Change default config directory usr/clamav Hi there, On Sat, 31 Jul 2021, Micah Snyder (

Re: [clamav-users] PATCH[2]: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Talos Cisco Systems, Inc. From: Mark Fortescue Sent: Friday, July 30, 2021 6:36 AM To: Micah Snyder (micasnyd) ; ClamAV users ML Subject: PATCH[2]: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here! Hi Micah, Please find attached patch #2 to clean

[clamav-users] Opinion wanted: Change default config directory usr/clamav

Hi all, I could use your opinion about a change we'd planned to make in 0.104. By request, I'd made this pull request to change the default directory for the config files from /etc to /etc/clamav. The purpose being to de-clutter /usr/local/etc: https://github.com/Cisco-Talos/clamav/pull/182 I

Re: [clamav-users] Long Term Support (LTS) program proposal

> Tuesday, August 18, 2020ClamAV 0.103.0 release candidate > Monday, September 14, 2020 ClamAV 0.103.0 released > > So we are going by the (first) release candidate. OK. Oops. I was reading off of a spreadsheet. It should be September then. I'll have to correct the spreadsheet.

Re: [clamav-users] [SUSPICIOUS] PATCH: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

How's this? https://github.com/Cisco-Talos/clamav/pull/231 > -Original Message- > From: Mark Fortescue > Sent: Wednesday, July 28, 2021 2:07 PM > To: Micah Snyder (micasnyd) ; ClamAV users ML > > Subject: Re: [SUSPICIOUS] [clamav-users] PATCH: Re: ClamAV® blog: ClamAV

[clamav-users] Long Term Support (LTS) program proposal

Hi All, For the past couple of months I've been promoting the idea of having Long Term Support (LTS) feature releases for ClamAV within internal Talos communications. For the purposes of this discussion: * A "feature release" is a version starting with MAJOR.MINOR.0 to include all PATCH

Re: [clamav-users] [SUSPICIOUS] PATCH: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Will do. Thanks for the fix. Ok if I add you to the acknowledgements section of the news? > -Original Message- > From: Mark Fortescue > Sent: Wednesday, July 28, 2021 1:59 PM > To: Micah Snyder (micasnyd) ; ClamAV users ML > > Subject: Re: [SUSPICIOUS] [clama

Re: [clamav-users] [SUSPICIOUS] PATCH: Re: ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Mark, This is amazing! Thanks! If you have an account on GitHub, can you submit this as a PR? If not, I can submit one for you. Regards, Micah > -Original Message- > From: clamav-users On Behalf Of > Mark Fortescue via clamav-users > Sent: Wednesday, July 28, 2021 12:02 PM > To:

Re: [clamav-users] Freshclam - can't apply latest patch 26246

Hi Elia, I would need to see the log messages from your subsequent updates to be sure what's going wrong. The logs you shared in your initial email show a bug but subsequent freshclam runs _should_ work. If you want, the verbose log may reveal something. Like Joel suggested, it may be the

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

All: I and others on the development team struggled with Autotools and felt plagued by a myriad of little bugs. Whenever we had a problem with autotools (and there were plenty) it was always, “Heeey you’re the Autotools expert. You got this, right?…” No one wanted to deal with it. CMake is

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Hi Arjen, The '-D ENABLE_UNRAR=OFF' test failure issue is definitely not expected! I think that one should be an easy enough fix. If you're up for it, it would be helpful to add a GitHub issue for this bug: https://github.com/Cisco-Talos/clamav/issues I will make a note to add a test case in

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

happy with a ticket in either system. -Micah > -Original Message- > From: clamav-users On Behalf Of > Frans de Boer > Sent: Monday, July 26, 2021 11:48 AM > To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate > is h

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Mark is correct. Clamdscan evaluates the real-path for scans so clamd is returning the real path for the scan results. The test needs to be fixed to either not care about the full path and just use the filename, or to evaluate the realpath. It looked like there may be a second failure in the

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Frans, Can you please create a ticket on https://github.com/Cisco-Talos/clamav/issues for the clamd test failure? Please attach the verbose output from running: ctest -V Regarding make -j [n] vs ninja -- yes it's not a huge difference. It's just a convenience if you're compiling a lot. We

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Hi Gary, Ged, Sorry no we don't test on Solaris anymore. To be frank, it seems pretty clear that Oracle isn't maintaining Solaris anymore. All of the packages are years out of date, even the opencsw ones. It simply wasn't worth the effort to maintain the solaris 10 and 11 vms we used to test

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

gt; Sent: Friday, July 23, 2021 12:32 PM > To: Micah Snyder (micasnyd) via clamav-users us...@lists.clamav.net> > Cc: G.W. Haywood > Subject: Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release > Candidate is here! > > Hi Micah, > > On Thu, 22 Jul 2021, Micah

Re: [clamav-users] Cannot ignore BC.Gif.Exploit.Agent-1425366.Agent

A few months ago one of our team observed that adding ign2 entries for bytecode signatures (BC.* signatures) can be confusing. They added these notes in a new task in our Jira: It looks like bytecode sigs used to need to be allowlisted via ign2 files with entries like the following:

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

Hi Ged, The CMake project has been moving relatively quickly the past few years. We depend on some of the newish features (though they're already up to 3.21 now). The easiest way to get a newer version of CMake is to install it through Python 3's package manager: pip. I just finished

Re: [clamav-users] Freshclam updates problem

t; On Wed, 14 Jul 2021 23:55:06 + > "Micah Snyder \(micasnyd\) via clamav-users" us...@lists.clamav.net> wrote: > > > Hi Paul, all: > > > > We're triaging this issue now, also reported by a user on Discord. > > > > We issue a zero-byte CDIFF

Re: [clamav-users] Freshclam updates problem

ClamAV users ML > Subject: Re: [clamav-users] Freshclam updates problem > > On Wed, Jul 14, 2021 at 11:55:06PM +, Micah Snyder (micasnyd) via > clamav-users wrote: > > ... > > > > But it seems 0.103 has a second bug where it will patiently wait > > until

Re: [clamav-users] Freshclam updates problem

Hi Robert, The zero-byte cdiff update was intentional. For more details, see: https://lists.clamav.net/pipermail/clamav-users/2021-July/011494.html The database back-end folks did the right thing... This error message is my fault and is a Freshclam bug. Thankfully this bug should just be a

Re: [clamav-users] Freshclam updates problem

Hi Paul, all: We're triaging this issue now, also reported by a user on Discord. We issue a zero-byte CDIFF database patch file whenever we want Freshclam to download a whole CVD instead of doing the incremental/patch update. Today we published a zero-byte patch file for both daily and main,

Re: [clamav-users] Broken media detection

Ged is right to be wary about sharing files with the mailing list. Next time please put it in an encrypted zip and give us the password so we can choose to extract it if desired – and preferably share it by some other means like a link to a file sharing service instead of attaching it to an

Re: [clamav-users] New installation 103.3; failing freshclam

on it. -Micah > -Original Message- > From: Paul Rogers > Sent: Wednesday, June 23, 2021 1:15 PM > To: Micah Snyder (micasnyd) ; ClamAV users ML > > Subject: Re: [clamav-users] New installation 103.3; failing freshclam > > Thanks for responding. > > On Wed, Ju

Re: [clamav-users] New installation 103.3; failing freshclam

This specific error comes from the libcurl library. I imagine we could detect the associated error code and supplement the message with more actionable advice. If anyone is up for figuring that out, a PR would be welcome. How you fix this problem is going to vary depending on what OS you're

Re: [clamav-users] MS Windows Explorer Context Menu sendto (clamscan.exe) - how to keep cmd box open to view results?

1/1/ Regards, Micah > -Original Message- > From: clamav-users On Behalf Of > Micah Snyder (micasnyd) via clamav-users > Sent: Sunday, June 20, 2021 12:29 PM > To: ClamAV users ML > Cc: Micah Snyder (micasnyd) > Subject: Re: [clamav-users] MS Windows Explorer Context Menu sendto &g

Re: [clamav-users] MS Windows Explorer Context Menu sendto (clamscan.exe) - how to keep cmd box open to view results?

Hi Robert, You're correct that there is no config file for clamscan.exe. There also isn't any config option to have the command-line applications stay open if you're double-clicking them. ClamAV wasn't designed to be double-clicked. The problem you're facing is not really specific to ClamAV

Re: [clamav-users] clamsubmit fails with Authenticity token element not found.

Hi Virgo, We've been experiencing ClamSubmit failures in our test suite for a month or more. I have a branch with a fix for it that is in review for inclusion in 0.103.3 which we'll publish late this month. The issue we're seeing is a little different, but sounds similar. It has to do with

Re: [clamav-users] Regarding increasing ClamAV file size while using docker

Hi Karthik, One option is to override the config directory if you need with a volume mount that contains custom config files. When you start the container, add this to your command line: --mount type=bind,source=/full/path/to/your/configs/,target=/etc/clamav Where /full/path/to/your/configs/

Re: [clamav-users] Clam AV Cost and support for enterprise

Karthik, Based on the C# API, I am guessing that you are using this project: https://github.com/tekmaven/nClam The developer, Ryan Hoffman, appears to be active on GitHub and answered a GitHub issue for nClam as recently as 8 days ago. I would recommend seeking help with the C# aspects of your

<    1   2   3   4   5   6   >