Re: [clamav-users] ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published

hem) ClamAV Development Talos Cisco Systems, Inc. H From: Michael Orlitzky Sent: Thursday, September 5, 2024 11:35 AM To: Micah Snyder (micasnyd) ; clamav-users@lists.clamav.net Subject: Re: [clamav-users] ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versio

Re: [clamav-users] ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published

9:55 AM To: clamav-users@lists.clamav.net Cc: Michael Orlitzky Subject: Re: [clamav-users] ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published On Wed, 2024-09-04 at 19:19 +0000, Micah Snyder (micasnyd) via clamav- users wrote: > Read this online at > https://blog.cl

[clamav-users] ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published

Read this online at https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page

[clamav-users] ClamAV 1.4.0 and ClamAV Bytecode Compiler 1.4.0 published

Read this online at: https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page<

Re: [clamav-users] about scan file size changed of clamd.conf

The Talos Threat Research team asked us to increase the default max file size so they can write signatures to detect larger malware. Malware is getting bigger as faster internet has become widely available, disk space has become relatively cheap, and software (including malware) is written in l

Re: [clamav-users] clamav preventing CLion from working properly

Talos Cisco Systems, Inc. From: Giacomazzi Gabriele Antonio Sent: Wednesday, July 24, 2024 10:54 AM To: Micah Snyder (micasnyd) Cc: ClamAV users ML Subject: Re: [clamav-users] clamav preventing CLion from working properly So your advice is to just don't use t

Re: [clamav-users] clamav preventing CLion from working properly

The "OnAccessPrevention" feature will really slow down other programs, especially software that touches a lot of files like CLion, VSCode, Git. I cannot recommend it. Even with this disabled, ClamAV on-access scanning probably won't keep up with your activity and will likely monopolize at least

Re: [clamav-users] Problems subscribing to lists

sday, July 17, 2024 6:21 AM To: Micah Snyder (micasnyd) ; ClamAV Subject: Re: [clamav-users] Problems subscribing to lists Thank you so much for your kind help Micah. Do I understand correctly that clam AV update announcements will now be sent to me automatically by email? Do I now send m

Re: [clamav-users] Issue getting private local mirror to work

Hi j, I see you are seeing this error, even though you're having it use your own private database mirror: "FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN)." When freshclam fails to download because of a 429 or 403 error code the database mirro

Re: [clamav-users] Question about future expected Main + Daily CVD size

Hi Mikhail, The growing size of the main and daily databases is a concern for me as well and has been for a few years. I have a plan to archive older signatures that do not appear to be relevant anymore. This plan requires some extensive changes to some SQL databases and middleware that builds

Re: [clamav-users] Problems subscribing to lists

Hi Sarah, Our clamav-announce emailer isn't supposed to require approval from the list admin in order to subscribe, thought it does require confirmation from an email so others can't just sign you up. It seems like that setting changed on its own somewhere around early October, 2023. I mostly

Re: [clamav-users] Question about additional processing on Documents in Clamd Configuration File

Hi Paul, Yes, that is correct. In the case of PDF processing, cli_scanpdf()​ has logic to extract additional content from PDF such as decompressing attached images, javascript, etc. It may also decrypt password protected PDF's where the password is empty. The scanraw()​ function is primarily

Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

Hi Mikhail, As you probably know, the clamav signature database is comprised of daily.cvd, main.cvd, and bytecode.cvd. Note: I say "cvd" but the file will have a "cld" extension if freshclam has updated it from an older version using our cdiff patching update mechanism. Daily.cvd is updated d

Re: [clamav-users] Suppress warning logs

There are multiple github issues referencing this warning. My best guess as to the cause is one of these two: * attempting to scan a file that is in a mounted volume where our "file descriptor to file path lookup" feature does not work * attempting to scan a file that has been deleted before

[clamav-users] New Tool: ClamAV Large Archive Scanner

As many of you know, ClamAV has a limit on the maximum file size that may be scanned. The default max file size is 100MB in the latest release. You can raise the limit up to 2000MB (2GB). But it cannot be set higher at this time. Some users who have a requirement to scan much larger files (and c

Re: [clamav-users] reject/flag files based on extension

I don't think there is any mechanism in clamav-milter or clamd to alert/convinct/block attachments scans based on file extension. Perhaps there is an option in Sendmail? ​ Micah Snyder (they/them) ClamAV Development Talos Cisco Systems, Inc. From: clamav-users

[clamav-users] ClamAV 1.4.0 release candidate now available!

Read this online at: https://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html The ClamAV 1.4.0 release candidate is now available. You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub r

Re: [clamav-users] Are the Clam AV community signature sets still being actively maintained by Cisco?

Hi Richard, Sorry about the delay on the reply. Retirement of Immunet had no impact on ClamAV CVD signatures. We still create new detections and publish daily updates. Immunet was a sort of testing ground for Cisco Secure Endpoint - specifically for Windows, but without the enterprise featur

[clamav-users] ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published

Read this online at: https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page

Re: [clamav-users] Unable to download daily.cvd after upgrade to RHEL 8

:57:00 GMT; domain=.clamav.net<http://clamav.net>; HttpOnly; SameSite=None ---response end--- 403 Forbidden cdm: 1 ___ Thanks, John On Thu, Mar 7, 2024 at 3:20 PM Micah Snyder (micasnyd) via clamav-users mailto:clamav-users@lists.clamav.net>> wrote: It feels

Re: [clamav-users] Unable to download daily.cvd after upgrade to RHEL 8

It feels like the proxy may not be forwarding freshclam​'s HTTP User-Agent header. We use that header to block unsupported software (like curl, wget, firefox, chrome, etc) from downloading the database files. I don't know why that would change with just an in-place upgrade of the system to RHE

Re: [clamav-users] Software version from DNS: 0.103.11, but version is 1.3.0?

The "Software version from DNS" is intended to display the most recent patch version. If it is higher than your current version, you get a very loud warning recommending an upgrade. Since we changed our end-of-life policy and introduced LTS versions, we've decided to have the version from DNS

Re: [clamav-users] Slow PDF Scanning pt 3.

Hi Eric, Thank you for the in-depth analysis of the PDF scanning speed issue. We took a look at the bytecode (BC) signatures and considering the performance impact and value of the detections we decided to drop these signatures. You should have seen them drop in yesterday's update to the bytec

Re: [clamav-users] Bytecode run timed out in interpreter after 5000 opcodes

Hi Ralf, There are 3 bytecode rules for detecting CVE's that seem to take a rather long time to run, particularly as the file grows in size. I'm discussing with our threat research team if we can remove them as CVE's are old enough that no one should reasonably still be affected by the vulnera

Re: [clamav-users] Save a copy of the mail (quarantine=quarantined by clamav-milter)

Hi Jobst, I don't know the exact answer to your question. I don't have hardly any experience with sendmail or even clamav-milter. Perhaps someone else knows better and can help. >From the clamav-milter.conf.sample file, I see this comment, which may help: # NOTE: In Sendmail the quarantine q

Re: [clamav-users] ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!

feature release and 1.2.2, 1.0.5 security patch release! Citeren "Micah Snyder (micasnyd) via clamav-users" : [...] > * 0.104 (all patch versions) > * 0.105 (all patch versions) > * 1.0.0 through 1.0.4 (LTS) > * 1.1 (all patch versions) >

[clamav-users] ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!

Read this online at: https://blog.clamav.net/2023/11/clamav-130-122-105-released.html The ClamAV 1.3.0 feature release is now stable! Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes

Re: [clamav-users] Installation and Use

Hi Gene, Did you use this download URL? https://www.clamav.net/downloads/production/clamav-1.2.1.win.win32.msi I just tested it on a 32bit Windows 10 VM and did not run into any issues. The installation worked okay and running the EXE programs (in PowerShell) worked okay. Please keep in mind t

Re: [clamav-users] ClamAV 1.3.0 second release candidate published!

hulze Subject: Re: [clamav-users] ClamAV 1.3.0 second release candidate published! Am 24.01.24 um 23:09 schrieb Micah Snyder (micasnyd) via clamav-users: > We are excited to announce the ClamAV 1.3.0 release candidate. Hello, at least I could confirm, the build issue [1] was fixed. Build w

Re: [clamav-users] [ext] ClamAV 1.3.0 second release candidate published!

Apologies for the confusion. The links got messed up and it wasn't caught in review. They should have been: https://www.clamav.net/downloads and https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.3.0-rc2 I've updated the blog post to read: You can find the source code and installers f

[clamav-users] ClamAV 1.3.0 second release candidate published!

View this online at: https://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html We are excited to announce the ClamAV 1.3.0 release candidate. You can find the source code and installers for this release on t

[clamav-users] ClamAV Debian multi-Arch Docker images now available!

Read this online, at: https://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html We now offer official ClamAV docker images based on `debian:11-slim`. In addition to offering an alternative to the original Alpine Linux images, the

Re: [clamav-users] ClamAV 1.3.0 release candidate published

2023 2:25 PM To: ClamAV users ML Cc: Steve Basford Subject: Re: [clamav-users] ClamAV 1.3.0 release candidate published On 15 December 2023 16:49:49 "Micah Snyder \(micasnyd\) via clamav-users" wrote * Fixed an issue decrypting some PDF's with an empty password. Hi Mic

Re: [clamav-users] ClamAV 1.3.0 release candidate published

Thanks Andreas and Arjen. I will investigate asap. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of A. Schulze via clamav-users Sent: Monday, December 18, 2023 9:57 AM To: clamav-users@lists.clamav.net

[clamav-users] ClamAV 1.3.0 release candidate published

Read this online at: https://blog.clamav.net/2023/12/clamav-130-release-candidate-now.html We are excited to announce the ClamAV 1.3.0 release candidate. You may find the source code and installers for this release on the clamav.net/downloads page or the ClamA

Re: [clamav-users] How to respond to request?

Hi Jay, Essentially, the cli_malloc()​ function is a wrapper around the standard malloc()​ memory allocation function. This wrapper has a limit on how much it's willing to allocate. The purpose is to limit memory allocations when the size of the allocation required is based on untrusted file

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

file formats. Respectfully, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Paul Kosinski via clamav-users Sent: Monday, November 13, 2023 7:28 PM To: Micah Snyder (micasnyd) via clamav-users Cc: Paul Kosinski Su

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool Hi Micah, Is it going to be part of clamav or a different application entirely? Hong-Duc Vu From: Micah Snyder (micasnyd) Sent: Monday, November 13, 2023 3:33 PM To: Andrew C Aitchison Cc: Cla

Re: [clamav-users] Question About MaxFileSize / news of upcoming Large Archive Scanner tool

mAV Development Talos Cisco Systems, Inc. From: Andrew C Aitchison Sent: Thursday, June 8, 2023 6:25 PM To: Micah Snyder (micasnyd) Cc: ClamAV users ML Subject: Re: [clamav-users] Question About MaxFileSize On Thu, 8 Jun 2023, Micah Snyder (micasnyd) wrote: > I agree

[clamav-users] ClamAV 1.2.1, 1.1.3, 1.0.4, 0.103.11 patch versions published

Read this online at: https://blog.clamav.net/2023/10/clamav-121-113-104-010311-patch.html Today, we are publishing the 1.2.1, 1.1.3, 1.0.4, and 0.103.11 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page

Re: [clamav-users] first questioon????

Hi Rahim, Sorry, this is not possible. -Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Rahim Fakir via clamav-users Sent: Sunday, October 22, 2023 5:18 PM To: clamav-users@lists.clamav.net Cc: Rahim Fakir Sub

Re: [clamav-users] [ext] Compressing log files with clamav

There are no plans to add compression for log files. And I can't recall any prior feature request asking for this though I see the appeal. Feel free to put in a feature request issue on GitHub. I imagine it wouldn't be hard to add this feature. If anyone wants to contribute this feature, you

Re: [clamav-users] Error installing from source

Hi, A newer version of GCC should solve the problem, but you may be able to resolve it with the old GCC as well. Some other users have reported mixed results in this discussion: https://github.com/Cisco-Talos/clamav/issues/1017 The most recent comment states: Personally it works for me wh

Re: [clamav-users] Freshclam version 1.0.2 warnings

Sorry for the confusion, everyone. The warning message was accidentally introduced when adding it for debugging purposes. We fixed it in 1.1 but missed backporting the fix to 1.0. I will make priority to fix it in the next 1.0 patch version. Regards, Micah Micah Snyder ClamAV Development Tal

[clamav-users] ClamAV 1.2.0 feature version and 1.1.1, 1.0.2, 0.103.9 patch versions published

Read this online at https://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html The ClamAV 1.2.0 feature release is now stable and available for download on the ClamAV downloads page, on the Github Release page

Re: [clamav-users] QNAP NAS virus definition updates.

Unless QNAP is customizing things or hosting their own mirror, chances are it's reaching out to https://database.clamav.net over port 443. Disclaimer: I don't have any experience with QNAP devices. Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From:

[clamav-users] ClamAV 1.2.0 release candidate now available

Read this online at https://blog.clamav.net/2023/08/clamav-120-release-candidate-now.html We are excited to announce the ClamAV 1.2.0 release candidate. You may find the source code and installers for this release on the

Re: [clamav-users] Scanning blocked during database reload

Michal, I'm not sure what's going wrong for you. It works as expected with 1.1.0 for me. I would be wondering about that same setting. If you run "clamconf -n" can you confirm the settings it finds, and also the path of the config file you've been editing to make sure it is the same as what "

Re: [clamav-users] ClamAV on RHEL9 with FIPS enabled

Apologies for the delayed response. We are only just starting to discuss a possibility of a new CVD (signed signature database archive) format internally. Sorry I cannot promise anything in terms of timeline. -Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. __

Re: [clamav-users] Needed to whitelist Email.Phishing.RPMSG_Downloader-10004958-0

You can submit FP reports through https://www.clamav.net/reports/fp Our threat research team has automation in place behind this submission portal to investigate and resolve FP's. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: cl

[clamav-users] Shutting down old ClamAV Bugzilla

Read this online at https://blog.clamav.net/2023/06/shutting-down-old-clamav-bugzilla.html ClamAV will shut down the old ClamAV Bugzilla server in July. Users who have any outstanding Bugzilla reports should move them to GitHub Issues

Re: [clamav-users] Question About MaxFileSize

I agree with you. I suspect the majority of cases today is when people have a large archive of files to scan. I think best case scenario for people with a need to scan files larger than the present internal 2GB limit is that archives larger than 2GB are decompressed and then the files inside a

Re: [clamav-users] How do I get something added to the ignore list

If you wish to ignore the PUA.Doc.Tool.LibreOfficeMacro-2 signature, you can create a .ign2 signature file in your clamav database directory. See https://docs.clamav.net/manual/Signatures/AllowLists.html#signature-ignore-lists for details. Micah Snyder ClamAV Development Talos Cisco Systems,

Re: [clamav-users] Unix.Malware.Kaiji-10003916-0

This is correct. Kaiji-10003917-0 would be a separate signature, loosely related Kaiji-10003916-0. If Kaiji-10003916-0 had been updated, it would be Kaiji-10003916-1. If it were handwritten, we probably would have done that. In this case, the signature was generated by an automated system, s

Re: [clamav-users] LibClamAV Error: cli_html_normalise: style chunk size underflow

Hi Joe, Can you identify the file that triggers this error, and would you be able to email it to me directly to investigate please? You can ignore the error message otherwise. It is a part of a safety bounds check that we added in a new feature in ClamAV 1.1.0. We did not expect that error me

Re: [clamav-users] [ext] Segfaults with database version 26908

Hi Mario, all, Thank you for the extra info and the offer for help. Last night I also received a backtrace and a sample that will reproduce the crash. We should be able to figure out a fix for the bug from here. Thanks again! Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems

Re: [clamav-users] [ext] Segfaults with database version 26908

s on behalf of Micah Snyder (micasnyd) via clamav-users Sent: Tuesday, May 16, 2023 1:09 PM To: Ralf Hildebrandt via clamav-users Cc: Micah Snyder (micasnyd) Subject: Re: [clamav-users] [ext] Segfaults with database version 26908 All, For those who experience the crashes - is this happening

Re: [clamav-users] End of life (EOL) policy change, 0.103 one year extension, 0.105 past end of life

pported. This is probably because it looks that they just arbitrarily dropped some matchers, like 'u32', from the underlying engine.) On Mon, 8 May 2023 17:55:57 + "Micah Snyder \(micasnyd\) via clamav-users" wrote: > Read this online at > https://blog.clamav.net

Re: [clamav-users] LibClamAV Warning: Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0

It appears that this warning was added by accident while fixing a bug shortly before release and no one noticed in review. We'll remove the warning in 1.1.1 and 1.2.0. Sorry for the confusion! Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. _

Re: [clamav-users] [ext] Segfaults with database version 26908

All, For those who experience the crashes - is this happening when scanning any specific files with this signature in the database? If so, can you please share that with me directly? I see the same warning, but I haven't observed any crashes yet. I will continue to debug and try to figure out

[clamav-users] End of life (EOL) policy change, 0.103 one year extension, 0.105 past end of life

Read this online at https://blog.clamav.net/2023/05/end-of-life-eol-policy-change-0103-one.htm End of life (EOL) policy change ClamAV is making a minor change to our EOL policy

Re: [clamav-users] ClamAV 1.1.0 released

10:21 AM To: clamav-users@lists.clamav.net Cc: A. Schulze Subject: Re: [clamav-users] ClamAV 1.1.0 released Am 01.05.23 um 23:19 schrieb Micah Snyder (micasnyd) via clamav-users: > The ClamAV 1.1.0 feature release is now stable and available fordownload on > ClamAV.net <https://www.c

[clamav-users] ClamAV 1.1.0 released

Read this online at https://blog.clamav.net/2023/05/clamav-110-released.html The ClamAV 1.1.0 feature release is now stable and available for download on ClamAV.net or through Docker Hub. ClamAV 1.1.0 includes the fol

Re: [clamav-users] Inquiry about ClamAV's MaxFileSize

Hi Nozomi Tachibanaki, In ClamAV 0.105 we increased the max file size and max scan size. If your clamd.conf setting does not also raise the MaxScanSize setting, then it is likely you would experience the `Heuristics.Limits.Exceeded.MaxFileSize FOUND" alert in 0.103.7 and possibly also in 1.0.1,

Re: [clamav-users] ssl peer certificate or ssh remote key was not ok

I'm not sure this will help, but can you try using the CURL_CA_BUNDLE environment variable to see if that helps? Ex: CURL_CA_BUNDLE=/usr/local/share/ca-certificates/cert.crt freshclam https://docs.clamav.net/faq/faq-freshclam.html?highlight=curl_#problem-with-the-ssl-ca-cert Regards, Micah Mi

[clamav-users] Clamav 1.1.0 release candidate available now

Read this online at https://blog.clamav.net/2023/03/clamav-110-release-candidate-now.html We are excited to announce the ClamAV 1.1.0 release candidate. You may find the source code and installers for this release on: * The clamav.net/downloads page, or

Re: [clamav-users] Clamav EOL Policy and Signatures

Hi Scott, > First, I see the planned EOL data on clamav.net is the same as then. Is the assessment about extending the support period still ongoing? We discussed it and agreed to a 1-year extension for 0.103 LTS (specifically) but not all LTS versions. We have a blog draft in review at this mom

Re: [clamav-users] ClamAV EOL of 0.104.x versions

, March 23, 2023 1:38 PM To: clamav-users@lists.clamav.net Cc: Scott Kitterman Subject: Re: [clamav-users] ClamAV EOL of 0.104.x versions On Thursday, March 23, 2023 4:23:28 PM EDT Micah Snyder (micasnyd) via clamav- users wrote: > Read this online at > https://blog.clamav.net/2023/03/clam

[clamav-users] ClamAV EOL of 0.104.x versions

Read this online at https://blog.clamav.net/2023/03/clamav-eol-of-0104x-versions.html Effective March 28, 2023, ClamAV 0.104.0 (and all patch versions) will no longer be supported in accordance with ClamAV's EOL policy. End of life (EOL) for ClamAV means: * We

Re: [clamav-users] How to get rid of or Fix clamonacc error

> by the way: if you find another anti-virus for linux without using the > terminal (with GUI), let me know, have searched really long time and found > nothing (freeware or commerical). > some companies (e.g eset) had linux version but now they stopped the > development. If you need something f

[clamav-users] Be wary of emails with attachments targeting clamav-users list members

All, Some users have reported receiving emails that appear to be a reply to a clamav-users mailing list thread but are in fact a phishing attempt have attached malware. Most recently, Marc reported receiving an email that appeared to be a reply to an older clamav-users mailing list thread but

Re: [clamav-users] linux distribution including clamav-1.0.1

Hi Orion, > I've been looking into things and I think we will be able to update clamav in EL7 and EL8 to 1.0.X once 0.103.X goes EOL. This would be awesome! I just looked at https://github.com/Cisco-Talos/clamav/issues/842 after reading your message. I'm sorry that I and no one on my team respo

Re: [clamav-users] Long database load time, long clamscan scan time

. Please let us know, if the problem is solved. By the way, what is Cisco's or Talo's definition of the word "daily"? Means that, on every day beginning on 12 am? Kind regards Marc Am 1. März 2023 18:59:57 schrieb "Micah Snyder \(micasnyd\) via clamav-users" : A

[clamav-users] Long database load time, long clamscan scan time

All, We're aware of the issue with the latest daily database update causing extremely long database load times and thus extremely long clamscan scan times. We found the issue and will push out a fix as soon as we are able. We are also preparing guardrails so that this won't happen again in thi

Re: [clamav-users] 0 length bytecode.cvd causing problems with clamav daemon

The bytecode.cvd​ file is the original. When there is an update, we publish two things: 1. a bytecode.cdiff​ patch file that will update the older bytecode.cvd​ to the newest version. This is the "scripted update" mechanism. If using the .cdiff​ patch file to update, it should replace the ol

Re: [clamav-users] about ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published

Matus is correct. The issue has nothing to do with what your file system is. It has to do with scanning archives that use the HFS+ filesystem. Specifically, HFS+ is commonly used in DMG archives. Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From:

Re: [clamav-users] Probably banned IP

Hi Łukasz, Looking at https://www.maxmind.com/en/geoip-demo, MaxMind seems to think your IP is in Poland. I looked checked in our (Cisco's) own regional address lists used to comply with sanctions. I see I don't see 91.220.164.0/24 block in the list. I do see that we block 91.220.163.0/24 and

Re: [clamav-users] What is the actual danger of this?

This alert means that the JPEG is slightly malformed. Many applications will probably be fine with it. ClamAV thinks it is a little odd. The risk is probably pretty low, but perhaps looking at a little to see if any other antivirus products think it is suspicious. Regards, Micah Micah Snyd

Re: [clamav-users] Future support of clamav in EPEL7 and EPEL8

Hi Scott, Michael, Orion, You make some good points. In particular as Linux/Unix distributions are still learning how to package Rust software. We're starting the discussion within Cisco to consider this ask. We do not expect to extend ClamAV's LTS policy, but we will discuss the specific case

Re: [clamav-users] about ”Can't allocate memory ERROR”

Hi Tsutomu, all, I would like to clarify one thing from this message in regard to our support policy. ClamAV 0.103 is still supported by LTS, which means we continue to provide patch versions. ClamAV 0.103.4 is still able to download signatures but is not​ supported for bug fixes. You should

[clamav-users] ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published

Read this online at https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html - Today, we are releasing the following critical patch versions for ClamAV: * 0.103.8 * 0.105.2 * 1.0.1 ClamAV 0.104 has reached end-of-life according to the ClamAV End of Lif

Re: [clamav-users] ClamAV Private Mirror Question

ion of bytecode.cvd Am I right Micah? i had once found an explanation of the descriptive txt but i can't find it anymore Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> An / To: Newcomer01 <mailto:newcome...@posteo.de> CC / CC: Micah Snyder \(Micasnyd

Re: [clamav-users] ClamAV Private Mirror Question

Hello, You can use this command to print the build information which will include the date it was published: sigtool --info /path/to/database​ For example: ❯ sigtool --info /var/lib/clamav/daily.cld File: /var/lib/clamav/daily.cld Build time: 30 Jan 2023 03:24 -0500 Version: 26797 Signatures:

Re: [clamav-users] Upgrade to 1.0.0

How did you install ClamAV? We had a similar issue in the release candidate for 1.0.0. As far as I know, that was completely resolved. Is this your github issue? https://github.com/Cisco-Talos/clamav/issues/818 It sounds like the same issue, but I haven't observed it myself and haven't heard o

Re: [clamav-users] About scanning files larger than 2 GB in size

___ From: Andrew C Aitchison Sent: Wednesday, January 25, 2023 10:59 PM To: Micah Snyder (micasnyd) via clamav-users Cc: Micah Snyder (micasnyd) Subject: Re: [clamav-users] About scanning files larger than 2 GB in size On Thu, 26 Jan 2023, Micah Snyder (micasnyd) via clam

Re: [clamav-users] About scanning files larger than 2 GB in size

P.S. Do many current commercial AV suites for Windows have this limit? I have no idea. Does anyone else know? Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: Paul Kosinski Sent: Thursday, January 26, 2023 11:32 AM To: Micah Snyder (micasnyd

Re: [clamav-users] About scanning files larger than 2 GB in size

Paul is sort-of correct but the 2GB limit isn't artificial as he has implied. ClamAV code contains a lot of signed and unsigned 32bit variables that must be upgraded to 64bit variables to support larger files. Before raising the limit, a tedious audit process must be completed to ensure that al

[clamav-users] Decommission of unused clamav-binary mailing list

Hello everyone, The clamav-binary mailing list fell into disuse many years ago. We have found that we're able to communicate effectively with binary package maintainers as needed through the clamav-announce, clamav-devel, and clamav-users mailing lists. Although we have not been using the cla

Re: [clamav-users] Documentation: Installing, Unix From Source

Sorry Scott, just saw this catching up on emails from over the holidays. Yes, absolutely we can the instructions to use apt instead of pip. Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Scott Kitterman via clamav-use

Re: [clamav-users] Testing for Big Endian Architectures

Thanks Scott, Sebastian, and Orion. I'll keep an eye out for the patch PR. Best, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of Scott Kitterman via clamav-users Sent: Saturday, January 7, 2023 10:18 PM To: ClamA

Re: [clamav-users] Scanning result in socket connection for each file under a folder?

I don't think it's possible unless you send each file to be scanned instead of scanning the directory. clamd only sends back FOUND for files, or else OK for the directory. Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf

Re: [clamav-users] linux.cvd database question

To add to what Andy wrote... The linux.cvd was created to supplement a product that has online hash look-ups and behavioral detection features. It isn't advertised for public used because it isn't intended for public use. And I'm not certain it is actually used anywhere. But I should caution

[clamav-users] Maintenance outage planned for legacy bugzilla server, Friday

Hello all, There will be a maintenance outage for the legacy Bugzilla server this Friday around 8am EST. The server will be offline for approximately 4 hours while we apply updates. We are keeping Bugzilla around for reference. GitHub will continue to be the preferred site for issue tracking.

Re: [clamav-users] Renumbered name server.

Hi Grant, I'm the community manager for ClamAV now. Your previous contact was likely Joel Esler who has moved on to new adventures. We can continue this conversation in direct emails. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. Fro

[clamav-users] ClamAV 1.0.0 LTS released

Read this online at https://blog.clamav.net/2022/11/clamav-100-lts-released.html ClamAV 1.0.0 LTS released The ClamAV 1.0.0 feature release is now stable and available for download on ClamAV.net or through Docker Hub.

[clamav-users] Second ClamAV 1.0.0 release candidate AND updated packages for 0.105.1

​Read this online at https://blog.clamav.net/2022/11/second-clamav-100-release-candidate-and.html Today we are publishing a second release candidate for ClamAV 1.0.0. If you haven't gotten a chance to test the 1.0.0 release candidate yet, please have a look before we publish the stable release

Re: [clamav-users] Can't access file ERROR - clamdscan - 0.103.7-1

> [Micah, I've just noticed that '-c file' doesn't appear in the 'man' page for clamd.conf but '--config-file=file' does. I *think* I've mentioned it before but I don't have time to check right now. The short version does work instead of the long one, I guess you know.] Thanks. Perhaps we should

Re: [clamav-users] ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities

If you're interested in monitoring what virustotal has seen, you can do a search like this: https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-0/files At present, it only shows a single .pcap​ network traffic recording as having matched with the signature. That is for

Re: [clamav-users] version numbers of updated libraries in 0.105.1-2

Hello Anjana, Ged, I'm both grateful and embarrassed that you tracked this down. I believe the fault is mine. We built 0.105.1-2, tested it, signed it, and even staged it on the website in preparations for release on Monday. However, the tiff​ project released an update on Saturday so we reb

Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7, 0.104.4, 0.105.1 to resolve CVE's

opment Talos Cisco Systems, Inc. From: clamav-users on behalf of G.W. Haywood via clamav-users Sent: Tuesday, November 1, 2022 4:32 PM To: Micah Snyder (micasnyd) via clamav-users Cc: G.W. Haywood Subject: Re: [clamav-users] [Clamav-announce] New packages for ClamAV

  1   2   3   4   5   6   >