On Thu, 2024-09-05 at 15:58 +, Micah Snyder (micasnyd) wrote:
Warning: veering wildly off-topic below. I know rust isn't going away,
I just like to hear myself talk.
> Depending on countless hours of work from volunteers to maintain an OS-level
> package for every library dependency seems u
On Thu, 2024-09-05 at 15:27 +, Micah Snyder (micasnyd) wrote:
> Michael,
>
> We didn't change anything in under /libclamav/regex in 0.103.12. This is
> unrelated to the release.
>
> But also... We maintain 0.103 for folks who can't upgrade to newer major
> versions of software.
> gcc-14.2 i
On Wed, 2024-09-04 at 19:19 +, Micah Snyder (micasnyd) via clamav-
users wrote:
> Read this online at
> https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
>
> Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch
> versions.
v0.103.12 fails t
On Tue, 2023-10-17 at 19:53 +0200, Michael via clamav-users wrote:
> Dear ladies and gentleman,
>
> I have a question about the linux clamscan permissions.
>
>
Use clamdscan (NOT clamscan) with the --fdpass option. That will scan
under the privileges of the clamd daemon by passing it a referenc
On Fri, 2023-08-04 at 18:38 +, Micah Snyder (micasnyd) via clamav-
users wrote:
>
> * The suggested path for the clamd.pid and clamd.sock file in the sample
> configs have been updated to reflect the recommended locations for these
> files in the Docker images. These are:
>
> * /
On Tue, 2023-05-16 at 12:08 +0200, Ralf Hildebrandt via clamav-users
wrote:
>
> >
> > Has anyone seen this, too?
>
> I've seen this with 1.1.0-1 as well. Maybe they're related to the
> "pattern issue" I posted a while ago
>
Me three.
___
Manage yo
On Thu, 2023-02-23 at 01:27 +, Micah Snyder (micasnyd) via clamav-
users wrote:
> Hi Scott, Michael, Orion,
>
> You make some good points. In particular as Linux/Unix distributions
> are still learning how to package Rust software.
>
It's not a matter of knowing how to package rust. It's jus
On 2023-02-18 15:40:55, Orion Poplawski via clamav-users wrote:
>
> This email is to start a discussion of what will happen with clamav
> support in EPEL7 and EPEL8. In particular, to inform everyone that it
> will be impossible to build clamav 1.X in EPEL7 and EPEL8 due to lack of
> rust supp
On Sun, 2022-02-13 at 13:10 +, Marc wrote:
> >
> > My team is new to maintaining images on Docker Hub. We hadn't yet
> > identified the best practices for how to publish an image for the
> > same
> > ClamAV version with a new base image. After a little investigation,
> > I
> > settled on this
On Sun, 2021-10-31 at 13:05 -0400, Mark G Thomas wrote:
>
> Has anyone else had similar experiences recently?
>
Not recently per se, but it happens. Do you limit the number of scans
that can be run simultaneously, if (for example) some doofus BCCs a
20MB nested zip file to everyone in his organ
On Sat, 2021-07-31 at 14:47 +0200, Arjen de Korte via clamav-users
wrote:
>
> What might be useful to add, is an option to set the name of the UNIX
> socket (which is hard coded now) through a cmake option. In openSUSE
> we patch this to a different name, but this needs to be done in
> sever
On 2021-07-28 23:53:35, Micah Snyder (micasnyd) via clamav-users wrote:
>
> I would like your feedback.
>
Starting with v0.103 will be really helpful. I've already voiced my
concerns about CMake... As the Gentoo maintainer, the switch is a bit
annoying, since we've been fixing autotools issues f
On 2021-06-17 09:00:09, Jigar via clamav-users wrote:
> Hello,
>
> Suddenly, we are getting the following error in clamd.log file
>
> Thu Jun 17 08:52:49 2021 ->
> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
> Can't create new file ERROR
> Thu Jun 17 08:52:49 2021 ->
> /var/
On Thu, 2021-04-29 at 16:22 +0100, G.W. Haywood via clamav-users wrote:
>
> 3. What is uid 110 on your system? On my clamd server it's 'sshd'.
> This means that if I were to run it as root as it is, the script would
> change ownership of the modified files to the wrong user (which would
> break f
On Sat, 2021-04-24 at 13:46 +, Keith Graber wrote:
> I'm running ClamAV as user 'clamav' who owns /var/log/clamav
Clamd probably expects to be run as root if it's trying to use
lchown(). Have you tried the --foreground flag?
In any case, you will save yourself a lot of trouble if you just log
On Mon, 2021-03-29 at 14:03 +, Steve Hanselman wrote:
> Is anyone able to successfully use the malwarepatrol.db file?
I've contacted malwarepatrol about this but it never got resolved. As
far as I know, it's still issue #16509 with them.
The problem is that sometimes the "extended" signature
On 2020-10-03 16:39, Matthew Campbell via clamav-users wrote:
> Directory permisions for /var/local/clamav are 06770 owned by clamav:clamav.
So the clamav user can't traverse that directory? (You should also set
that mode o-w, at the very least, or risk exploits.)
On 2020-09-29 08:30, Duncan Berriman via clamav-users wrote:
> Good point. I will sort it out.
>
> Perhaps the example conf files should use/suggest a better location.
Soonish:
https://github.com/Cisco-Talos/clamav-devel/pull/132/commits/d078ea13
The main roadblock is that the service manager
On 2020-09-29 07:18, Duncan Berriman via clamav-users wrote:
> Hi,
>
> Each time freshclam runs automatically via clamd it is leaving 2
> temporary files in /tmp.
>
> -rw--- 1 root root 0 Sep 29 09:17 tmp.UdjG3Qnk4E
> ...
> srw-rw-rw- 1 root root 0 Sep 29 11:00 clamd.s
On 2020-08-21 11:29, Arjen de Korte via clamav-users wrote:
>
>> # ps ax | grep clamd
>> 7436 ?Ssl0:25 sbin/clamd
>
> # ps ax | grep clamd
> 7840 pts/2S+ 0:00 /usr/sbin/clamd --debug
> 7841 ?Ssl0:38 /usr/sbin/clamd --debug
>
> Previously I've wa
On 2020-08-21 09:38, Arjen de Korte via clamav-users wrote:
>>
>> However, systemd isn't the only service manager, and the problem still
>> exists in all of the other ones. Systemd is able to avail itself of
>> platform-specific features in brand-new Linux kernels. SysV init,
>> OpenRC, and others
On 2020-08-21 08:11, Arjen de Korte via clamav-users wrote:
>
> Not unconditionally. See the following from 'man 5 systemd.service':
>
> "The PID file does not need to be owned by a privileged user, but if it
> is owned by an unprivileged user additional safety restrictions are
> en
On 2020-08-21 08:11, Arjen de Korte via clamav-users wrote:
> Citeren Michael Orlitzky via clamav-users :
>
>> On 2020-08-21 04:45, Arjen de Korte via clamav-users wrote:
>>>
>>> It is not clear to me what problem this patch intends to solve (for a
>>> syst
On 2020-08-21 04:45, Arjen de Korte via clamav-users wrote:
>
> It is not clear to me what problem this patch intends to solve (for a
> systemd service it is absolute not required from a security point of
> view). The PIDFile should be writable by vscan user only anyway.
>
With a Type=forkin
On 2020-07-16 19:10, Michael Orlitzky via clamav-users wrote:
>
> Micah: openat() only provides "one level of safety" in that when opening
> /foo/bar/baz, it ensures that "baz" is where you think it is. You may
> want to investigate whether or not an attacker can
On 2020-07-16 17:22, Kevin A. McGrail via clamav-users wrote:
> Hi, I have an old system I'm compiling.
>
> I have 0.102.3 working on it.
>
> Here's the config line:
>
> ...
> CCLD clamscan
> actions.o: In function `traverse_to':
> ../shared/actions.c:328: undefined reference to `openat'
>
On 2/25/20 4:32 AM, Per Jessen wrote:
>
> Okay, thanks for letting me know. I guess it would be easy to update in
> configure.ac ?
>
I think it's in m4/reorganization/libs/curl.m4, but basically yes.
___
clamav-users mailing list
clamav-users@lists
On 2/24/20 5:28 AM, Per Jessen wrote:
> I've just stumbled on this new config
> option - "--enable-libclamav-only ". However, I still get complaints
> about libcurl (for freshclam and clamdsubmit) ?
>
I reported this already (bug is still private):
https://bugzilla.clamav.net/show_bug.cgi?id
On 2/6/20 5:28 AM, G.W. Haywood via clamav-users wrote:
>
> I am familiar with the UI of the bug tracking software at the ClamAV
> Bugzilla. It has a drop-down box which gives an option to mark a new
> issue with "security" - but that is not the default, and I do not know
> of any "security" box,
On 2/5/20 12:29 PM, Joel Esler (jesler) via clamav-users wrote:
>
> ClamAV 0.102.2 is a security patch release to address the following issues.
Off-topic: please help us help you. It would make tracking what issues
are (not) fixed a lot easier for us downstream if we could see the bugs
on bugzill
On 2/4/20 9:08 PM, Ralph Seichter via clamav-users wrote:
>
> Opening a ticket reading "Your script is broken and should be rewritten
> from the ground up" does not seem a viable option to me.
My feeling as well. I can rattle off a hundred things,
* The --install-man option is dumb, just inclu
On 2/4/20 8:50 PM, James Brown via clamav-users wrote:
>
> The author of the script probably does not read this mailing list.
>
> Have you put your concerns into the issue tracker on GitHub?
>
> https://github.com/extremeshok/clamav-unofficial-sigs/issues
>
Yes, but... there's no way to put th
On 1/31/20 10:01 AM, Reio Remma via clamav-users wrote:
>
> The way it's set up is that it needs to be ran as root once to have it
> set itself up. From cron it runs as clamav user.
>
The upstream systemd service runs as root as well. And from a distro
point of view, it's just bad mojo to insta
On 1/31/20 2:47 AM, Steve Basford wrote:
> Hi All,
>
> eXtremeSHOK.com's clamav-unofficial-sigs download script has been
> updated:
>
> https://github.com/extremeshok/clamav-unofficial-sigs
>
> Change Log
>
> Version 7.0.1 (Updated 25 January 2020)
>
Beware, as of a few versions ago this scr
On 8/31/19 11:00 AM, Thomas Barth via clamav-users wrote:
>
> Realy bad attitude of developers!
Micah took the time to answer a question and provide a status update.
It's counterproductive to shame people for being honest.
___
clamav-users mailing li
On 3/4/19 9:28 PM, Jobst Schmalenbach via clamav-users wrote:
>
> This is really confusing as datadir points DATAROOTDIR.
>
> Can I make them the same?
>
It's confusing in clamav because it's confusing everywhere. Those
directories and their meanings' come from autotools:
https://www.gnu.org
On 08/31/2018 05:00 AM, Henrik Hoeg Thomsen1 wrote:
> wget -q -m -nd -P /tmp --retry-connrefused http://db.local.clamav.net
This is probably exploitable by anyone on the system to gain root. If I
create the file /tmp/daily.cvd (remember that /tmp is world-writable),
$ touch -d '2018-01-01 00:00
On 11/29/2017 11:56 AM, Micah Snyder (micasnyd) wrote:
>
> In the short term, if you absolutely must use your current
> implementation, you could consider hosting your Docker container
> inside a secure VPN and connect each client machine to the VPN to
> provide some security between your client a
On 09/22/2014 06:23 PM, David Cain wrote:
> Hi all,
>
> I'm running ClamAV work amavisd-new on a Debian Wheezy server. I
> update the serve with security and s/w updates weekly, so it's on the
> latest now for the distro.
>
> Every Sunday at exactly 9PM EDT (0100 UTC), cron sends me an email
> th
On 11/26/2013 06:47 PM, Dave Pitts wrote:
>
> Like at 4:30pm MT every day. It may play at other times. But, I can't say.
>
Do you have any asshole friends who've used your PC lately?
This sounds like the answer to the question, "I have my buddy Dave's
computer for the next five minutes, what's
On 07/28/2013 08:18 AM, Benny Pedersen wrote:
>
> google thread of libunrar clamav free rar unrar, the thread was that
> some maintainers say its same license and thus unrar is not free ?, but
> libunrar source can be googled, hmm
>
When they say "free," they mean "free software" (per the GNU
On 08/29/2012 09:46 AM, Maarten Broekman wrote:
>> -Original Message-
>> Despite the statement of your objective it isn't clear to me what you
>> think you're going to achieve. My expectation would be a very large
>> increase in the false positive rates if you attempt to use signatures
>>
On 05/24/12 08:56, Matus UHLAR - fantomas wrote:
>
> I think you can do that, but you must not copy the code. The safe ways
> to avoit such legal problems is to have two groups of people, one that
> reads, tries to understand how does the stuff work, and explains to
> another one, that will build
On 05/15/12 07:14, G.W. Haywood wrote:
> Hi there,
>
> On 05/15/2012 12:26 AM, Paul Smith wrote:
>
>> We could talk to clamd using TCP/IP, but ... that would involve
>> reverse engineering clamdscan and rewriting it.
>
> Reverse engineering
>
> Just download the source.
>
Thankfully, you
On 05/14/12 11:55, Paul Smith wrote:
>
> If we made our software link directly with libclamav, then, as far as I
> can see we'd need to GPL our software, which isn't desirable
Yup.
> What if another person made an AV plugin DLL to link our software with
> libclamav? I presume that by doing so,
On 04/26/2012 10:32 AM, Dennis Peterson wrote:
> On 4/25/12 7:34 AM, Michael Orlitzky wrote:
>> On 04/25/12 07:55, Török Edwin wrote:
>>>>
>>>> I don't know if this can help speeding up the process but I collected some
>>>> statistics on
>>
On 04/25/12 07:55, Török Edwin wrote:
>>
>> I don't know if this can help speeding up the process but I collected some
>> statistics on
>> clamscan of a small file (wallclock duration: ~25sec):
>
> I think I'm missing some context here: which DB files are slow to load?
> The official ones? Just
On 09/19/11 12:04, Bowie Bailey wrote:
>
> He is not trying to match the IP address. He is trying to match an
> unusual way of presenting the IP address that seems to occur primarily
> in spam.
>
> Whether this is something that should be done in ClamAV or would be
> better done by something lik
On 09/19/11 08:18, G.W. Haywood wrote:
>
> Nah, after thirty-odd years I can do it in my head with dotted quads. :)
Yeah but I'll bet you imagine the bits still =)
> But the point remains, this is a pretty obvious and easy target for
> any scanner which is looking for malicious activity, so wou
>
> A hostname cannot be all digits and except when the IP is used there
> will be a TLD, so if you see a pattern such as
>
> http:// 123456789/ cgi-bin/innocent_code.pl
>
> (Ignore the spaces they are there to let this post slip by most antispam
> detection) then you can surmise it is an atte
On 09/16/11 11:53, G.W. Haywood wrote:
>
> The string "11064393" concatenated after the string "95." is converted
> without fuss by browsers to the IP address of the criminal server.
>
> I use most of the third party databases available for ClamAV. Using
> clamscan I scanned the text in its orig
On 07/22/11 19:51, Nathan Gibbs wrote:
> On 7/22/2011 5:46 PM, Chuck Swiger wrote:
>> On Jul 22, 2011, at 2:39 PM, Nathan Gibbs wrote:
>>> Does clamd have any form of network access control? For instance
>>> limiting what IP's can connect.
>>
>> By default, you're either using a local Unix domain s
On 10/26/2010 01:18 PM, Nathan Gibbs wrote:
> Clamav Common Execution Environment patch set
>
> http://www.cmpublishers.com/oss/ccee-0.96.4.tar.gz
>
> Clamav Unified Event System
> Upgrade to work with the above patch set, also backward compatible with stock
> ClamAV
>
> http://www.cmpublishers.
Tom Shaw wrote:
You really only have two options:
1) bounce the message
2) accept it and set up routing rules for questionable mail.
Jerry,
Not to incite a flame war here but STMP error codes are not built to
capture the nuance that Michael is wrestling with.
As I understand it he wants h
Jerry wrote:
You don't want to bounce the message, yet you are telling the sender
that it was not delivered. That is inconsistent. Why not simply send a
notice to the email originator that the message was quarantined? That
would be consistent and factually correct.
It's not inconsistent at al
Nathan Phillip Brink wrote:
On 2009-08-17 15:15, Federico Giovannini wrote:
> Hi all,
>
> I'm new in this mailing-list and also as clamav-user so sorry for my
elementary questions.
> With my configuration gentoo, postfix ( 2.2.11-r1), amavisd-new
(2.5.2) and ClamAV 0.95.2 sometimes when my
Tomasz Kojm wrote:
On Tue, 14 Jul 2009 17:27:04 +1000 (EST)
David Shrimpton wrote:
Hi,
0.95.2, clamav has closed a bug #1554
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1554
where an archive embedded in say a bitmap file was not
detected and searched for viruses , but the archive would
Sven Wurth wrote:
clamav-users,
were can I get information if clamav has patterns against the new
ActiveX MS 972890?
ClamAV scans for infections (viruses, malware, etc.), not
vulnerabilities. From what I understand, if you use the ActiveX video
control (pre-Vista/2008), then you are vulnerab
58 matches
Mail list logo
