"old" file that contains what was a
zero-day virus at the time it was scanned, and now there is a signature
that would detect it.
On Wed, 06 Jan 2021 11:56:47 +0100
"Pierre Dehaen" wrote:
> Hi,
>
> On 6 Jan 2021 at 9:58, G.W. Haywood via clamav-users wrote:
>
> &
Hi,
On 6 Jan 2021 at 9:58, G.W. Haywood via clamav-users wrote:
> > My goal is to terminate scan of big number of files like '/' on CPU busy
> > hours.
> Do not scan everything under the root directory.
Use zfs, make regular snapshots, scan once, then use zfs diff to find the
new/changed(/remo
Is this ok?
Pierre
On 3 Sep 2019 at 11:02, Birger Birger via clamav-users wrote:
Ubuntu Syslog
...
Sep 3 10:41:42 zentyal kernel: [266093.463049] audit: type=1400
audit(1567500102.736:78): apparmor="DENIED" operation="open"
profile="/usr/bin/freshclam" name="/etc/ssl/openssl.cnf" pid=14221
c
I'm still investigating the cause, and asking our signature management team if
they have any
additional details.
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen" wrote:
Here too: it took about 3 hou
Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 11,
v0.100.0)... without noticiable error in freshclam.log.
On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:
> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [1
> On 11/22/18 8:51 PM, Paul Kosinski wrote:
> I wonder how many users of ClamAV actually log their freshclam updates.
> Those who don't likely won't notice freshclam temporary failures due
> to an out-of-sync condition.
I do log and do analyze all logs on all servers everyday, sometimes every hour
> On Nov 12, 2018, at 1:51 PM, Pierre Dehaen wrote:
>
> Yes,
>
> # vi /etc/opt/csw/freshclam.conf
> ==> restore config to db.be.clamav.net
> # freshclam --update-db=daily --stdout
> ClamAV update process started at Mon Nov 12 19:46:46 2018
> WARNING: Your Cl
ed.
HTTP request sent, awaiting response... 200 OK
Thank you very much,
Pierre
On 12 Nov 2018 at 18:12, Joel Esler (jesler) wrote:
Can you try now?
> On Nov 12, 2018, at 12:31 PM, Pierre Dehaen wrote:
>
> Hi Joel,
>
> # freshclam --version
> ClamAV 0.100.0/25114/Mon Nov 12 1
t probably isn't going to work in the manner you expect. Which is why you
got the 530
response.
What version of freshclam are you using?
> On Nov 11, 2018, at 11:18 AM, Pierre Dehaen wrote:
>
> Hi,
>
> It seems the db.be.clamav.net does not work any more since Nov
Hi,
It seems the db.be.clamav.net does not work any more since Nov 9th. I tried to
delete the
mirrors.dat but no way, I still get:
# freshclam --update-db=daily --stdout
...
daily.cvd version from DNS: 25111
Retrieving http://db.be.clamav.net/daily-25104.cdiff
Trying to download http://db.be.cl
Hi,
I would try:
# ps -ef | grep clamd
==> see owner (as you are running clamdscan): if it is not clamav it means
there is another
config file or an option in the startup procedure...
# sudo -u clamav clamscan -v --config-file=/etc/clamav/clamd.conf nc_data/
==> it should work as we are runnin
+1
Thanks,
Pierre
On 12 Apr 2018 at 13:39, SCOTT PACKARD wrote:
Just wanted to wave to Gary, another Solaris 11.3 user.
There aren't many of us left.
Regards, Scott
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/c
On 30 Dec 2017 at 11:52, Thorsten Schöning wrote:
> That's the main difference, the VM where I have the problems has 48 GB
> of RAM and currently 10 assigned vCPUs, formerly 6. The VMs where this
> is not happening have only 2 vCPUs and 6 or 8 GB of RAM, where only 2-4
> GB are in use by apps and
Hi,
As this question comes back now and then (from me in the past as well), I have
a proposal IF
you have enough RAM. On reload:
- start a second instance with a slightly different config file containing
"LocalSocket
.../clamd.sock.new"
- wait in the logs for "Database correctly reloaded"
- st
On 8 May 2014 at 11:23, Shawn Webb wrote:
> On Thu, May 8, 2014 at 11:13 AM, Martin Preen <
> Is there a way you can get to me main.cvd.broken? I'm wondering if the
> change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on
> big-endian machines running Solaris. I thoroughly test
Thanks for the configure patch, Lawrence, you solved the issue on sparc as
well. And with
the Types.h patch of Shawn, the make passed too.
Pierre
On 27 Sep 2013 at 15:54, Lawrence K. Chen, P.Eng. wrote:
> - Original Message -
> > Been struggling with configure complaining that it can't
Hello Marcel,
> does ClamAV provide SNMP support? My idea is that ClamAV sends snmp
> traps with all information (like the results at the prompt) to a snmp
> server like OpenNMS, when a virus was found. OpenNMS is a network
> management system. Primary it monitors network infrastructures. But
> y
On 25 Sep 2012 at 20:16, Fredrich Maney wrote:
> While a good idea, it's not really feasible for me. I'm dealing with
> several hundred terabytes of data and I simply do not have that much
> spare disk available.
You might try something like:
clamscan --detect-structured=yes \
--structured-cc-
On 26 Jul 2012 at 14:05, Alexandre Dias wrote:
> Are you trying to add those exact strings?
>
> Signatures in ClamAV are in hexadecimal format. The strings that you are
> trying to add are composed of characters instead.
>
> So instead of having for example "Vigra", what you need is "5669677261"
Hi,
What does it mean when a signature you add is said to be too short ? The error
is:
LibClamAV Error: cli_ac_addsig: Signature for Sanesecurity.Pierre.35 is too
short
LibClamAV Error: cli_parse_add(): Problem adding signature (1).
LibClamAV Error: Problem parsing database at line 35
LibClamAV
Hi Eddie,
I'm not running debian squeeze but, from your question, I guess you are using
clamav for
scanning emails with the help of amavis. So it is not a question of scanning
files and
directories on the disk.
In this case (emails), it is probably in the amavis configuration that you will
f
On 26 Apr 2012 at 21:18, Török Edwin wrote:
> On 04/26/2012 08:37 PM, Michael Orlitzky wrote:
> > On 04/26/2012 10:32 AM, Dennis Peterson wrote:
> >> On 4/25/12 7:34 AM, Michael Orlitzky wrote:
> >>> On 04/25/12 07:55, Török Edwin wrote:
> >
> > I don't know if this can help speeding up th
On 25 Apr 2012 at 14:55, Török Edwin wrote:
> On 04/25/2012 02:33 PM, Pierre Dehaen wrote:
> > On 24 Apr 2012 at 18:11, Steve Basford wrote:
> >
> >>> Has anyone else seen these kinds of delays? Is there any way to get
> >>> these databases to load faster
On 24 Apr 2012 at 18:11, Steve Basford wrote:
> > Has anyone else seen these kinds of delays? Is there any way to get
> > these databases to load faster or to allow ClamAV to continue scanning
> > when the database is being reloaded?
>
> Sorry for the briefness here, as I'm currently sorting out
On 24 Apr 2012 at 18:11, Steve Basford wrote:
>
> > Has anyone else seen these kinds of delays? Is there any way to get
> > these databases to load faster or to allow ClamAV to continue scanning
> > when the database is being reloaded?
>
> Sorry for the briefness here, as I'm currently sorting o
On 18 Apr 2012 at 11:45, Chuck Swiger wrote:
> On Apr 18, 2012, at 10:25 AM, Jim Preston wrote:
> > Too many times error messages are meaningless to almost anyone who
> > is not part of the build team.
>
> That's may well be true in general, but ClamAV is open source: you've
> got the source cod
No, I just install on a few mail filtering machines, all Solaris... and the
script is not automated:
it asks for confirmation before doing each step and it shows output of
commands, so you can
stop the script, verify, fix, etc, and restart, skip some steps already done,
and complete the
updat
Hmm, my script is a bit more complex as it:
- unzip & untar
- configure
- make && make check
- backs up the current clamav directory (who knows...)
- backs up the configuration files
- disable the clamav service (I'm running on Solaris)
- make uninstall (from the previous build directory)
- make in
On 1 Dec 2011 at 7:53, pushpa gouder wrote:
> Thanks a lot, very helpful!. I have been researching about this for quite a
> while now, If 'clamd' daemon does not scan anything why do they even have
> options like "SCAN" "MULTISCAN" "INSTREAM"...etc in its man page, I am just
> curious.
Hi,
Read
On 17 Nov 2011 at 8:57, David Alix wrote:
> Is anyone else having problems with clamd after the daily.cld updated to
> version 13960. I'm running clamd 0.97.1, on Solaris 9 SPARC. SInce 13960
> was installed, clamd abends, with no error messages anywhere. Sometimes
> clamd will run for up to
On 24 Oct 2011 at 15:44, Török Edwin wrote:
> On 2011-10-24 15:40, Pierre Dehaen wrote:
> > On 24 Oct 2011 at 15:23, Török Edwin wrote:
> >
> >> On 2011-10-24 15:03, Török Edwin wrote:
> >>> On 2011-10-24 14:55, Matthias Egger wrote:
> >>>> H
On 24 Oct 2011 at 15:23, Török Edwin wrote:
> On 2011-10-24 15:03, Török Edwin wrote:
> > On 2011-10-24 14:55, Matthias Egger wrote:
> >> Hello all
> >>
> >> On 24.10.2011 12:13, Matthew Slowe wrote:
> >>> I'm seeing a problem on a bunch of Solaris 10 SPARC servers running
> >>> 0.97.x since abou
Hi,
Following the thread of David Alix "clamd abending at selfcheck" (th:e2ab86f7),
I would like to
report my related issue. I am running Clamav and freshclam 0.97.1 too, called
from
mimedefang too, but with sendmail on Solaris 10. This sever has been running
for a long
time without problem.
33 matches
Mail list logo
