On Tue, 9 Feb 2016, Steven Morgan wrote:
> David,
>
> I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11498 to
> investigate and track the issue. Plz sign up for an account at
> https://bugzilla.clamav.net and send me the user id and I will CC you on
> the bug. Once that is done, I will
On Mon, February 8, 2016 3:48 pm, David Shrimpton wrote:
> Hi Steve,
>
>
> When I remove all my local database files problem goes away.
> So problem appears to be in a local database.
>
Ah ok...
> BAD_SIGNATURE.ldb.macro.19;Target:2;1;41747472;0:(0)/./ri
For info, I've used this against my
Hi Steve,
When I remove all my local database files problem goes away.
So problem appears to be in a local database.
I narrowed it down to one .ldb file. But the problem doesn't seem
to be as simple as one particular signature in that file.
I can remove signatures until the problem goes away,
On Sun, February 7, 2016 10:28 pm, David Shrimpton wrote:
>
> clamscan -z --scan-ole2=yes
>
> no signatures from badmacro are detected
Can you do this and output the debug to a pastebin... (leave off -z)
clamscan --scan-ole2=yes --debug
I've tried to re-produce but can't.
Cheers,
Steve
Web
On 2016-02-08 22:26, Steven Morgan wrote:
I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11498 to
investigate and track the issue. Plz sign up for an account at
https://bugzilla.clamav.net and send me the user id and I will CC you
on
the bug. Once that is done, I will need for you to
David,
I've opened https://bugzilla.clamav.net/show_bug.cgi?id=11498 to
investigate and track the issue. Plz sign up for an account at
https://bugzilla.clamav.net and send me the user id and I will CC you on
the bug. Once that is done, I will need for you to attach your signatures
and sample
Hi Benny,
We use bugzilla as the primary bug tracker.
We know about github too, but bugzilla is preferred. This is mainly because
bugs that are ClamAV vulnerabilities(crashes and other denial of service)
should not be widely disclosed until fixed within a released version for
obvious reasons. In
Hi,
I found some problems with the way clamav handles OLE2 containers.
This is causing many macro virus sigatures to not work and many viruses
to be missed:
If ScanOLE2 is set to yes, clamav only appears to scan the decompressed
macro files in OLE2 containers.
It does not scan any of the other
On Sun, February 7, 2016 8:30 am, David Shrimpton wrote:
> Hi,
>
>
> But most of the badmacro or other unofficial virus signatures written to
> detect macro virus are written against the container itself which has the
> compressed macro code in it. They are not written against the
> uncompressed
Hi Steve,
When I scan the file with any of:
clamscan -z --scan-ole2=no --database=badmacro.ndb
clamscan -z --scan-ole2=yes --database=badmacro.ndb
clamscan -z --scan-ole2=no
13 signatures from badmacro.ndb are detected.
But when I scan the file with
clamscan -z --scan-ole2=yes
no signatures
10 matches
Mail list logo