Hi Thomas. Seeing this a lot after upgrading to version 4.34:
Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file (can't open archive) '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz' - Unrecognized archive format Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz' - <-30> - Unrecognized archive format Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 30122 concurrent equal 'Warning' loglines from all Workers) Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! I think this is two issues: 1) the unrecognised archive format and 2) the unexpected signal SEGV error, because I see lots of SEGV errors without the archive format error: Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database table HMMdb to file /Applications/assp/HMMdb Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 72912 concurrent equal 'Warning' loglines from all Workers) Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file asspstats.sav Note also that the Warning line does not have a date/time stamp followed by [Worker_1], it just starts with ‘Warning’. Also just noticed this: Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds) Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds) Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds) Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds) Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30 seconds) is now reached Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to transfer connection to any worker - try again! Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to transfer connection to any worker within 120 seconds - restart ASSP! Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence ASSP version 2.5.2(16207) Thanks, James. > On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt <thomas.ecka...@thockar.com> > wrote: > > Hi all, > > The ASSP_AFC plugin version 4.34 is released at CVS and SF download. > > It contains additionaly code to detect any MS-Office macro as executable > code (exe-bin). > It tries to detect any obfuscated JS code of the "lucky virus" as > executable code (exe-bin). > > Thomas > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. > http://sdm.link/zohodev2dev_______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
