>I think this is two issues: 1) the unrecognised archive format and 2) the unexpected signal SEGV error
Yes, this seems to be the case. The first one, is an error from Archive::Libarchive::XS. It is unable to detectthe archive format. The second one is caused by the first. ASSP_AFC is falling back to another uncompress engine, which causes the SEGV in processing a shared scalar in 'main::'. I think, the second one I can fix in the next assp.pl release. Thomas Von: James Brown <jlbr...@bordo.com.au> An: For Users of ASSP <assp-user@lists.sourceforge.net> Datum: 18.08.2016 03:56 Betreff: Re: [Assp-user] ASSP_AFC 4.34 released Hi Thomas. Seeing this a lot after upgrading to version 4.34: Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file (can't open archive) '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz' - Unrecognized archive format Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz' - <-30> - Unrecognized archive format Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 30122 concurrent equal 'Warning' loglines from all Workers) Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! I think this is two issues: 1) the unrecognised archive format and 2) the unexpected signal SEGV error, because I see lots of SEGV errors without the archive format error: Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database table HMMdb to file /Applications/assp/HMMdb Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 72912 concurrent equal 'Warning' loglines from all Workers) Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file asspstats.sav Note also that the Warning line does not have a date/time stamp followed by [Worker_1], it just starts with ‘Warning’. Also just noticed this: Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds) Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds) Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds) Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds) Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30 seconds) is now reached Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to transfer connection to any worker - try again! Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to transfer connection to any worker within 120 seconds - restart ASSP! Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence ASSP version 2.5.2(16207) Thanks, James. > On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > > Hi all, > > The ASSP_AFC plugin version 4.34 is released at CVS and SF download. > > It contains additionaly code to detect any MS-Office macro as executable > code (exe-bin). > It tries to detect any obfuscated JS code of the "lucky virus" as > executable code (exe-bin). > > Thomas > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. http://sdm.link/zohodev2dev_______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
