Quick follow-up to this one. Upon further digging, if the --fdpass flag is passed to clamdscan, you get different output...albeit still very wrong! /Applications/Microsoft Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll: (null) FOUND
Does anyone have any thoughts at all? Thanks, Mark > On 29 May 2020, at 1:26 am, Mark Allan <markjal...@gmail.com> wrote: > > Hi folks, > > I'm still testing 0.102.3 but I've hit a few issues where some known-good > files are being detected as infected because they're generating the following > error: > Can't allocate memory ERROR > > Output from clamscan and clamdscan are as follows: > >> $ /usr/local/bin/clamscan /Applications/Microsoft\ >> Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll >> >> ----------- SCAN SUMMARY ----------- >> Known viruses: 0 >> Engine version: 0.102.3 >> Scanned directories: 0 >> Scanned files: 1 >> Infected files: 1 >> Data scanned: 0.00 MB >> Data read: 0.01 MB (ratio 0.00:1) >> Time: 0.009 sec (0 m 0 s) >> >> Escalate:/Applications $ /usr/local/bin/clamdscan --multiscan >> /Applications/Microsoft\ >> Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll >> /Applications/Microsoft >> Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll: >> Can't allocate memory ERROR >> >> ----------- SCAN SUMMARY ----------- >> Infected files: 0 >> Total errors: 1 >> Time: 0.002 sec (0 m 0 s) >> Escalate:/Applications $ > > > I removed main.cvd and bytecode.cvd from the database directory, unpacked > daily.cvd and eventually tracked it down to daily.crb > > Removing the following definition solves the problem, but for some reason > this can't be added to an ign2 file...and this sig worked on older versions > of clamav, so it feels like that's the wrong solution anyway! > Trusted.CA.Microsoft-7350512-0 > > Has anyone else come up against this problem before, and do you know what I > can do about it? > > Many thanks > Mark > _______________________________________________ clamav-devel mailing list clamav-devel@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-devel Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml