Noel Jones pisze: > At 10:20 PM 6/1/2007, Christopher X. Candreva wrote: > >> On Fri, 1 Jun 2007, Noel Jones wrote: >> >> >>> fatfinger error on the name, I am referring to daily.wdb as the >>> pasted session shows. >>> >> Ah, sorry. Bleary-eyed error not catching it in the sesion. :-) >> >> >>> Are you using 91rc1? It's very repeatable here. I have >>> >> Yes, so far it has been running fine. My monitoring scripts haven't >> restarted it once. >> > > > Ok, I've narrowed it down to the following TWO lines in daily.wdb: > X:http.//www\.ebay\.co\.uk.+:.+emailpics.\.ebay\.com:14- > X:http.//info.citibank.com.+:https.//offer.citibank.com:14- > > (I believe daily.wdb is a whitelist for the experimental antiphishing > code. I'm not sure this file is used if you don't compile with > --enable-experimental.) > > If *BOTH* these lines are present, clamscan coredumps when scanning > an email with an html part. > The email need not have URLs that reference the sites in the two rules. > > This is very repeatable with multiple email messages. clamscan still > works properly on text files or email with no html. > > I have similar problem. After last update clamd began to die.
fresclam.log ************ ClamAV update process started at Sat Jun 2 01:23:01 2007 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.90.2 Recommended version: 0.90.3 DON'T PANIC! Read http://www.clamav.net/support/faq main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) Downloading daily-3337.cdiff [100%] daily.inc updated (version: 3337, sigs: 16524, f-level: 15, builder: sven) Database updated (121024 signatures) from database.clamav.net (IP: 195.95.205.245) Clamd successfully notified about the update. When I've removed these two lines from daily.wdb: X:http.//www\.ebay\.co\.uk.+:.+emailpics.\.ebay\.com:14- X:http.//info.citibank.com.+:https.//offer.citibank.com:14- everything began work as usual. Similary "PhishingScanURLs no" resolve problem. The worst in THIS problem is time that incident (I've been at a party, I've been drunk ;))))) and I've had no internet), because I was ready for problem when I compiled clam with experimental code. macka _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
