Hello Ged, thank you for your reply!
And for your tip - I will try doing verbose logging and will see if it provides
me with any new information!
As to the PDF file, ClamAV crushes in the attempt to scan any, unfortunately...
For example, I've been using the file in the attachment ("Test.pdf") for
testing purposes - and the scan failed.
As a matter of fact, I am using ClamAV as a tool in a C# project (.NET
Framework 4.6.2) - in the following context:
try
{
ProcessStartInfo startInfo = new ProcessStartInfo
{
FileName = @"""" + virusScanCommand + @"""",
Arguments = @"""" + fullFilename + @"""",
UseShellExecute = false,
RedirectStandardOutput = true,
CreateNoWindow = true,
WorkingDirectory = Path.GetDirectoryName(virusScanCommand)
};
Process scan = Process.Start(startInfo);
string output = scan.StandardOutput.ReadToEnd();
...
}
catch (Exception exp) {...}
where virusScanCommand is @"C:\Program Files\ClamAV\clamscan.exe" and
fullFilename is a PDF file in Windows Temp folder, which is different every
time. For example: @"C:\Users\anastasiia\AppData\Local\Temp\tmp4F0A.tmp".
The program doesn't catch any errors and runs normally after starting the
process, it's the variable output that is for some reason empty. That's why
I've only found out about the exit code when started logging.
As to the other information you requested, I am using:
- Windows 10 Enterprise, version 21H1, build 19043.1766, 64-bit OS,
x64-based processor,
- clamscan (version 0.105.0.0), which I downloaded from
https://www.clamav.net/downloads and activated by strictly following these
instructions:
https://blog.didierstevens.com/2017/08/24/quickpost-using-clamav-on-windows/.
And the output of "clamconf -n" is the following:
"
Config file: clamd.conf
-----------------------
TCPSocket = "3310"
TCPAddr = "localhost"
Config file: freshclam.conf
---------------------------
DatabaseMirror = "database.clamav.net"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.105.0
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 JSON RAR
Database information
--------------------
Database directory: C:\Program Files\ClamAV\database
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 16:21:51 2021
daily.cvd: version 26566, sigs: 1985565, built on Wed Jun 8 10:05:45 2022
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
Total number of signatures: 8633084
Platform information
--------------------
uname: Microsoft Windows 6.2 SP0.0 Build 9200
OS: Windows, ARCH: AMD64, CPU: AMD64
zlib version: 1.2.12 (1.2.12), compile flags: 65
platform id: 0x10259696080000000000077c
Build information
-----------------
Microsoft Visual C++: (0.7.124)
sizeof(void*) = 8
Engine flevel: 150, dconf: 150
".
It might seem at the first sight that the problem lies somewhere in the C#
code, but it doesn't. I have used a .cmd file (a primitive scan simulation) to
test Process.Start() and it worked perfectly. Moreover, ClamAV does return an
output, when I run the program in debug mode, but it doesn't when the software
is run in release, which makes the problem even more obscure.
I hope you can help me with it! I will be happy to provide you with any further
information, if needed.
Kind regards,
Anastasiia
-----Ursprüngliche Nachricht-----
Von: clamav-users <[email protected]> Im Auftrag von G.W.
Haywood via clamav-users
Gesendet: Dienstag, 9. August 2022 12:12
An: ClamAV users ML <[email protected]>
Cc: G.W. Haywood <[email protected]>; Ingo Rieping <[email protected]>
Betreff: Re: [clamav-users] Meaning of the exit code -1073740791
Hi there,
On Tue, 9 Aug 2022, Anastasiia Korzhylova wrote:
> I am using ClamAV for work in my company and am contacting you to inquire
> about an exit code, which the software returns at my attempt to scan an
> ordinary, virus-free PDF file:
>
> -1073740791.
>
> Could you, please, tell me, what the exit code stands for, as I have not
> found any information on it in the documentation on your website.
It's possible that something in ClamAV is having difficulty with some part of
the PDF file, but you have not given enough information for us to know what you
have done so that we could reproduce it if necessary.
If you can repeat the command using verbose logging or verbose output (see the
documentation for how to do that) ClamAV might might provide more information
to you which might help you.
If you can put a copy of the PDF file somewhere on the Web for us so that we
can scan it in the same way that you do that might help too.
But we really need you to tell us exactly what you did. When you do that,
please include information about your operating system(s), the version of
ClamAV which you are using, how you obtained and installed it, which parts of
it you are using (for example clamd and clamdscan, or clamscan), the command(s)
which you gave when ClamAV gave the exit code, and the *entire* output of the
command.
The output of
clamconf -n
will include much of the information we need and would help us.
Incidentally
1073740791 - 2^30 + 2^10 + 2^3 + 2^0 = 0
Which tells me that a number of flags is set in the return code, but at the
moment I do not know what they are nor why they are being set because I have no
idea what is producing the return code. :/
--
73,
Ged.
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Test.pdf
Description: Test.pdf
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
