Hello again Anastasiia, On Wed, 10 Aug 2022, Anastasiia Korzhylova wrote:
... ClamAV crushes in the attempt to scan any, unfortunately... For
example, I've been using the file in the attachment ("Test.pdf") for
testing purposes - and the scan failed.
As Micah said in his reply to you, if ClamAV is crashing there could be security implications. It's best if you follow his advice and make a report through the channel he suggested. We are still using the LTS version (0.103.x) here, and only on Linux, but your sample PDF scanned here just fine using both clamscan and clamdscan+clamd: 8<----------------------------------------------------------------------$ clamscan ~/Test.pdf /home/ged/Test.pdf: OK
----------- SCAN SUMMARY ----------- Known viruses: 8809962 Engine version: 0.103.7 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.17 MB ... ...$ clamdscan ~/Test.pdf /home/ged/Test.pdf: OK
----------- SCAN SUMMARY ----------- Infected files: 0 Time: 1.736 sec (0 m 1 s) 8<---------------------------------------------------------------------- Having said that I'm not sure that you've found a problem in ClamAV. Perhaps there are issues with your build and/or implementation processes.
... virusScanCommand is @"C:\Program Files\ClamAV\clamscan.exe" ...
You might want to consider using clamdscan and clamd instead of clamscan, because clamscan will reload the signature database every time it runs and that takes some time whereas clamdscan uses clamd, which is a persistent daemon and only loads the database at startup.
The program doesn't catch any errors and runs normally after starting the process, it's the variable output that is for some reason empty.
I guess that's because of the crash - it isn't getting as far as writing the output.
... downloaded from https://www.clamav.net/downloads and activated by strictly following these instructions: https://blog.didierstevens.com/2017/08/24/quickpost-using-clamav-on-windows/.
That post is five years old. The build system has changed a lot since 2017, and in any case I have very little or no confidence in "Me Too" Websites, "I did this" blogs and other such hangers-on in the security world. I believe it's best to follow the official documentation, which in this case is to be found at https://docs.clamav.net Note especially the instructions for updating the signature database, see my comments below about your 'daily' database.
TCPSocket = "3310" TCPAddr = "localhost"
Unless you're planning to both use clamd on the local host, and access it remotely, I'm not sure that you will want to use TCP. Clamd's TCP socket is unprotected, so you would most probably want to firewall it to prevent possible abuse.
Database information -------------------- Database directory: C:\Program Files\ClamAV\database bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 16:21:51 2021 daily.cvd: version 26566, sigs: 1985565, built on Wed Jun 8 10:05:45 2022 main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021 Total number of signatures: 8633084
Your daily database is two months out of date. Have you run freshclam? The 'daily' database really is updated more-or-less daily. :)
... I am using: ... Windows 10 Enterprise, ... Platform information -------------------- uname: Microsoft Windows 6.2 SP0.0 Build 9200
I'm unfamiliar with the output of the platform information on Windows but I shouldn't have expected to see "Build 9200" on a Win10 system.
... ClamAV does return an output, when I run the program in debug mode, but it doesn't when the software is run in release, which makes the problem even more obscure.
It is not at all unusual for things to run in debug mode and crash in production. And of course vice-versa. :( I'm sure that many thousands of people successfully use ClamAV on Windows 10 systems, so I feel sure that if something in your build or install isn't broken then the way that you're trying to use it has shown up something unexpected, and Micah will be able to help you find and fix the problem although that may take some time. In the meantime I suggest that you remove all the ClamAV code, libraries and binaries from your machine and re-install ClamAV with reference to the current official documentation, then try scanning your PDF files again. It's important to clean out old libraries etc. because you don't want a new ClamAV using versions of libraries from an old one. That's a possible source of problems which can be difficult to diagnose. If you still have trouble please do get back to us. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
