Hi Dorian, all: The error you found is this issue: https://github.com/Cisco-Talos/clamav/issues/604
The certificate verification feature is essentially broken because of this bug. It isn't letting malware slip by, but it is preventing us from trusting software signed by trusted signing certificates. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> Sent: Tuesday, October 18, 2022 4:05 AM To: Dorian ROSSE via clamav-users <clamav-users@lists.clamav.net> Cc: G.W. Haywood <cla...@jubileegroup.co.uk> Subject: Re: [clamav-users] i have often an error in the scan Hi there, On Tue, 18 Oct 2022, Dorian ROSSE via clamav-users wrote: > I have often an error in the scan below on my windows system : > LibClamAV Warning: crtmgr_rsa_verify: verification failed: fp_exptmod failed > with 1 > I don't understand why I am got this error often, > If this is a bad error thanks you in advance to repair it, The message would not normally mean that ClamAV is broken, but it's possible; at present there are ongoing changes in this part of ClamAV. The developers read this list and I would expect that they would tell us if they knew that something was broken. When ClamAV gives you that message, it is telling you something about "signed" code. Signed code was introduced by Microsoft many years ago: https://blog.clamav.net/2013/02/authenticode-certificate-chain.html Unfortunately I think it's fair to say that the signed code feature has not been a great success: https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/ I personally would ignore the ClamAV message, but you do need to know that I use no Windows machines, and only very rarely scan filesystems; I only scan mail. If someone sent me some code in a mail message, it would automatically, without the involvement of a human, be reported to several anti-virus organizations and then be sent to the trash can. > Does this is dangerous to use this option for pass the errors: > > '--nocerts' You need to make that judgement for yourself. ClamAV can alert you to something which it thinks isn't right. Whether or not you then choose to do anything about it is up to you. Be aware that a *lot* of things are "not right" in most computer systems, but that doesn't necessarily mean that they are dangerous problems. Forged signatures in drivers and other code is a very well-known problem, but as you can see from the article above, checks which use the proper methods of verification do not necessarily protect you. I'm afraid it's a minefield. > Thanks you in advance for your answer smart, May I suggest that you try to use a translation Website? I have had good results from this one, at least for a few languages: https://www.deepl.com/en/translator -- 73, Ged. _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
