Re: [Clamav-users] False Positives on PDF-Files
Hi, ClamAV 0.96 on our mail server is running very well. We ship every day many PDf files and have some false positive detections How can we solve the problem? Have you submitted the false positive files on http://cgi.clamav.net/sendvirus.cgi ? First thank you for your quick response. I did not transfer the files because I thought that is only for virus samples. Anyone who can read is clearly in advantage: D Unfortunately, it is prohibited to send files to other people, because the PDF files include contracts and other internal company secrets Best Regards Andreas HDPnet GmbH Erwin-Rohde-Str. 18 69120 Heidelberg Geschaeftsfuehrer: Marc Hermann Registergericht: Mannheim HRB 337012 Sitz: Heidelberg Umsatzsteuer ID Nr.: DE 211 257 470 www.hdpnet.de Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Latest daily.cld update causes segfault
The very latest update causes the following debug output. A quick search on
twitter finds someone else with similar issues too.
@40004be3ecf5208b0ff4 LibClamAV debug: Initialized 0.95.3 engine
@40004be3ecf5208c1d7c LibClamAV debug: Initializing phishcheck module
@40004be3ecf5208c448c LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$
@40004be3ecf5208d000c LibClamAV debug: Phishcheck module initialized
@40004be3ecf5208d271c LibClamAV debug: Loading databases from
/u01/var/clamd
@40004be3ecf5208d84dc LibClamAV debug: in cli_cvdload()
@40004be3ecf5208e34a4 LibClamAV Warning:
***
@40004be3ecf5208e388c LibClamAV Warning: *** This version of the ClamAV
engine is outdated. ***
@40004be3ecf5208e3c74 LibClamAV Warning: *** DON'T PANIC! Read
http://www.clamav.net/support/faq ***
@40004be3ecf5208e5f9c LibClamAV Warning:
***
@40004be3ecf5208e6384 LibClamAV debug: in cli_tgzload()
@40004be3ecf5208f8c64 LibClamAV debug: daily.cfg loaded
@40004be3ecf52092091c LibClamAV debug: daily.zmd loaded
@40004be3ecf5209262f4 LibClamAV debug: Initializing engine-root[0]
@40004be3ecf5209266dc LibClamAV debug: Initialising AC pattern matcher
of root[0]
@40004be3ecf520928dec LibClamAV debug: cli_initroots: Initializing BM
tables of root[0]
@40004be3ecf52097cdac LibClamAV debug: Initializing engine-root[1]
@40004be3ecf52097f4bc LibClamAV debug: Initialising AC pattern matcher
of root[1]
@40004be3ecf52097f8a4 LibClamAV debug: cli_initroots: Initializing BM
tables of root[1]
@40004be3ecf5209d53bc LibClamAV debug: Initializing engine-root[2]
@40004be3ecf5209d7acc LibClamAV debug: Initialising AC pattern matcher
of root[2]
@40004be3ecf5209d7eb4 LibClamAV debug: Initializing engine-root[3]
@40004be3ecf5209d829c LibClamAV debug: Initialising AC pattern matcher
of root[3]
@40004be3ecf5209da9ac LibClamAV debug: Initializing engine-root[4]
@40004be3ecf5209dad94 LibClamAV debug: Initialising AC pattern matcher
of root[4]
@40004be3ecf5209db17c LibClamAV debug: Initializing engine-root[5]
@40004be3ecf5209db564 LibClamAV debug: Initialising AC pattern matcher
of root[5]
@40004be3ecf5209de82c LibClamAV debug: Initializing engine-root[6]
@40004be3ecf5209dec14 LibClamAV debug: Initialising AC pattern matcher
of root[6]
@40004be3ecf5209deffc LibClamAV debug: Initializing engine-root[7]
@40004be3ecf5209df3e4 LibClamAV debug: Initialising AC pattern matcher
of root[7]
@40004be3ecf5209e170c LibClamAV debug: Initializing engine-root[8]
@40004be3ecf5209e1af4 LibClamAV debug: Initialising AC pattern matcher
of root[8]
@40004be3ecf520a60e1c LibClamAV debug: daily.ndu loaded
@40004be3ecf520a67f64 LibClamAV debug: daily.ign loaded
@40004be3ecf520b2d78c LibClamAV debug: daily.db loaded
@40004be3ecf520b4c3bc LibClamAV debug: lsigattribs: Unknown attribute
name 'Container'
Fortunately I was able to roll back to the previous update which works fine.
I've stopped freshclam updates on all working servers too.
--
Toby
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
Hello Toby, The very latest update causes the following debug output. A quick search on twitter finds someone else with similar issues too. See http://lurker.clamav.net/message/20100507.110656.573e90d7.en.html Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
Thanks Luca, I obviously should have checked there in retrospect! On 7 May 2010 12:19, Luca Gibelli l...@clamav.net wrote: Hello Toby, The very latest update causes the following debug output. A quick search on twitter finds someone else with similar issues too. See http://lurker.clamav.net/message/20100507.110656.573e90d7.en.html Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml -- Toby Bryans ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] lastest daily.cvd (10938) might cause an issue for clamd users who have not upgraded to libclamav 0.96
I'm running my own custom clamav daemon, and just now I ran into an issue when reloading the latest daily.cvd. cl_load() seems to be looking for a file named 'daily.ldb' - it isn't found, which causes a segfault. I don't yet know if this is purely my issue or if it might also affect clamd users, but I'm posting this just in case. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
Em 07-05-2010 08:19, Luca Gibelli escreveu: Hello Toby, The very latest update causes the following debug output. A quick search on twitter finds someone else with similar issues too. See http://lurker.clamav.net/message/20100507.110656.573e90d7.en.html Best regards Hi, I have version daily.cld is up to date (version: 10935, sigs: 63535, f-level: 51, builder: ccordes) ClamAV 0.95.3, need to take any action, freshclam does not run yet. when run it will download the daily correct? Thanks a lot, Clóvis -- Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola Administrador de Redes - Secao de Informatica (SINFO) E-mail: clo...@feagri.unicamp.br http://www.feagri.unicamp.br Fone(0xx19) 35211031-35211038-91173116 ou FAX(55xx19) 35211005/35211010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] lastest daily.cvd (10938) might cause an issue for clamd users who have not upgraded to libclamav 0.96
Per Jessen wrote: I'm running my own custom clamav daemon, and just now I ran into an issue when reloading the latest daily.cvd. cl_load() seems to be looking for a file named 'daily.ldb' - it isn't found, which causes a segfault. I don't yet know if this is purely my issue or if it might also affect clamd users, but I'm posting this just in case. See http://lurker.clamav.net/message/20100507.110656.573e90d7.en.html /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
El viernes, 07 mayo del 2010 a las 11:59:45, Toby Bryans escribió: The very latest update causes the following debug output. A quick search on twitter finds someone else with similar issues too. I have the same problem, using ClamAV 0.95.3/10939 Regards. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
Toby Bryans wrote: Thanks Luca, I obviously should have checked there in retrospect! It was posted 8 minutes after your posting, so checking there wouldn't have done you any good :-) /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
On 7 May 2010 12:28, Per Jessen p...@computer.org wrote: Toby Bryans wrote: Thanks Luca, I obviously should have checked there in retrospect! It was posted 8 minutes after your posting, so checking there wouldn't have done you any good :-) :) I can confirm that the latest update definitely works, thanks all. I haven't yet received the announcement about the latest update though - obviously a lot of people are subscribed to the announcement list! Perhaps this sort of thing should be twittered (or some other broadcast media) as well? -- Toby Bryans ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
See http://lurker.clamav.net/message/20100507.110656.573e90d7.en.html Interesting. My OpenBSD-CURRENT-ish (32-bit) system loaded the flawed update, but did not have issues. It's running 0.95.3 for the moment. Fri May 7 03:27:19 2010 - Trying host db.us.clamav.net (213.165.80.159)... Fri May 7 03:27:20 2010 - Downloading daily-10936.cdiff [100%] Fri May 7 03:27:20 2010 - Downloading daily-10937.cdiff [100%] Fri May 7 03:27:20 2010 - Downloading daily-10938.cdiff [100%] Fri May 7 03:27:23 2010 - daily.cld updated (version: 10938, sigs: 63540, f-level: 51, builder: edwin) Not that I'm complaining, of course. :) Benny -- Me: 'How big a monster can you take out with one of those? Would you win a fight with Godzilla?' Jim: 'You could disassemble Godzilla at a range of seven miles.' -- Blog entry about the 76mm Melera, a gun on a US Navy Perry-class frigate that Somali pirates tried to seize ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
Toby Bryans wrote: On 7 May 2010 12:28, Per Jessen p...@computer.org wrote: Toby Bryans wrote: Thanks Luca, I obviously should have checked there in retrospect! It was posted 8 minutes after your posting, so checking there wouldn't have done you any good :-) :) I can confirm that the latest update definitely works, thanks all. I haven't yet received the announcement about the latest update though - obviously a lot of people are subscribed to the announcement list! Perhaps this sort of thing should be twittered (or some other broadcast media) as well? Personally, I don't use twitter, and the mailing list announcement is fully sufficient. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] freshclam force different mirror
I don't see a command line option to force freshclam to use a specific (non-local) mirror for updates. I want it to go to a different mirror than the mone that keeps failing. Do I have to do this in the config? How do I 'blacklist' the bad mirror? - C ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
On Fri, 7 May 2010, Toby Bryans wrote: The very latest update causes the following debug output. A quick search on twitter finds someone else with similar issues too. @40004be3ecf5208b0ff4 LibClamAV debug: Initialized 0.95.3 engine *** @40004be3ecf5208e388c LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** @40004be3ecf5208e3c74 LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq *** @40004be3ecf5208e5f9c LibClamAV Warning: *** Bug or not, intentional or not -- I would take this as a hint to update to the latest version. == Chris Candreva -- ch...@westnet.com -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Latest daily.cld update causes segfault
On 7 May 2010 16:05, Christopher X. Candreva ch...@westnet.com wrote: On Fri, 7 May 2010, Toby Bryans wrote: The very latest update causes the following debug output. A quick search on twitter finds someone else with similar issues too. @40004be3ecf5208b0ff4 LibClamAV debug: Initialized 0.95.3 engine *** @40004be3ecf5208e388c LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** @40004be3ecf5208e3c74 LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq *** @40004be3ecf5208e5f9c LibClamAV Warning: *** Bug or not, intentional or not -- I would take this as a hint to update to the latest version. Already planned... Thanks! -- Toby Bryans ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] ClamAV Private mirror
Hello everyone I am in the process of setting up a clamav on all our linux servers. Is it possible to setup a private mirror and if so do I follow the same procedure as for a public mirror only there will be no public access? Kobus Bensch The Logic Group Enterprises Limited. Logic House, Waterfront Business Park, Fleet Road, Fleet, Hampshire, GU51 3SB, United Kingdom. Registered in England. Registered No. 2609323 The information in this email and any attachments are confidential and may be legally privileged and protected by law. It is for the intended recipient only. If you are not the intended recipient you may not use, disclose, copy, distribute, print or rely on the content of this email or its attachments. If this email has been received by you in error please advise the sender and delete the email from your computer. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] ClamAV Private mirror
Hello Kobus, I am in the process of setting up a clamav on all our linux servers. Is it possible to setup a private mirror and if so do I follow the same procedure as for a public mirror only there will be no public access? the answer is in the faq. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] ClamAV Private mirror
Thanks FAQ was the only place I did not look. My apologies. Kobus Bensch Network Engineer direct +44 (0)1252 644 088 email kobus.ben...@the-logic-group.com The Logic Group Enterprises Limited. Logic House, Waterfront Business Park, Fleet Road, Fleet, Hampshire, GU51 3SB, United Kingdom. Registered in England. Registered No. 2609323 The information in this email and any attachments are confidential and may be legally privileged and protected by law. It is for the intended recipient only. If you are not the intended recipient you may not use, disclose, copy, distribute, print or rely on the content of this email or its attachments. If this email has been received by you in error please advise the sender and delete the email from your computer. -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Luca Gibelli Sent: 07 May 2010 17:20 To: ClamAV users ML Subject: Re: [Clamav-users] ClamAV Private mirror Hello Kobus, I am in the process of setting up a clamav on all our linux servers. Is it possible to setup a private mirror and if so do I follow the same procedure as for a public mirror only there will be no public access? the answer is in the faq. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Clamav-announce] problem with daily.cvd 10938
Hi there, On Fri, 7 May 2010, Luca Gibelli wrote: We apologise for the inconvenience. http://www.mail-archive.com/clamav-users@lists.clamav.net/msg33265.html -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Clamav-announce] problem with daily.cvd 10938
On Fri, 7 May 2010, G.W. Haywood wrote: Hi there, On Fri, 7 May 2010, Luca Gibelli wrote: We apologise for the inconvenience. http://www.mail-archive.com/clamav-users@lists.clamav.net/msg33265.html http://www.mail-archive.com/clamav-users@lists.clamav.net/msg34794.html == Chris Candreva -- ch...@westnet.com -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
