[clamav-users] Database download problems
Is there a problem with database mirrors ? The download behaviour I see from my side, since yesterday, when trying to get clamav databases (main.cvd, daily.cvd, ...) is something like a 600 K/s pic for (probably) just a single packet, then the download completely pauses during 15 seconds and I have another 600 K/s and another 15 seconds pause, and so on. The result is that my db directory is being filed up with a log of clamav-X directories ending with a fs full. clamav-0dc631f1a3fb40e92b446180ea503d1f clamav-12629732fa3b56e4a38301d1325b9b17 clamav-1bef32822ef04396e57bd731ee0dd0e7 clamav-4f956b31eb9f61488a0891b6c807bc55 clamav-5efb387c39d36af0820b7f825eb691d7 clamav-7e0e494d6dd778db04c46d9c80f01cac clamav-85e81a2941b44bc64afca738631a4c3c clamav-8bcfc2b74f2ed7bf2f293ce534e83789 clamav-9eecd547df6b823fad952f846535f9fd clamav-ba0c61a5bdc40cfb74fc5228e9eb3dd3 clamav-c939033bda3e173df967fafbace76255 clamav-d081da924b215480fe929c8b16852042 clamav-e7fdd23a0a393d40202f707bd1108ec7 clamav-ed7622cb5ee98df6513ddc8392c522a7 I'm still running 0.97.8. Not yet upgraded our installation. Are other people seing this ? -- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Fanotify howto
Hi, does anybody knows how to enable and configure interaction with the fanotify? The new clamd.conf files still has the long defunct clamuko switches, but nothing about fanotify. Regards, Frans de Boer. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] False positive
Hello !
I've submitted on monday a false-positive on that both form, but I didn't get
any answer from now, and this false-positive is still in databases.
http://www.clamav.net/lang/en/sendvirus/submit-fp/
http://cgi.clamav.net/sendfp.cgi
False positive is PHP.Shell-51, in main.cvd (now) :
# sigtool --find-sigs=PHP.Shell-51 | sigtool --decode-sigs
VIRUS NAME: PHP.Shell-51
TARGET TYPE: HTML
OFFSET: *
DECODED SIGNATURE:
jf9ypwjhc2u2nf9kzwnvzguojf9yktskx1g9c3rydhiojf9ylccxmjm0ntzhb3vpzscsj2fvdwllmtizndu2jyk7jf9spwvyzwdfcmvwbgfjzsgnx19gsuxfx18nlcinii4kx0yuiicilcrfwck7zxzhbcgkx1ipoyrfuj0woyrfwd0wow==
This signature match base64 code
'JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==',
which seems to be a generic encryption function :
# ../b64z.py -de
'JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='
$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__','.$_F.',$_X);eval($_R);$_R=0;$_X=0;
And that code is used by regular php tools, like one named Picasa Virtual
Album http://virtualdesigners.co.uk/projects/wb-extensions/@picasa-album/
Could you please remove that false-positive, and send me the right url to
submit false-positive a next time :) ?
Best regards,
--
Siméon Gourlin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [clamav-users] False positive
Siméon, Thanks for writing in, those are the right links, the guys may have not gotten the chance to take a look at that particular FP yet. I’ll ask someone to take a look. Thanks. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Sep 20, 2013, at 9:48 AM, Siméon Gourlin simeon.gour...@infomaniak.ch wrote: Hello ! I've submitted on monday a false-positive on that both form, but I didn't get any answer from now, and this false-positive is still in databases. http://www.clamav.net/lang/en/sendvirus/submit-fp/ http://cgi.clamav.net/sendfp.cgi stripped out Could you please remove that false-positive, and send me the right url to submit false-positive a next time :) ? Best regards, -- Siméon Gourlin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
On Fri, Sep 20, 2013 at 10:38 AM, Bob Cobb bobcob...@hotmail.com wrote: After downloading ClamAV 0.98 I tried to compile it, but I got this error, In file included from 7z/LzmaDec.h:7, from lzma_iface.h:26, from upx.c:59: 7z/Types.h:58: redefinition of `Byte' /usr/local/include/zconf.h:368: `Byte' previously declared here make[4]: *** [libclamav_la-upx.lo] Error 1 make[4]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/clamav/clamav-0.98' make: *** [all] Error 2 Here's what I'm using, gcc version 3.2 20020903 (Red Hat Linux 8.0 3.2-7) ./configure --enable-bigstack --enable-readdir_r --with-zlib=/usr/local --with-libcurl --enable-no-cache --enable-milter --enable-dns-fix --enable-clamdtop I tried this work around, which allowed me to compile it, (in clamav-0.98/libclamav/7z/Types.h line 59) replaced this, typedef unsigned char Byte; with this, #define Byte unsigned char I don't know if it's safe to use, so I held off installing it. Also, I didn't have any problems compiling the previous version of ClamAV (0.97.8). Any help would be appreciated. Thanks, B. Hey Bob, Is there a reason why you're specifying --with-zlib? Can you give it a try without that? Thanks, Shawn ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Database download problems
On 9/20/13 2:01 AM, Jose-Marcio Martins wrote: Is there a problem with database mirrors ? The download behaviour I see from my side, since yesterday, when trying to get clamav databases (main.cvd, daily.cvd, ...) is something like a 600 K/s pic for (probably) just a single packet, then the download completely pauses during 15 seconds and I have another 600 K/s and another 15 seconds pause, and so on. The result is that my db directory is being filed up with a log of clamav-X directories ending with a fs full. clamav-0dc631f1a3fb40e92b446180ea503d1f clamav-12629732fa3b56e4a38301d1325b9b17 clamav-1bef32822ef04396e57bd731ee0dd0e7 clamav-4f956b31eb9f61488a0891b6c807bc55 clamav-5efb387c39d36af0820b7f825eb691d7 clamav-7e0e494d6dd778db04c46d9c80f01cac clamav-85e81a2941b44bc64afca738631a4c3c clamav-8bcfc2b74f2ed7bf2f293ce534e83789 clamav-9eecd547df6b823fad952f846535f9fd clamav-ba0c61a5bdc40cfb74fc5228e9eb3dd3 clamav-c939033bda3e173df967fafbace76255 clamav-d081da924b215480fe929c8b16852042 clamav-e7fdd23a0a393d40202f707bd1108ec7 clamav-ed7622cb5ee98df6513ddc8392c522a7 I'm still running 0.97.8. Not yet upgraded our installation. Are other people seing this ? Hello, Jose - There was a release of a new main.cvd file this week and by my observations that has created an impulse load on the mirrors. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
Richard, I'm using RH8 because it's the one production server that needs to stay online. Unfortunately I can't take it offline to upgrade to CentOS. Shawn, Tried configure without --with-zlib=/usr/local and I got the same error. B. Date: Fri, 20 Sep 2013 11:24:26 -0400 From: sw...@sourcefire.com To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte' On Fri, Sep 20, 2013 at 10:38 AM, Bob Cobb bobcob...@hotmail.com wrote: After downloading ClamAV 0.98 I tried to compile it, but I got this error, In file included from 7z/LzmaDec.h:7, from lzma_iface.h:26, from upx.c:59: 7z/Types.h:58: redefinition of `Byte' /usr/local/include/zconf.h:368: `Byte' previously declared here make[4]: *** [libclamav_la-upx.lo] Error 1 make[4]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/clamav/clamav-0.98/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/clamav/clamav-0.98' make: *** [all] Error 2 Here's what I'm using, gcc version 3.2 20020903 (Red Hat Linux 8.0 3.2-7) ./configure --enable-bigstack --enable-readdir_r --with-zlib=/usr/local --with-libcurl --enable-no-cache --enable-milter --enable-dns-fix --enable-clamdtop I tried this work around, which allowed me to compile it, (in clamav-0.98/libclamav/7z/Types.h line 59) replaced this, typedef unsigned char Byte; with this, #define Byte unsigned char I don't know if it's safe to use, so I held off installing it. Also, I didn't have any problems compiling the previous version of ClamAV (0.97.8). Any help would be appreciated. Thanks, B. Hey Bob, Is there a reason why you're specifying --with-zlib? Can you give it a try without that? Thanks, Shawn ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] configure error with clamav-0.98
Been struggling with configure complaining that it can't find -lz (and later not figuring out how to make a shared library correctly.) Turns out there's two spots in configure that use -Wl,-rpath=$ZLIB_HOME/lib, ignoring that configure had determined that ld is not gnu. In the previous versions this was -L$ZLIB_HOME/lib While the correct form would be -Wl,-R$ZLIB_HOME/lib this doesn't on its own make clamav build on, as the library it needs is in $ZLIB_HOME/lib/amd64 (building 64-bit on Solaris x64) Which I've been doing by setting LDFLAGS in my build environment. -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- SafeZone Ally ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
