Re: [clamav-users] Ubuntu 16.04 - ClamAV with AMAVIS 100% CPU - very few Google results
Am 28.03.2017 um 23:02 schrieb Antonio Pavletich: Thanks for the tip, I found the issue, it was that clamav-daemon was running out of memory, crashing & serviced was indeed restarting it (only for it the crash again & so it went). yeah, clamav needs a ordinary amount of memory where others drive a dozenzs of production severs with the same hardware... On 29 March 2017 at 00:58, Matus UHLAR - fantomas wrote: On 28.03.17 22:33, Antonio Pavletich wrote: Since upgrading I'm found clamd is spiking and staying put at 100%. I've deleted all files in /var/lib/clamav & re-ran freshclam only to have the same issue occur on the next inbound email? top - 11:07:58 up 3 days, 3:49, 2 users, load average: 2.96, 4.30, 2.19 note that some time after start, clamd loads, virus signatures from disk unpacks them and builds in-memory databse, so it is expected to eat 100% of CPU for a few minutes. logs spew out repeats of the below continuously? Tue Mar 28 11:20:19 2017 -> +++ Started at Tue Mar 28 11:20:19 2017 Tue Mar 28 11:20:19 2017 -> Received 1 file descriptor(s) from systemd. Tue Mar 28 11:20:27 2017 -> +++ Started at Tue Mar 28 11:20:27 2017 Tue Mar 28 11:20:27 2017 -> Received 1 file descriptor(s) from systemd. Tue Mar 28 11:20:33 2017 -> +++ Started at Tue Mar 28 11:20:33 2017 Tue Mar 28 11:20:33 2017 -> Received 1 file descriptor(s) from systemd. this looks like either the clamav process is crashing, or there is an error related to how clamd is started from systemd, so systemd kills it and starts it repeatedly again and again... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Ubuntu 16.04 - ClamAV with AMAVIS 100% CPU - very few Google results
Thanks for the tip, I found the issue, it was that clamav-daemon was running out of memory, crashing & serviced was indeed restarting it (only for it the crash again & so it went). On 29 March 2017 at 00:58, Matus UHLAR - fantomas wrote: > On 28.03.17 22:33, Antonio Pavletich wrote: > >> Since upgrading I'm found clamd is spiking and staying put at 100%. >> >> I've deleted all files in /var/lib/clamav & re-ran freshclam only to have >> the same issue occur on the next inbound email? >> > > top - 11:07:58 up 3 days, 3:49, 2 users, load average: 2.96, 4.30, 2.19 >> > > note that some time after start, clamd loads, virus signatures from disk > unpacks them and builds in-memory databse, so it is expected to eat 100% of > CPU for a few minutes. > > logs spew out repeats of the below continuously? >> >> Tue Mar 28 11:20:19 2017 -> +++ Started at Tue Mar 28 11:20:19 2017 >> Tue Mar 28 11:20:19 2017 -> Received 1 file descriptor(s) from systemd. >> > > Tue Mar 28 11:20:27 2017 -> +++ Started at Tue Mar 28 11:20:27 2017 >> Tue Mar 28 11:20:27 2017 -> Received 1 file descriptor(s) from systemd. >> > > Tue Mar 28 11:20:33 2017 -> +++ Started at Tue Mar 28 11:20:33 2017 >> Tue Mar 28 11:20:33 2017 -> Received 1 file descriptor(s) from systemd. >> > > this looks like either the clamav process is crashing, or there is an error > related to how clamd is started from systemd, so systemd kills it and > starts > it repeatedly again and again... > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist > "So does syphillis. Good thing we have penicillin." - Matthew Alton > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Filetype.ZipWithJS
That's always been true in the past and they could be disabled in the config file, but that isn't the case here. For whatever reason, this is a signature which is being executed despite heuristics being disabled and it can be included in the .ign2 file successfully. Not sure why this change. Sent from Janet's iPad -Al- -- Al Varnell Mountain View, CA On Mar 28, 2017, at 5:23 AM, Reindl Harald wrote: > Heuristics are *not* signatures smime.p7s Description: S/MIME cryptographic signature ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Ubuntu 16.04 - ClamAV with AMAVIS 100% CPU - very few Google results
On 28.03.17 22:33, Antonio Pavletich wrote: Since upgrading I'm found clamd is spiking and staying put at 100%. I've deleted all files in /var/lib/clamav & re-ran freshclam only to have the same issue occur on the next inbound email? top - 11:07:58 up 3 days, 3:49, 2 users, load average: 2.96, 4.30, 2.19 note that some time after start, clamd loads, virus signatures from disk unpacks them and builds in-memory databse, so it is expected to eat 100% of CPU for a few minutes. logs spew out repeats of the below continuously? Tue Mar 28 11:20:19 2017 -> +++ Started at Tue Mar 28 11:20:19 2017 Tue Mar 28 11:20:19 2017 -> Received 1 file descriptor(s) from systemd. Tue Mar 28 11:20:27 2017 -> +++ Started at Tue Mar 28 11:20:27 2017 Tue Mar 28 11:20:27 2017 -> Received 1 file descriptor(s) from systemd. Tue Mar 28 11:20:33 2017 -> +++ Started at Tue Mar 28 11:20:33 2017 Tue Mar 28 11:20:33 2017 -> Received 1 file descriptor(s) from systemd. this looks like either the clamav process is crashing, or there is an error related to how clamd is started from systemd, so systemd kills it and starts it repeatedly again and again... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Filetype.ZipWithJS
Using the whitelist works in this case and is sufficient for my use. Thanks & have a nice day, folks. Am 28.03.2017 um 13:53 schrieb Jonas Manusch: Cheers folks, since last weekend my clamscan states Heuristics.Filetype.ZipWithJS-6162396-0 FOUND on some files. These files are from 2015 and I assume it to be false positive. Since these files contain sensitive data I cannot hand out to third parties. I tried to find out what the above means, but only found very little information that was not really helpful. Also tried to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I got here with a couple of questions: 1. Where can I find information about what kind of threat this? 2. How could I disable only this one type? Thanks. Jonas ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Filetype.ZipWithJS
On Tue, March 28, 2017 1:23 pm, Reindl Harald wrote: > > > Am 28.03.2017 um 14:20 schrieb Matteo Dessalvi: > >> Hello. >> >> >> Regarding your fist question you can execute the following >> tools from the command line: >> >> sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool >> --decode-sigs >> > > Heuristics are *not* signatures Except in this case... it's was a .cdb signature which *was* called Heuristics.Filetype.ZipWithJS-6162396-0: It was dropped... http://lists.clamav.net/pipermail/clamav-virusdb/attachments/20170327/a00f1950/attachment.ksh Dropped Detection Signatures: Heuristics.Filetype.ZipWithJS-6162396-0 So, slightly confusing... but that's why sigtool --decode-sigs worked: VIRUS NAME: Heuristics.Filetype.ZipWithJS-6136370-0 CONTAINER TYPE: CL_TYPE_ZIP CONTAINER SIZE: ANY FILENAME REGEX: \.[A-Za-z]{3}\.js$ COMPRESSED FILESIZE: ANY UNCOMPRESSED FILESIZE: ANY ENCRYPTION: IGNORED FILE POSITION: 1 CRC SUM: ANY -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Filetype.ZipWithJS
On 03/28/2017 02:23 PM, Reindl Harald wrote: Heuristics are *not* signatures Uh-oh, sorry. You are right, my mistake entirely. Regards, Matteo ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Filetype.ZipWithJS
Am 28.03.2017 um 14:20 schrieb Matteo Dessalvi: Hello. Regarding your fist question you can execute the following tools from the command line: sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool --decode-sigs Heuristics are *not* signatures 'ZipWithJS' is for sure not in the ClamAV source code: it is just a part of a string used to identify the signature of a possible threat (and signature archives are distributed separately from ClamAV). Heuristics are *not* signatures Regarding your second question: you can create a whitelist file which contains all the signatures that ClamAV should ignore. Ref: https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature Heuristics are *not* signatures stop spread wrong informations - you *can not* put heuristics in .ign2 files, well you can, but it won't work Usually this whitelist file should reside in the same directory where ClamAV has installed the signatures archives (on most Linux installations is by default under /var/lib/clamav). Heuristics are *not* signatures On 03/28/2017 01:53 PM, Jonas Manusch wrote: Cheers folks, since last weekend my clamscan states Heuristics.Filetype.ZipWithJS-6162396-0 FOUND on some files. These files are from 2015 and I assume it to be false positive. Since these files contain sensitive data I cannot hand out to third parties. I tried to find out what the above means, but only found very little information that was not really helpful. Also tried to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I got here with a couple of questions: 1. Where can I find information about what kind of threat this? 2. How could I disable only this one type? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Filetype.ZipWithJS
Hello. Regarding your fist question you can execute the following tools from the command line: sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool --decode-sigs 'ZipWithJS' is for sure not in the ClamAV source code: it is just a part of a string used to identify the signature of a possible threat (and signature archives are distributed separately from ClamAV). Regarding your second question: you can create a whitelist file which contains all the signatures that ClamAV should ignore. Ref: https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature Usually this whitelist file should reside in the same directory where ClamAV has installed the signatures archives (on most Linux installations is by default under /var/lib/clamav). Regards, Matteo On 03/28/2017 01:53 PM, Jonas Manusch wrote: Cheers folks, since last weekend my clamscan states Heuristics.Filetype.ZipWithJS-6162396-0 FOUND on some files. These files are from 2015 and I assume it to be false positive. Since these files contain sensitive data I cannot hand out to third parties. I tried to find out what the above means, but only found very little information that was not really helpful. Also tried to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I got here with a couple of questions: 1. Where can I find information about what kind of threat this? 2. How could I disable only this one type? Thanks. Jonas ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Filetype.ZipWithJS
> 1. Where can I find information about what kind of threat this? \.[A-Za-z]{3}\.js$ FP Source example: https://www.mobileread.com/forums/showthread.php?p=3496981 Ie. any .js inside a zip file that's starts with 3 letters will get blocked. -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Filetype.ZipWithJS
On 28/03/17 12:53, Jonas Manusch wrote: Cheers folks, since last weekend my clamscan states Heuristics.Filetype.ZipWithJS-6162396-0 FOUND on some files. These files are from 2015 and I assume it to be false positive. Since these files contain sensitive data I cannot hand out to third parties. I tried to find out what the above means, but only found very little information that was not really helpful. Also tried to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I got here with a couple of questions: 1. Where can I find information about what kind of threat this? Just guessing... Sounds like it is going to fit on files of type ZIP containing .JS (Javascript) files inside. 2. How could I disable only this one type? Thanks. Jonas ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Regards, Giles Coochey +44 (0) 7584 634 135 +44 (0) 1803 529 451 gi...@coochey.net smime.p7s Description: S/MIME Cryptographic Signature ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Filetype.ZipWithJS
Am 28.03.2017 um 13:53 schrieb Jonas Manusch: Cheers folks, since last weekend my clamscan states Heuristics.Filetype.ZipWithJS-6162396-0 FOUND on some files. These files are from 2015 and I assume it to be false positive. Since these files contain sensitive data I cannot hand out to third parties. I tried to find out what the above means, but only found very little information that was not really helpful. Also tried to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I got here with a couple of questions: 1. Where can I find information about what kind of threat this? many of the cryptomalware are .js files within zip-archives and .js on windows is executebale due windows scripting host - the major usecase of clamav is for inbound mailservers 2. How could I disable only this one type? you only can disable heuristics at all and can't whitelist a single type which is a design mistake ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Heuristics.Filetype.ZipWithJS
Cheers folks, since last weekend my clamscan states Heuristics.Filetype.ZipWithJS-6162396-0 FOUND on some files. These files are from 2015 and I assume it to be false positive. Since these files contain sensitive data I cannot hand out to third parties. I tried to find out what the above means, but only found very little information that was not really helpful. Also tried to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I got here with a couple of questions: 1. Where can I find information about what kind of threat this? 2. How could I disable only this one type? Thanks. Jonas ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Ubuntu 16.04 - ClamAV with AMAVIS 100% CPU - very few Google results
Hi, I've used clam-av for for years but not kept up to date with the many changes. Since upgrading I'm found clamd is spiking and staying put at 100%. I've deleted all files in /var/lib/clamav & re-ran freshclam only to have the same issue occur on the next inbound email? I followed the guide at https://www.howtoforge.com/tutorial/perfect-server-ubuntu-16.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/2/ If any other information is needed to aid in identifying this please let me know. Antonio eg: root@host:/var/lib/clamav# clamd -V ClamAV 0.99.2/23244/Tue Mar 28 04:33:34 2017 root@host:/ top - 11:07:58 up 3 days, 3:49, 2 users, load average: 2.96, 4.30, 2.19 Tasks: 195 total, 2 running, 193 sleeping, 0 stopped, 0 zombie %Cpu(s): 1.0 us, 0.3 sy, 0.0 ni, 98.2 id, 0.5 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem : 1014372 total,11140 free, 836764 used, 166468 buff/cache KiB Swap:0 total,0 free,0 used.67920 avail Mem PID USER PR NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND 20406 clamav20 0 574844 405512 3684 R 93.8 40.0 0:06.33 clamd 1 root 20 0 185248 4296 2396 S 0.0 0.4 0:17.99 systemd 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd 3 root 20 0 0 0 0 S 0.0 0.0 0:05.96 ksoftirqd/0 logs spew out repeats of the below continuously? Tue Mar 28 11:20:19 2017 -> +++ Started at Tue Mar 28 11:20:19 2017 Tue Mar 28 11:20:19 2017 -> Received 1 file descriptor(s) from systemd. Tue Mar 28 11:20:19 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Tue Mar 28 11:20:19 2017 -> Running as user clamav (UID 117, GID 123) Tue Mar 28 11:20:19 2017 -> Log file size limited to 1048576 bytes. Tue Mar 28 11:20:19 2017 -> Reading databases from /var/lib/clamav Tue Mar 28 11:20:19 2017 -> Not loading PUA signatures. Tue Mar 28 11:20:19 2017 -> Bytecode: Security mode set to "TrustSigned". Tue Mar 28 11:20:27 2017 -> +++ Started at Tue Mar 28 11:20:27 2017 Tue Mar 28 11:20:27 2017 -> Received 1 file descriptor(s) from systemd. Tue Mar 28 11:20:27 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Tue Mar 28 11:20:27 2017 -> Running as user clamav (UID 117, GID 123) Tue Mar 28 11:20:27 2017 -> Log file size limited to 1048576 bytes. Tue Mar 28 11:20:27 2017 -> Reading databases from /var/lib/clamav Tue Mar 28 11:20:27 2017 -> Not loading PUA signatures. Tue Mar 28 11:20:27 2017 -> Bytecode: Security mode set to "TrustSigned". Tue Mar 28 11:20:33 2017 -> +++ Started at Tue Mar 28 11:20:33 2017 Tue Mar 28 11:20:33 2017 -> Received 1 file descriptor(s) from systemd. Tue Mar 28 11:20:33 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Tue Mar 28 11:20:33 2017 -> Running as user clamav (UID 117, GID 123) Tue Mar 28 11:20:33 2017 -> Log file size limited to 1048576 bytes. Tue Mar 28 11:20:33 2017 -> Reading databases from /var/lib/clamav Tue Mar 28 11:20:33 2017 -> Not loading PUA signatures. Tue Mar 28 11:20:33 2017 -> Bytecode: Security mode set to "TrustSigned". Tue Mar 28 11:20:42 2017 -> +++ Started at Tue Mar 28 11:20:42 2017 Tue Mar 28 11:20:42 2017 -> Received 1 file descriptor(s) from systemd. Tue Mar 28 11:20:42 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Tue Mar 28 11:20:42 2017 -> Running as user clamav (UID 117, GID 123) Tue Mar 28 11:20:42 2017 -> Log file size limited to 1048576 bytes. Tue Mar 28 11:20:42 2017 -> Reading databases from /var/lib/clamav Tue Mar 28 11:20:42 2017 -> Not loading PUA signatures. Tue Mar 28 11:20:42 2017 -> Bytecode: Security mode set to "TrustSigned". Tue Mar 28 11:20:52 2017 -> +++ Started at Tue Mar 28 11:20:52 2017 Tue Mar 28 11:20:52 2017 -> Received 1 file descriptor(s) from systemd. Tue Mar 28 11:20:52 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Tue Mar 28 11:20:52 2017 -> Running as user clamav (UID 117, GID 123) Tue Mar 28 11:20:52 2017 -> Log file size limited to 1048576 bytes. Tue Mar 28 11:20:52 2017 -> Reading databases from /var/lib/clamav Tue Mar 28 11:20:52 2017 -> Not loading PUA signatures. Tue Mar 28 11:20:52 2017 -> Bytecode: Security mode set to "TrustSigned". Tue Mar 28 11:20:59 2017 -> +++ Started at Tue Mar 28 11:20:59 2017 Tue Mar 28 11:20:59 2017 -> Received 1 file descriptor(s) from systemd. Tue Mar 28 11:20:59 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Tue Mar 28 11:20:59 2017 -> Running as user clamav (UID 117, GID 123) Tue Mar 28 11:20:59 2017 -> Log file size limited to 1048576 bytes. Tue Mar 28 11:20:59 2017 -> Reading databases from /var/lib/clamav Tue Mar 28 11:20:59 2017 -> Not loading PUA signatures. Tue Mar 28 11:20:59 2017 -> Bytecode: Security mode set to "TrustSigned". Tue Mar 28 11:21:07 2017 -> +++ Started at Tue Mar 28 11:21:07 2017 ___ clamav-users mailing list clamav-users@lists.clamav.net htt