Re: [clamav-users] OT: DMARC
On Thu, 28 Jun 2018 08:36:39 +0200 "Walter H." wrote: > > Not unexpectedly, this list is breaking DMARC and DKIM. Any chance > > of mitigating this? > this is with any mailling list, Hence "Not unexpectedly..." > you alter the mail body, but this breaks DKIM only in case it > includes the mail body; and this is unusual, because for the mail > body you have other ways like S/MIME or PGP signatures All DKIM-signed emails I have in my INBOX include the body hash "bh=xxx" in the signature. I'm not sure what software runs the ClamAV mailing list, but I'd have thought most would have ways to work around this. I use Mailman myself, and recent versions have options to work around DMARC problems. Regards, Dianne. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] OT: DMARC
Hi, Not unexpectedly, this list is breaking DMARC and DKIM. Any chance of mitigating this? 0.1 DKIM query returned fail (body has been altered) (d=cisco.com) Quarantined due to DMARC policy DMARC_POLICY_QUARANTINE for domain cisco.com Joel's emails keep getting quarantined. Regards, Dianne. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Problem with Max Open desciptor Files limit
On Fri, 26 Jan 2018 15:18:10 + David Shrimptonwrote: > I found adding Vbs.Downloader.Generic-6431223-0 to local.ign2 and > restarting clamd fixed the problem. Thank you! That was immensely helpful. Regards, Dianne. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)
On Fri, 26 Jan 2018 06:44:30 -0800 "Jason J. W. Williams"wrote: > We started seeing this problem last night as well. Reading through the > thread, it doesn't appear that ClamAV has fixed the signatures yet > (as of 24257), or am I wrong? Not only has it not been fixed, there hasn't been a peep out of the developers. This is NOT the way to deal with issues like this, especially in security-sensitive software. Regards, Dianne. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)
On Fri, 26 Jan 2018 13:50:27 +0100 Ralf Hildebrandtwrote: > If I had to guess: they used the beta for testing, but the release > versions (both 0.99.2 and 0.99.3!) fail to operate properly... No, I bet that's not what happened. A file descriptor leak doesn't show up right away. They probably tested the signatures on a lightly-loaded server and didn't notice any problems. ClamAV QA team: In future, please run new signatures against a clamd process a few thousand times to check for possible resource leakage. Regards, Dianne. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] URGENT: Clamd is wedged on multiple installations
Hi, Something went badly wrong with clamd recently; it's stuck with hundreds/thousands of open files per process and interrupting mail flow. When a scanning thread finishes, I see this in the strace output. (I ran clamdscan /etc/hosts as a test): [pid 3707] 02:11:01 sendto(295, "/etc/hosts: OK\n", 15, 0, NULL, 0) = 15 [pid 3707] 02:11:01 shutdown(295, SHUT_RDWR) = 0 [pid 3707] 02:11:01 close(295) = 0 [pid 3707] 02:11:01 futex(0x1933c3c, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 387, {1516950691, 0}, ) = -1 ETIMEDOUT (Connection timed out) [pid 3707] 02:11:31 futex(0x1933c10, FUTEX_WAKE_PRIVATE, 1) = 0 [pid 3707] 02:11:31 madvise(0x7fae6affe000, 8368128, MADV_DONTNEED) = 0 [pid 3707] 02:11:31 _exit(0) = ? [pid 3707] 02:11:31 +++ exited with 0 +++ So it scans the file, says it's OK. and then hangs in the futex for 30 seconds. HELP! This is causing major outages for many of our customers. Regards, Dianne. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml