Re: [clamav-users] OT: DMARC

2018-06-28 Thread Dianne Skoll 
On Thu, 28 Jun 2018 08:36:39 +0200
"Walter H."  wrote:

> > Not unexpectedly, this list is breaking DMARC and DKIM. Any chance
> > of mitigating this?

> this is with any mailling list,

Hence "Not unexpectedly..."

> you alter the mail body, but this breaks DKIM only in case it
> includes the mail body; and this is unusual, because for the mail
> body you have other ways like S/MIME or PGP signatures

All DKIM-signed emails I have in my INBOX include the body hash
"bh=xxx" in the signature.

I'm not sure what software runs the ClamAV mailing list, but I'd have
thought most would have ways to work around this.  I use Mailman myself,
and recent versions have options to work around DMARC problems.

Regards,

Dianne.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] OT: DMARC

2018-06-27 Thread Dianne Skoll 
Hi,

Not unexpectedly, this list is breaking DMARC and DKIM. Any chance of 
mitigating this?

0.1 DKIM query returned fail (body has been altered) (d=cisco.com)

Quarantined due to DMARC policy DMARC_POLICY_QUARANTINE for domain cisco.com

Joel's emails keep getting quarantined.


Regards,

Dianne.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with Max Open desciptor Files limit

2018-01-26 Thread Dianne Skoll 
On Fri, 26 Jan 2018 15:18:10 +
David Shrimpton  wrote:

> I found adding Vbs.Downloader.Generic-6431223-0 to local.ign2 and
> restarting clamd fixed the problem.

Thank you!  That was immensely helpful.

Regards,

Dianne.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

2018-01-26 Thread Dianne Skoll 
On Fri, 26 Jan 2018 06:44:30 -0800
"Jason J. W. Williams"  wrote:

> We started seeing this problem last night as well. Reading through the
> thread, it doesn't appear that ClamAV has fixed the signatures yet
> (as of 24257), or am I wrong?

Not only has it not been fixed, there hasn't been a peep out of the
developers.

This is NOT the way to deal with issues like this, especially in
security-sensitive software.

Regards,

Dianne.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

2018-01-26 Thread Dianne Skoll 
On Fri, 26 Jan 2018 13:50:27 +0100
Ralf Hildebrandt  wrote:

> If I had to guess: they used the beta for testing, but the release
> versions (both 0.99.2 and 0.99.3!) fail to operate properly...

No, I bet that's not what happened.  A file descriptor leak doesn't show
up right away.  They probably tested the signatures on a lightly-loaded
server and didn't notice any problems.

ClamAV QA team: In future, please run new signatures against a clamd
process a few thousand times to check for possible resource leakage.

Regards,

Dianne.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-25 Thread Dianne Skoll 
Hi,

Something went badly wrong with clamd recently; it's stuck with
hundreds/thousands of open files per process and interrupting mail flow.

When a scanning thread finishes, I see this in the strace output.
(I ran clamdscan /etc/hosts as a test):

[pid  3707] 02:11:01 sendto(295, "/etc/hosts: OK\n", 15, 0, NULL, 0) = 15
[pid  3707] 02:11:01 shutdown(295, SHUT_RDWR) = 0
[pid  3707] 02:11:01 close(295) = 0
[pid  3707] 02:11:01 futex(0x1933c3c, 
FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 387, {1516950691, 0}, ) 
= -1 ETIMEDOUT (Connection timed out)
[pid  3707] 02:11:31 futex(0x1933c10, FUTEX_WAKE_PRIVATE, 1) = 0
[pid  3707] 02:11:31 madvise(0x7fae6affe000, 8368128, MADV_DONTNEED) = 0
[pid  3707] 02:11:31 _exit(0)   = ?
[pid  3707] 02:11:31 +++ exited with 0 +++

So it scans the file, says it's OK. and then hangs in the futex for 30
seconds.

HELP!  This is causing major outages for many of our customers.

Regards,

Dianne.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml