Re: [clamav-users] Inquiry about ClamAV's usage within sandbox

[Eero Volotinen]

Hi,

1) how about using normal security features provided by linux os?
(apparmor, selinux, chroot ..)

2) use containers, virtualization and similar techniques?

Eero

On Tue 22. Mar 2022 at 23.14, Yang, Jiayi via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi ClamAV community,
>
>
>
> Hope this email finds you well. I’m writing to inquire about the proper
> usage of ClamAV and whether it’s suggested to run ClamAV within a sandbox
> to avoid infecting other files/applications in the host if a malware is
> detected. I have two main questions:
>
>
>
>1. When scanning a given file, will ClamAV only do static
>analysis(based on signature database) or it will execute the file and
>analyze its behavior? If the file is a malware and we use ClamAV to scan
>the file, will it possibly infect the scanner or infect other
>files/applications on the host?
>2. Is there any built-in sandbox mechanism in ClamAV so that when it
>scans a file, the file can be scanned in an isolated environment?
>
>
>
> Thank you so much! Looking forward to hearing from you.
>
>
>
> Best,
>
> Jiayi
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SSL issue

[Eero Volotinen]

it might be wise to test if other / all ssl services contains same issue.

https://docs.pingidentity.com/bundle/solution-guides/page/iqs1569423823079.html


Eero

On Sat 19. Feb 2022 at 9.47, Matus UHLAR - fantomas 
wrote:

> On 19.02.22 05:54, Eero Volotinen wrote:
> >well. your system cannot verify ssl connection certificate.
> >
> >something wrong with your local ca/root certificates..
>
> probably intercepting proxy or some kind of security firewall with ssl
> decryption.
>
> >On Sat 19. Feb 2022 at 2.52, Eliya Voldman via clamav-users <
> >clamav-users@lists.clamav.net> wrote:
> >> I'm trying to install 'cvdupdate' on my Windows 2012 R2 server but hit
> >> this error.
> >>
> >> Could someone help?
> >>
> >> ---
> >>
> >>
> >>
> >> C:\Python38\Scripts>pip3.exe install cvdupdate
> >>
> >> WARNING: pip is being invoked by an old script wrapper. This will fail
> in
> >> a future version of pip.
> >>
> >> Please see https://github.com/pypa/pip/issues/5599 for advice on fixing
> >> the underlying issue.
> >>
> >> To avoid this problem you can invoke Python with '-m pip' instead of
> >> running pip directly.
> >>
> >> WARNING: Ignoring invalid distribution -p
> (c:\python38\lib\site-packages)
> >>
> >> WARNING: Ignoring invalid distribution -ip
> (c:\python38\lib\site-packages)
> >>
> >> WARNING: Ignoring invalid distribution - (c:\python38\lib\site-packages)
> >>
> >> WARNING: Ignoring invalid distribution -p
> (c:\python38\lib\site-packages)
> >>
> >> WARNING: Ignoring invalid distribution -ip
> (c:\python38\lib\site-packages)
> >>
> >> WARNING: Ignoring invalid distribution - (c:\python38\lib\site-packages)
> >>
> >> WARNING: Retrying (Retry(total=4, connect=None, read=None,
> redirect=None,
> >> status=None)) after connection broken by
> >> 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIF
> >>
> >> Y_FAILED] certificate verify failed: self signed certificate in
> >> certificate chain (_ssl.c:1108)'))': /simple/cvdupdate/
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Silvester Stallone: Father of the RISC concept.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SSL issue

[Eero Volotinen]

well. your system cannot verify ssl connection certificate.

something wrong with your local ca/root certificates..

Eero

On Sat 19. Feb 2022 at 2.52, Eliya Voldman via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello,
>
> I'm trying to install 'cvdupdate' on my Windows 2012 R2 server but hit
> this error.
>
> Could someone help?
>
> ---
>
>
>
> C:\Python38\Scripts>pip3.exe install cvdupdate
>
> WARNING: pip is being invoked by an old script wrapper. This will fail in
> a future version of pip.
>
> Please see https://github.com/pypa/pip/issues/5599 for advice on fixing
> the underlying issue.
>
> To avoid this problem you can invoke Python with '-m pip' instead of
> running pip directly.
>
> WARNING: Ignoring invalid distribution -p (c:\python38\lib\site-packages)
>
> WARNING: Ignoring invalid distribution -ip (c:\python38\lib\site-packages)
>
> WARNING: Ignoring invalid distribution - (c:\python38\lib\site-packages)
>
> WARNING: Ignoring invalid distribution -p (c:\python38\lib\site-packages)
>
> WARNING: Ignoring invalid distribution -ip (c:\python38\lib\site-packages)
>
> WARNING: Ignoring invalid distribution - (c:\python38\lib\site-packages)
>
> WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None,
> status=None)) after connection broken by
> 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIF
>
> Y_FAILED] certificate verify failed: self signed certificate in
> certificate chain (_ssl.c:1108)'))': /simple/cvdupdate/
>
> WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None,
> status=None)) after connection broken by
> 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIF
>
> Y_FAILED] certificate verify failed: self signed certificate in
> certificate chain (_ssl.c:1108)'))': /simple/cvdupdate/
>
> WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None,
> status=None)) after connection broken by
> 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIF
>
> Y_FAILED] certificate verify failed: self signed certificate in
> certificate chain (_ssl.c:1108)'))': /simple/cvdupdate/
>
> WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None,
> status=None)) after connection broken by
> 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIF
>
> Y_FAILED] certificate verify failed: self signed certificate in
> certificate chain (_ssl.c:1108)'))': /simple/cvdupdate/
>
> WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None,
> status=None)) after connection broken by
> 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIF
>
> Y_FAILED] certificate verify failed: self signed certificate in
> certificate chain (_ssl.c:1108)'))': /simple/cvdupdate/
>
> Could not fetch URL https://pypi.org/simple/cvdupdate/: There was a
> problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org',
> port=443): Max retries exceeded
>
> with url: /simple/cvdupdate/ (Caused by
> SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
> certificate verify failed: self signed certificate in certificate
>
> chain (_ssl.c:1108)'))) - skipping
>
> ERROR: Could not find a version that satisfies the requirement cvdupdate
> (from versions: none)
>
> ERROR: No matching distribution found for cvdupdate
>
> WARNING: Ignoring invalid distribution -p (c:\python38\lib\site-packages)
>
> WARNING: Ignoring invalid distribution -ip (c:\python38\lib\site-packages)
>
> WARNING: Ignoring invalid distribution - (c:\python38\lib\site-packages)
>
> Could not fetch URL https://pypi.org/simple/pip/: There was a problem
> confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org',
> port=443): Max retries exceeded with u
>
> rl: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
> certificate in certificate chain (_ssl.
>
> c:1108)'))) - skipping
>
>
>
> C:\Python38\Scripts>
>
> ---
>
> Thanks
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] CLAMAV update error

[Eero Volotinen]

sounds like you system is missing ”host” command. install it from system
packages and try again?

Eero

On Mon 7. Feb 2022 at 2.59, 外谷信之 / TOYA，NOBUYUKI <
nobuyuki.toya...@hitachi.com> wrote:

> 【Query】
> In the clamav update, do the following
> (1)install.sh
> (2)update.peal
>
> The following error occurs in (2)
>
> 【error】
> [root@ip-10-0-55-104 clamav-update-2.2.7]# ./clamav-update.pl Can't exec
> "host": No such file or directory at ./clamav-update.pl line 262.
> Fri Feb  4 15:02:56 2022 can't execute: No such file or directory Fri Feb
> 4 15:02:56 2022 version command failed Fri Feb  4 15:02:56 2022 Can't check
> latest version.
>
>
> BY Nobuyuki Toya
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] problem for freshclam

[Eero Volotinen]

freshclam 24258 clamav3wW  REG8,640824 786476
/var/log/clamav/freshclam.log'

means that processid (pid) is locking the file. you can kill it with sudo
kill -9 24258

Eero

la 29. tammik. 2022 klo 17.02 Dorian ROSSE (dorianbr...@hotmail.fr)
kirjoitti:

> hello,
>
>
> the answer of your line of command adviced :
>
> '''lsof /var/log/clamav/freshclam.log
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/125/gvfs
>   Output information may be incomplete.
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
>   Output information may be incomplete.
> COMMAND PID   USER   FD   TYPE DEVICE SIZE/OFF   NODE NAME
> freshclam 24258 clamav3wW  REG8,640824 786476
> /var/log/clamav/freshclam.log'''
>
> what i should do now ?
>
> thank you in advance for your time,
>
> Regards.
>
>
> Dorian ROSSE.
> --
> *De :* Eero Volotinen 
> *Envoyé :* vendredi 28 janvier 2022 19:01
> *À :* ClamAV users ML 
> *Cc :* colin course ; Dorian ROSSE <
> dorianbr...@hotmail.fr>
> *Objet :* Re: [clamav-users] problem for freshclam
>
> hi,
>
> try sudo lsof /var/log/clamav/freshclam.log what process is locking the
> log file and then kill it?
>
> Eero
>
> pe 28. tammik. 2022 klo 18.48 Dorian ROSSE via clamav-users (
> clamav-users@lists.clamav.net) kirjoitti:
>
> hello,
>
>
> I am there,
>
> after your three command line adviced freshclam is again broken : e
>
> '''freshclam
> ERROR: /var/log/clamav/freshclam.log is locked by another process
> ERROR: Problem with internal logger (UpdateLogFile =
> /var/log/clamav/freshclam.log).
> ERROR: initialize: libfreshclam init failed.
> ERROR: Initialization error!'''
>
> what is your advice now ?
>
> have a nice weekend from the france,
>
> regards.
>
>
> Dorian ROSSE.
> --
> *De :* colin course 
> *Envoyé :* jeudi 27 janvier 2022 22:13
> *À :* Dorian ROSSE 
> *Cc :* Dorian ROSSE via clamav-users 
> *Objet :* Re:[clamav-users] problem for freshclam
>
> ok thanks didant mean to be pushey
>
> you could also try clamtk the grahical interface of clam its a scanner
> i am just on there forum now trying to get mine sorted
> bionic only want to give me 5.25 version and you guessed it need it to
> be higher as it is outdated
>
> you will find a version of it on your sanaptic package installer also
> you will need clam to be higher than 2.3 something like ,4 with out
> looking
> i suppect i got the numbers wrong
> you problerly yes you will find your version on the clam log file
> any problems just ask
> tat ta for now
>
> colin
>
> all the best
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] problem for freshclam

[Eero Volotinen]

hi,

try sudo lsof /var/log/clamav/freshclam.log what process is locking the log
file and then kill it?

Eero

pe 28. tammik. 2022 klo 18.48 Dorian ROSSE via clamav-users (
clamav-users@lists.clamav.net) kirjoitti:

> hello,
>
>
> I am there,
>
> after your three command line adviced freshclam is again broken : e
>
> '''freshclam
> ERROR: /var/log/clamav/freshclam.log is locked by another process
> ERROR: Problem with internal logger (UpdateLogFile =
> /var/log/clamav/freshclam.log).
> ERROR: initialize: libfreshclam init failed.
> ERROR: Initialization error!'''
>
> what is your advice now ?
>
> have a nice weekend from the france,
>
> regards.
>
>
> Dorian ROSSE.
> --
> *De :* colin course 
> *Envoyé :* jeudi 27 janvier 2022 22:13
> *À :* Dorian ROSSE 
> *Cc :* Dorian ROSSE via clamav-users 
> *Objet :* Re:[clamav-users] problem for freshclam
>
> ok thanks didant mean to be pushey
>
> you could also try clamtk the grahical interface of clam its a scanner
> i am just on there forum now trying to get mine sorted
> bionic only want to give me 5.25 version and you guessed it need it to
> be higher as it is outdated
>
> you will find a version of it on your sanaptic package installer also
> you will need clam to be higher than 2.3 something like ,4 with out
> looking
> i suppect i got the numbers wrong
> you problerly yes you will find your version on the clam log file
> any problems just ask
> tat ta for now
>
> colin
>
> all the best
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav static binary

[Eero Volotinen]

Hi All,

Is there way to build static binary for clamav?



Eero

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] database updates blocked

[Eero Volotinen]

Solution:

https://stackoverflow.com/questions/42982143/python-requests-how-to-use-system-ca-certificates-debian-ubuntu



Eero

On Tue, Aug 17, 2021 at 5:50 PM Joel Esler (jesler) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Thank you Eero.
>
> Yes this, isn’t the server blocking you.  You have a problem with your
> local CA store.
>
> —
> Sent from my  iPad
>
> On Aug 17, 2021, at 09:11, Eero Volotinen  wrote:
>
> 
> Please note that python uses different ca locations.
>
> You can see my message on this mailing list some months ago related to
> same issue
>
>
> Eero
>
> On Tue 17. Aug 2021 at 15.57, Jona Tallieu  wrote:
>
>> Dear,
>>
>>
>>
>> Thanks for your answer.
>>
>> We are using Freshclam, the curl was a test to see what the problem was.
>>
>>
>>
>> The logs show a SSL CA cert problem:
>>
>>
>>
>> 13:26:22.633 5 EXTFILTER(CGPClamAV) inp(059): * ClamAV update process
>> started at Mon Aug 16 13:26:22 2021
>>
>> 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(048): * WARNING: Your ClamAV
>> installation is OUTDATED!
>>
>> 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(062): * WARNING: Local version:
>> 0.103.2 Recommended version: 0.103.3
>>
>> 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(069): * DON'T PANIC! Read
>> https://www.clamav.net/documents/upgrading-clamav
>>
>> 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(083): * daily database available
>> for update (local version: 26231, remote version: 26265)
>>
>> 13:26:24.644 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed
>> (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)
>>
>> 13:26:24.644 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch:
>> Can't download daily-26232.cdiff from
>> https://database.clamav.net/daily-26232.cdiff
>>
>> 13:26:24.646 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed
>> (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)
>>
>> 13:26:24.646 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch:
>> Can't download daily-26232.cdiff from
>> https://database.clamav.net/daily-26232.cdiff
>>
>> 13:26:24.651 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed
>> (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)
>>
>> 13:26:24.651 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch:
>> Can't download daily-26232.cdiff from
>> https://database.clamav.net/daily-26232.cdiff
>>
>> 13:26:24.651 5 EXTFILTER(CGPClamAV) inp(066): * WARNING: Incremental
>> update failed, trying to download daily.cvd
>>
>> 13:26:24.653 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed
>> (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)
>>
>> 13:26:24.653 5 EXTFILTER(CGPClamAV) inp(078): * WARNING: Can't download
>> daily.cvd from https://database.clamav.net/daily.cvd
>>
>>
>>
>> But the ca-certificates package (which contains the CA roots) is the most
>> recent version. Other Cloudflare hosted url’s (with the same TLS settings)
>> work fine…
>>
>>
>>
>>
>>
>> Best,
>>
>>
>>
>> Jona
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From: *clamav-users  on behalf
>> of "Joel Esler (jesler) via clamav-users" 
>> *Reply-To: *ClamAV users ML 
>> *Date: *Tuesday, 17 August 2021 at 14:45
>> *To: *ClamAV users ML 
>> *Cc: *"Joel Esler (jesler)" 
>> *Subject: *Re: [clamav-users] database updates blocked
>> *Resent-From: *
>> *Resent-Date: *Tuesday, 17 August 2021 at 14:45
>>
>>
>>
>> Curl is not authorized to be used to download updates.  Please use
>> Freshclam or cvdupdate to download updates.
>>
>>
>>
>>
>> ___
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] database updates blocked

[Eero Volotinen]

Please note that python uses different ca locations.

You can see my message on this mailing list some months ago related to same
issue


Eero

On Tue 17. Aug 2021 at 15.57, Jona Tallieu  wrote:

> Dear,
>
>
>
> Thanks for your answer.
>
> We are using Freshclam, the curl was a test to see what the problem was.
>
>
>
> The logs show a SSL CA cert problem:
>
>
>
> 13:26:22.633 5 EXTFILTER(CGPClamAV) inp(059): * ClamAV update process
> started at Mon Aug 16 13:26:22 2021
>
> 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(048): * WARNING: Your ClamAV
> installation is OUTDATED!
>
> 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(062): * WARNING: Local version:
> 0.103.2 Recommended version: 0.103.3
>
> 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(069): * DON'T PANIC! Read
> https://www.clamav.net/documents/upgrading-clamav
>
> 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(083): * daily database available
> for update (local version: 26231, remote version: 26265)
>
> 13:26:24.644 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed
> (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)
>
> 13:26:24.644 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch:
> Can't download daily-26232.cdiff from
> https://database.clamav.net/daily-26232.cdiff
>
> 13:26:24.646 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed
> (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)
>
> 13:26:24.646 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch:
> Can't download daily-26232.cdiff from
> https://database.clamav.net/daily-26232.cdiff
>
> 13:26:24.651 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed
> (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)
>
> 13:26:24.651 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch:
> Can't download daily-26232.cdiff from
> https://database.clamav.net/daily-26232.cdiff
>
> 13:26:24.651 5 EXTFILTER(CGPClamAV) inp(066): * WARNING: Incremental
> update failed, trying to download daily.cvd
>
> 13:26:24.653 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed
> (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)
>
> 13:26:24.653 5 EXTFILTER(CGPClamAV) inp(078): * WARNING: Can't download
> daily.cvd from https://database.clamav.net/daily.cvd
>
>
>
> But the ca-certificates package (which contains the CA roots) is the most
> recent version. Other Cloudflare hosted url’s (with the same TLS settings)
> work fine…
>
>
>
>
>
> Best,
>
>
>
> Jona
>
>
>
>
>
>
>
>
>
> *From: *clamav-users  on behalf of
> "Joel Esler (jesler) via clamav-users" 
> *Reply-To: *ClamAV users ML 
> *Date: *Tuesday, 17 August 2021 at 14:45
> *To: *ClamAV users ML 
> *Cc: *"Joel Esler (jesler)" 
> *Subject: *Re: [clamav-users] database updates blocked
> *Resent-From: *
> *Resent-Date: *Tuesday, 17 August 2021 at 14:45
>
>
>
> Curl is not authorized to be used to download updates.  Please use
> Freshclam or cvdupdate to download updates.
>
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamonsacc not working on centos7

[Eero Volotinen]

try running with strace

something like this

strace -s 255 -f -o /tmp/logfile command

ja upload logfile to pastebin or similar

Eero

On Tue 27. Jul 2021 at 21.09, G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Tue, 27 Jul 2021, Joël Labby via clamav-users wrote:
>
> > ...
> > I can use clamscan to scan a file
> >
> > but clamonacc return this error :
> >
> > ERROR: ClamClient: Could not connect to clamd, Couldn't connect to server
> > ERROR: Clamonacc: daemon is local, but a connection could not be
> established
> >
> > any idea ?
>
> Are you running SELinux?
>
> --
>
> 73,
> Ged.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Seeking complete Installation guide of clamav-rest

[Eero Volotinen]

please run google search with keywords

”
https://www.google.fi/search?q=clamav+rest+api=UTF-8=UTF-8=en-fi=safari
”

clamav rest api

Eero

On Fri 23. Jul 2021 at 6.31, Kin Sou via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi Team,
>
> Please support us.
>
>
> Rgds,
>
> Vincent
>
> On Thu, Jul 22, 2021 at 11:13 PM Kin Sou  wrote:
>
>> Hi team,
>>
>> I knew clamav can act as a dedicated virus scanner server to provide
>> remote scan service to other destination machines through using
>> clamav-rest. But by far i keep searching and searching still not found any
>> instructions to illustrate how to activate the REST service for remote
>> scan. The questions i ain't figured are:
>>
>> The clamav-rest API should activate/install on the virusscanner server or
>> every destination(client) machine?
>>
>> [image: image.png]
>>
>>
>> How to indicate the web-GUI like the screenshot below to perform scanning
>> operation? are we needed to install clamtk to fulfill this requirement?
>> [image: image.png]
>>
>> I referenced beneath instruction and by far successfully built
>> virusscanner server, just the clamav-rest API not clear how to utilize it.
>>
>> https://www.programmersought.com/article/53126569310/
>>
>> Please support us, thanks.
>>
>>
>> Vincent Cruise
>>
>>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Warning: No matches found for: clamav on CentOS Linux release 7.9.2009 (Core)

[Eero Volotinen]

make sure that epel repository is enabled.
looks like it’s not.

Eero

On Mon 19. Jul 2021 at 12.06, Kaushal Shriyan via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi,
>
> I am running CentOS Linux release 7.9.2009 (Core) and installed epel
> repository.
>
> # rpm -qa | grep epel
> epel-release-7-13.noarch
> # cat /etc/redhat-release
> CentOS Linux release 7.9.2009 (Core)
> #yum search clamav
> Loaded plugins: fastestmirror
> Determining fastest mirrors
>  * base: mirrors.piconets.webwerks.in
>  * extras: mirrors.piconets.webwerks.in
>  * updates: mirrors.piconets.webwerks.in
> base
>
> | 3.6 kB  00:00:00
> docker-ce-stable
>
> | 3.5 kB  00:00:00
> elastic-7.x
>
>  | 1.3 kB  00:00:00
> extras
>
> | 2.9 kB  00:00:00
> ius
>
>  | 1.3 kB  00:00:00
> mariadb
>
>  | 2.9 kB  00:00:00
> nginx
>
>  | 2.9 kB  00:00:00
> updates
>
>  | 2.9 kB  00:00:00
> (1/10): base/7/x86_64/group_gz
>
> | 153 kB  00:00:00
> (2/10): extras/7/x86_64/primary_db
>
> | 242 kB  00:00:00
> (3/10): elastic-7.x/primary
>
>  | 288 kB  00:00:00
> (4/10): docker-ce-stable/7/x86_64/primary_db
>
> |  62 kB  00:00:00
> (5/10): docker-ce-stable/7/x86_64/updateinfo
>
> |   55 B  00:00:00
> (6/10): ius/x86_64/primary
>
> | 100 kB  00:00:01
> (7/10): updates/7/x86_64/primary_db
>
>  | 8.8 MB  00:00:04
> (8/10): base/7/x86_64/primary_db
>
> | 6.1 MB  00:00:05
> (9/10): nginx/7/x86_64/primary_db
>
>  |  67 kB  00:00:04
> (10/10): mariadb/primary_db
>
>  |  36 kB  00:00:05
> elastic-7.x
>
> 880/880
> ius
>
> 467/467
> Warning: No matches found for: clamav
> No matches found
>
> Am I missing anything? Please suggest further. Thanks in Advance.
>
> Best Regards,
>
> Kaushal
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] cvdupdate certificate verify failed

[Eero Volotinen]

check this:

https://stackoverflow.com/questions/42982143/python-requests-how-to-use-system-ca-certificates-debian-ubuntu


Eero

On Fri 16. Jul 2021 at 15.38, G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Fri, 16 Jul 2021, Moyes, Steven via clamav-users wrote:
> > On Fri, 16 Jul 2021, G.W. Haywood via clamav-users wrote:
> > > On Fri, 16 Jul 2021, Moyes, Steven via clamav-users wrote:
> > >
> > >> I've been trying to resolve this for a few weeks and would really
> appreciate any help.
> > >>
> > >> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> > >> failed (_ssl.c:877)
> > >
> > > Sorry, I've never ysed the Python scripts so I can't call on any
> > > experience, but the error message seems fairly clear.  It might help
> > > others if you describe what you've done to try to resolve the issue.
> > >
> > > Have you for example tried to use freshclam directly?
> >
> > If I run freshclam directly on the mirror, it reports the daily.cvd
> > is out of date and then proceeds to download the full cvd 3 times.
> > I have daily-26232.cdiff downloaded, but this is a zero byte file,
> > hence the triple download of the cvd.  main-60.cdiff is the same.
>
> That sounds a little odd.  Are you saying that it downloads the full
> CVDs for both main and daily?  Can we see a bit more from the log?
>
> > ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> > ERROR: downloadPatch: Can't apply patch
> > WARNING: Incremental update failed, trying to download daily.cvd
>
> This is normal at the moment, see other correspondence on the list in
> the past couple of days about the new releases of 'main' and 'daily'.
> You might need to check that your freshclam download timeout settings
> aren't too short - half an hour wasn't long enough here - but none of
> that has anything to do with your SSL certificate issue.
>
> --
>
> 73,
> Ged.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] cvdupdate certificate verify failed

[Eero Volotinen]

try following command

pip install --upgrade certifi
or

pip3 install --upgrade certifi

Eero

On Fri 16. Jul 2021 at 11.12, Moyes, Steven via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi,
> I've been trying to resolve this for a few weeks and would really
> appreciate any help.
>
> A few details:
> OS: RHEL7.9
> ClamAV 0.103.2/26231
> Connection goes through an authenticated proxy
> ca-certificates-2020.2.41-70.0.el7_8.noarch is installed
> Manually imported certificates from Mozilla version 05.07.2021
> It does this on the first attempt
>
> 2021-07-16 08:47:56 cvdupdate-1.0.2 DEBUG Checking for a newer version of
> cvdupdate.
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG cvdupdate is up-to-date: 1.0.2.
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking available versions via
> DNS TXT entry query of current.cvd.clamav.net
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking main.cvd for update
> from https://database.clamav.net/main.cvd
> 2021-07-16  08:47:57
> cvdupdate-1.0.2 DEBUG Checking main.cvd version via DNS TXT advertisement.
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG main.cvd version advertised by
> DNS: 61
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Downloading CDIFFs first...
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking for main-60.cdiff
> 2021-07-16 08:47:57 urllib3.connectionpool DEBUG Starting new HTTPS
> connection (1): database.clamav.net:443
> Traceback (most recent call last):
>   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py",
> line 696, in urlopen
> self._prepare_proxy(conn)
>   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py",
> line 964, in _prepare_proxy
> conn.connect()
>   File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py",
> line 421, in connect
> tls_in_tls=tls_in_tls,
>   File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line
> 450, in ssl_wrap_socket
> sock, context, tls_in_tls, server_hostname=server_hostname
>   File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line
> 493, in _ssl_wrap_socket_impl
> return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
>   File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
> _context=self, _session=session)
>   File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
> self.do_handshake()
>   File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
> self._sslobj.do_handshake()
>   File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
> self._sslobj.do_handshake()
> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
> (_ssl.c:877)
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
>   File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line
> 449, in send
> timeout=timeout
>   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py",
> line 756, in urlopen
> method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
>   File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py",
> line 574, in increment
> raise MaxRetryError(_pool, url, error or ResponseError(cause))
> urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='
> database.clamav.net', port=443): Max retries exceeded with url:
> /main-60.cdiff (Caused by SSLError(SSLError(1, '[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
>   File "/usr/local/bin/cvd", line 11, in 
> sys.exit(cli())
>   File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1137,
> in __call__
> return self.main(*args, **kwargs)
>   File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1062,
> in main
> rv = self.invoke(ctx)
>   File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1668,
> in invoke
> return _process_result(sub_ctx.command.invoke(sub_ctx))
>   File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1404,
> in invoke
> return ctx.invoke(self.callback, **ctx.params)
>   File "/usr/local/lib/python3.6/site-packages/click/core.py", line 763,
> in invoke
> return __callback(*args, **kwargs)
>   File "/usr/local/lib/python3.6/site-packages/click/decorators.py", line
> 26, in new_func
> return f(get_current_context(), *args, **kwargs)
>   File "/usr/local/lib/python3.6/site-packages/cvdupdate/__main__.py",
> line 259, in update_alias
> ctx.forward(db_update)
>   File "/usr/local/lib/python3.6/site-packages/click/core.py", line 784,
> in forward
> return __self.invoke(__cmd, *args, **kwargs)
>   File "/usr/local/lib/python3.6/site-packages/click/core.py", line 763,
> in invoke
> return __callback(*args, **kwargs)
>   File 

Re: [clamav-users] Qnap TS-259Pro+

[Eero Volotinen]

You probably need to buy newer version of qnap nas
or compile clamav from sources.

Eero

On Tue 13. Jul 2021 at 19.41, Raymond Ng via clamav-users <
clamav-users@lists.clamav.net> wrote:

> My Qnap NAS suddenly stop updating Virus signature since March.
> It had a manual update but I can’t find where to download the latest
> signature file at Clamav home page.
> Kindly help to direct where I could download the latest signature so I
> could manual update the signature.
> Ive check on the Qnap Community site that there is a new version of Clamav
> but it’s not compatible with my model.
>
> Regards
> *Raymond Ng*
> Sent from my iPhone
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] RClam AV installation with Postfix in RHEL

[Eero Volotinen]

Read the documentation

http://books.msspace.net/mirrorbooks/linuxcookbook/0596006403/linuxckbk-CHP-21-SECT-8.html

Typical way is use amavis with postfix


Eero

On Tue 18. May 2021 at 7.04, Anindya Banerjee-konsult <
anindya.banerjee-kons...@apoteket.se> wrote:

> Hello Team,
>
>
>
> We are using Postfix for email relay and has activated spam assassin. We
> intend to use Clam AV scanning of emails relayed by Postfix. We have
> documentation for installation but not on interoperability with Postfix.
> https://www.clamav.net/documents/installation-on-redhat-and-centos-linux-distributions.
> Please assist with documentation on how clam AV may be configured to work
> with Postfix email relay.
>
>
>
> Thanks & regards
>
> Anindya Banerjee
>
> Apoteket AB
>
> +91 9836106549
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

[Eero Volotinen]

Well. Then you need to install proxy outside of your network and open port
to that address.



Eero

On Thu, Apr 29, 2021 at 2:59 PM Zvi Kave via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi,
>
> The SysAdmin that responsible for Firewall maintenance,  allows to open
> only one IP in the firewall for freshclam use.
>
> I shall check squid definitions again.
>
> Thank you,
>
> Zvi
>
> On 4/29/2021 12:41 PM, Eero Volotinen wrote:
>
>
>
>
>>
>> > We wish to open only one IP in the firewall.
>>
>> Can you explain why it matters to you how many different IPs are used
>> to provide the service?  Do you use IPv4 and IPv6 addresses?  Have you
>> also asked Google if they will only send mail to you from a single IP?
>>
>> https://www.razlee.com/
>>
>>
> In squid it's possible to whitelist addresses by dns names.
>
> Eero
>
> ___
>
> clamav-users mailing 
> listclamav-users@lists.clamav.nethttps://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV 
> guide:https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

[Eero Volotinen]

>
> > We wish to open only one IP in the firewall.
>
> Can you explain why it matters to you how many different IPs are used
> to provide the service?  Do you use IPv4 and IPv6 addresses?  Have you
> also asked Google if they will only send mail to you from a single IP?
>
> https://www.razlee.com/
>
>
In squid it's possible to whitelist addresses by dns names.

Eero

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy

[Eero Volotinen]

Please check out documentation. There are proxy settings inside of
freshclam configuration file.

Eero

On Thu 29. Apr 2021 at 11.08, Zvi Kave via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello Joel,
>
> We would like to get a manual that describes how to configure freshclam
> and proxy to refresh the signature files through the proxy (squid) and not
> directly.
>
> Explanation:
>
> Our servers are behind a firewall.
>
> The freshclam is referred to different ClamAV mirror with different IP for
> each refresh.
>
> We wish to open only one IP in the firewall.
>
>
> We tried to set a proxy server outside the firewall and define freshclam
> on all the other servers apply to the proxy server.
>
> We did not succeed to configure clamAV and Squid to work together.
>
>1.
>
>Is there a better solution for this problem except  proxy server?
>2.
>
>Can you please send us manual or guidelines how to use this proxy ?
>
> Thanks,
>
> Zvi Kave
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] cdn :/

[Eero Volotinen]

Hi,

Please upgrade to supported version?

Eero

On Wed, Apr 28, 2021 at 3:38 PM Benny Pedersen via clamav-users <
clamav-users@lists.clamav.net> wrote:

>
> i am on cool down, yes since 10-4-2021
>
> missing cdiff imho, so it try the full cvd download that is missing,
> after that cool down :/
>
> am i alone ?
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] CLAMAD - Connecting to socket failed

[Eero Volotinen]

Sorry to say, but 2G is too low memory for clamav. I think it crashes for
out of memory reason.

Upgrade server memory at least to 8G. Memory chips are so cheap..

Eero

On Tue, Apr 27, 2021 at 5:38 PM Zami3l via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Yes, I think so
> RAM 2Go and Swap 4Go
>
> There are only interesting things in the smb logs. Nothing special in
> those of clamd :(
>
> Thank you for answer.
>
> Best Regards,
> Zami3l
>
> April 27, 2021 3:56:21 PM CEST Eero Volotinen 
> wrote:
>
> Is there enough memory on server?
>
> check out the clamd* logs.
>
> Eero
>
> On Tue, Apr 27, 2021 at 4:47 PM Zami3l via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Selinux is disabled.
>
> No problem with clamdscan when I run a scan.
>
> I performed further testing and noticed that:
>
> If I restart clamdscan and then smb everything seems to work.
> For example, if I try to open eicar.com (test virus), it detects malware
> and removes it.
> I can then easily open xls, doc, etc. files. Everything is correct.
>
> However, after a few minutes of use, for no apparent reason, I get this in
> the smb logs:
>
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216663,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216843,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public
> NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902581,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902705,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907650,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907749,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public
> NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939625,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939732,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
>
> After that, nothing works anymore. I am then forced to restart smb.
>
> So the problem seems to become with samba and vfs_virusfilter.
>
> Thank you for answer.
>
> Best Regards,
> Zami3l
>
>
> April 27, 2021 12:29:08 PM CEST Eero Volotinen 
> wrote:
>
> is the clamdscan working correctly? what is selinux status? is it running
> on permissive mode?
>
> Eero
>
> On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Hello everyone,
>
> I have installed clamav for use with samba vfs virus filter.
> I want to be able to scan files as soon as they are opened.
>
> Operating System: CentOS Linux release 7.9.2009 (Core)
>
> The clamd@scan and smb services have no errors at boot time.
>
> As soon as a file is opened, an error appears in the logs and the file is
> not scanned :
>
> # samba_audit.log
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541,  0, pid=8446]
> ../../source3/mod

Re: [clamav-users] CLAMAD - Connecting to socket failed

[Eero Volotinen]

Is there enough memory on server?

check out the clamd* logs.

Eero

On Tue, Apr 27, 2021 at 4:47 PM Zami3l via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Selinux is disabled.
>
> No problem with clamdscan when I run a scan.
>
> I performed further testing and noticed that:
>
> If I restart clamdscan and then smb everything seems to work.
> For example, if I try to open eicar.com (test virus), it detects malware
> and removes it.
> I can then easily open xls, doc, etc. files. Everything is correct.
>
> However, after a few minutes of use, for no apparent reason, I get this in
> the smb logs:
>
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216663,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216843,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public
> NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902581,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902705,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907650,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907749,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public
> NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939625,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939732,  0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
>
> After that, nothing works anymore. I am then forced to restart smb.
>
> So the problem seems to become with samba and vfs_virusfilter.
>
> Thank you for answer.
>
> Best Regards,
> Zami3l
>
>
> April 27, 2021 12:29:08 PM CEST Eero Volotinen 
> wrote:
>
> is the clamdscan working correctly? what is selinux status? is it running
> on permissive mode?
>
> Eero
>
> On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Hello everyone,
>
> I have installed clamav for use with samba vfs virus filter.
> I want to be able to scan files as soon as they are opened.
>
> Operating System: CentOS Linux release 7.9.2009 (Core)
>
> The clamd@scan and smb services have no errors at boot time.
>
> As soon as a file is opened, an error appears in the logs and the file is
> not scanned :
>
> # samba_audit.log
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541,  0, pid=8446]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 10:36:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: %: Aucun fichier ou dossier de ce type
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680,  0, pid=8446]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 10:36:24 X smbd_audit:  virusfilter_scan: Scan result: Error:
> /data/smb2/matrice.xlsx: Initializing scanner failed
>
> # clamd.log
> Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx
> (95, 5), argume

Re: [clamav-users] CLAMAD - Connecting to socket failed

[Eero Volotinen]

is the clamdscan working correctly? what is selinux status? is it running
on permissive mode?

Eero

On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello everyone,
>
> I have installed clamav for use with samba vfs virus filter.
> I want to be able to scan files as soon as they are opened.
>
> Operating System: CentOS Linux release 7.9.2009 (Core)
>
> The clamd@scan and smb services have no errors at boot time.
>
> As soon as a file is opened, an error appears in the logs and the file is
> not scanned :
>
> # samba_audit.log
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541,  0, pid=8446]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 10:36:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: %: Aucun fichier ou dossier de ce type
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680,  0, pid=8446]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 10:36:24 X smbd_audit:  virusfilter_scan: Scan result: Error:
> /data/smb2/matrice.xlsx: Initializing scanner failed
>
> # clamd.log
> Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx
> (95, 5), argument: /data/smb2/matrice.xlsx
> Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY
> Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer
> MODE_COMMAND
> Apr 27 10:32:16 X clamd[8433]: Consumed entire command
> Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low
> threshold -> signaling
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold
> -> signaling
> Apr 27 10:32:16 X clamd[8433]: Finished scanthread
> Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13)
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low
> threshold -> signaling
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold
> -> signaling
> Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8
>
> # smbd.log
> Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710,  0, pid=8446]
> ../../source3/modules/vfs_full_audit.c:624(do_log)
> Apr 27 10:31:22 X smbd[8446]:  do_log() failed to get vfs_handle->data!
>
> The socket clamd is good :
>
> [root@X ~]# netstat --listen
> Sockets du domaine UNIX actives(seulement serveurs)
> Proto RefCnt Flags   Type   State I-Node   Chemin
> unix  2  [ ACC ] STREAM LISTENING 32185
> /run/clamd.scan/clamd.sock
>
> Do you have any ideas please?
> Thank you in advance !
>
> Best Regards,
> Zami3l
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can't start clamd - lchown to user failed

[Eero Volotinen]

well. try to switch to user clamav:

su - clamav -s /bin/bash and try to start clamd in commandline.

Eero

On Sat 24. Apr 2021 at 16.47, Keith Graber  wrote:

> I'm running ClamAV as user 'clamav' who owns /var/log/clamav
>
> drwxr-xr-x  2 clamavclamav 4096 Apr 18 00:00 clamav
>
> the files inside are:
>
> root@:/var/log/clamav# ls -l
> total 420
> -rw-r- 1 clamav adm 11978 Apr 23 11:34 clamav.log
> -rw-r- 1 clamav adm 11718 Apr 18 00:00 clamav.log.1
> -rw-r- 1 clamav adm  1302 Feb 14 00:00 clamav.log.10.gz
> -rw-r- 1 clamav adm  1215 Feb  7 00:00 clamav.log.11.gz
> -rw-r- 1 clamav adm  1989 Jan 31 00:00 clamav.log.12.gz
> -rw-r- 1 clamav adm  1837 Apr 11 00:00 clamav.log.2.gz
> -rw-r- 1 clamav adm  1134 Apr  4 00:00 clamav.log.3.gz
> -rw-r- 1 clamav adm  3376 Mar 28 00:00 clamav.log.4.gz
> -rw-r- 1 clamav adm  1033 Mar 21 00:00 clamav.log.5.gz
> -rw-r- 1 clamav adm  2149 Mar 14 00:00 clamav.log.6.gz
> -rw-r- 1 clamav adm  1096 Mar  7 00:00 clamav.log.7.gz
> -rw-r- 1 clamav adm  1064 Feb 28 00:00 clamav.log.8.gz
> -rw-r- 1 clamav adm  1058 Feb 21 00:00 clamav.log.9.gz
> -rw-r- 1 clamav clamav 118698 Apr 24 08:14 freshclam.log
> -rw-r- 1 clamav adm141909 Apr 18 00:00 freshclam.log.1
> -rw-r- 1 clamav adm  5047 Feb 14 00:00 freshclam.log.10.gz
> -rw-r- 1 clamav adm  5234 Feb  7 00:00 freshclam.log.11.gz
> -rw-r- 1 clamav adm  5543 Jan 31 00:00 freshclam.log.12.gz
> -rw-r- 1 clamav adm  6334 Apr 11 00:00 freshclam.log.2.gz
> -rw-r- 1 clamav adm  5066 Apr  4 00:00 freshclam.log.3.gz
> -rw-r- 1 clamav adm  5268 Mar 28 00:00 freshclam.log.4.gz
> -rw-r- 1 clamav adm  5046 Mar 21 00:00 freshclam.log.5.gz
> -rw-r- 1 clamav adm  5237 Mar 14 00:00 freshclam.log.6.gz
> -rw-r- 1 clamav adm  5072 Mar  7 00:00 freshclam.log.7.gz
> -rw-r- 1 clamav adm  5071 Feb 28 00:00 freshclam.log.8.gz
> -rw-r- 1 clamav adm  5074 Feb 21 00:00 freshclam.log.9.gz
>
> -Original Message-
> From: Micah Snyder (micasnyd) 
> Sent: Friday, April 23, 2021 3:48 PM
> To: ClamAV users ML 
> Subject: Re: [clamav-users] Can't start clamd - lchown to user failed
>
> lchown isn't a program, it's a C function provided by `unistd.h`. The
> error likely has to do with the permissions of the /var/log/clamav
> directory (if it exists), and which user the program is running as.
>
> -Micah
>
> > -Original Message-
> > From: clamav-users  On Behalf
> > Of Keith Graber
> > Sent: Friday, April 23, 2021 1:16 PM
> > To: 'clamav-users@lists.clamav.net' 
> > Subject: [clamav-users] Can't start clamd - lchown to user failed
> >
> > Hello everyone,
> >
> > I'm running a Ubuntu 20.04 server.  I've had ClamAV installed and
> > running with on-access successfully.
> >
> > I did an apt upgrade that included ClamAV v0.103.2 and since then I
> > can't get clamd to start.
> >
> > The error is: ERROR: lchown to user 'clamav' failed on log file
> > '/var/log/clamav/clamav.log'. Error was 'Operation not permitted'
> >
> > lchown is not installed on my system and I'm not finding it in the
> > Ubuntu software repository.  Searching the web led me to a lchown man
> > page that states this is for changing syslinks, but
> > /var/log/clamav/clamav.log is not a syslink'd file.
> >
> > Is lchown a new requirement for v0.103.2?
> >
> > How can I get clamd working again?
> >
> > Thanks!
> >
> > Keith Graber
> >
> > ___
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Getting 403 error : cvshealth

[Eero Volotinen]

File is not used anymore. remove it from you config files.

Eero

On Wed, Apr 14, 2021 at 9:32 PM Puri, Rohit via clamav-users <
clamav-users@lists.clamav.net> wrote:

>  Hi Team
>
> Can you please help support on this , I am getting the following errors .
>
>
>
> ^downloadFile: Unexpected response (403) from
> https://database.clamav.net/safebrowsing.cvd
>
>
>
> NAT Ip’s
>
>
>
> 34.86.65.138
>
> 34.94.13.47
>
> 35.245.162.123
>
> 35.236.98.81
>
>
>
>
>
> Best Regards,
> Rohit Puri | Sr. Advisor, Digital Architecture
> d: 847-484-9629 | c: 847-840-5113 |  e: *rohit.p...@cvshealth.com
> *
> CVS Health | 2100 E Lake cook rd, Buffalo Grove, IL 60089
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav on rhel 6.7 x32

[Eero Volotinen]

Maybe.

It might be possible to modify source rpms to add support for latest
clamav..

Eero

On Wed, Apr 14, 2021 at 12:19 PM Gary R. Schmidt  wrote:

> On 14/04/2021 08:27, Eero Volotinen wrote:
> > Hi,
> >
> > I think that installing following files will fix your problem.
> >
> >
> https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-0.100.3-1.el6.i686.rpm
> > <
> https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-0.100.3-1.el6.i686.rpm
> >
> >
> https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-db-0.100.3-1.el6.i686.rpm
> > <
> https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-db-0.100.3-1.el6.i686.rpm
> >
> >
> > Please test first on your test system. I only tested on centos 6.7 x32
> >
> > "if it breaks, you can keep both pieces"
> >It won't fix his problem, it just postpones it.
>
> When 0.100.3 drops off the planet he would be back, asking the same
> question - unless he managed to get the system updated, but the odds are
> it would just be to another dead version.  (BTDTGTTS)
>
> Cheers,
> GaryB-)
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav on rhel 6.7 x32

[Eero Volotinen]

Well. this is the easiest solution for antique rhel 6.7

No one provides more updates packages anymore.

Eero

On Wed, Apr 14, 2021 at 3:27 AM Joel Esler (jesler) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> I wouldn’t install something that old. I would go ahead and move on.
>
> Sent from my  iPhone
>
> On Apr 13, 2021, at 18:29, Eero Volotinen  wrote:
>
> 
> Hi,
>
> I think that installing following files will fix your problem.
>
>
> https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-0.100.3-1.el6.i686.rpm
>
> https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-db-0.100.3-1.el6.i686.rpm
>
> Please test first on your test system. I only tested on centos 6.7 x32
>
> "if it breaks, you can keep both pieces"
>
> Eero
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamav on rhel 6.7 x32

[Eero Volotinen]

Hi,

I think that installing following files will fix your problem.

https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-0.100.3-1.el6.i686.rpm
https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-db-0.100.3-1.el6.i686.rpm

Please test first on your test system. I only tested on centos 6.7 x32

"if it breaks, you can keep both pieces"

Eero

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Last ClamAV compatible with x32

[Eero Volotinen]

Looks like there is still supported clam av available from epel vault:
https://archives.fedoraproject.org/pub/archive/epel/6/i386/Packages/c/clamav-0.100.3-1.el6.i686.rpm

Eero

On Tue, Apr 13, 2021 at 7:25 AM Paul Kosinski via clamav-users <
clamav-users@lists.clamav.net> wrote:

> I have sometimes been able to find older RPMs for various system
> components at rpm.pbone.net, but it can be tedious.
>
> On Mon, 12 Apr 2021 15:10:01 -0500
> "J.R. via clamav-users"  wrote:
>
> > > I've made some investigation and the people on google says that this
> > > is a BUG with zlib, and the last zlib for RHEL 6.7 x32 fail to
> correctly
> > > decompress the CVD signature database.
> > >
> > > A solution is to use a newer version of zlib but I'm not able to find a
> > > newer version of zlib for this version of RHEL 6.7 x32. Newer than
> > > the one for the RHEL repositories.
> > >
> > > Any advice?
> >
> > There was an EL6 clamav RPM that had included a newer version of zlib
> > to build statically with it so it would work with the newer database
> > files. Updating the spec and building your own RPM is not hard.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Unable to Update

[Eero Volotinen]

Hi,

What is your clamav/freshclam version.

Eero

On Tue, Apr 13, 2021 at 10:46 PM j via clamav-users <
clamav-users@lists.clamav.net> wrote:

>   I've been getting the following message'WARNING: getpatch: Can't
> download daily-26093.cdiff from database.clamav.net
> WARNING: getpatch: Can't download daily-26093.cdiff from
> database.clamav.net
> WARNING: getpatch: Can't download daily-26093.cdiff from
> database.clamav.net
> WARNING: Can't download daily.cvd from database.clamav.net
> Trying again in 5 secs..."  for weeks when attempting an
> update???
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Last ClamAV compatible with x32

[Eero Volotinen]

Probably the easiest way is to recompile package under centos 6.7 and then
install it on rhel 6.7

Eero

On Mon, Apr 12, 2021 at 11:11 PM J.R. via clamav-users <
clamav-users@lists.clamav.net> wrote:

> > I've made some investigation and the people on google says that this
> > is a BUG with zlib, and the last zlib for RHEL 6.7 x32 fail to correctly
> > decompress the CVD signature database.
> >
> > A solution is to use a newer version of zlib but I'm not able to find a
> > newer version of zlib for this version of RHEL 6.7 x32. Newer than
> > the one for the RHEL repositories.
> >
> > Any advice?
>
> There was an EL6 clamav RPM that had included a newer version of zlib
> to build statically with it so it would work with the newer database
> files. Updating the spec and building your own RPM is not hard.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Last ClamAV compatible with x32

[Eero Volotinen]

Just compile on test system with —prefix=/opt/clamav



Eero

On Mon 12. Apr 2021 at 18.45, Richard Graham via clamav-users <
clamav-users@lists.clamav.net> wrote:

>
> On Mon, Apr 12, 2021 at 5:28 PM Gary R. Schmidt  wrote:
>
>> On 13/04/2021 01:22, Sorin Petrut Niculae via clamav-users wrote:
>> newer version of zlib for this version of RHEL 6.7 x32. Newer than the
>> > one for the RHEL repositories.
>> >
>> >
>> > Any advice?
>> >
>> Build it from source.
>>
>> As I have said before, it is trivially easy to solve these problems.
>>
>> Cheers,
>> GaryB-)
>>
>
> ... just be mindful of of the possibility of "dependency hell".  I.e., you
> may need to install more recent dependencies for clamav than what already
> exist, and still need to be present, for your other distro apps, etc.  If
> clamav is/will be the only external app needing recent dependencies,
> putting everything under /usr/local may be sufficient.  If you have other
> external apps that have overlapping dependencies, you may need to
> compartmentalize/isolate the dependencies more.
>
> Make sure to build/install in such a way that it's easy to return your
> system to its starting state (backups, isolation, etc.).  If you clobber
> any current dependencies, returning your system to a working state may be
> difficult.
>
> Good luck!
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Last ClamAV compatible with x32

[Eero Volotinen]

Sounds like some strict security policy requirement.

It's possible to install working av on system.

Eero

On Mon, Apr 12, 2021 at 5:03 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Mon, 12 Apr 2021, Sorin Petrut Niculae via clamav-users wrote:
>
> > I hace a critical system with rhel 6.7 x32 and it's impossible to
> > upload it to a newer version of rhel and I need to find a solution
> > to install ClamAV on that system.
>
> Just in case you're thinking that installing ClamAV on a system which
> you do not keep up to date is some kind of alternative to keeping the
> system up to date, it is nothing of the kind.  Not even close.
>
> --
>
> 73,
> Ged.
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Last ClamAV compatible with x32

[Eero Volotinen]

Well. I don't think that is true as it works on my test system.

Is there enough ram memory installed to the server?

Eero

On Mon, Apr 12, 2021 at 2:50 PM Sorin Petrut Niculae 
wrote:

> Hello,
>
>
> After installing the ddbb is not working and I've got the next errors:
>
>
>- [redhat@redhat clamav]$ clamscan -ar /home
>
>
>- LibClamAV Error: cli_cvdload:Corrupted CVD header
>
>
>- LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd:
>Malformed database
>
>
>- LibClamAV Error: cli_loadbdir(): error loading database
>/usr/local/share/clamv/daily.cvd
>
>
>- ERROR: Malformed database
>
>
> I've made some search on google and what I see is the fact that the last
> ddbb is not compatible with x32 bits due to some libraries like zlib x32.
>
>
> Is this true?
>
>
> Regards.
>
>
>
>
> *Sorin Petrut Niculae *GMV Aerospace and Defence
>
> Administrador de sistemas e infraestructura /
> IT systems & infrastructure administrator
>
> GMV
> Isaac Newton, 11
> P.T.M. Tres Cantos
> 28760 Madrid
>
> España
> Tel. +34 91 807 21 00
> Fax +34 91 807 21 99
> www.gmv.com
>
> <http://www.facebook.com/infoGMV>
>
> <http://www.twitter.com/infoGMV_es>
>
> <http://www.youtube.com/infoGMV>
>
> <https://www.linkedin.com/company/gmv>
>
> <http://www.gmv.com/en/RSS>
>
> <http://www.gmv.com/blog_gmv/language/en/>
>
> P Please consider the environment before printing this e-mail.
> --
> *De:* Eero Volotinen 
> *Enviado:* lunes, 12 de abril de 2021 13:43:35
> *Para:* ClamAV users ML
> *Cc:* Sorin Petrut Niculae
> *Asunto:* Re: [clamav-users] Last ClamAV compatible with x32
>
> Yes and it works?
>
> What is the main issue?
>
> Eero
>
> On Mon 12. Apr 2021 at 14.41, Sorin Petrut Niculae via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> Hello all,
>>
>>
>> I have one doubt for solve, Is possible to use last ClamAV with rhel 6.7
>> x32 and zlib x32?
>>
>>
>> I hace a critical system with rhel 6.7 x32 and it's impossible to upload
>> it to a newer version of rhel and I need to find a solution to install
>> ClamAV on that system.
>>
>>
>> Any possible solution ?
>>
>>
>> Regards.
>>
>>
>>
>>
>> *Sorin Petrut Niculae *GMV Aerospace and Defence
>>
>> Administrador de sistemas e infraestructura /
>> IT systems & infrastructure administrator
>>
>> GMV
>> Isaac Newton, 11
>> <https://urldefense.com/v3/__https://www.google.com/maps/search/Isaac*Newton,*11?entry=gmail=g__;Kys!!MvyJQugb!RXjmAT23p3bGvoolFGkIoEPZzseMZ7c6w8sNWRn1L3lbXddb81uJfIu4h_0x$>
>> P.T.M. Tres Cantos
>> 28760 Madrid
>>
>> España
>> Tel. +34 91 807 21 00
>> Fax +34 91 807 21 99
>> www.gmv.com
>>
>>
>> <https://urldefense.com/v3/__http://www.facebook.com/infoGMV__;!!MvyJQugb!RXjmAT23p3bGvoolFGkIoEPZzseMZ7c6w8sNWRn1L3lbXddb81uJfNF-evs8$>
>>
>>
>> <https://urldefense.com/v3/__http://www.twitter.com/infoGMV_es__;!!MvyJQugb!RXjmAT23p3bGvoolFGkIoEPZzseMZ7c6w8sNWRn1L3lbXddb81uJfBn_qk0T$>
>>
>>
>> <https://urldefense.com/v3/__http://www.youtube.com/infoGMV__;!!MvyJQugb!RXjmAT23p3bGvoolFGkIoEPZzseMZ7c6w8sNWRn1L3lbXddb81uJfOaMxv07$>
>>
>>
>> <https://urldefense.com/v3/__https://www.linkedin.com/company/gmv__;!!MvyJQugb!RXjmAT23p3bGvoolFGkIoEPZzseMZ7c6w8sNWRn1L3lbXddb81uJfB_73rRq$>
>>
>> <http://www.gmv.com/en/RSS>
>>
>> <http://www.gmv.com/blog_gmv/language/en/>
>>
>> P Please consider the environment before printing this e-mail.
>>
>> P Please consider the environment before printing this e-mail.
>>
>> ___
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> <https://urldefense.com/v3/__https://lists.clamav.net/mailman/listinfo/clamav-users__;!!MvyJQugb!RXjmAT23p3bGvoolFGkIoEPZzseMZ7c6w8sNWRn1L3lbXddb81uJfNd188HN$>
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> <https://urldefense.com/v3/__https://github.com/vrtadmin/clamav-faq__;!!MvyJQugb!RXjmAT23p3bGvoolFGkIoEPZzseMZ7c6w8sNWRn1L3lbXddb81uJfKbCp7JC$>
>>
>> http://www.clamav.net/contact.html#ml
>> <https://urldefense.com/v3/__http://www.clamav.net/contact.html*ml__;Iw!!MvyJQugb!RXjmAT23p3bGvoolFGkIoEPZzseMZ7c6w8sNWRn1L3lbXddb81uJfDATMV-Y$>
>>
>
> P Please consider the environment before printing this e-mail.
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Last ClamAV compatible with x32

[Eero Volotinen]

Yes and it works?

What is the main issue?

Eero

On Mon 12. Apr 2021 at 14.41, Sorin Petrut Niculae via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello all,
>
>
> I have one doubt for solve, Is possible to use last ClamAV with rhel 6.7
> x32 and zlib x32?
>
>
> I hace a critical system with rhel 6.7 x32 and it's impossible to upload
> it to a newer version of rhel and I need to find a solution to install
> ClamAV on that system.
>
>
> Any possible solution ?
>
>
> Regards.
>
>
>
>
> *Sorin Petrut Niculae *GMV Aerospace and Defence
>
> Administrador de sistemas e infraestructura /
> IT systems & infrastructure administrator
>
> GMV
> Isaac Newton, 11
> 
> P.T.M. Tres Cantos
> 28760 Madrid
>
> España
> Tel. +34 91 807 21 00
> Fax +34 91 807 21 99
> www.gmv.com
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> P Please consider the environment before printing this e-mail.
>
> P Please consider the environment before printing this e-mail.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] vistumbler as false positive

[Eero Volotinen]

Well, wifi scanning tool is not really hacking tool.

Eero

On Fri 9. Apr 2021 at 15.59, Arnaud Jacques 
wrote:

> Anyway, according to the official website "Vistumbler is wireless
> network scanner", aka a hack tool and should be detected as PUA at minimum.
>
> https://www.clamav.net/documents/potentially-unwanted-applications-pua
>
>
> Le 09/04/2021 à 05:59, Eero Volotinen a écrit :
> > got response:
> >
> > ” There are three downloads available for 10.7 The SHA256 of those files
> > should be
> >
> > Vistumbler_v10-7.exe -
> > ECA2ACE14102F623E1C2490257FB645611314C918E45A845AE7337CEFA6FFD01
> > Vistumbler_v10-7.zip -
> > 7CC806B74131BCCA5AE11EE81E39152DBC61F1477108FFDE7E416927C196DBA0
> > Vistumbler_v10-7_Portable.zip -
> > F729B9BBAEADFF288D78655B996102CC4274CB2D5527F58A1464EEF3BE9D636C
> >
> > All 3 should contain the same files.
> >
> >   * the non portable zip is just vistumbler with default settings
> > (storing data in your profile temp directory and documents folder)
> >   * the exe file is just the zip file packed into an installer with NSIS
> > ( https://nsis.sourceforge.io/Main_Page
> > <https://nsis.sourceforge.io/Main_Page> )
> >   * the portable version has different settings which cause temp files
> > and save files to be stored inside the same directory as the program
> > (better for portable use) instead of inside your windows profile.
> >
> > I went and reanalyzed the file you submitted to virus total and it looks
> > like bitdefender no longer considers them viruses, so it seems they
> > consider it a false positive. You can see if you go to the link you
> > posted above,
> >
> https://www.virustotal.com/gui/file/7cc806b74131bcca5ae11ee81e39152dbc61f1477108ffde7e416927c196dba0/detection
> > <
> https://www.virustotal.com/gui/file/7cc806b74131bcca5ae11ee81e39152dbc61f1477108ffde7e416927c196dba0/detection>bitdefender
>
> > has removed the detection”
> >
> >
> > Eero
> >
> >
> > On Thu 8. Apr 2021 at 17.02, Andrew C Aitchison via clamav-users
> > mailto:clamav-users@lists.clamav.net>>
> > wrote:
> >
> >
> > On Thu, 8 Apr 2021, Eero Volotinen wrote:
> >
> >  >
> >
> https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe
> > <
> https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe
> >
> >  >
> >  > Looks like this is (vistumbler) detected as false positive.
> >
> > and
> >
> > On Thu, 8 Apr 2021, Arnaud Jacques wrote:
> >  > At first look, ClamAV is not the only one that flags it as
> malware :
> >  >
> >
> https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection
> > <
> https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection
> >
> >
> > and https://vistumbler.en.lo4d.com/virus-malware-tests
> > <https://vistumbler.en.lo4d.com/virus-malware-tests>
> > but that has a different sha256sum.
> > Hmm.
> >
> > If I feed the github URL into virustotal it comes up clean
> >
> https://www.virustotal.com/gui/url/09809c38129bd5ec94289969d9c35e97f5867f67b0a35d2acd9e811d34f8d89a/detection
> > <
> https://www.virustotal.com/gui/url/09809c38129bd5ec94289969d9c35e97f5867f67b0a35d2acd9e811d34f8d89a/detection
> >
> >
> > but if I download the file and give that to virustotal I get
> >
> https://www.virustotal.com/gui/file/eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01/detection
> > <
> https://www.virustotal.com/gui/file/eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01/detection
> >
> > (the bit between file/ and /detection matches the sha256sum of my
> > file and that on https://vistumbler.en.lo4d.com/virus-malware-tests
> > <https://vistumbler.en.lo4d.com/virus-malware-tests> ).
> >
> > Initially that page reported
> >19 security vendors flagged this file as malicious
> >Size 6.92 MB
> > direct-cpu-clock-access invalid-signature
> > nsis overlay peexe runtime-modules signed
> > but when I asked virustotal to rescan, "19 security vendors" changed
> > to "16 security vendors".
> >
> > I have put my copy at:
> >
> https://www.aitchison.me.uk/Vistumbler_v10-

Re: [clamav-users] vistumbler as false positive

[Eero Volotinen]

got response:

” There are three downloads available for 10.7 The SHA256 of those files
should be

Vistumbler_v10-7.exe -
ECA2ACE14102F623E1C2490257FB645611314C918E45A845AE7337CEFA6FFD01
Vistumbler_v10-7.zip -
7CC806B74131BCCA5AE11EE81E39152DBC61F1477108FFDE7E416927C196DBA0
Vistumbler_v10-7_Portable.zip -
F729B9BBAEADFF288D78655B996102CC4274CB2D5527F58A1464EEF3BE9D636C

All 3 should contain the same files.

   - the non portable zip is just vistumbler with default settings (storing
   data in your profile temp directory and documents folder)
   - the exe file is just the zip file packed into an installer with NSIS (
   https://nsis.sourceforge.io/Main_Page )
   - the portable version has different settings which cause temp files and
   save files to be stored inside the same directory as the program (better
   for portable use) instead of inside your windows profile.

I went and reanalyzed the file you submitted to virus total and it looks
like bitdefender no longer considers them viruses, so it seems they
consider it a false positive. You can see if you go to the link you posted
above,
https://www.virustotal.com/gui/file/7cc806b74131bcca5ae11ee81e39152dbc61f1477108ffde7e416927c196dba0/detectionbitdefender
has removed the detection”


Eero

On Thu 8. Apr 2021 at 17.02, Andrew C Aitchison via clamav-users <
clamav-users@lists.clamav.net> wrote:

>
> On Thu, 8 Apr 2021, Eero Volotinen wrote:
>
> >
> https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe
> >
> > Looks like this is (vistumbler) detected as false positive.
>
> and
>
> On Thu, 8 Apr 2021, Arnaud Jacques wrote:
> > At first look, ClamAV is not the only one that flags it as malware :
> >
> https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection
>
> and https://vistumbler.en.lo4d.com/virus-malware-tests
> but that has a different sha256sum.
> Hmm.
>
> If I feed the github URL into virustotal it comes up clean
>
> https://www.virustotal.com/gui/url/09809c38129bd5ec94289969d9c35e97f5867f67b0a35d2acd9e811d34f8d89a/detection
>
> but if I download the file and give that to virustotal I get
>
> https://www.virustotal.com/gui/file/eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01/detection
> (the bit between file/ and /detection matches the sha256sum of my file and
> that on https://vistumbler.en.lo4d.com/virus-malware-tests ).
>
> Initially that page reported
>   19 security vendors flagged this file as malicious
>   Size 6.92 MB
>direct-cpu-clock-access invalid-signature
>nsis overlay peexe runtime-modules signed
> but when I asked virustotal to rescan, "19 security vendors" changed to
> "16 security vendors".
>
> I have put my copy at:
>
> https://www.aitchison.me.uk/Vistumbler_v10-7.eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01.exe
>
> I think this means that raw.github.com has given out at least three
> different versions of this file. Eero, could you pass this back to
> the Vistumbler developer "Andrew" (Calcutt?) please ?
>
> # file Vistumbler_v10-7.exe
> Vistumbler_v10-7.exe: PE32 executable (GUI) Intel 80386, for MS Windows,
> Nullsoft Installer self-extracting archive
>
> # host raw.github.com
> raw.github.com has address 185.199.108.133
> raw.github.com has address 185.199.109.133
> raw.github.com has address 185.199.110.133
> raw.github.com has address 185.199.111.133
>
> On Thu, 8 Apr 2021, Eero Volotinen wrote:
>
> > comment from developer
> >
> > "Unfortunately autoit, which vistumbler is written in, gets flagged
> > as a false positive a lot. Vistumbler has struggled with this since
> > the beginning.
> >
> > I recently submitted the 10.7 release files to microsoft for false
> > detection and they removed the false detection, so i think these
> > files are fine. However I have also just submitted a false positive
> > report to bitdefender, so we can see if they remove it too.
> >
> > If vistumbler gets flagged by your AV company, my suggestion is to
> > submit it as a false positive to them. I really don't have the time
> > to chase down all these AV companies.
> >
> > -Andrew"
>
> Not sure about this as it is open source, but if I were paying for
> the software I would expect them to liase with the AV companies.
>
> --
> Andrew C. Aitchison Kendal, UK
>   and...@aitchison.me.uk
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>

Re: [clamav-users] vistumbler as false positive

[Eero Volotinen]

>
> Not sure about this as it is open source, but if I were paying for
> the software I would expect them to liase with the AV companies.
>

 Well. not sure if this software is malware or not. a bit worried about
that.

Eero

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] vistumbler as false positive

[Eero Volotinen]

comment from developer

” Unfortunately autoit, which vistumbler is written in, gets flagged as a
false positive a lot. Vistumbler has struggled with this since the
beginning.

I recently submitted the 10.7 release files to microsoft for false
detection and they removed the false detection, so i think these files are
fine. However I have also just submitted a false positive report to
bitdefender, so we can see if they remove it too.

If vistumbler gets flagged by your AV company, my suggestion is to submit
it as a false positive to them. I really don't have the time to chase down
all these AV companies.

-Andrew”

On Thu 8. Apr 2021 at 13.49, Al Varnell via clamav-users <
clamav-users@lists.clamav.net> wrote:

> That signature has been in the ClamAV daily.ldb database since Jan 15 and
> appears to be looking for some relatively unique strings:
>
> % sigtool -fWin.Malware.Generic-9819492-0|sigtool --decode-sigs
> VIRUS NAME: Win.Malware.Generic-9819492-0
> TDB: Engine:81-255,Target:1
> LOGICAL EXPRESSION: 0&1&2&3&4
>  * SUBSIG ID 0
>  +-> OFFSET: ANY
>  +-> SIGMOD: WIDE
>  +-> DECODED SUBSIGNATURE:
> *Unable to get a list of running processes.
>  * SUBSIG ID 1
>  +-> OFFSET: ANY
>  +-> SIGMOD: WIDE
>  +-> DECODED SUBSIGNATURE:
> 0Expected a "=" operator in assignment statement.*Invalid keyword at the
> start of this line.
>  * SUBSIG ID 2
>  +-> OFFSET: ANY
>  +-> SIGMOD: WIDE
>  +-> DECODED SUBSIGNATURE:
> api-ms-win-core-synch-l1-2-0.dll
>  * SUBSIG ID 3
>  +-> OFFSET: ANY
>  +-> SIGMOD: NONE
>  +-> DECODED SUBSIGNATURE:
> internal error: invalid forward reference offset
>  * SUBSIG ID 4
>  +-> OFFSET: ANY
>  +-> SIGMOD: WIDE
>  +-> DECODED SUBSIGNATURE:
> Error parsing function call.0Incorrect number of parameters in function
> call.'"ReDim" used without an array variable.>
>
> -Al-
>
> On Apr 8, 2021, at 03:24, Arnaud Jacques 
> wrote:
>
>
> Hello,
>
> At first look, ClamAV is not the only one that flags it as malware :
>
>
> https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection
>
>
> Le 08/04/2021 à 11:41, Eero Volotinen a écrit :
>
> Thanks. I submitted files via that url.
>  clamscan Vistumbler_v1*
> /
> root/Vistumbler_v10-7.exe: OK
> /root/Vistumbler_v10-7_Portable.zip: Win.Malware.Generic-9819492-0 FOUND
> /root/Vistumbler_v10-7.zip: Win.Malware.Generic-9819492-0 FOUND
> So. looks like this is false positive on vistumbler..
> Eero
> On Thu, Apr 8, 2021 at 5:03 AM Al Varnell via clamav-users <
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net
> >> wrote:
>Without knowing the name of the infection I can't provide even a
>guess as to whether it is or not, but the exact answer to your
>question is for you to report it by filling out the form found
>@https://www.clamav.net/reports/fp
><https://www.clamav.net/reports/fp> including the file itself.
>Sent from my iPad
>-Al-
>On Apr 7, 2021, at 18:03, Eero Volotinen <mailto:eero.voloti...@iki.fi >> wrote:
>
>
> https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe
><
> https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe
> >
>
>Looks like this is (vistumbler) detected as false positive.
>
>How to fix this?
>
>Eero
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] vistumbler as false positive

[Eero Volotinen]

Thanks. I submitted files via that url.

 clamscan Vistumbler_v1*
/
root/Vistumbler_v10-7.exe: OK
/root/Vistumbler_v10-7_Portable.zip: Win.Malware.Generic-9819492-0 FOUND
/root/Vistumbler_v10-7.zip: Win.Malware.Generic-9819492-0 FOUND

So. looks like this is false positive on vistumbler..

Eero

On Thu, Apr 8, 2021 at 5:03 AM Al Varnell via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Without knowing the name of the infection I can't provide even a guess as
> to whether it is or not, but the exact answer to your question is for you
> to report it by filling out the form found @
> https://www.clamav.net/reports/fp including the file itself.
>
> Sent from my iPad
>
> -Al-
>
> On Apr 7, 2021, at 18:03, Eero Volotinen  wrote:
>
>
> https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe
>
> Looks like this is (vistumbler) detected as false positive.
>
> How to fix this?
>
> Eero
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] vistumbler as false positive

[Eero Volotinen]

https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe

Looks like this is (vistumbler) detected as false positive.

How to fix this?

Eero

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

[Eero Volotinen]

Well,

For some reasons they backported tls 1.2 support to openssl
1.0.1-e-something that is shipped with RHEL 6.5(+).

Eero

On Tue, Apr 6, 2021 at 9:34 PM Arjen de Korte via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Citeren Eero Volotinen :
>
> > Well redhat backports some fixes usually as you can see:
> >
> > https://access.redhat.com/blogs/766093/posts/1976123
>
> Backporting fixes/features, doesn't make openssl-1.0.1 equivalent to
> openssl-1.0.2. If that was the case, it wouldn't make sense to
> backport the fixes/features: you would just update to the newer version.
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

[Eero Volotinen]

Well redhat backports some fixes usually as you can see:

https://access.redhat.com/blogs/766093/posts/1976123

Eero

On Tue, Apr 6, 2021 at 7:36 PM Arjen de Korte via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Citeren Eero Volotinen :
>
> > Well. I think that it just works as RHEL 6.7 supports tls v1.2
>
> TLS 1.2 was first available in openSSL 1.0.1 and ClamAV requires at
> least 1.0.2 now, so there is no guarantee. As someone else already
> mentioned, RHEL 6.10 (which was EOL'd in Novemver 2020) comes with
> openSSL 1.0.1e, so I doubt RHEL 6.7 has a more recent version.
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

[Eero Volotinen]

Well. I think that it just works as RHEL 6.7 supports tls v1.2

Clamav is linked to too old openssl version?

Eero

On Tue, Apr 6, 2021 at 6:49 PM Andrew C Aitchison via clamav-users <
clamav-users@lists.clamav.net> wrote:

> On Tue, 6 Apr 2021, Sorin Petrut Niculae via clamav-users wrote:
>
> > Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32
> >
> > I was able to install and copy the ddbb files (manually) to
> /usr/local/share/clamav but when I run clamscan I got the next error
> message:
> >
> >  *   [redhat@redhat clamav]$ clamscan -ar /home
> >
> >  *   LibClamAV Error: cli_cvdload:Corrupted CVD header
> >
> >  *   LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd:
> Malformed database
> >
> >  *   LibClamAV Error: cli_loadbdir(): error loading database
> /usr/local/share/clamv/daily.cvd
> >
> >  *   ERROR: Malformed database
>
> RHEL 6.10 reached EOL in November - more than four months ago.
>
> In particular 6.10 has openssl v1.0.1e which is too old.
> RHEL 6.7 is likely to have an even older openssl library.
> This is likely to be the main source of your freshclam problems.
>
> Where are you getting your clam package from ?
>
> I do have a copy of clamav 103.1 which I built against OpenSSL 1.1.1c
> and run on *64*bit Scientific Linux 6.10 (a clone of RHEL 6.10)
> but I copy the database files from an Ubuntu 20.10 machine
> rather than run freshclam on this old (virtual) machine.
>
> Unless you have changed the defaults, freshclam needs almost 4GB RAM to
> update successfully, which wont help on a 32bit machine.
>
> [ Off topic ]
> Ged suggests upgrading RHEL 6 to RHEL 8, skipping RHEL 7.
> If you are considering this, consider your other options too.
> Not only is RHEL8 very different from RHEL7, the support policy for
> the "free version" CentOS8 is radically different and expires sooner
> than that of CentOS7.
>
>
> > And if I'm trying to download the DDBB with freshclam I got the SSL
> connect error
> >
> > Tue Apr  6 15:36:15 2021 -> !Download failed (35) Tue Apr  6 15:36:15
> 2021 -> ! Message: SSL connect error
> > Tue Apr  6 15:36:15 2021 -> !getpatch: Can't download daily-26132.cdiff
> from https://database.clamav.net/daily-26132.cdiff
> > Tue Apr  6 15:36:15 2021 -> ^Incremental update failed, trying to
> download daily.cvd
> > Tue Apr  6 15:36:15 2021 -> *Retrieving
> https://database.clamav.net/daily.cvd
> > Tue Apr  6 15:36:15 2021 -> *downloadFile: Download source:
> https://database.clamav.net/daily.cvd
> > Tue Apr  6 15:36:15 2021 -> *downloadFile: Download destination:
> /usr/local/share/clamav/tmp.0b80a530f1/clamav-edfe0e16c0b9c746ff8439d366a29b5e.tmp
> > * About to connect() to database.clamav.net port 443 (#0)
> > *   Trying 104.16.219.84... * connected
> > * Connected to database.clamav.net (104.16.219.84) port 443 (#0)
> > *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
> >  CApath: none
> > * NSS error -12190
> > * Closing connection #0
> > * SSL connect error
> >
> > Can anyone told me what is necessary to do to run the ClamAV on rhel 6.7
> x32
> > or to solve those errors?
>
> --
> Andrew C. Aitchison Kendal, UK
> and...@aitchison.me.uk
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

[Eero Volotinen]

At least the command works on centos 6.7 x32 (rhel clone)

Is the clamav installed from packages or using sources?

Eero

On Tue, Apr 6, 2021 at 5:39 PM Joel Esler (jesler) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> More accurately:
>
> openssl s_client -connect database.clamav.net:443 -servername
> database.clamav.net
>
> On Apr 6, 2021, at 10:33 AM, Eero Volotinen  wrote:
>
> Hi,
>
>
> https://www-archive.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html
>
> Your nss errorcode means following:
>
> SSL_ERROR_PROTOCOL_VERSION_ALERT -12190 "Peer reports incompatible or
> unsupported protocol version."
> is this command working
>
> openssl s_client -connect  database.clamav.net:443  ?
>
> Eero
>
> On Tue, Apr 6, 2021 at 5:26 PM Sorin Petrut Niculae via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> Dear all,
>>
>>
>> Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32
>>
>>
>> I was able to install and copy the ddbb files (manually) to
>> /usr/local/share/clamav but when I run clamscan I got the next error
>> message:
>>
>>- [redhat@redhat clamav]$ clamscan -ar /home
>>
>>
>>- LibClamAV Error: cli_cvdload:Corrupted CVD header
>>
>>
>>- LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd:
>>Malformed database
>>
>>
>>- LibClamAV Error: cli_loadbdir(): error loading database
>>/usr/local/share/clamv/daily.cvd
>>
>>
>>- ERROR: Malformed database
>>
>>
>> And if I'm trying to download the DDBB with freshclam I got the SSL
>> connect error
>>
>>
>>
>> Tue Apr  6 15:36:15 2021 -> !Download failed (35) Tue Apr  6 15:36:15
>> 2021 -> ! Message: SSL connect error
>> Tue Apr  6 15:36:15 2021 -> !getpatch: Can't download daily-26132.cdiff
>> from https://database.clamav.net/daily-26132.cdiff
>> Tue Apr  6 15:36:15 2021 -> ^Incremental update failed, trying to
>> download daily.cvd
>> Tue Apr  6 15:36:15 2021 -> *Retrieving
>> https://database.clamav.net/daily.cvd
>> Tue Apr  6 15:36:15 2021 -> *downloadFile: Download source:
>> https://database.clamav.net/daily.cvd
>> Tue Apr  6 15:36:15 2021 -> *downloadFile: Download destination:
>> /usr/local/share/clamav/tmp.0b80a530f1/clamav-edfe0e16c0b9c746ff8439d366a29b5e.tmp
>> * About to connect() to database.clamav.net port 443 (#0)
>> *   Trying 104.16.219.84... * connected
>> * Connected to database.clamav.net (104.16.219.84) port 443 (#0)
>> *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
>>   CApath: none
>> * NSS error -12190
>> * Closing connection #0
>> * SSL connect error
>>
>> Can anyone told me what is necessary to do to run the ClamAV on rhel 6.7
>> x32
>>
>> or to solve those errors?
>>
>>
>> Thanks in addition.
>>
>>
>>
>> Regards.
>>
>> Sorin Petrut Niculae
>> [image: cid:image009.jpg@01D4C7AC.7C1B4010]
>> P Please consider the environment before printing this e-mail.
>>
>>
>> P Please consider the environment before printing this e-mail.
>>
>> ___
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

[Eero Volotinen]

Hi,

https://www-archive.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html

Your nss errorcode means following:

SSL_ERROR_PROTOCOL_VERSION_ALERT -12190 "Peer reports incompatible or
unsupported protocol version."
is this command working

openssl s_client -connect  database.clamav.net:443  ?

Eero

On Tue, Apr 6, 2021 at 5:26 PM Sorin Petrut Niculae via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Dear all,
>
>
> Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32
>
>
> I was able to install and copy the ddbb files (manually) to
> /usr/local/share/clamav but when I run clamscan I got the next error
> message:
>
>- [redhat@redhat clamav]$ clamscan -ar /home
>
>
>- LibClamAV Error: cli_cvdload:Corrupted CVD header
>
>
>- LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd:
>Malformed database
>
>
>- LibClamAV Error: cli_loadbdir(): error loading database
>/usr/local/share/clamv/daily.cvd
>
>
>- ERROR: Malformed database
>
>
> And if I'm trying to download the DDBB with freshclam I got the SSL
> connect error
>
>
> Tue Apr  6 15:36:15 2021 -> !Download failed (35) Tue Apr  6 15:36:15 2021
> -> ! Message: SSL connect error
> Tue Apr  6 15:36:15 2021 -> !getpatch: Can't download daily-26132.cdiff
> from https://database.clamav.net/daily-26132.cdiff
> Tue Apr  6 15:36:15 2021 -> ^Incremental update failed, trying to download
> daily.cvd
> Tue Apr  6 15:36:15 2021 -> *Retrieving
> https://database.clamav.net/daily.cvd
> Tue Apr  6 15:36:15 2021 -> *downloadFile: Download source:
> https://database.clamav.net/daily.cvd
> Tue Apr  6 15:36:15 2021 -> *downloadFile: Download destination:
> /usr/local/share/clamav/tmp.0b80a530f1/clamav-edfe0e16c0b9c746ff8439d366a29b5e.tmp
> * About to connect() to database.clamav.net port 443 (#0)
> *   Trying 104.16.219.84... * connected
> * Connected to database.clamav.net (104.16.219.84) port 443 (#0)
> *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
>   CApath: none
> * NSS error -12190
> * Closing connection #0
> * SSL connect error
>
> Can anyone told me what is necessary to do to run the ClamAV on rhel 6.7
> x32
>
> or to solve those errors?
>
>
> Thanks in addition.
>
>
> Regards.
>
> Sorin Petrut Niculae
> [image: cid:image009.jpg@01D4C7AC.7C1B4010]
> P Please consider the environment before printing this e-mail.
>
>
> P Please consider the environment before printing this e-mail.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

[Eero Volotinen]

Just add more verbose to your scanning parameters. I think it was -v, if I
remember correctly.

Eero

On Mon, Apr 5, 2021 at 9:20 AM Vivek Patil 
wrote:

> Eero,
>
> What more details do you want?
> I am scanning my system using "clamscan -i -r --cross-fs=no -f
> "$list_file"" using a shell script.
> It giving only the warning message as follows:
>
> LibClamAV Warning: PNG: Unexpected early end-of-file.
>
> I just wanted to find the location/name of the file.
>
> On Mon, Apr 5, 2021 at 11:42 AM Eero Volotinen 
> wrote:
>
>> Just add more verbose?
>>
>> Eero
>>
>> On Mon 5. Apr 2021 at 8.58, Vivek Patil via clamav-users <
>> clamav-users@lists.clamav.net> wrote:
>>
>>> Hi Team,
>>>
>>> I am getting a warning message while scanning the system.
>>> I used *clamscan *command to scan.
>>>
>>> Details:
>>> Warning message: LibClamAV Warning: PNG: Unexpected early end-of-file
>>> ClamAV version: ClamAV 0.103.1
>>>
>>> How can we find more details, which file has the issue?
>>>
>>> Email Disclaimer: *http://www.forgeahead.io/disclaimer/
>>> <http://www.forgeahead.io/disclaimer/>*
>>> ___
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>
> --
> Regards,
> Vivek
>
> Email Disclaimer: *http://www.forgeahead.io/disclaimer/
> <http://www.forgeahead.io/disclaimer/>*

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file

[Eero Volotinen]

Just add more verbose?

Eero

On Mon 5. Apr 2021 at 8.58, Vivek Patil via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi Team,
>
> I am getting a warning message while scanning the system.
> I used *clamscan *command to scan.
>
> Details:
> Warning message: LibClamAV Warning: PNG: Unexpected early end-of-file
> ClamAV version: ClamAV 0.103.1
>
> How can we find more details, which file has the issue?
>
> Email Disclaimer: *http://www.forgeahead.io/disclaimer/
> *
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Need help | Install clamav from source package

[Eero Volotinen]

Well. Clamav 1.0 probably compiles with minimal changes.

It depends on case. it might be wise to upgrade to latest sp to fix all
other security issues..

Eero

On Sun 28. Mar 2021 at 19.50, Arjen de Korte via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Citeren Andrew C Aitchison via clamav-users  >:
>
> > Could you take the latest OpenSuSE source package and build that ?
>
> Probably not. There have been quite some changes since 0.99 and I
> doubt SLE 12 SP2 will satisfy all of them. For instance, you'll need a
> newer libcurl than is available. This is not for the faint of heart
> and IMHO doesn't make sense for a system that is so close to being
> EOL'd.
>
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Need help | Install clamav from source package

[Eero Volotinen]

That probably works. Patching the older package with newer sources might
work also.

Eero

On Sun 28. Mar 2021 at 19.27, Andrew C Aitchison via clamav-users <
clamav-users@lists.clamav.net> wrote:

>
> Could you take the latest OpenSuSE source package and build that ?
>
> That might be an easier way to get SuSE-friendly config files
> than starting from the source on the ClamAV site.
>
> If the latest ClamAV source package on the latest OpenSuSE doesn't work,
> try the latest ClamAV source from an older, supported, OpenSuSE
> which might be more like your SuSE 12.
>
> --
> Andrew C. Aitchison Kendal, UK
> and...@aitchison.me.uk
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Need help | Install clamav from source package

[Eero Volotinen]

Well. Sounds like system is not licensed, so impossible to update to latest
version?

It contains so many security holes and so on..

Eero

On Sun, Mar 28, 2021 at 6:56 PM Matus UHLAR - fantomas 
wrote:

> >> nOn 28.03.21 14:16, amit.a.singh--- via clamav-users wrote:
> >> >Thanks for your email,  we have suse12 sp2 while installing using
> zypper
> >> > install clamav its shows available package is clamav 0.99 version
> which
> >> > pretty old so we choose to install from source which have updated one
> >> 103.
>
> >On Sun 28. Mar 2021 at 17.35, Matus UHLAR - fantomas 
> >wrote:
> >> doesn't this fit?
> >>
> >> https://scc.suse.com/packages?name=SUSE Linux Enterprise
> >> Server=12.2=x86_64=clamav=
>
> On 28.03.21 17:42, Eero Volotinen wrote:
> >Well. It works and requires valid subscription to get updates.
> >
> >Sles 12 SP2 is a bit old system. Maybe it’s wise to update system to
> latest
> >sp version?
>
> well, this is the main problem then.
>
> outdated system that is not kept up to date, and the result is that the
> admin has to make it work.
>
> making such system contain current packages is then job that SuSE
> maintainers do if you
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> There's a long-standing bug relating to the x86 architecture that
> allows you to install Windows.   -- Matthew D. Fuller
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Need help | Install clamav from source package

[Eero Volotinen]

Easiest way is to renew subscription () and then just update the latest
version.

Eero

On Sun 28. Mar 2021 at 17.42, Arjen de Korte via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Citeren "amit.a.singh--- via clamav-users"  >:
>
> > Hello Eero,
> > Thanks for your email,  we have suse12 sp2 while installing using
> > zypper install clamav its shows available package is clamav 0.99
> > version which pretty old so we choose to install from source which
> > have updated one 103.
>
> The LTSS for SLE 12 SP2 ends at the end of this month (in just three
> days), so it should come as no surprise that the latest ClamAV is not
> available anymore. You're already three service packs behind,
> installing ClamAV should be the least of your worries.
>
> There's a good chance that SLE 12 SP5 will provide a more recent
> ClamAV than 0.99.
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Need help | Install clamav from source package

[Eero Volotinen]

Well. It works and requires valid subscription to get updates.

Sles 12 SP2 is a bit old system. Maybe it’s wise to update system to latest
sp version?

Eero

On Sun 28. Mar 2021 at 17.35, Matus UHLAR - fantomas 
wrote:

> nOn 28.03.21 14:16, amit.a.singh--- via clamav-users wrote:
> >Thanks for your email,  we have suse12 sp2 while installing using zypper
> > install clamav its shows available package is clamav 0.99 version which
> > pretty old so we choose to install from source which have updated one
> 103.
>
> doesn't this fit?
>
> https://scc.suse.com/packages?name=SUSE Linux Enterprise
> Server=12.2=x86_64=clamav=
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> LSD will make your ECS screen display 16.7 million colors
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Need help | Install clamav from source package

[Eero Volotinen]

Or keep the old clamav packages installed and just  modify their systemd
files to point new binaries.

Anyway this might cause issues as system might still use old binaries from
old locations.

You need to replace old binaries with symbolic links and so on..

Eero

On Sun 28. Mar 2021 at 17.26,  wrote:

> Thanks a lot Eero , will update you the status J
>
>
>
> Mit freundlichen Grüßen/Kind Regards
> Amit Singh
>
> Senior Consultant-IT/GIC
>
> 
> Mercedes-Benz Research and Development India Private Limited.
> Embassy Crest
>
> Whitefield Road, Bangalore 560066
> <https://www.google.com/maps/search/Whitefield+Road,+Bangalore+560066?entry=gmail=g>
>
> Mobile  : +91 9902949155
>
> email : amit.a.si...@daimler.com
>
>
>
> *From:* Eero Volotinen 
> *Sent:* Sunday, March 28, 2021 7:53 PM
> *To:* Singh, Amit A. (623) 
> *Cc:* clamav-users@lists.clamav.net
> *Subject:* Re: [clamav-users] Need help | Install clamav from source
> package
>
>
>
> Well. Extract systemd files from old packages
>
>
>
>
> https://blog.packagecloud.io/eng/2015/10/13/inspect-extract-contents-rpm-packages/
>
>
>
> and copy them under systemd locations. Modify paths to point location of
> new installations.
>
>
>
> reload systemd configuration and start with systemd files.
>
>
>
>
>
>
>
> Eero
>
>
>
> On Sun 28. Mar 2021 at 17.16,  wrote:
>
> Hello Eero,
> Thanks for your email,  we have suse12 sp2 while installing using zypper
> install clamav its shows available package is clamav 0.99 version which
> pretty old so we choose to install from source which have updated one 103.
>
> Anyway you can extract needed systemd files from binary packages and
> modify as needed (mainly the paths)
>
>
> Can you please provide me some more details, really it would be very
> helpful.
>
>
>
> Mit freundlichen Grüßen/Kind Regards
> Amit Singh
>
> Senior Consultant-IT/GIC
>
> 
> Mercedes-Benz Research and Development India Private Limited.
> Embassy Crest
>
> Whitefield Road, Bangalore 560066
> <https://www.google.com/maps/search/Whitefield+Road,+Bangalore+560066?entry=gmail=g>
>
> Mobile  : +91 9902949155
>
> email : amit.a.si...@daimler.com
>
>
>
> *From:* Eero Volotinen 
> *Sent:* Sunday, March 28, 2021 7:40 PM
> *To:* ClamAV users ML 
> *Cc:* Singh, Amit A. (623) 
> *Subject:* Re: [clamav-users] Need help | Install clamav from source
> package
>
>
>
> Why you are installing from sources and not from binary packages?
>
>
>
> Anyway you can extract needed systemd files from binary packages and
> modify as needed (mainly the paths)
>
>
>
> Eero
>
>
>
> On Sun 28. Mar 2021 at 16.53, amit.a.singh--- via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Hello All, while installing from the source package, not able to get
> systemd file, I need help from same.
> If someone already tried earlier please help me.
>
>
>
> Mit freundlichen Grüßen/Kind Regards
> Amit Singh
>
> Senior Consultant-IT/GIC
>
> 
> Mercedes-Benz Research and Development India Private Limited.
> Embassy Crest
>
> Whitefield Road, Bangalore 560066
> <https://www.google.com/maps/search/Whitefield+Road,+Bangalore+560066?entry=gmail=g>
>
> Mobile  : +91 9902949155
>
> email : amit.a.si...@daimler.com
>
>
>
> *From:* clamav-users  *On Behalf
> Of *Eero Volotinen
> *Sent:* Friday, March 26, 2021 11:02 PM
> *Cc:* ClamAV users ML 
> *Subject:* Re: [clamav-users] Need help | Install clamav from source
> package
>
>
>
> They must be in correct place for systemd and path for executable must be
> modified.
>
>
>
> Eero
>
>
>
> On Fri, Mar 26, 2021 at 7:29 PM David Copeland 
> wrote:
>
> Yes. I had just assumed they would be. They were from the package I
> installed.
>
> Dave.
>
> On 2021-03-26 1:24 p.m., Eero Volotinen wrote:
>
> Well. You need to install systemd service files. They are probably
> included in source package?
>
>
>
> Eero
>
>
>
> On Fri, Mar 26, 2021 at 6:37 PM David Copeland 
> wrote:
>
> I think that you would review it's config file, probably located at
> */etc/clamd.conf*  (which is it's location in opensuse 15.2) , then start
> the service with
>
> *systemctl start clamd*
>
> and also if you want it to start at boot up.
>
> *systemctl enable clamd*
>
>
>
> On 2021-03-26 11:28 a.m., amit.a.singh--- via clamav-users wrote:
>
> Hello All,
>
>

Re: [clamav-users] Need help | Install clamav from source package

[Eero Volotinen]

Well. Extract systemd files from old packages

https://blog.packagecloud.io/eng/2015/10/13/inspect-extract-contents-rpm-packages/

and copy them under systemd locations. Modify paths to point location of
new installations.

reload systemd configuration and start with systemd files.



Eero

On Sun 28. Mar 2021 at 17.16,  wrote:

> Hello Eero,
> Thanks for your email,  we have suse12 sp2 while installing using zypper
> install clamav its shows available package is clamav 0.99 version which
> pretty old so we choose to install from source which have updated one 103.
>
> Anyway you can extract needed systemd files from binary packages and
> modify as needed (mainly the paths)
>
>
> Can you please provide me some more details, really it would be very
> helpful.
>
>
>
> Mit freundlichen Grüßen/Kind Regards
> Amit Singh
>
> Senior Consultant-IT/GIC
>
> 
> Mercedes-Benz Research and Development India Private Limited.
> Embassy Crest
>
> Whitefield Road, Bangalore 560066
> <https://www.google.com/maps/search/Whitefield+Road,+Bangalore+560066?entry=gmail=g>
>
> Mobile  : +91 9902949155
>
> email : amit.a.si...@daimler.com
>
>
>
> *From:* Eero Volotinen 
> *Sent:* Sunday, March 28, 2021 7:40 PM
> *To:* ClamAV users ML 
> *Cc:* Singh, Amit A. (623) 
> *Subject:* Re: [clamav-users] Need help | Install clamav from source
> package
>
>
>
> Why you are installing from sources and not from binary packages?
>
>
>
> Anyway you can extract needed systemd files from binary packages and
> modify as needed (mainly the paths)
>
>
>
> Eero
>
>
>
> On Sun 28. Mar 2021 at 16.53, amit.a.singh--- via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Hello All, while installing from the source package, not able to get
> systemd file, I need help from same.
> If someone already tried earlier please help me.
>
>
>
> Mit freundlichen Grüßen/Kind Regards
> Amit Singh
>
> Senior Consultant-IT/GIC
>
> 
> Mercedes-Benz Research and Development India Private Limited.
> Embassy Crest
>
> Whitefield Road, Bangalore 560066
> <https://www.google.com/maps/search/Whitefield+Road,+Bangalore+560066?entry=gmail=g>
>
> Mobile  : +91 9902949155
>
> email : amit.a.si...@daimler.com
>
>
>
> *From:* clamav-users  *On Behalf
> Of *Eero Volotinen
> *Sent:* Friday, March 26, 2021 11:02 PM
> *Cc:* ClamAV users ML 
> *Subject:* Re: [clamav-users] Need help | Install clamav from source
> package
>
>
>
> They must be in correct place for systemd and path for executable must be
> modified.
>
>
>
> Eero
>
>
>
> On Fri, Mar 26, 2021 at 7:29 PM David Copeland 
> wrote:
>
> Yes. I had just assumed they would be. They were from the package I
> installed.
>
> Dave.
>
> On 2021-03-26 1:24 p.m., Eero Volotinen wrote:
>
> Well. You need to install systemd service files. They are probably
> included in source package?
>
>
>
> Eero
>
>
>
> On Fri, Mar 26, 2021 at 6:37 PM David Copeland 
> wrote:
>
> I think that you would review it's config file, probably located at
> */etc/clamd.conf*  (which is it's location in opensuse 15.2) , then start
> the service with
>
> *systemctl start clamd*
>
> and also if you want it to start at boot up.
>
> *systemctl enable clamd*
>
>
>
> On 2021-03-26 11:28 a.m., amit.a.singh--- via clamav-users wrote:
>
> Hello All,
>
> I install clamav on Suse12 SP2 using source code tar file :
> -clamav-0.103.1.tar.gz, able to update freshclam as well,
> By using below commands:-
>
>
>
> 1)  Untar tar file clamav-0.103.1.tar.gz
>
> 2)  Cd clamav-0.103.1
>
> 3)  ./configure --prefix=/usr/local/clamav
>
> 4)  Make
>
> 5)  Make install
>
>
>
> Now I need to run the clamav as service which should manage by systemctl ,
> as developer used to call this service in there code
>
>
>
> I need an idea how to do configure clamav as a service, which install
> using source code.
>
> Any Link or suggestion will be highly appreciated.
>
> Thanks in Advance
>
>
>
>
>
>
>
>
> If you are not the addressee, please inform us immediately that you have
> received this e-mail by mistake, and delete it. We thank you for your
> support.
>
>
>
> ___
>
>
>
> clamav-users mailing list
>
> clamav-users@lists.clamav.net
>
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
>
>
>
> Help us build a comprehensive ClamAV guide

Re: [clamav-users] Need help | Install clamav from source package

[Eero Volotinen]

Why you are installing from sources and not from binary packages?

Anyway you can extract needed systemd files from binary packages and modify
as needed (mainly the paths)

Eero

On Sun 28. Mar 2021 at 16.53, amit.a.singh--- via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello All, while installing from the source package, not able to get
> systemd file, I need help from same.
> If someone already tried earlier please help me.
>
>
>
> Mit freundlichen Grüßen/Kind Regards
> Amit Singh
>
> Senior Consultant-IT/GIC
>
> 
> Mercedes-Benz Research and Development India Private Limited.
> Embassy Crest
>
> Whitefield Road, Bangalore 560066
> <https://www.google.com/maps/search/Whitefield+Road,+Bangalore+560066?entry=gmail=g>
>
> Mobile  : +91 9902949155
>
> email : amit.a.si...@daimler.com
>
>
>
> *From:* clamav-users  *On Behalf
> Of *Eero Volotinen
> *Sent:* Friday, March 26, 2021 11:02 PM
> *Cc:* ClamAV users ML 
> *Subject:* Re: [clamav-users] Need help | Install clamav from source
> package
>
>
>
> They must be in correct place for systemd and path for executable must be
> modified.
>
>
>
> Eero
>
>
>
> On Fri, Mar 26, 2021 at 7:29 PM David Copeland 
> wrote:
>
> Yes. I had just assumed they would be. They were from the package I
> installed.
>
> Dave.
>
> On 2021-03-26 1:24 p.m., Eero Volotinen wrote:
>
> Well. You need to install systemd service files. They are probably
> included in source package?
>
>
>
> Eero
>
>
>
> On Fri, Mar 26, 2021 at 6:37 PM David Copeland 
> wrote:
>
> I think that you would review it's config file, probably located at
> */etc/clamd.conf*  (which is it's location in opensuse 15.2) , then start
> the service with
>
> *systemctl start clamd*
>
> and also if you want it to start at boot up.
>
> *systemctl enable clamd*
>
>
>
> On 2021-03-26 11:28 a.m., amit.a.singh--- via clamav-users wrote:
>
> Hello All,
>
> I install clamav on Suse12 SP2 using source code tar file :
> -clamav-0.103.1.tar.gz, able to update freshclam as well,
> By using below commands:-
>
>
>
> 1)  Untar tar file clamav-0.103.1.tar.gz
>
> 2)  Cd clamav-0.103.1
>
> 3)  ./configure --prefix=/usr/local/clamav
>
> 4)  Make
>
> 5)  Make install
>
>
>
> Now I need to run the clamav as service which should manage by systemctl ,
> as developer used to call this service in there code
>
>
>
> I need an idea how to do configure clamav as a service, which install
> using source code.
>
> Any Link or suggestion will be highly appreciated.
>
> Thanks in Advance
>
>
>
>
>
>
>
>
> If you are not the addressee, please inform us immediately that you have
> received this e-mail by mistake, and delete it. We thank you for your
> support.
>
>
>
> ___
>
>
>
> clamav-users mailing list
>
> clamav-users@lists.clamav.net
>
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
>
>
>
> Help us build a comprehensive ClamAV guide:
>
> https://github.com/vrtadmin/clamav-faq
>
>
>
> http://www.clamav.net/contact.html#ml
>
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> ___
>
>
>
> clamav-users mailing list
>
> clamav-users@lists.clamav.net
>
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
>
>
>
> Help us build a comprehensive ClamAV guide:
>
> https://github.com/vrtadmin/clamav-faq
>
>
>
> http://www.clamav.net/contact.html#ml
>
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> If you are not the addressee, please inform us immediately that you have
> received this e-mail by mistake, and delete it. We thank you for your
> support.
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Need help | Install clamav from source package

[Eero Volotinen]

They must be in correct place for systemd and path for executable must be
modified.

Eero

On Fri, Mar 26, 2021 at 7:29 PM David Copeland 
wrote:

> Yes. I had just assumed they would be. They were from the package I
> installed.
>
> Dave.
>
> On 2021-03-26 1:24 p.m., Eero Volotinen wrote:
>
> Well. You need to install systemd service files. They are probably
> included in source package?
>
> Eero
>
> On Fri, Mar 26, 2021 at 6:37 PM David Copeland 
> wrote:
>
>> I think that you would review it's config file, probably located at
>> */etc/clamd.conf*  (which is it's location in opensuse 15.2) , then
>> start the service with
>>
>> *systemctl start clamd*
>>
>> and also if you want it to start at boot up.
>>
>> *systemctl enable clamd*
>>
>>
>>
>> On 2021-03-26 11:28 a.m., amit.a.singh--- via clamav-users wrote:
>>
>> Hello All,
>>
>> I install clamav on Suse12 SP2 using source code tar file :
>> -clamav-0.103.1.tar.gz, able to update freshclam as well,
>> By using below commands:-
>>
>>
>>
>> 1)  Untar tar file clamav-0.103.1.tar.gz
>>
>> 2)  Cd clamav-0.103.1
>>
>> 3)  ./configure --prefix=/usr/local/clamav
>>
>> 4)  Make
>>
>> 5)  Make install
>>
>>
>>
>> Now I need to run the clamav as service which should manage by systemctl
>> , as developer used to call this service in there code
>>
>>
>>
>> I need an idea how to do configure clamav as a service, which install
>> using source code.
>>
>> Any Link or suggestion will be highly appreciated.
>>
>> Thanks in Advance
>>
>>
>>
>>
>>
>>
>>
>> If you are not the addressee, please inform us immediately that you have
>> received this e-mail by mistake, and delete it. We thank you for your
>> support.
>>
>>
>> ___
>>
>> clamav-users mailing 
>> listclamav-users@lists.clamav.nethttps://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV 
>> guide:https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/contact.html#ml
>>
>>
>>
>> ___
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
> ___
>
> clamav-users mailing 
> listclamav-users@lists.clamav.nethttps://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV 
> guide:https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Need help | Install clamav from source package

[Eero Volotinen]

Well. You need to install systemd service files. They are probably included
in source package?

Eero

On Fri, Mar 26, 2021 at 6:37 PM David Copeland 
wrote:

> I think that you would review it's config file, probably located at
> */etc/clamd.conf*  (which is it's location in opensuse 15.2) , then start
> the service with
>
> *systemctl start clamd*
>
> and also if you want it to start at boot up.
>
> *systemctl enable clamd*
>
>
>
> On 2021-03-26 11:28 a.m., amit.a.singh--- via clamav-users wrote:
>
> Hello All,
>
> I install clamav on Suse12 SP2 using source code tar file :
> -clamav-0.103.1.tar.gz, able to update freshclam as well,
> By using below commands:-
>
>
>
> 1)  Untar tar file clamav-0.103.1.tar.gz
>
> 2)  Cd clamav-0.103.1
>
> 3)  ./configure --prefix=/usr/local/clamav
>
> 4)  Make
>
> 5)  Make install
>
>
>
> Now I need to run the clamav as service which should manage by systemctl ,
> as developer used to call this service in there code
>
>
>
> I need an idea how to do configure clamav as a service, which install
> using source code.
>
> Any Link or suggestion will be highly appreciated.
>
> Thanks in Advance
>
>
>
>
>
>
>
> If you are not the addressee, please inform us immediately that you have
> received this e-mail by mistake, and delete it. We thank you for your
> support.
>
>
> ___
>
> clamav-users mailing 
> listclamav-users@lists.clamav.nethttps://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV 
> guide:https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Using clamav-daemon on Heroku inside Docker

[Eero Volotinen]

Well.

Try installing both packages 'clamav' and 'clamav-daemon'

You should learn how to debug this kind of 'basic stuff'.

Eero

On Wed, Mar 24, 2021 at 9:31 PM Tom Hamilton Stubber 
wrote:

> That returns nothing, which makes sense.
>
> The issue is that when I try and create the user in my Dockerfile, I can't
> because they already exist.
>
> On Wed, 24 Mar 2021 at 20:23, Eero Volotinen 
> wrote:
>
>> clamav user is missing from system.
>>
>> verify that running grep clamav /etc/passwd
>>
>>
>>
>> Eero
>>
>> On Wed 24. Mar 2021 at 20.49, Tom Hamilton Stubber via clamav-users <
>> clamav-users@lists.clamav.net> wrote:
>>
>>> Hi folks,
>>>
>>> I'm having some trouble getting the clamav-daemon running on Heroku
>>> inside Docker.
>>>
>>> I'm running a simple server with FastAPI to get and check documents
>>> uploaded to an S3 bucket.
>>>
>>> I've createdt  an issue for this at 
>>> *https://github.com/tutorcruncher/tc-virus-checker/issues/5/
>>> <https://github.com/tutorcruncher/tc-virus-checker/issues/5/>* for
>>> those who would rather comment there.
>>>
>>> Deploying runs fine, but the clamav-daemon does not get started, and I
>>> can't figure out why. If I shell in and run service clamav-daemon status,
>>> I get:
>>>
>>> chown: invalid user: 'clamav'
>>> chown: invalid user: 'clamav'
>>>
>>> It's my understanding that the user clamav gets created when we install
>>> clamav-daemon, and indeed, when I edited my Dockerfile to add them, I get
>>> an error saying they already exist.
>>>
>>> Running freshclam downloads the database correctly but then gives me
>>> the following output (presumably because clamav-daemon never ran):
>>>
>>> Wed Mar 24 18:38:23 2021 -> ^Clamd was NOT notified: Can't connect to clamd 
>>> through /var/run/clamav/clamd.ctl: No such file or directory
>>>
>>> Any help would be appreciated.
>>>
>>> --
>>> <https://tutorcruncher.com>
>>>
>>> *Tom Hamilton Stubber*
>>>
>>> +44 (0)207 1128 953
>>> https://tutorcruncher.com
>>> The Food Exchange, New Covent Garden Market, SW8 5EL
>>> TutorCruncher Ltd, registered in England and Wales / Company Number
>>> 08385970 / VAT Number GB155868467
>>>
>>> ___
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>
> --
> <https://tutorcruncher.com>
>
> *Tom Hamilton Stubber*
> *Chief of Operations*
>
> +44 (0)207 1128 953
> https://tutorcruncher.com
> The Food Exchange, New Covent Garden Market, SW8 5EL
> TutorCruncher Ltd, registered in England and Wales / Company Number
> 08385970 / VAT Number GB155868467
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Using clamav-daemon on Heroku inside Docker

[Eero Volotinen]

clamav user is missing from system.

verify that running grep clamav /etc/passwd



Eero

On Wed 24. Mar 2021 at 20.49, Tom Hamilton Stubber via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi folks,
>
> I'm having some trouble getting the clamav-daemon running on Heroku inside
> Docker.
>
> I'm running a simple server with FastAPI to get and check documents
> uploaded to an S3 bucket.
>
> I've createdt  an issue for this at 
> *https://github.com/tutorcruncher/tc-virus-checker/issues/5/
> * for those
> who would rather comment there.
>
> Deploying runs fine, but the clamav-daemon does not get started, and I
> can't figure out why. If I shell in and run service clamav-daemon status,
> I get:
>
> chown: invalid user: 'clamav'
> chown: invalid user: 'clamav'
>
> It's my understanding that the user clamav gets created when we install
> clamav-daemon, and indeed, when I edited my Dockerfile to add them, I get
> an error saying they already exist.
>
> Running freshclam downloads the database correctly but then gives me the
> following output (presumably because clamav-daemon never ran):
>
> Wed Mar 24 18:38:23 2021 -> ^Clamd was NOT notified: Can't connect to clamd 
> through /var/run/clamav/clamd.ctl: No such file or directory
>
> Any help would be appreciated.
>
> --
> 
>
> *Tom Hamilton Stubber*
>
> +44 (0)207 1128 953
> https://tutorcruncher.com
> The Food Exchange, New Covent Garden Market, SW8 5EL
> TutorCruncher Ltd, registered in England and Wales / Company Number
> 08385970 / VAT Number GB155868467
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] About the response result from ClamAV Server

[Eero Volotinen]

Try to update to supported clamav version?

Eero

On Mon 22. Mar 2021 at 4.07, takahiro suzuki via clamav-users <
clamav-users@lists.clamav.net> wrote:

>
>
> Hi,
>  How are you?
>
> I use ClamAV with Linux OS.
>
> The following message is output when the definition file is updated after
> the beginning of March.
> The update process can no longer be performed normally.
>
> *Source server
>  database.clamav.net (104.16.219.84,104.16.218.84)
>
> *Response message:
> 695 HTTP / 1.1 429 Too Many Requests (text / plain)
>
>
> Is this also related to the EOL in the blog below?
> ClamAV EOL versions prior to 0.100
> https://blog.clamav.net/
>
>
> Please tell me the cause and countermeasures for this.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Restriction of downloads

[Eero Volotinen]

Synology.

Eero

On Sat, Mar 13, 2021 at 3:09 PM Rémy DODIN via clamav-users <
clamav-users@lists.clamav.net> wrote:

> My synology Clamav is at   "Upgraded ClamAV engine to 0.102.3"
> As it is written here and my packets are at latest update level.
> https://www.synology.com/fr-fr/releaseNote/AntiVirus?model=DS713%2B
>
> But virus signature is unabled to be refreshed as I wrote it !
> It worked until last refresh from 03/06/21 and then, high CPU and storage
> utilisation and no refresh.
> It looks like it is going into a loop trying to get virus database
> updates  (If it goes into a loop, then the refresh tool may have issue
> ! and may be you expected abuse due to high freshclam or virus database
> update is into a loop due incorrect process ?
>
> If a loop exist, who's the culprit ? (I'm not a developper and just end
> user with no skills)
> synology ? or Clamav ?
> I just run again database update option and after more than 4 minutes, it
> was always runing and I have to force a stop to not have it running 24/24h.
> Consuming a lot of CPU, energy (not eco friendly) - It is acting like a
> virus trying to kill a system, strange !
>
> Very strange
>
> Regards
> Rémy
>
>
> "Ce message et toutes ses pièces jointes sont établis à l'intention
> exclusive de son/ses destinataire(s) et sont confidentiels. Si vous recevez
> ce message par erreur, merci de le détruire et d'en avertir immédiatement
> l'expéditeur. Toute utilisation de ce message et/ou de son contenu par une
> personne autre qu'un destinataire, et toute diffusion ou publication
> ultérieure du contenu de ce message, en totalité ou en partie, est
> interdite sauf autorisation préalable et écrite de l'émetteur"
> --
> *De: *"Joel Esler (jesler) via clamav-users" <
> clamav-users@lists.clamav.net>
> *À: *"ClamAV users ML" 
> *Cc: *"Joel Esler (jesler)" 
> *Envoyé: *Samedi 13 Mars 2021 13:47:08
> *Objet: *Re: [clamav-users] Restriction of downloads
>
> Team—
>
> The qnap and synology issues are a result of the EOL of <0.100. Not as a
> result of the abusive downloaders. Two separate issues.
>
> Our EOL policy that has been in place is “current version with all minor
> patches and one back with all minor patches”. This has been our policy for
> about 8–10 years. Our current version is 0.103.1, which means according to
> our EOL policy, we should allow .103, and .102. *Everything below that we
> should block. *
>
> It is becoming more and more necessary to enforce these cut off points
> because of many reasons. Load to the mirror network being one. So, .100,
> and .101 will continue to be supported for a bit, but soon, we’re going to
> have to cut those off too.
>
> The vast majority of ClamAV users are on 0.102.4. The outliners are people
> that haven’t upgraded to a latest version should start upgrading to get
> ahead of the curve.
>
> Sent from my  iPhone
>
> On Mar 13, 2021, at 05:52, Matus UHLAR - fantomas 
> wrote:
>
> 
>
> I just found that my "antivirus essentiel" installed package
>
> provided by Synology is unable to update virus definition file since
>
> 03/06/2021 !
>
>
> On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:
>
> Then should you not be talking to Synology?
>
>
> On 13.03.21 11:16, Paul Smith via clamav-users wrote:
>
> Maybe Synology and QNAP, etc could run private mirrors for their devices
> which they don't provide up-to-date Freshclam for...
>
>
> QNAP runs freshclam. checked now with my 419P+:
>
> ClamAV update process started at Sat Mar 13 12:47:36 2021
> WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
> ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
> WARNING: Incremental update failed, trying to download main.cvd
> ERROR: Can't download main.cvd from database.clamav.net
> Giving up on database.clamav.net...
> Update failed. Your network may be down or none of the mirrors listed in
> /etc/config/freshclam.conf is working. Check
> http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
>
>
> However, many of QNAP devices have obsolete clamav version:
>
> [~] # freshclam -V
> ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Microsoft dick is soft to do no harm
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> 

Re: [clamav-users] Restriction of downloads

[Eero Volotinen]

Just use that php based freshclam replacement?

Eero

On Sat 13. Mar 2021 at 13.53, Matus UHLAR - fantomas 
wrote:

>
> >>>I just found that my "antivirus essentiel" installed package
> >>>provided by Synology is unable to update virus definition file since
> >>>03/06/2021 !
>
> >On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:
> >>Then should you not be talking to Synology?
>
> On 13.03.21 11:16, Paul Smith via clamav-users wrote:
> >Maybe Synology and QNAP, etc could run private mirrors for their
> >devices which they don't provide up-to-date Freshclam for...
>
> QNAP runs freshclam. checked now with my 419P+:
>
> ClamAV update process started at Sat Mar 13 12:47:36 2021
> WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
> ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
> WARNING: Incremental update failed, trying to download main.cvd
> ERROR: Can't download main.cvd from database.clamav.net
> Giving up on database.clamav.net...
> Update failed. Your network may be down or none of the mirrors listed in
> /etc/config/freshclam.conf is working. Check
> http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
>
>
> However, many of QNAP devices have obsolete clamav version:
>
> [~] # freshclam -V
> ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Microsoft dick is soft to do no harm
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] QNAP - Cannot update virus definition & cannot wget *.cvd (receive error 403 forbidden)

[Eero Volotinen]

Looks like qnap need to update to supported clamav version?

Eero

On Sun, Mar 7, 2021 at 10:54 PM Thomas Guerlinze via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello All,
>
> I restarted an old QNAP NAS (TS419P).
> I updated the firmware to the latest version available for this model
> (4.3.3.1432 build 20200106).
>
> I tried to use the GUI provided by QNAP to update the ClamAV on the NAS. I
> received "update failed" message.
>
> I made some searches on the ClamAV users Archives (and saw some similar
> threads) but none of them could be used to solve the issue.
>
> If I download the .cvd files manually (
> http://database.clamav.net/bytecode/daily/main) through my browser on a
> PC and then copy them in the appropriate folder on the NAS and launch a
> scan, it works.
> If I try to "automate" this download with WGET or CURL it does not work
> either (respectively error 403 or 1020).
>
> I do not know how to proceed to keep a ClamAV instance update without
> manual intervention.
>
> Thanks already for your help,
>
> Tom
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ExcludePath Segmentation Fault Errorr

[Eero Volotinen]

https://www.thegeekstuff.com/2014/12/patch-command-examples/

Eero

On Sun 7. Mar 2021 at 0.20, Michael Kyriacou via clamav-users <
clamav-users@lists.clamav.net> wrote:

> How can I apply this patch?
>
> On Sat, Mar 6, 2021 at 5:03 PM Micah Snyder (micasnyd) via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> Hi Michael,
>>
>> It looks to me like you've stumbled across this issue:
>> https://bugzilla.clamav.net/show_bug.cgi?id=12676
>>
>> I have a fix on the way.  The attached patch works, though I am still
>> tidying up some additional error handling cleanup work per peer review.
>>
>> Regards,
>> Micah
>>
>> > -Original Message-
>> > From: clamav-users  On Behalf Of
>> > G.W. Haywood via clamav-users
>> > Sent: Thursday, March 4, 2021 8:20 AM
>> > To: Michael Kyriacou via clamav-users 
>> > Cc: G.W. Haywood 
>> > Subject: Re: [clamav-users] ExcludePath Segmentation Fault Errorr
>> >
>> > Hi there,
>> >
>> > On Thu, 4 Mar 2021, Michael Kyriacou via clamav-users wrote:
>> >
>> > > Hello, I am running into a bug/error when adding an ExcludePath to my
>> > > clamd.conf I am running Ubuntu 20.04.2, with clamav 0.103.1(from
>> > > source) When I add the line: ExlucudePath .*\.sys$, the following
>> > > issues occur when running the command "clamdscan -m --fdpass
>> > > /path/to/mounted/filesystem
>> > > *Note: This error occurs only when using the -m parameter in
>> > > combination with --fdpass against a Mounted filesystem other than the
>> > > main harddrive*
>> > >
>> > > Running it against my home directory
>> > > [image: image.png]
>> > > Running it against a mounted filesystem with data in it
>> > > [image: image.png]
>> > > I tested this on over 50 different mounted filesystem, and the same
>> > > error occurs.
>> > >
>> > > Is there any fix to this?
>> >
>> > You are using the asterisk charater in your command lines incorrectly.
>> > You need to quote it (and any other 'special' characters you use in a
>> command),
>> > or (in the case of a path) quote the entire path.  Otherwise the shell
>> will expand
>> > the asterisk which will result in a command very unlike the one you
>> intended.
>> > See the 'man' page for the bash shell:
>> >
>> > man bash
>> >
>> > But, even with incorrect command lines, there should not be segfaults.
>> >
>> > Check the ClamAV bugzilla, and if you don't find anything which seems to
>> > describe your issue please either open a new report yourself or reply
>> here and
>> > someone will be able to open one:
>> >
>> > https://bugzilla.clamav.net/buglist.cgi?component=clamd=ClamAV
>> >
>> > --
>> >
>> > 73,
>> > Ged.
>> >
>> > ___
>> >
>> > clamav-users mailing list
>> > clamav-users@lists.clamav.net
>> > https://lists.clamav.net/mailman/listinfo/clamav-users
>> >
>> >
>> > Help us build a comprehensive ClamAV guide:
>> > https://github.com/vrtadmin/clamav-faq
>> >
>> > http://www.clamav.net/contact.html#ml
>>
>> ___
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] compiling static version of clamav+libclamav

[Eero Volotinen]

System is a bit old looks like 0.99 is not working anymore.

Anyway managed to compile 1.0 and it works. A bit limited access to the
compiler. Plan was to compile static binary on other linux, but it failed..

Eero

On Wed 3. Mar 2021 at 14.32, G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Wed, 3 Mar 2021, Eero Volotinen wrote:
>
> > Is there easy way to compile fully static version of clamav.
> > As I need to use it on old system that is not supported anymore.
>
> The fact that a system is old would not tell me that I need to compile
> a static executable.  Nor would the fact that a system is unsupported.
> This seems to me on the face of it to be a fairly dubious enterprise.
> What do you hope to gain by it?  Please can you give us more detail?
>
> --
>
> 73,
> Ged.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] compiling static version of clamav+libclamav

[Eero Volotinen]

System is a bit old looks like 0.99 is not working anymore.

Anyway managed to compile 1.0 and it works. A bit limited access to the
compiler. Plan was to compile static binary on other linux, but it failed..

Eero

On Wed 3. Mar 2021 at 14.32, G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Wed, 3 Mar 2021, Eero Volotinen wrote:
>
> > Is there easy way to compile fully static version of clamav.
> > As I need to use it on old system that is not supported anymore.
>
> The fact that a system is old would not tell me that I need to compile
> a static executable.  Nor would the fact that a system is unsupported.
> This seems to me on the face of it to be a fairly dubious enterprise.
> What do you hope to gain by it?  Please can you give us more detail?
>
> --
>
> 73,
> Ged.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] compiling static version of clamav+libclamav

[Eero Volotinen]

Hi,

Is there easy way to compile fully static version of clamav.

As I need to use it on old system that is not supported anymore.

Eero

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml