Re: [clamav-users] Difference in ClamAV libs when installing from YUM repo & building from Source
Thanks Reindl & Orion. I will try them out. Thanks Ravi On Fri, Mar 23, 2018 at 8:38 PM, Orion Poplawski wrote: > Yes, see https://src.fedoraproject.org/rpms/clamav/blob/master/f/ > clamav.spec#_73 > > See https://src.fedoraproject.org/rpms/clamav/blob/master/f/ > clamav.spec#_358 > for the build recipe. > > On 03/23/2018 05:21 AM, Ravi wrote: > > Hi Reindl, > > > > Does that mean rar libs are removed when posting to the repo? And also > can > > some one share how the ClamAV source is built and posted to the repo? > > > > Thanks > > Ravi > > > > On Fri, Mar 23, 2018 at 3:57 PM, Reindl Harald > > wrote: > > > >> because unrar is a forbidden item > >> https://fedoraproject.org/wiki/Licensing:Unrar?rd=Licensing/Unrar > >> > >> > >> Am 23.03.2018 um 10:30 schrieb Ravi: > >> > >>> When installing ClamAV from yum repo(yum install clamav), we see that > that > >>> only 1 lib exist i.e libclamav.so in /usr/lib64. But when we build from > >>> ClamAV source we see 3 libs(libclamav.so, > >>> libclamunrar.so,libclamunrar_iface.so) in /usr/local/lib64. > >>> Why such a difference? > >>> > >>> Questions. > >>> > >>> 1. How do we just get only one lib when building from ClamAV Source? > >>> 2. When building from ClamAV source JIT support seems not enabled, how > to > >>> get same since YUM repo installed ClamAV has JIT support present. Debug > >>> log > >>> as below > >>>LibClamAV debug: bytecode: JIT disabled > >>>LibClamAV debug: Cannot prepare for JIT, LLVM is not compiled or > >>> not > >>> linked > >>> > >> > > ___ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > > > -- > Orion Poplawski > Manager of NWRA Technical Systems 720-772-5637 > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > 3380 Mitchell Lane or...@nwra.com > Boulder, CO 80301 https://www.nwra.com/ > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Difference in ClamAV libs when installing from YUM repo & building from Source
Hi Reindl, Does that mean rar libs are removed when posting to the repo? And also can some one share how the ClamAV source is built and posted to the repo? Thanks Ravi On Fri, Mar 23, 2018 at 3:57 PM, Reindl Harald wrote: > because unrar is a forbidden item > https://fedoraproject.org/wiki/Licensing:Unrar?rd=Licensing/Unrar > > > Am 23.03.2018 um 10:30 schrieb Ravi: > >> When installing ClamAV from yum repo(yum install clamav), we see that that >> only 1 lib exist i.e libclamav.so in /usr/lib64. But when we build from >> ClamAV source we see 3 libs(libclamav.so, >> libclamunrar.so,libclamunrar_iface.so) in /usr/local/lib64. >> Why such a difference? >> >> Questions. >> >> 1. How do we just get only one lib when building from ClamAV Source? >> 2. When building from ClamAV source JIT support seems not enabled, how to >> get same since YUM repo installed ClamAV has JIT support present. Debug >> log >> as below >>LibClamAV debug: bytecode: JIT disabled >>LibClamAV debug: Cannot prepare for JIT, LLVM is not compiled or >> not >> linked >> > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Difference in ClamAV libs when installing from YUM repo & building from Source
When installing ClamAV from yum repo(yum install clamav), we see that that only 1 lib exist i.e libclamav.so in /usr/lib64. But when we build from ClamAV source we see 3 libs(libclamav.so, libclamunrar.so,libclamunrar_iface.so) in /usr/local/lib64. Why such a difference? Questions. 1. How do we just get only one lib when building from ClamAV Source? 2. When building from ClamAV source JIT support seems not enabled, how to get same since YUM repo installed ClamAV has JIT support present. Debug log as below LibClamAV debug: bytecode: JIT disabled LibClamAV debug: Cannot prepare for JIT, LLVM is not compiled or not linked Thanks Ravi ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Broken.Executable FOUND for core files/core dumps
Thanks Kris for your comments. Currently we scan the incoming files(zips/archives) placed on the local hard drive with the clamdscan(which uses clamd daemon), Can you share more info on what you meant on handling the result differently if we are using the clamdscan? Thanks Ravi On Tue, Nov 7, 2017 at 5:00 AM, Kris Deugau wrote: > Ravi wrote: > >> Hi, >> >> Looking forward for comments and suggestions for the below reported issue >> from the community. >> > > Well, to answer your original question, it looks to me like the test is > doing exactly what it's supposed to. Core dumps would quite reasonably > contain executable chunks, but may not contain the complete executable, or > may come out with wrong code entry points, and so they are "broken" when > assumed to be executable files. > > For your use case you should probably either turn this test off, or adjust > your filter system glue layer to handle this result differently. Whether > you can do the latter depends on how you call Clam. > > -kgd > > > > On Oct 27, 2017 4:09 PM, "Ravi" wrote: >> >> Hi, >>> >>> We are seeing instances when customer uploads his zip files which >>> contains >>> core files/core dumps during scanning ClamAV is treating some of them as >>> “Heuristics.Broken.Executable FOUND”. Currently we have turned-on this >>> check in the clamd.conf as below. >>> >>> *# With this option clamav will try to detect broken executables (both PE >>> and* >>> *# ELF) and mark them as Broken.Executable.* >>> *# Default: no* >>> *DetectBrokenExecutables yes* >>> >>> The question is why ClamAV is treating core files/core dumps as >>> “Heuristics.Broken.Executable FOUND”. Is it safe to turn-off this setting >>> for ClamAV? or is there way to skip these checks for core files/core >>> dumps >>> in ClamAV? >>> >>> Thanks >>> Ravi >>> >>> >>> ___ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> >> > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Heuristics.Broken.Executable FOUND for core files/core dumps
Hi, Looking forward for comments and suggestions for the below reported issue from the community. Thanks Ravi On Oct 27, 2017 4:09 PM, "Ravi" wrote: > Hi, > > We are seeing instances when customer uploads his zip files which contains > core files/core dumps during scanning ClamAV is treating some of them as > “Heuristics.Broken.Executable FOUND”. Currently we have turned-on this > check in the clamd.conf as below. > > *# With this option clamav will try to detect broken executables (both PE > and* > *# ELF) and mark them as Broken.Executable.* > *# Default: no* > *DetectBrokenExecutables yes* > > The question is why ClamAV is treating core files/core dumps as > “Heuristics.Broken.Executable FOUND”. Is it safe to turn-off this setting > for ClamAV? or is there way to skip these checks for core files/core dumps > in ClamAV? > > Thanks > Ravi > > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Heuristics.Broken.Executable FOUND for core files/core dumps
Hi, We are seeing instances when customer uploads his zip files which contains core files/core dumps during scanning ClamAV is treating some of them as “Heuristics.Broken.Executable FOUND”. Currently we have turned-on this check in the clamd.conf as below. *# With this option clamav will try to detect broken executables (both PE and* *# ELF) and mark them as Broken.Executable.* *# Default: no* *DetectBrokenExecutables yes* The question is why ClamAV is treating core files/core dumps as “Heuristics.Broken.Executable FOUND”. Is it safe to turn-off this setting for ClamAV? or is there way to skip these checks for core files/core dumps in ClamAV? Thanks Ravi ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Error with ClamAv
Hi Al As per your advice I have made the screen-shots available on Dropbox, the web-links are as given below: Note: You may want to view them in the order given below ---Begin--- https://www.dropbox.com/s/rpeb61jbn1yo4k6/Selection_012.png?dl=0 https://www.dropbox.com/s/e2vksww0fyru2v2/Selection_013.png?dl=0 https://www.dropbox.com/s/r40pzi8i3ijucys/Selection_014.png?dl=0 https://www.dropbox.com/s/4c2sc4senczlv3c/Selection_015.png?dl=0 END Thanks Ravi Raj 7503506584 On Monday 31 July 2017 04:08 PM, Ravi Raj wrote: Hi Al In reference to your reply! May I send them as attachments to your personal email-id i.e. alvarn...@mac.com<mailto:alvarn...@mac.com>? Thanks Ravi Raj 7503506584 On Saturday 29 July 2017 02:19 PM, Ravi Raj wrote: Hi This issue started when I configured ClamAv to use with web-browser Mozilla Firefox, to scan web-content & web-pages for malicious web-links, contents etc. The problem is: 1) Whenever I open firefox or a new tab in it, I receive an error pop-up saying AVC Service Denial, details of which are provided in the screen-shots attached with this email. You may want to view these in numerical order i.e. Selection_.png. 2) Whenever I try to upload a file via firefox the tab crashes, thereby not allowing to upload file(s). I reported this problem to both Red Hat (Operating System) & Mozilla Firefox (Web-Browser), they both refer to this problem as being generated from ClamAv (Antivirus). What can done to resolve the issue? Waiting eagerly for your solution! Thanks Ravi Raj 7503506584 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Error with ClamAv
Hi Al In reference to your reply! May I send them as attachments to your personal email-id i.e. alvarn...@mac.com<mailto:alvarn...@mac.com>? Thanks Ravi Raj 7503506584 On Saturday 29 July 2017 02:19 PM, Ravi Raj wrote: Hi This issue started when I configured ClamAv to use with web-browser Mozilla Firefox, to scan web-content & web-pages for malicious web-links, contents etc. The problem is: 1) Whenever I open firefox or a new tab in it, I receive an error pop-up saying AVC Service Denial, details of which are provided in the screen-shots attached with this email. You may want to view these in numerical order i.e. Selection_.png. 2) Whenever I try to upload a file via firefox the tab crashes, thereby not allowing to upload file(s). I reported this problem to both Red Hat (Operating System) & Mozilla Firefox (Web-Browser), they both refer to this problem as being generated from ClamAv (Antivirus). What can done to resolve the issue? Waiting eagerly for your solution! Thanks Ravi Raj 7503506584 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Error with ClamAv
Hi This issue started when I configured ClamAv to use with web-browser Mozilla Firefox, to scan web-content & web-pages for malicious web-links, contents etc. The problem is: 1) Whenever I open firefox or a new tab in it, I receive an error pop-up saying AVC Service Denial, details of which are provided in the screen-shots attached with this email. You may want to view these in numerical order i.e. Selection_.png. 2) Whenever I try to upload a file via firefox the tab crashes, thereby not allowing to upload file(s). I reported this problem to both Red Hat (Operating System) & Mozilla Firefox (Web-Browser), they both refer to this problem as being generated from ClamAv (Antivirus). What can done to resolve the issue? Waiting eagerly for your solution! Thanks Ravi Raj 7503506584 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Verify Integrity of ClamAV Sources: Unable to find Sourcefire VRT key
Hi Joel Thanks for your reply! I am waiting with my fingers crossed! Thanks Ravi Raj 7503506584 On Friday 28 July 2017 01:24 PM, Ravi Raj wrote: Hi On the web page 'Upgrading Clamav' (i.e. https://www.clamav.net/documents/upgrading-clamav) towards the web-page section: 'How do I verify the integrity of ClamAV sources', I am done with installing GnuPG, but I am unable to find the: 1) Sourcefire VRT key i.e. the file: 'vrt.gpg', 2) Also, the stable release signed with Sourcefire VRT key i.e. the file: 'clamav-X.XX.tar.gz.sig'. Further, I have checked the corresponding VRT labs web-links provided there. I also visited their web page(s) & searched for above, but no key is available there! Please advice where I may find these keys? Waiting eagerly for your reply! Thanks Ravi Raj 7503506584 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: Configuring ClamAv
Hi Matus I did Install ClamAv, using the package on the web-page:http://www.clamav.net/downloads & the instructions given in the README & INSTALL files in the extracted package directory. The install finished successfully! Still the same error! What to do? Thanks Ravi Raj 7503506584 On Friday 28 July 2017 01:31 PM, Ravi Raj wrote: > Hi > > I have read the documentation for clamav configuration, when i run the > command for configuration i.e. 'clamd' i get the following Error output: > > [root@localhost ~]# clamd > ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf > > What to do? How to configure clamav? > > Thanks > > Ravi Raj > > 7503506584 > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Error: upgrading Clamav
Hi Steve I renamed the sample file & commented the Example line mentioned in your reply. When I run freshclam now, I get a new error as given below: [root@localhost ~]# freshclam ERROR: Can't change dir to /usr/local/share/clamav [root@localhost ~]# freshclam -d ERROR: Can't change dir to /usr/local/share/clamav What to do? Thanks Ravi Raj 7503506584 On Friday 28 July 2017 01:38 PM, Ravi Raj wrote: > Hi > > I have read the documentation for clamav upgrading, when i run the > commands for upgrade i.e. 'freshclam' & 'freshclam -d' i get the > following Error output: > > [root@localhost ~]# freshclam > ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf > [root@localhost ~]# freshclam -d > ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf > > > What to do? How to upgrade clamav? > > Thanks > > Ravi Raj > > 7503506584 > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Error: upgrading Clamav
Hi I have read the documentation for clamav upgrading, when i run the commands for upgrade i.e. 'freshclam' & 'freshclam -d' i get the following Error output: [root@localhost ~]# freshclam ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf [root@localhost ~]# freshclam -d ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf What to do? How to upgrade clamav? Thanks Ravi Raj 7503506584 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] ERROR: Configuring ClamAv
Hi I have read the documentation for clamav configuration, when i run the command for configuration i.e. 'clamd' i get the following Error output: [root@localhost ~]# clamd ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf What to do? How to configure clamav? Thanks Ravi Raj 7503506584 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Verify Integrity of ClamAV Sources: Unable to find Sourcefire VRT key
Hi On the web page 'Upgrading Clamav' (i.e. https://www.clamav.net/documents/upgrading-clamav) towards the web-page section: 'How do I verify the integrity of ClamAV sources', I am done with installing GnuPG, but I am unable to find the: 1) Sourcefire VRT key i.e. the file: 'vrt.gpg', 2) Also, the stable release signed with Sourcefire VRT key i.e. the file: 'clamav-X.XX.tar.gz.sig'. Further, I have checked the corresponding VRT labs web-links provided there. I also visited their web page(s) & searched for above, but no key is available there! Please advice where I may find these keys? Waiting eagerly for your reply! Thanks Ravi Raj 7503506584 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Segmentation fault (core dumped) for clamscan & clamdscan for large zip files
Hi Steve, Thanks for the reply, i need to check since this zips contain customer data. Any other insights from the data provided by me. Thanks Ravi - Hi Ravi, Thanks for reporting this. Is it possible to upload the file to dropbox (or other) for testing? Steve On Thu, Jul 13, 2017 at 5:24 AM, Ravi http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>> wrote: >* Hi, *>>* We observed that segfaults causing clamd crash when scanning a zip *>* file(around 190 MB) which gets extracted by clamd in /tmp which goes upto *>* around 4.3 GB which is crossing hardlimits(*set to filesize and scanszie of *>* 4294967295 bytes in clamd.conf*). The system(OEL Virtual Machine) has *>* around 12 GB total memory & free memory of around 9 GB when the scan was *>* run. Below is the more info. Need help here to resolve since previously we *>* had scanned files of around 5GB which was not causing the issues. *>>* OS version : Oracle Linux Server release 7.2 *>* System: CPU Core : 4, Memory: 12GB *>* ClamAV version: ClamAV 0.99.2/23555/Wed Jul 12 07:00:09 2017 *>>* *# clamconf* *>>* *Config file: clamd.conf* *>* *---* *>* *LogFile disabled* *>* *StatsHostID disabled* *>* *StatsEnabled disabled* *>* *StatsPEDisabled disabled* *>* *StatsTimeout disabled* *>* *LogFileUnlock disabled* *>* *LogFileMaxSize = "1048576"* *>* *LogTime disabled* *>* *LogClean disabled* *>* *LogSyslog = "yes"* *>* *LogFacility = "LOG_LOCAL6"* *>* *LogVerbose disabled* *>* *LogRotate disabled* *>* *ExtendedDetectionInfo disabled* *>* *PidFile = "/var/run/clamd.scan/clamd.pid"* *>* *TemporaryDirectory disabled* *>* *DatabaseDirectory = "/var/lib/clamav"* *>* *OfficialDatabaseOnly disabled* *>* *LocalSocket = "/var/run/clamd.scan/clamd.sock"* *>* *LocalSocketGroup disabled* *>* *LocalSocketMode disabled* *>* *FixStaleSocket = "yes"* *>* *TCPSocket = "3310"* *>* *TCPAddr = "127.0.0.1"* *>* *MaxConnectionQueueLength = "30"* *>* *StreamMaxLength = "26214400"* *>* *StreamMinPort = "1024"* *>* *StreamMaxPort = "2048"* *>* *MaxThreads = "50"* *>* *ReadTimeout = "300"* *>* *CommandReadTimeout = "5"* *>* *SendBufTimeout = "500"* *>* *MaxQueue = "100"* *>* *IdleTimeout = "30"* *>* *ExcludePath disabled* *>* *MaxDirectoryRecursion = "15"* *>* *FollowDirectorySymlinks disabled* *>* *FollowFileSymlinks disabled* *>* *CrossFilesystems = "yes"* *>* *SelfCheck = "600"* *>* *DisableCache disabled* *>* *VirusEvent disabled* *>* *ExitOnOOM disabled* *>* *AllowAllMatchScan = "yes"* *>* *Foreground disabled* *>* *Debug disabled* *>* *LeaveTemporaryFiles disabled* *>* *User = "clamav"* *>* *AllowSupplementaryGroups = "yes"* *>* *Bytecode = "yes"* *>* *BytecodeSecurity = "TrustSigned"* *>* *BytecodeTimeout = "5000"* *>* *BytecodeUnsigned disabled* *>* *BytecodeMode = "ForceInterpreter"* *>* *DetectPUA disabled* *>* *ExcludePUA disabled* *>* *IncludePUA disabled* *>* *AlgorithmicDetection = "yes"* *>* *ScanPE = "yes"* *>* *ScanELF = "yes"* *>* *DetectBrokenExecutables = "yes"* *>* *ScanMail = "yes"* *>* *ScanPartialMessages disabled* *>* *PhishingSignatures = "yes"* *>* *PhishingScanURLs = "yes"* *>* *PhishingAlwaysBlockCloak disabled* *>* *PhishingAlwaysBlockSSLMismatch disabled* *>* *PartitionIntersection disabled* *>* *HeuristicScanPrecedence disabled* *>* *StructuredDataDetection disabled* *>* *StructuredMinCreditCardCount = "3"* *>* *StructuredMinSSNCount = "3"* *>* *StructuredSSNFormatNormal = "yes"* *>* *StructuredSSNFormatStripped disabled* *>* *ScanHTML = "yes"* *>* *ScanOLE2 = "yes"* *>* *OLE2BlockMacros disabled* *>* *ScanPDF = "yes"* *>* *ScanSWF = "yes"* *>* *ScanXMLDOCS = "yes"* *>* *ScanHWP3 = "yes"* *>* *ScanArchive = "yes"* *>* *ArchiveBlockEncrypted disabled* *>* *ForceToDisk disabled* *>* *MaxScanSize = "4294967295"* *>* *MaxFileSize = "4294967295"* *>* *MaxRecursion = "16"* *>* *MaxFiles = "1"* *>* *MaxEmbeddedPE = "10485760"* *>* *MaxHTMLNormalize = "10485760"* *>* *MaxHTMLNoTags = "2097152"* *>* *MaxScriptNormalize = "5242880"* *>* *MaxZipTypeRcg = "10485
[clamav-users] Segmentation fault (core dumped) for clamscan & clamdscan for large zip files
lt;http://current.cvd.clamav.net>"* *DatabaseMirror = "db.us.clamav.net <http://db.us.clamav.net>"* *PrivateMirror disabled* *MaxAttempts = "3"* *ScriptedUpdates = "yes"* *TestDatabases = "yes"* *CompressLocalDatabase disabled* *ExtraDatabase disabled* *DatabaseCustomURL disabled* *HTTPProxyServer = "proxy "* *HTTPProxyPort = "80"* *HTTPProxyUsername = "test"* *HTTPProxyPassword = "test"* *HTTPUserAgent disabled* *NotifyClamd = "/etc/clamd.conf"* *OnUpdateExecute disabled* *OnErrorExecute disabled* *OnOutdatedExecute disabled* *LocalIPAddress disabled* *ConnectTimeout = "30"* *ReceiveTimeout = "30"* *SubmitDetectionStats disabled* *DetectionStatsCountry disabled* *DetectionStatsHostID disabled* *SafeBrowsing disabled* *Bytecode = "yes"* *clamav-milter.conf not found* *Software settings* *-* *Version: 0.99.2* *Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JIT* *Database information* ** *Database directory: /var/lib/clamav* *bytecode.cld: version 306, sigs: 65, built on Tue Jul 11 16:56:41 2017* *daily.cvd: version 23555, sigs: 1739528, built on Wed Jul 12 07:00:09 2017* *main.cld: version 58, sigs: 4566249, built on Wed Jun 7 16:38:10 2017* *Total number of signatures: 6305842* *Platform information* ** *uname: Linux 3.10.0-327.el7.x86_64 #1 SMP Fri Nov 20 00:18:34 PST 2015 x86_64* *OS: linux-gnu, ARCH: x86_64, CPU: x86_64* *zlib version: 1.2.7 (1.2.7), compile flags: a9* *Triple: x86_64-redhat-linux-gnu* *CPU: i686, Little-endian* *platform id: 0x0a2152520804080503040805* *Build information* *-* *GNU C: 4.8.5 20150623 (Red Hat 4.8.5-4) (4.8.5)* *GNU C++: 4.8.5 20150623 (Red Hat 4.8.5-4) (4.8.5)* *CPPFLAGS:* *CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wall -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99 -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE* *CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -std=gnu++98* *LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed* *Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-static' '--disable-rpath' '--disable-silent-rules' '--disable-clamav' '--with-user=clamupdate' '--with-group=clamupdate' '--with-libcurl=/usr' '--with-dbdir=/var/lib/clamav' '--enable-milter' '--enable-clamdtop' '--disable-unrar' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wall -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' --enable-ltdl-convenience* *sizeof(void*) = 8* *Engine flevel: 82, dconf: 82* *# clamdscan --fdpass 2017-05-31T074648_324659544758317C3438303034323238383731343438343933.zip* */AntiVirus/2017-05-31T074648_324659544758317C3438303034323238383731343438343933.zip: no reply from clamd* *--- SCAN SUMMARY ---* *Infected files: 0* *Total errors: 1* *Time: 14.427 sec (0 m 14 s)* *# dmesg* *[214766.813013] traps: polkitd[19511] general protection ip:7f96843eeca2 sp:7ffe16b8d010 error:0 in libmozjs-17.0.so <http://libmozjs-17.0.so>[7f96842b+3b3000]* *[215364.434433] clamd[25899]: segfault at 7f47925ec000 ip 7f47b832d20b sp 7f4792fea138 error 7 in libc-2.17.so <http://libc-2.17.so>[7f47b82a3000+1b4000]* *# clamscan --max-filesize=5000M --max-scansize=5000M 2017-05-31T074648_324659544758317C3438303034323238383731343438343933.zip* *WARNING: Numerical value for option max-filesize too high, resetting to 4G* *WARNING: Numerical value for option max-scansize too high, resetting to 4G* *Segmentation fault (core dumped)* Thanks Ravi ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Error: upgrading Clamav
Hi I have read the documentation for clamav upgrading, when i run the commands for upgrade i.e. 'freshclam' & 'freshclam -d' i get the following Error output: [root@localhost ~]# freshclam ERROR: Please edit the example config file /etc/freshclam.conf ERROR: Can't open/parse the config file /etc/freshclam.conf [root@localhost ~]# freshclam -d ERROR: Please edit the example config file /etc/freshclam.conf ERROR: Can't open/parse the config file /etc/freshclam.conf What to do? How to upgrade clamav? Thanks Ravi Raj 7503506584 ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Connection Refused error
We are trying to avoid installing clamd in developers workstations and instead let the integration server scan email attachments for this web application we are building. Is there any configuration change that lets my integration server scan file(s)? We can enable ports if needed within the organization. Thanks for your help! Ravi On Tue, Jul 26, 2016 at 12:11 PM, Dennis Peterson wrote: > Your previous post showed your clamd instance is bound to the loopback > interface and as such other systems cannot connect. But even if they could > what would they do? You surely don't want to ship whole file systems across > your network for scanning, do you? That would also be required if you wish > to scan email attachments. It can be done (think NFS) but the network > traffic may surprise you. > > dp > > On 7/25/16 1:17 PM, Ravi Maddi wrote: > >> Hi Dennis, >> I am trying to connect to a Clam AV running on a separate linux box...and >> if there is some configuration I have to do to connect? Or, Clam AV even >> allows that? >> >> The fact that you take `hostname` parameter makes me think it's possible. >> But, I am getting connection refused error. >> >> Thank you so much! >> >> Best, >> Ravi >> >> On Mon, Jul 25, 2016 at 1:20 PM, Ravi Maddi >> wrote: >> >> Thank you Dennis for your swift response. Yes, I got PONG as the >>> response. >>> >>> We are looking into firewall settings. Appreciate your swift response. >>> >>> Best regards, >>> Ravi >>> >>> On Mon, Jul 25, 2016 at 12:39 PM, Dennis Peterson >>> wrote: >>> >>> Try a simple test of the clamd connection with: >>>> >>>> echo "PING" | nc localhost 3310 >>>> >>>> It should return "PONG". If it does your problem is not related to >>>> clamd. >>>> >>>> dp >>>> >>>> On 7/25/16 7:44 AM, Ravi Maddi wrote: >>>> >>>> Hi Al, >>>>> I am new to clamav. I am able to install it on RHEL AWS environment >>>>> and >>>>> enabled it to run on port 3310. >>>>> >>>>> >>>>> ___ >>>> Help us build a comprehensive ClamAV guide: >>>> https://github.com/vrtadmin/clamav-faq >>>> >>>> http://www.clamav.net/contact.html#ml >>>> >>>> >>> ___ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Connection Refused error
Hi Dennis, I am trying to connect to a Clam AV running on a separate linux box...and if there is some configuration I have to do to connect? Or, Clam AV even allows that? The fact that you take `hostname` parameter makes me think it's possible. But, I am getting connection refused error. Thank you so much! Best, Ravi On Mon, Jul 25, 2016 at 1:20 PM, Ravi Maddi wrote: > Thank you Dennis for your swift response. Yes, I got PONG as the response. > > We are looking into firewall settings. Appreciate your swift response. > > Best regards, > Ravi > > On Mon, Jul 25, 2016 at 12:39 PM, Dennis Peterson > wrote: > >> Try a simple test of the clamd connection with: >> >> echo "PING" | nc localhost 3310 >> >> It should return "PONG". If it does your problem is not related to clamd. >> >> dp >> >> On 7/25/16 7:44 AM, Ravi Maddi wrote: >> >>> Hi Al, >>> I am new to clamav. I am able to install it on RHEL AWS environment and >>> enabled it to run on port 3310. >>> >>> >> ___ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Connection Refused error
Thank you Dennis for your swift response. Yes, I got PONG as the response. We are looking into firewall settings. Appreciate your swift response. Best regards, Ravi On Mon, Jul 25, 2016 at 12:39 PM, Dennis Peterson wrote: > Try a simple test of the clamd connection with: > > echo "PING" | nc localhost 3310 > > It should return "PONG". If it does your problem is not related to clamd. > > dp > > On 7/25/16 7:44 AM, Ravi Maddi wrote: > >> Hi Al, >> I am new to clamav. I am able to install it on RHEL AWS environment and >> enabled it to run on port 3310. >> >> > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Connection Refused error
Hi Al, I am new to clamav. I am able to install it on RHEL AWS environment and enabled it to run on port 3310. [ec2-user@ip-172-30-0-245 ~]$ sudo netstat -anp |grep 3310 tcp0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 2421/clamd However, I am trying to access it from the java program and I am getting connection refused error. Attached is the java program that tries to connect to clamd. Can you please shed some light into this problem? Below is the java program stacktrace: == 2016-07-25 09:37:10,215 [main] DEBUG n.taldius.clamav.impl.NetworkScanner - net.taldius.clamav.ScannerException: Error while requesting protocol channel net.taldius.clamav.ScannerException: Error while requesting protocol channel at net.taldius.clamav.impl.NetworkScanner.openProtocolChannel(NetworkScanner.java:163) at net.taldius.clamav.impl.NetworkScanner.performScan(NetworkScanner.java:57) at com.ecorrservices.util.ClamAVVirusHandler.fileScanner(ClamAVVirusHandler.java:90) at com.ecorrservices.util.ClamAVVirusHandler.fileScanner(ClamAVVirusHandler.java:76) at com.ecorrservices.util.ClamAVVirusHandler.main(ClamAVVirusHandler.java:102) Caused by: java.net.ConnectException: Connection refused: connect at java.net.DualStackPlainSocketImpl.connect0(Native Method) at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at java.net.Socket.connect(Socket.java:538) at net.taldius.clamav.impl.NetworkScanner.openProtocolChannel(NetworkScanner.java:139) ... 4 more Out put == false Thank you, Ravi ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml