Re: [clamav-users] Same system but different daily

[newcomer01 via clamav-users]

Hey Thomas,

this happens sometimes, by unknown reasons and ClamAV can't prevent it.
Maybe interesting for you: 
https://blog.clamav.net/2021/03/clamav-cvds-cdiffs-and-magic-behind.html
BTW: in your freshclam.log you can find follow: "We revieve an older daily.CVD file 
then advertised, so we are up to date we do incremental update (or similiar in 
wording)".
Hope this will help you.

kind greetings
Marc

Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Thomas Barth 
Gesendet / Sent: Samstag, Mai 25, 2024 um 19:55 (at 07:55 PM) +0200
Betreff / Subject: [clamav-users] Same system but different daily

Hello,

I've two equal system, but today I saw that on server 1 there is a
daily.cld (202299904 Bytes) and on server 2 a daily.cvd instead
(63677565 Bytes). On both servers I see the message "daily... database
is up-to-date".

Server 1
ls -al /var/lib/clamav/daily.cld
-rw-r--r-- 1 clamav clamav 202299904 May 25 10:48
/var/lib/clamav/daily.cld

systemctl status clamav-freshclam.service
... -> daily.cld database is up-to-date (version: 27286, sigs: 2061720,
f-level: 90, builder: raynman)

Server 2
ls -al /var/lib/clamav/daily.cvd
-rw-r--r-- 1 clamav clamav 63677565 May 25 15:11
/var/lib/clamav/daily.cvd
... -> daily.cvd database is up-to-date (version: 27286, sigs: 2061720,
f-level: 90, builder: raynman)


Why different daily-Files with same amount of sigs, but different type
and size?
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] 100% CPU usage in clamd

[newcomer01 via clamav-users]

Hello,

it "should"?
Sometimes the CDN delivers an older definition as advertised and then you get 
cld and not cvd.
Unfortunaly clamav can't do something in this case.
Please read "The Magic behind cvd's, cld's and cdiff's": 
https://blog.clamav.net/2021/03/clamav-cvds-cdiffs-and-magic-behind.html
But you are right, clamav should normally detect the signatures as out-dated.

kind greetings
newcomer01


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Masaru Nomiya 
Gesendet / Sent: Samstag, März 16, 2024 um 12:04 (at 12:04 PM) +0100
Betreff / Subject: Re: [clamav-users] 100% CPU usage in clamd

Hello,

Sorry for late reply.

In the Message;

   Subject: Re: [clamav-users] 100% CPU usage in clamd
   Message-ID : 

   Date & Time: Fri, 15 Mar 2024 23:55:13 +0900

[TI] == Taizo ITO via clamav-users  has written:

TI>  Hello,

TI>  Thank you for the reply.

TI>  Clamd version is, v1.3.0 but the issue also happened in v1.2.1.
TI>  My first question might have been wrong because the problem happened
TI>  with the latest virus database "Version: 27215" as well.
TI>  I'm using "clamdscan" to scan a file. Scanning 3 files in parallel
TI>  caused almost 300% in CPU workload.
[...]

The daily.cvd is out of date, should be daily.cld now?
When you run freshclam, doesn't it say it's out of date?

Here is mine as of 1.3.0;

-rw-r--r-- 1 vscan vscan   1411072  2月 28 06:28 bytecode.cld
-rw-r--r-- 1 vscan vscan 199960064  3月 16 18:00 daily.cld
-rw-r--r-- 1 vscan vscan69  5月  5  2022 freshclam.dat
-rw-r--r-- 1 vscan vscan 170479789  5月  5  2022 main.cvd
drwx-- 1 vscan vscan   192  7月 18  2022 tmp.ce63819e4

and,

  # sigtool -i /var/lib/clamav/daily.cld
  File: daily.cld
  Build time: 16 Mar 2024 04:30 -0400
  Version: 27216
  Signatures: 2055383
  Functionality level: 90
  Builder: raynman
  Verification OK.

Best Regards.

---
┏━━┓彡 野宮  賢 mail-to: nomiya @ lake.dti.ne.jp
┃＼／彡
┗━━┛  "Companies have come to view generative AI as a kind of monster that
  must be fed at all costs―even if it isn’t always clear what exactly
  that data is needed for or what those future AI systems might end up
  doing."

 -- Generative AI Is Making Companies Even More Thirsty for Your Data --
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] [ext] ClamAV 1.3.0 second release candidate published!

[newcomer01 via clamav-users]

sure, 1.2.0-rc2 is obsolete ;-)

try: https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.3.0-rc2


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Ralf Hildebrandt 
Gesendet / Sent: Donnerstag, Januar 25, 2024 um 09:55 (at 09:55 AM) +0100
Betreff / Subject: Re: [clamav-users] [ext] ClamAV 1.3.0 second release 
candidate published!

You can find the source code and installers for this release on 
the 
clamav.net/downloads page or the ClamAV GitHub 
release 
page.

https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.2.0-rc2
returns a 404.



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] clamav-safebrowsing status

[newcomer01 via clamav-users]

sorry, safe browsing is never support (and updated) anymore since google has 
change the type of license.
Maybe you find a commercial solution which is suitable for you.

kind greetings
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Alex 
Gesendet / Sent: Freitag, Januar 05, 2024 um 20:30 (at 08:30 PM) +0100
Betreff / Subject: [clamav-users] clamav-safebrowsing status

Hi,

Can someone tell me if the Google Safebrowsing package and the clamav support 
for it is still useful? Is it still being developed? It does appear Google 
development has stopped for this project, but maybe the data is still being 
updated?

Perhaps there's a more modern alternative?

Thanks,
Alex


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Clamav does not recognize known viruses

[newcomer01 via clamav-users]

Hi Sebastian,

here on Ubuntu LTS i have the same issue.

Check the permission for:

-  /etc/init.d/clamav-deamon
- /etc/init.d/clamav-freshclam

By unknown reasons, they have the wrong permission by default.
It must have 0755, then it works well!

kind greetings
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Sebastian 
Gesendet / Sent: Donnerstag, Dezember 21, 2023 um 10:04 (at 10:04 AM) +0100
Betreff / Subject: [clamav-users] Clamav does not recognize known viruses

Good morning,

I use clamav with the additional signatures from securiteinfo.

ClamAV 0.103.10/27129/Wed Dec 20 10:38:37 2023

Some time ago clamav was due for an update - since then it has
recognized almost nothing.

I start the scan with:

clamscan  -i   --move=/home/virusverdacht/erkannt  /home/virusverdacht

/etc/clamav/freshclam.conf:


[...]
DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 0
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malware.expert.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/crdfam.clamav.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/xx/securiteinfo.hdb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/x/securiteinfo.ign2
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures//javascript.ndb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/x/spam_marketing.ndb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/x/securiteinfohtml.hdb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/x/securiteinfoascii.hdb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/x/securiteinfoandroid.hdb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/x/securiteinfoold.hdb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/x/securiteinfopdf.hdb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/x/securiteinfo0hour.hdb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/x/securiteinfo.mdb
DatabaseCustomURL
https://www.securiteinfo.com/get/signatures/x/securiteinfo.yara
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/
/securiteinfo.pdb
[...]


/etc/clamav/clamav.conf
[...]
LogFile /var/log/clamav.log
LogTime yes
LogSyslog yes
LogFacility LOG_LOCAL2

PidFile  /var/amavis/clamd.pid
DatabaseDirectory /var/clamav
OfficialDatabaseOnly no
LocalSocket  /var/amavis/clamd
LocalSocketMode 660

FixStaleSocket yes

DetectPUA yes

IncludePUA Spy
IncludePUA Scanner
IncludePUA RAT

AlgorithmicDetection yes

Re: [clamav-users] Cloudflare block me

[newcomer01 via clamav-users]

Hello,

i see two possible reasons:

1.) you are using http instead of https
2.) you call db.fr.* and locally based db-files will never supported anymore, 
so i mean
3.) safebrwsing.* is never support anymore (when i understood Micah Snyder well)

Let clamav do his job.

For your freshclam.conf (feeld free to change things for your setting):

UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose no
LogSyslog no
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate false
LogTime yes
Foreground false
Debug false
MaxAttempts 12
ScriptedUpdates yes

DatabaseOwner clamav
DatabaseMirror database.clamav.net
DatabaseMirror db.local.clamav.net
Bytecode true
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 60
ReceiveTimeout 60
TestDatabases yes
CompressLocalDatabase no
Checks 24


Von / From: Clamav User Mailinglist 
An / To: Marc Püschel 
CC / CC: Vedeau Jérôme 
Gesendet / Sent: Freitag, November 17, 2023 um 08:00 (at 08:00 AM) +0100
Betreff / Subject: [clamav-users] Cloudflare block me

Hello,

Can you help us to resolve this issue : We are blocked by Cloudfare when you 
try to connect to :

http://db.fr.clamav.net/main.cvd

http://db.fr.clamav.net/daily.cvd

http://db.fr.clamav.net/bytecode.cvd

http://db.fr.clamav.net/safebrowsing.cvd

Cloudflare Ray ID: *8266a4a8d9d1f0b7*

IP :  212.243.21.99

Thanks to you for support

Best regards,

logo-fer



*Jérôme VEDEAU*
Externe
Intégration / exploitation
Systèmes d'information
98, rue de Saint-Jean - Case postale - 1211 Genève 3
T
jerome.ved...@fer-ge.ch


icone_www icone_fb icone_in 
icone_tw instagram-icon_20x20px 
youtube20x20 icone_tiktok 


--

*Avertissement :*"Ce message peut contenir des informations confidentielles, 
couvertes par le secret professionnel ou réservées exclusivement à leur destinataire. 
Toute lecture, utilisation, diffusion ou divulgation sans autorisation expresse est 
rigoureusement interdite. Si vous n'en êtes pas le destinataire, merci de prendre contact 
avec l'expéditeur et de détruire ce message"



*Disclaimer :*"This e-mail, and any attachments thereto, is intended only for the 
addressee(s) named herein and may contain legally privileged and/or confidential 
information. If you are not the intended recipient of this e-mail, you are hereby 
notified that any dissemination, distribution or copying of this e-mail, and any 
attachments thereto, is strictly prohibited. If you have received this e-mail by error, 
please notify me immediately by telephone and permanently delete the original and any 
copy of this."


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] first questioon????

[newcomer01 via clamav-users]

Hello Rahim,

sorry for my late reply, was little busy.
This option are not possible, you need Linux (not Android!) on your Phone and root access 
and a complete "installation" of clamscan and freshclam and mybe some cronjobs.

kind greetings
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Rahim Fakir 
Gesendet / Sent: Montag, Oktober 23, 2023 um 00:18 (at 12:18 AM) +0200
Betreff / Subject: [clamav-users] first questioon

I would like to know if it is possible to have clamav on the desktop and 
remotely scan the phone.
for example: clamscan -r -i remove=yes ipaddress root.of.cellphone


Eu desejava saber se é possível ter o clamav no desktop e remotamente fazer um 
scan ao telemovel.
for example: clamscan -r -i remove=yes ipaddress root.of.cellphone

Rahim 00351 933 5959 74 is bugged

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] About PDF files detected as encrypted files

[newcomer01 via clamav-users]

When i read this well, 0.102.* isnt support anymore.
Force an AV update, see https://docs.clamav.net/faq/faq-eol.html


Von / From: Tsutomu Oyamada 
An / To: Newcomer01 
Gesendet / Sent: Dienstag, Oktober 10, 2023 um 12:32 (at 12:32 PM) +0200
Betreff / Subject: [clamav-users] About PDF files detected as encrypted files

Hi, all

We received following report from one of our users.
The user is uisng Clamd0.103 on AIX7,2.

When clamd with the option "ArchiveBlockEncrypted" ON scans a specifc PDF which is locked 
for editing, it is detected as "Heuristics.Encrypted.PDF FOUND".
The PDF is locked for editing, but not locked for viewing.
The PDF file can be found at the following URL.
https://www.promark-inc.com/dl/temp/214-230137_01_006.pdf

It looks like the same behavior when clamd scans a PDF which is locked for 
viewing.
The log is as follows;

Fri Sep 29 14:35:33 2023 -> /home/user/214-230137_01_006.pdf:
Heuristics.Encrypted.PDF(52d94f1cc9d57e3b350c4cec85c68387:222005) FOUND

We could reproduce the behavior on our test environment, clamd daemon 1.0.2 
(OS: Linux, ARCH: x86_64, CPU: x86_64).

Could you tell us how to fix it to scan that PDF properly?

T.O

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Freshclam version 1.0.2 warnings

[newcomer01 via clamav-users]

look at this: https://github.com/Cisco-Talos/clamav/issues/1015


Von / From: Jorge Bastos 
An / To: Newcomer01 
CC / CC: Matus Uhlar - Fantomas 
Gesendet / Sent: Sonntag, September 03, 2023 um 18:23 (at 06:23 PM) +0200
Betreff / Subject: Re: [clamav-users] Freshclam version 1.0.2 warnings


On 2023-09-03 15:36, Matus UHLAR - fantomas wrote:


On 02.09.23 22:32, Jorge Bastos wrote:

Since version 1.0.2 i'm having this information on freshclam update, in 
previous 1.0.0 it was not happening.
Any ideia how to solve it, or it's something that has an ongoing fix?
Sat Sep  2 21:25:12 2023 -> Received signal: wake up
Sat Sep  2 21:25:13 2023 -> ClamAV update process started at Sat Sep  2 
21:25:13 2023
Sat Sep  2 21:25:13 2023 -> daily.cld database is up-to-date (version: 27019, 
sigs: 2040213, f-level: 90, builder: raynman)
Sat Sep  2 21:25:13 2023 -> main.cvd database is up-to-date (version: 62, sigs: 
6647427, f-level: 90, builder: sigmgr)
Sat Sep  2 21:25:13 2023 -> bytecode.cvd database is up-to-date (version: 334, 
sigs: 91, f-level: 90, builder: anvilleg)
Sat Sep  2 21:25:14 2023 -> WARNING:  *** RESULT 304, SIZE: 0 ***
Sat Sep  2 21:25:14 2023 -> malware.expert.ndb is up-to-date (version: custom 
database)


HTTP code 304 means "not modified" which means your files are accurate.

I have no idea why that produces warning, it should be treated as OK state, 
possibly INFO message...


Oh I see, it's the HTTP code, didn't associated to that.
well, maybe someone left this warning info for debug, I had no change on my 
configuration,


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Freshclam version 1.0.2 warnings

[newcomer01 via clamav-users]

Maybe a newer clamav update has change your freshclam.conf-file please check 
your settings for:

Debug
TestDatabases

here on my ubuntu all updates change anything on my system and i don't why 
ubuntu this do ...


Von / From: Jorge Bastos 
An / To: Newcomer01 
CC / CC: Matus Uhlar - Fantomas 
Gesendet / Sent: Sonntag, September 03, 2023 um 18:23 (at 06:23 PM) +0200
Betreff / Subject: Re: [clamav-users] Freshclam version 1.0.2 warnings


On 2023-09-03 15:36, Matus UHLAR - fantomas wrote:


On 02.09.23 22:32, Jorge Bastos wrote:

Since version 1.0.2 i'm having this information on freshclam update, in 
previous 1.0.0 it was not happening.
Any ideia how to solve it, or it's something that has an ongoing fix?
Sat Sep  2 21:25:12 2023 -> Received signal: wake up
Sat Sep  2 21:25:13 2023 -> ClamAV update process started at Sat Sep  2 
21:25:13 2023
Sat Sep  2 21:25:13 2023 -> daily.cld database is up-to-date (version: 27019, 
sigs: 2040213, f-level: 90, builder: raynman)
Sat Sep  2 21:25:13 2023 -> main.cvd database is up-to-date (version: 62, sigs: 
6647427, f-level: 90, builder: sigmgr)
Sat Sep  2 21:25:13 2023 -> bytecode.cvd database is up-to-date (version: 334, 
sigs: 91, f-level: 90, builder: anvilleg)
Sat Sep  2 21:25:14 2023 -> WARNING:  *** RESULT 304, SIZE: 0 ***
Sat Sep  2 21:25:14 2023 -> malware.expert.ndb is up-to-date (version: custom 
database)


HTTP code 304 means "not modified" which means your files are accurate.

I have no idea why that produces warning, it should be treated as OK state, 
possibly INFO message...


Oh I see, it's the HTTP code, didn't associated to that.
well, maybe someone left this warning info for debug, I had no change on my 
configuration,


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] QNAP NAS virus definition updates.

[newcomer01 via clamav-users]

i mean, there is no static ip or port, this are various as always, you can do 
an dns check for current.cvd.clamav.net


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Thomas Oneill 
Gesendet / Sent: Freitag, August 25, 2023 um 20:29 (at 08:29 PM) +0200
Betreff / Subject: [clamav-users] QNAP NAS virus definition updates.

Hello all!
I was wondering if anyone knows the ports or IP addresses that my QNAP NAS 
reaches out to in order to receive definition updates. I have locked down my 
firewall but would like to allow the automatic updates.

Thanks,

Tom

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Help clamdscan faster

[newcomer01 via clamav-users]

Hello,

yes as a result of architecture there is the limit of 2gb for each single file, 
if the file is larger then the limit you will get an false-positive scan result 
for this file.
-> please feel free to read what you find interesting: 
https://docs.clamav.net/Introduction.html

kind greetings
newcomer01


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Nhat Tran Xuan 
Gesendet / Sent: Mittwoch, August 23, 2023 um 20:25 (at 08:25 PM) +0200
Betreff / Subject: [clamav-users] Help clamdscan faster

Hello,
We are running a file management project with file storage using amazon S3.

Our core architecture isevery time there is an event to upload or edit a file 
on s3, it will trigger an event to run an ECS task, that ECS will be a 
container containing clamAV to scan for viruses of that file.
The whole process of the task is :  download the file from s3 -> scan the file for 
viruses ->  push scan result to a webhook to display the message

1.How do you think about this architecture?

2.We are seeing that scanning takes a long time with large excel files ( ~20min 
for 2-3GB file), is there any way to make it faster?

3. We are using "clamdscan" , is there any limit on how many files ( in folder 
) can be scanned at once or maximum file size ?

3.If we run the ECS Fargate task with 2vCPU - 8GB RAM, will we be able to scan 
the maximum file size? 20GB file size can be scannable?

Best regards,
Harry Tran

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV Current CDN Rate Limit

[newcomer01 via clamav-users]

don't know about a rate limit.
You should not update more then once an hour, or you get blocked from cdn for 
the next 24 hours - that's fact.


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Jaspreet Nahal 
Gesendet / Sent: Dienstag, Juli 18, 2023 um 19:10 (at 07:10 PM) +0200
Betreff / Subject: [clamav-users] ClamAV Current CDN Rate Limit

Hi,

I'm building an application using ClamAV as our AV of choice and trying to 
evaluate the different approaches to avoiding hitting the CDN more than what is 
absolutely necessary. As a part of this quest, would you be able to share how 
and when the CDN rate limit is applied? I know configuration is likely to 
change in the future, but just would like to have a general idea for planning 
purposes.

Thank you!

Best,
Jaspreet Nahal

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Cloudflare ban?

[newcomer01 via clamav-users]

Hi,

please check to freshclam.log for more detailed informations whats going on.

kind greetings
Marc

Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Łukasz Baniecki 
Gesendet / Sent: Mittwoch, Juli 05, 2023 um 10:21 (at 10:21 AM) +0200
Betreff / Subject: [clamav-users] Cloudflare ban?

Hi,
I already wrote in this topic ealier this year, about my ip
(95.215.234.142) being blocked, so cvdupdate doesn't work. You helped
me, so you are not blocking my ip and suggested that maybe I'm blocked
on cloudflare. I have made more tests and I think that must be it, so
I just did freshclam --verbose and here is my Cloudflare Ray ID:
7e1e292a4fe60046-WAW. Please check if at some level I am blocked and
if so, why? Note: I'm not from Russia, I am from Poland.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] local wdb file to ignore specific URL

[newcomer01 via clamav-users]

i don't work with clamd and use a wdb file too.
its only important, that you have set /etc/init.d/clamav-deamon to proper mode, 
the default 0644 (no execution for all) in my case don't work and clamscan 
ignores my wdb file (sure, nobody is able to execute the deamon with the 
default mode).


Von / From: Joe A 
An / To: Newcomer01 
Gesendet / Sent: Montag, Juni 19, 2023 um 16:08 (at 04:08 PM) +0200
Betreff / Subject: [clamav-users] local wdb file to ignore specific URL

A good while back I created a local wdb file to ignore heuristic checks
for a couple of specific emails.

Worked well, till the other day.  Seems one of the (monthly) emails I
get changed one of the URL links.  Now, I cannot seem to get these
recognized.

Do changes to local files like wdb's require a restart of clamd service?
   I have been, but don't know if that's required.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to unblock a public IP?

[Newcomer01 via clamav-users]

there is no way, your ip will be unblocked from cdn automatically after 24 
hours


Am 9. Juni 2023 00:23:31 schrieb presario2133--- via clamav-users 
:


Hello,


how can I declare my public ip address so that it is not blocked when 
downloading databases


Le jeudi 8 juin 2023 à 22:22:10 UTC+2, Micah Snyder (micasnyd) via 
clamav-users  a écrit :



If you wish to ignore the PUA.Doc.Tool.LibreOfficeMacro-2 signature, you 
can create a .ign2 signature file in your clamav database directory.



See 
https://docs.clamav.net/manual/Signatures/AllowLists.html#signature-ignore-lists 
for details.





Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of Tim 
McConnell via clamav-users 

Sent: Thursday, June 8, 2023 10:12 AM
To: Joel Esler ; ClamAV users ML 


Cc: Tim McConnell 
Subject: Re: [clamav-users] How do I get something added to the ignore list
Well I would assume the clam DB but I've no idea how or any of that. I 
would think the new Macro for Libre Office Calc would be in there already 
but I've been wrong before.



On Thu, 2023-06-08 at 13:03 -0400, Joel Esler wrote:

What db do you think you want to add it to?

—
Sent from my iPhone

On Jun 8, 2023, at 12:35, Tim McConnell via clamav-users 
 wrote:



Thanks for that AL, now how do I add to the DB? Two things I'm not is a 
programmer or DBA :-(

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Now i know what is the problem!

[newcomer01 via clamav-users]

here ist the download to the .zip file
https://filehorst.de/d/evcoHEae

for additional infos about filesystem, usage, so on please see attached 
screenshot.
My mails are in /home/USERNAME/.thunderbird/ ...


Von / From: Noel Jones <mailto:njo...@megan.vbhcs.org>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
Gesendet / Sent: Samstag, Mai 06, 2023 um 23:07 (at 11:07 PM) +0200
Betreff / Subject: Re: [clamav-users] Now i know what is the problem!

On May 6, 2023, at 11:14 AM, newcomer01 via clamav-users 
 wrote:


For whatever reason, this happens when a mail is only a few kb in size but has 
absolutely no content, I opened the affected mail with every text editor, and 
it was empty in all of them.


This needs further explanation. A file that’s a few kb can’t also be empty. 
Please provide the file somewhere - pastebin or such.



Why this mail is empty from yesterday to today I don't know.

This suggests a file system or disk problem. What is the file system?

Maybe clamscan is hung waiting on broken disk io

Clamav, nor anything, can be expected to work normally and reliably if there 
are underlying system problems.


   — Noel Jones
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Now i know what is the problem!

[newcomer01 via clamav-users]

Hi @ all,
Hi Micah,

now i know what the problem is with clamscan (see text below in quote).
Strangely enough, with the same .eml files, all scans went through yesterday 
without any problems.
Today the very first scan caused clamscan to hang again, it just stopped 
scanning.

For whatever reason, this happens when a mail is only a few kb in size but has 
absolutely no content, I opened the affected mail with every text editor, and 
it was empty in all of them.

Why this mail is empty from yesterday to today I don't know.
Here one would have to investigate and build in additional error handling.
The process just hung, with no error message or log.

@Micah Snyder: should I open a ticket on github?

kind greetings
Marc



Hi there,

do we have currently a problem with the database files?
my cronjob, stops without any error or something on scanning files and in case 
did not delete his tmp files.

Yesterday I have deleted a lot of mails and this solved the problem yesterday 
but today the same problem, with messages that yesterday worked well!

can anybody confirm this problem too?

@Micah Synder?

kind greetings
newcomer01

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] PhpList -> Postfix -> Amavis->Clamscan and Whiltelists

[newcomer01 via clamav-users]

you can bypass the spam-check but i think not the virus checks
https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Wayne Spivak 
Gesendet / Sent: Montag, April 24, 2023 um 15:56 (at 03:56 PM) +0200
Betreff / Subject: [clamav-users] PhpList -> Postfix -> Amavis->Clamscan and 
Whiltelists


I have run PhpList on my server which is also the e-mail server.

I am the only user of PhpList and only use one email address to send email.

Can I whitelist / disable / [fill-in term] that address to bypass the Spam & 
Virus Checks?

Help greatly appreciated.

Wayne


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Error Message from clamd

[newcomer01 via clamav-users]

is the path to your mails (maybe inbox only) correct configured?
have your clamav and your maildir the same permissions?


Von / From: Doug Hardie 
An / To: Newcomer01 
Gesendet / Sent: Samstag, April 01, 2023 um 10:17 (at 10:17 AM) +0200
Betreff / Subject: [clamav-users] Error Message from clamd

I have started receiving the following error message on every received email:

Unable to determine the filepath given the file descriptor

FreeBSD 13.1, Postfix, clamav-milter, clamd
clamav-1.0.1,1

As a result the test virus is not detected, but the email gets a 
X-Virus-Status: Clean header added.  I can't find any description of this error 
anywhere.  How can I figure out what the problem is?

-- Doug



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] official document for creating signatures ?

[newcomer01 via clamav-users]

Hello Arnaud,

does this help?
https://docs.clamav.net/manual/Signatures.html

kind greetings
Marc


Von / From: Arnaud Jacques 
An / To: Newcomer01 
Gesendet / Sent: Donnerstag, März 30, 2023 um 12:10 (at 12:10 PM) +0200
Betreff / Subject: [clamav-users] official document for creating signatures ?

Hello,

Where is the official document for creating signatures ?

https://www.clamav.net/doc/latest/signatures.pdf -> 404
https://github.com/Cisco-Talos/clamav/blob/main/docs/signatures.pdf -> 404


--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.60.47.09.81
E-mail :a...@securiteinfo.com
Site web :https://www.securiteinfo.com
Facebook :https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Writing signatures for ClamAV antivirus since 2006

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

as i explained before, please check all given paths.
it must start with "^/DIR/DIR/DIR/ [ ... so on]/"
please don't name folders or files only, always to whole path to dir/file!
i am not sure if the asterisk "*" work ...
by the way: you search with -recursive="yes" right?
then you don't need the "*" clamscan will scan in depth => this means 
-recursive="yes" 
do you use -detect-pua="yes" or -detect-upa without "yes"?

seems that you have run clamscan not as sudo, you don't have the permission to 
scan some path, that's the log says


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Freitag, März 24, 2023 um 18:25 (at 06:25 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc & Andrew,
Okay now I'm really confused :-(
If I add what Andrew suggests it complains about "/usr/bin/clamscan:
unrecognized option" and points to the exclude thing. The $EXCLUDE=
getting removed fixes that and then gives this output:
$ ./clammy.sh
Loading:58s, ETA:   0s [>]8.66M/8.66M
sigs
Compiling:  11s, ETA:   0s [>]   41/41
tasks

/home/tmick/package-lock.json: OK
/home/tmick/.profile: OK
/home/tmick/.signature: OK
/home/tmick/.aspell.en.prepl: OK
/home/tmick/.gitconfig: OK
/home/tmick/.bash_logout: OK
/home/tmick/.debian11.draft.txt: OK
/home/tmick/.mailcap: OK
/home/tmick/.lesshst: OK
/home/tmick/.steampath: Symbolic link
/home/tmick/test.db: Empty file
/home/tmick/.reportbugrc: OK
/home/tmick/.lightyears.cfg: OK
/home/tmick/.aspell.en.pws: OK
/home/tmick/.Xauthority: OK
/home/tmick/.face: OK
/home/tmick/package.json: OK
/home/tmick/.bash_history: OK
/home/tmick/.boxes-unknown.draft.txt: OK
/home/tmick/.pdsettings: OK
/home/tmick/mysqlaccess.log: Empty file
/home/tmick/journalctl-error.txt: Access denied
/home/tmick/clammy.sh: OK
/home/tmick/.selected_editor: OK
/home/tmick/.xsession-errors.old: OK
/home/tmick/.python_history: OK
/home/tmick/.sudo_as_admin_successful: Empty file
/home/tmick/.xsession-errors: OK
/home/tmick/.dmrc: OK
/home/tmick/firstDB.cfuJ: OK
/home/tmick/.bashrc: OK
/home/tmick/.gnomenightly.draft.txt: OK
/home/tmick/.isag.cfg: OK
/home/tmick/.steampid: Symbolic link
/home/tmick/.wget-hsts: OK
/home/tmick/.mysql_history: OK
/home/tmick/mysql.db: Empty file

--- SCAN SUMMARY ---
Known viruses: 8659055
Engine version: 1.0.1
Scanned directories: 1
Scanned files: 30
Infected files: 0
Total errors: 1
Data scanned: 14.33 MB
Data read: 29.42 MB (ratio 0.49:1)
Time: 78.193 sec (1 m 18 s)
Start Date: 2023:03:24 11:52:59
End Date:   2023:03:24 11:54:17
./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No such
file or directory (which is correct, I haven't gotten that far yet.)
./clammy.sh: line 10: --detect-pua: command not found (HUNH? The man
pages says it's a command?)

And the History in ClamTK shows:
---


WARNING: ^/home/tmick/.clamtk/viruses: Can't access file
WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access file
WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't access
file
WARNING: ^/home/tmick/Nextcloud/*: Can't access file
WARNING: /run/user/tmick/gvfs: Can't access file
WARNING: ^.evolution: Can't access file
and the directories I'm trying to exclude are still scanned?
I'm using Debian Bookworm and the man pages (Debian README.zip also)
state there are changes from the "upstream version".
  But the script does run.
Thanks for the advice given so far.




___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

--database="/etc/clamav/freshclam.conf" \ here you should have to path to your 
.cvd, .dat, so on files
and not the dir to you conf file - clamscan did not support to read the 
con.file while scanning
see clamscan --help

i think, this here will also not work, you create dynamically by date your log files, 
this is okay but the option --log="" did'nt create this file if it not exists.
Maybe you should have a rule that creates this log file, if it not exists -> 
read doku for touch

this here i would change additionally:
/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \

/usr/bin/clamscan \
--exclude ="^/home/tmick/.clamtk/viruses/" \


but now it looks good for me, this should work now - good job.


kind greetings
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Donnerstag, März 23, 2023 um 23:32 (at 11:32 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Okay Marc,
I came up with this:
#/bin/bash
declare clammy.sh

PATH=/bin:/usr/bin:/sbin:/usr/sbin

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
--exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
--exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/" # Try to
exclude everything in ACI_Learning dir
--exclude="^/home/tmick/Nextcloud/" # Try to exclude everything under
Nextcloud dir
--exclude="^/run/user/tmick/gvfs/" \
--exclude="^/home/tmick/.gvfs/" \
--exclude="^/home/tmick/.evolution" \
--detect-pua="yes" \
--recursive="yes" \
--quiet \
--infected \
--database="/etc/clamav/freshclam.conf" \
--log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log until
I'm sure this works :-)



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

and please note: your own sh script needs chmod 0775 - it must be run as 
program for all users!
your log folder should have chmod 0775 and your log files inside chmod 0644 - 
bust this are suggestions only


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

So Marc, you're saying do something like this:

#/bin/bash
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron?
For example 0 1 *** clammy.sh
correct??



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

try this, but check my ** COMMENTS ** please

---

#!/bin/bash

PATH=/bin:/usr/bin:/sbin:/usr/sbin

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
--exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
--exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/*" ** HERE I DON'T 
KNOW WHAT YOU TRY TO MATCH ** \
--exclude="^/home/tmick/Nextcloud/*" ** SAME HERE ** \
--exclude="smb4k" ** WILL NOT WORK - COMPLETE PATH ** \
--exclude="^/run/user/tmick/gvfs/" \ --exclude="^/home/tmick/.gvfs/" \
--exclude="^.thunderbird" \ ** WILL NOT WORK - COMPLETE PATH **
--exclude="^.mozilla-thunderbird" \** WILL NOT WORK - COMPLETE PATH **
--exclude="^.evolution" \ ** WILL NOT WORK - COMPLETE PATH **
--exclude=Mail -i /home/tmick \ ** DON'T KNOW WHAT THIS DO **
--detect-pua="yes" \
--recursive="yes" \
--quiet \
--infected \
--database="PATH TO YOUR LIBS/" \
--log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log"
** DECIDE WHAT SHOULD HAPPEN WITH POSSIBLE FOUNDS - OR LOG ONLY (THIS I DO) **
#--move="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
#--copy="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
#--remove="yes/no"

** ALWAYS AN EMPTY LINE AFTER EACH CODE ON LINUX - SOME FILES ARE SENSITIVE 
WITH THIS! **

---



Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

So Marc, you're saying do something like this:

#/bin/bash
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron?
For example 0 1 *** clammy.sh
correct??



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

exact but please check your path's - some will so not work aner the asterik "*" 
i think will also not work 
cron: 0 1 * * * clammy.sh - always space between the values


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

So Marc, you're saying do something like this:

#/bin/bash
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron?
For example 0 1 *** clammy.sh
correct??



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

Tim, it's not heavy write a own bash/sh script - to apply code to execute in 
cronjob isn't the best way.
Write a small script and this start with your cronjob - that's all.

If i can help, then i will do this.

I had at the beginning clamTK too, but the complete tool didn't work here (but 
for some other reasons I know now) so I removed and set up all manually, it's 
little work but you learn much of clamav and bash/sh scripting - you can trust 
in me, it's simpler than it's maybe sounds.

kind regards,
Marc


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 20:02 (at 08:02 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

On Wed, 2023-03-22 at 18:15 +0000, newcomer01 via clamav-users wrote:

äähhmmm why you escape the slash? This is not needed.

I didn't set that it was done by ClamTK (the GUI Interface) not me. so
from the pointers you gave (Marc) ClamTK has bugs? and I should just
schedule the cronjob manually?
I did appreciate the suggestions too Marc, I'm just trying to use Clam
via the GUI (ClamTK) and not having a lot of luck :-(
Thanks for the help so far!



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

and please refer the clamscan --help
--detect-pua needs "=yes/no"


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Thanks Micah,
This is for Home use so that might be like hunting flies with a Nuclear Warhead.
For what it's worth, I did get the scan to complete in 15 hours. Okay well it 
is a big drive. Now I have a real question:
Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried 
Whitelisting but it doesn't skip the scan for those DIRs.
The Cron Job email shows the command it's running as:
*/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses 
--exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k 
--exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs 
--exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution 
--exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick 
--log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
--
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks!


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-users 
wrote:

 by the way: if you find another anti-virus for linux without using the 
terminal (with GUI), let me know, have searched really long time and found 
nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.


If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of newcomer01 
via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsub

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

Additional: if you really want only to exclude didn't use the "-dir" 
parameters, with this I had lot of trouble in the past.

Use instead --exclude="^/home/Folder/Folder/..." and yes, you always need the 
complete path!


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Thanks Micah,
This is for Home use so that might be like hunting flies with a Nuclear Warhead.
For what it's worth, I did get the scan to complete in 15 hours. Okay well it 
is a big drive. Now I have a real question:
Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried 
Whitelisting but it doesn't skip the scan for those DIRs.
The Cron Job email shows the command it's running as:
*/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses 
--exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k 
--exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs 
--exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution 
--exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick 
--log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
--
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks!


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-users 
wrote:

 by the way: if you find another anti-virus for linux without using the 
terminal (with GUI), let me know, have searched really long time and found 
nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.


If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of newcomer01 
via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Ci

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

Hi Tim,

äähhmmm why you escape the slash? This is not needed.
Try to set follow:

--include="^/home/Folder/Folder/Folder/..." ends up with slash!

Its better to include as to exclude much more then include.
All Path's starts with --include="^/home/..." will be scanned and all others 
not.
Please do not mix --include and --exclude, with this i had lot of trouble in 
the past.
I would also prefer to search with --recursive="yes", this means go in depth as 
possible for the given Path.


kind greetings
Marc


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Thanks Micah,
This is for Home use so that might be like hunting flies with a Nuclear Warhead.
For what it's worth, I did get the scan to complete in 15 hours. Okay well it 
is a big drive. Now I have a real question:
Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried 
Whitelisting but it doesn't skip the scan for those DIRs.
The Cron Job email shows the command it's running as:
*/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses 
--exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k 
--exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs 
--exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution 
--exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick 
--log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
--
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks!


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-users 
wrote:

 by the way: if you find another anti-virus for linux without using the 
terminal (with GUI), let me know, have searched really long time and found 
nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.


If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of newcomer01 
via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://git

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

[newcomer01 via clamav-users]

Hi Paul,

yes, submit all files. Maybe ClamAV need different Phising - Sigs for each file 
or something ...
For my submitted file, ClamAV currently not warn ...

kind greetings
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Paul Kosinski 
Gesendet / Sent: Mittwoch, März 22, 2023 um 18:35 (at 06:35 PM) +0100
Betreff / Subject: Re: [clamav-users] Be wary of emails with attachments 
targeting clamav-users list members

I have just started getting these claiming to be relevant to ClamAV, but I have 
*also* been receiving this sort of thing claiming to be from the Firefox ESR 
list for months now.

I am posting (one of) the HTMLs "about" ClamAV to 
https://www.clamav.net/reports/malware. Should I also post (one of) the Firefox phishes? 
(In fact, I have several of each, but it quickly gets tedious.)



On Wed, 22 Mar 2023 16:48:32 +
"Micah Snyder \(micasnyd\) via clamav-users"  
wrote:


All,

Some users have reported receiving emails that appear to be a reply to a 
clamav-users mailing list thread but are in fact a phishing attempt have 
attached malware.

Most recently, Marc reported receiving an email that appeared to be a reply to 
an older clamav-users mailing list thread but was in fact a direct email 
targeting him.  It had this fairly generic phishing text:

"Would you please look through the last agreement? I have attached some extra 
details about it."

The attached file was some small HTML file containing malicious obfuscated 
javascript.

This isn't the first time we've heard of this type of phishing using our 
mailing list archives. Please be careful when you see any sort of attachment, 
even if it appears to be from this community.

If you receive this sort of phishing email, please report the attached HTML 
file to https://www.clamav.net/reports/malware

Regards,
Micah



Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.
  


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

[newcomer01 via clamav-users]

Hi Tim,

have you seen this: https://www.mankier.com/8/clamonacc?
Maybe you can uninstall the clamonacc daemon (sudo apt-get uninstall 
clamonacc?) if you don't need the features of ClamAV Scan OnAccess.

A big HDD takes really long time for scanning.
In my case with a really huge list of exceptions (YOU MUST SET EXCEPTIONS!) the 
scan never finished at any time.
It runs here over 12 hours and as explained before with no automatic stop 
(manually stopped and go to bed).

kind greetings
Marc

Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Donnerstag, März 16, 2023 um 19:55 (at 07:55 PM) +0100
Betreff / Subject: [clamav-users] How to get rid of or Fix clamonacc error

Hi List,
I keep seeing this in my log files:
"clamonacc[1200]: ERROR: Clamonacc: at least one of OnAccessExcludeUID,
OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ...
it is recommended you exclude the clamd instance UID or uname to
prevent infinite event scanning loops"
I used CLamTK to configure clamAV and I can't seem to find in the man
pages etc. where to correct the issue or what they are even talking
about?
Which btw about how long should it take to scan a TB HardDrive
(roughly)?
Thanks!



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Memory allocation issue

[newcomer01 via clamav-users]

Hi Damian,

i got him the right hint, he must add the engine version to each regex e.g 
":0-".
Seems that newer clamav-versions need this always, to work properly.

kind greetings
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Damian 
Gesendet / Sent: Mittwoch, März 15, 2023 um 10:27 (at 10:27 AM) +0100
Betreff / Subject: Re: [clamav-users] Memory allocation issue

However this .wdb will not play with 1.0.1

Can we have it?

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] clamdscan: show clean files?

[newcomer01 via clamav-users]

Hello Andreas,

please try in Terminal:

man clamscan or clamscan --help to see which option it have OR
man clamdscan or clamdscan --help to see his options

I prefer here on my system clamscan, this has much more additional parameters 
as clamdscan


kind greetings
Marc

Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Schulze, Andreas 
Gesendet / Sent: Montag, März 13, 2023 um 09:03 (at 09:03 AM) +0100
Betreff / Subject: [clamav-users] clamdscan: show clean files?


Hello,

we like to scan directories an gather verbose reports. These must include 
information about the scan result for each file.

Using clamdscan, this does not happen: clamdscan inform only on infected files.

# clamdscan --version

ClamAV 1.0.1

# ls -l /tmp/files/

total 8

-rw-r--r-- 1 root root 27 Mär 13 08:31 clean.txt

-rw-r--r-- 1 root root 69 Mär 13 08:32 EICAR.COM

# clamdscan --no-summary /tmp/files/

/tmp/files/EICAR.COM: Eicar-Signature FOUND

Using clamscan, also clean files are listed:

# clamscan --no-summary /tmp/files/

/tmp/files/EICAR.COM: Eicar-Signature FOUND

/tmp/files/clean.txt: OK

And this is exactly what we like to see using clamdscan.

Any hints are appreciated …

Thanks

Andreas


– Intern –

--
*Datenschutz*
Informationen zum Umgang mit Ihren personenbezogenen Daten bei DATEV finden Sie 
unter https://www.datev.de/dsgvo-information
--
*DATEV eG*
90329 Nürnberg
Telefon: +49 911 319-0
E-Mail: i...@datev.de
Internet: https://www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstraße 6 - 14
Registergericht Nürnberg, GenReg Nr. 70


*Vorstand*
Prof. Dr. Robert Mayr (Vorsitzender)
Prof. Dr. Peter Krug (stellv. Vorsitzender)
Julia Bangerth
Prof. Dr. Christian Bär
Diana Windmeißer

Vorsitzender des Aufsichtsrates: Nicolas Hofmann



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Long database load time, long clamscan scan time

[Newcomer01 via clamav-users]

Dear Micah,

thanks for this information. Please let us know, if the problem is solved.
By the way, what is Cisco's or Talo's definition of the word "daily"?
Means that, on every day beginning on 12 am?

Kind regards
Marc

Am 1. März 2023 18:59:57 schrieb "Micah Snyder \(micasnyd\) via 
clamav-users" :

All,

We're aware of the issue with the latest daily database update causing 
extremely long database load times and thus extremely long clamscan scan times.


We found the issue and will push out a fix as soon as we are able.  We are 
also preparing guardrails so that this won't happen again in this way.


Our apologies for the inconvenience.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] 0 length bytecode.cvd causing problems with clamav daemon

[newcomer01 via clamav-users]

why you have set two times the "PrivateMirror" with identically IP's?
Can't believe that this happens with the automated PostInst 


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Kevin O'connor 
Gesendet / Sent: Montag, Februar 27, 2023 um 16:58 (at 04:58 PM) +0100
Betreff / Subject: [clamav-users] 0 length bytecode.cvd causing problems with 
clamav daemon

I am having an issue with 0 length bytecode.cvd files on my scanner instances.  
This seems to have started sometime on 22 Feb, I'm afraid I don't have an exact 
time.  The clamav daemon produces logs like the following:

Feb 27 14:39:11 av-scan-wrhn clamd[163614]: LibClamAV Error: cli_cvdverify: 
Can't read CVD header
Feb 27 14:39:11 av-scan-wrhn clamd[163614]: LibClamAV Error: Can't load 
/var/lib/clamav/bytecode.cld: Broken or not a CVD file
Feb 27 14:39:11 av-scan-wrhn clamd[163614]: LibClamAV Error: 
cli_loaddbdir(): error loading database /var/lib/clamav/bytecode.cld
Feb 27 14:39:11 av-scan-wrhn clamd[163614]: Mon Feb 27 14:39:11 2023 -> 
!Broken or not a CVD file
Feb 27 14:39:11 av-scan-wrhn systemd[1]: clamav-daemon.service: Main 
process exited, code=exited, status=1/FAILURE
Feb 27 14:39:11 av-scan-wrhn systemd[1]: clamav-daemon.service: Failed with 
result 'exit-code'.
Feb 27 14:39:11 av-scan-wrhn systemd[1]: clamav-daemon.service: Consumed 
8.679s CPU time.


I feel like I have narrowed the problem down to a 0 length 'bytecode.cvd' file. 
 Here is a listing of the definitions directory:

$ ls -l /var/lib/clamav
total 226168
-rw-r--r-- 1 clamav clamav    314802 Feb 27 14:06 bytecode.cld
-rw-r--r-- 1 clamav clamav         0 Feb 27 02:00 bytecode.cvd
-rw-r--r-- 1 clamav clamav  60787973 Feb 27 10:01 daily.cld
-rw-r--r-- 1 clamav clamav        69 Feb 23 15:33 freshclam.dat
-rw-r--r-- 1 clamav clamav 170479789 Feb 27 02:00 main.cvd


My initial fix (before narrowing the problem down to bytecode.cvd) was to

 1. stop freshclam
 2. clean this directory
 3. restart freshclam
 4. give it time to get the definitions (from a private mirror)
 5. start clamav daemon

This would work for maybe 1/2 day then the empty bytecode.cvd file would 
reappear and the daemon would fail.

This morning I was able to spend some more time and find that it was just the 
one file that needed to be removed.

I have a local mirror because there are several instances of this scanner in 
use (at least 2 instances for several environments).  I have checked the mirror 
and it appears to be working fine and keeping the definitions up to date inside 
our environment.  In addition, the scanner instances appear to be keeping the 
local set of definitions up to date with the mirror.

The mirror does not have a bytecode.cvd file on it (here is a listing of its 
definitions directory)

$ ls -l /var/lib/clamav
total 226172
-rw-r--r-- 1 clamav clamav    314802 Feb 22 22:02 bytecode.cld
-rw-r--r-- 1 clamav clamav  60787973 Feb 27 09:06 daily.cld
-rw-r--r-- 1 clamav clamav        69 Jan 29  2022 freshclam.dat
-rw-r--r-- 1 clamav clamav 170479789 Jan 29  2022 main.cvd
-rw-r--r-- 1 clamav clamav        87 Jan 29  2022 test.html


To the best of my knowledge, the software is up to date:

$ sudo freshclam -V
ClamAV 0.103.8/26825/Mon Feb 27 08:24:38 2023


Here is the freshclam.conf used on all the local sanner instances

$ cat /etc/clamav/freshclam.conf
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net 
ConnectTimeout 30
ReceiveTimeout 0
TestDatabases yes
CompressLocalDatabase no
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
PrivateMirror http://10.50.0.2
ScriptedUpdates no
PrivateMirror http://10.50.0.2


The scanner has been working fine for about 12 months, keeping the software and the 
definitions up to date.   The only configuration item that seems to relate is 
"Bytecode true", but the description seems to discuss just the downloading of 
the file, not whether it is created on the local instance.

Does anyone have any pointers?

Thanks
Kevin
--

*Kevin O'Connor*
Principal DevOps Engineer
M: 617-834-1291

email-footer-logos.jpg (1000×120)

STATEMENT OF CONFIDENTIALITY: The information contained in this message and any 
attachments are intended solely for the addressee(s) and may contain 
confidential or privileged information. If you 

[clamav-users] ClamAV 0.103.8 on Ubuntu 22.04.2 LTS

[newcomer01 via clamav-users]

Hi @ all,

today has arrived ClamAV in version 0.103.8 for Ubuntu 22.04.2 (as System 
update over the Ubuntu Store App).
Which files comes exactly with this update?
Please check the attached screenshot

kind regards @ all
Marc___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Probably banned IP

[newcomer01 via clamav-users]

oh and by the way: if you are using an russian ip, it can also be blocked and 
will not be unblocked.
this you can find on a discussion on talos github


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Łukasz Baniecki 
Gesendet / Sent: Freitag, Februar 24, 2023 um 12:55 (at 12:55 PM) +0100
Betreff / Subject: [clamav-users] Probably banned IP

Hi,
some time ago I run freshclam on a lot of machines that are under one
public IP, therefore I generated a lot of requests and my company IP
was probably blocked. Now I created my own mirror of cvd, but it is on
the same IP address and it is not updating daily.cvd. I get:
cvdupdate-1.0.2 ERROR Failed to download daily.cvd from
https://database.clamav.net/daily.cvd?version=26821
I also run simple python request to database.clamav.net with my uuid,
and it worked fine from different IP address and from that blocked
address I get 403 forbidden. My local firewall is not an issue cause I
can make connection to database.clamav.net on port 443, so it must be
banned.

Can you please check if my IP address (91.220.164.241) is banned and un-ban it?



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Probably banned IP

[newcomer01 via clamav-users]

have you read this?
https://docs.clamav.net/faq/faq-cvd.html?highlight=403#i-am-getting-error-codes-such-as-403-429-etc-when-freshclam-or-other-update-system-attempts-to-download-updates


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Łukasz Baniecki 
Gesendet / Sent: Freitag, Februar 24, 2023 um 12:55 (at 12:55 PM) +0100
Betreff / Subject: [clamav-users] Probably banned IP

Hi,
some time ago I run freshclam on a lot of machines that are under one
public IP, therefore I generated a lot of requests and my company IP
was probably blocked. Now I created my own mirror of cvd, but it is on
the same IP address and it is not updating daily.cvd. I get:
cvdupdate-1.0.2 ERROR Failed to download daily.cvd from
https://database.clamav.net/daily.cvd?version=26821
I also run simple python request to database.clamav.net with my uuid,
and it worked fine from different IP address and from that blocked
address I get 403 forbidden. My local firewall is not an issue cause I
can make connection to database.clamav.net on port 443, so it must be
banned.

Can you please check if my IP address (91.220.164.241) is banned and un-ban it?



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] What is the actual danger of this?

[newcomer01 via clamav-users]

for me look it like that the jpeg files cannot be read from heuristics scan as 
reason that something is wrong with it
i would not think frist, that is be an exploit


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Musc 
Gesendet / Sent: Mittwoch, Februar 22, 2023 um 18:18 (at 06:18 PM) +0100
Betreff / Subject: [clamav-users] What is the actual danger of this?

A clamdscan flagged quite a few files on my system as 
Heueristics.Broken.Media.JPEG.JFIFmarkerBadPosition. What kind of exploit is 
that? And what kind of danger does it pose? (What does it do?) Is it for all 
systems? Or just for Windows?

A whole lot of web searching turned up nothing. Does anyone know?

TIA.
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published

[Newcomer01 via clamav-users]

Does this mean, it affects the Ubuntu LTS too? This would be really great!

Am 20. Februar 2023 19:44:51 schrieb Scott Kitterman via clamav-users 
:



LTS team uploaded it today, so it should be available for Buster shortly, if
it isn't already.

Scott K

On Monday, February 20, 2023 7:41:16 AM EST Scott Kitterman via clamav-users
wrote:

Packages for Bullseye are available in bullseye -proposed-updates.  Buster
is now supported by the Debian LTS team and I don't know their plans.

Scott K

On February 20, 2023 12:11:10 PM UTC, Brent Clark via clamav-users 
us...@lists.clamav.net> wrote:

Good day Guys

Anyone on Debian Buster and Bullseye?

How serious is this?
Does anyone have any suggestions. Cause there is no packages available.

If anyone can share their thoughts / experiences.

Regards
Brent

On 2023/02/18 21:13, unison.subject_0t--- via clamav-users wrote:

Vulnerabilities*

—
Sent from my iPhone


On Feb 18, 2023, at 13:54, Joel Esler  wrote:

100.3 hasn’t been supported in years.  There’s lots of our abilities
that affect the version.>>>

On Feb 18, 2023, at 13:36, George.G via clamav-users
 wrote:


Hello,

I would like to ask whether these two new vulnerabilities affect the
version 0.100.3.

Thank you
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Strange Problem when trying update after reboot (Ubuntu 22.04.1 ClamAV 0.103.6)

[newcomer01 via clamav-users]

Hi,

What if your use of the 'host' command returns NXDOMAIN in you script

this can't usualy be, this command returns the descriptive txt for the current 
remote version of libaries.
For example, the current value (inside the curly braces): { current.cvd.clamav.net 
descriptive text "0.103.8:62:26814:1676572140:1:90:49192:333" }



Von / From: Paul Netpresto <mailto:p...@netpresto.co.uk>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
Gesendet / Sent: Donnerstag, Februar 16, 2023 um 18:45 (at 06:45 PM) +0100
Betreff / Subject: Re: [clamav-users] Strange Problem when trying update after 
reboot (Ubuntu 22.04.1 ClamAV 0.103.6)

Hi

it would appear your calling your script before the network and dns are
up and working.

What if your use of the 'host' command returns NXDOMAIN in you script .

Paul


On 16/02/2023 17:23, newcomer01 via clamav-users wrote:

yes, unfortunately i use the ClamAV (0.103.6) which are available for
Ubuntu 22.04. 1 LTS
Please try so simple as possible to explain what this code should do
and for what i need to run?

% ls -ld
/etc/systemd/system/multi-user.target.wants/clamav-freshclam.service
/lib/systemd/system/clamav-freshclam.service
lrwxrwxrwx 1 root root  44 Jun 23  2018
/etc/systemd/system/multi-user.target.wants/clamav-freshclam.service
-> /lib/systemd/system/clamav-freshclam.service
-rw-r--r-- 1 root root 412 Aug 21 21:28
/lib/systemd/system/clamav-freshclam.service

kind regards
Marc


Von / From: Matus Uhlar - Fantomas <mailto:uh...@fantomas.sk>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
Gesendet / Sent: Donnerstag, Februar 16, 2023 um 16:47 (at 04:47 PM)
+0100
Betreff / Subject: Re: [clamav-users] Strange Problem when trying
update after reboot (Ubuntu 22.04.1 ClamAV 0.103.6)

On 16.02.23 15:13, newcomer01 via clamav-users wrote:

i know, i have asked the same thing before some weeks.
But i will post this again.
When i fresh reboot my Ubuntu 22.04.1 at morning my script test at
first if dns is available and only if it is, it starts the download
from clamav sig-files.
But when i do this, i got this error messages:


Thu Feb 16 08:06:11 2023 -> ClamAV update process started at Thu
Feb 16 08:06:11 2023
Thu Feb 16 08:06:11 2023 -> WARNING: Can't query
current.cvd.clamav.net
Thu Feb 16 08:06:11 2023 -> WARNING: Invalid DNS reply. Falling
back to HTTP mode.
Thu Feb 16 08:06:11 2023 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
Thu Feb 16 08:06:11 2023 -> WARNING: remote_cvdhead: Download
failed (6) Thu Feb 16 08:06:11 2023 -> WARNING: Message: Couldn't
resolve host name
Thu Feb 16 08:06:11 2023 -> WARNING: Failed to get daily database
version information from server: https://database.clamav.net
Thu Feb 16 08:06:11 2023 -> ERROR: check_for_new_database_version:
Failed to find daily database using server
https://database.clamav.net.
Thu Feb 16 08:06:11 2023 -> Trying again in 5 secs...
Thu Feb 16 08:06:16 2023 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
Thu Feb 16 08:06:16 2023 -> WARNING: remote_cvdhead: Download
failed (6) Thu Feb 16 08:06:16 2023 -> WARNING: Message: Couldn't
resolve host name
Thu Feb 16 08:06:16 2023 -> WARNING: Failed to get daily database
version information from server: https://database.clamav.net
Thu Feb 16 08:06:16 2023 -> ERROR: check_for_new_database_version:
Failed to find daily database using server
https://database.clamav.net.

this looks like the DNS lookups are not vailable, no matter what your
check
says.


Thu Feb 16 08:06:16 2023 -> Trying again in 5 secs...
Thu Feb 16 08:06:21 2023 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
Thu Feb 16 08:06:21 2023 -> OK
Thu Feb 16 08:06:21 2023 -> daily database available for download
(remote version: 26813)
Thu Feb 16 08:06:30 2023 -> Testing database:
'/var/lib/clamav/tmp.a828aef201/clamav-83875921b32bc900edab2d0ee431fcad.tmp-daily.cvd'
...
Thu Feb 16 08:06:37 2023 -> Database test passed.
Thu Feb 16 08:06:37 2023 -> daily.cvd updated (version: 26813,
sigs: 2020949, f-level: 90, builder: raynman)
Thu Feb 16 08:06:37 2023 -> Trying to retrieve CVD header from
https://database.clamav.net/main.cvd
Thu Feb 16 08:06:37 2023 -> OK
Thu Feb 16 08:06:37 2023 -> main database available for download
(remote version: 62)
Thu Feb 16 08:07:04 2023 -> Testing database:
'/var/lib/clamav/tmp.a828aef201/clamav-35347411896e0523e7b74f2c91338b97.tmp-main.cvd'
...
Thu Feb 16 08:07:10 2023 -> Database test passed.
Thu Feb 16 08:07:10 2023 -> main.cvd updated (version: 62, sigs:
6647427, f-level: 90, builder: sigmgr)
Thu Feb 16 08:07:10 2023 -> Trying to retrieve CVD header from
https://database.clamav.net/bytecode.cvd
Thu Feb 16 08:07:10 2023 -> OK
Thu Feb 16 08:07:10 2023 -> bytecode database available for
download (remote version: 333)
Thu Feb 16 08:07:11 2023 -> Testing database:
'/var/lib/clamav/

Re: [clamav-users] Strange Problem when trying update after reboot (Ubuntu 22.04.1 ClamAV 0.103.6)

[newcomer01 via clamav-users]

yes, unfortunately i use the ClamAV (0.103.6) which are available for Ubuntu 
22.04. 1 LTS
Please try so simple as possible to explain what this code should do and for 
what i need to run?

% ls -ld /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service 
/lib/systemd/system/clamav-freshclam.service
lrwxrwxrwx 1 root root  44 Jun 23  2018 
/etc/systemd/system/multi-user.target.wants/clamav-freshclam.service -> 
/lib/systemd/system/clamav-freshclam.service
-rw-r--r-- 1 root root 412 Aug 21 21:28 
/lib/systemd/system/clamav-freshclam.service

kind regards
Marc


Von / From: Matus Uhlar - Fantomas <mailto:uh...@fantomas.sk>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
Gesendet / Sent: Donnerstag, Februar 16, 2023 um 16:47 (at 04:47 PM) +0100
Betreff / Subject: Re: [clamav-users] Strange Problem when trying update after 
reboot (Ubuntu 22.04.1 ClamAV 0.103.6)

On 16.02.23 15:13, newcomer01 via clamav-users wrote:

i know, i have asked the same thing before some weeks.
But i will post this again.
When i fresh reboot my Ubuntu 22.04.1 at morning my script test at first if dns 
is available and only if it is, it starts the download from clamav sig-files.
But when i do this, i got this error messages:


Thu Feb 16 08:06:11 2023 -> ClamAV update process started at Thu Feb 16 
08:06:11 2023
Thu Feb 16 08:06:11 2023 -> WARNING: Can't query current.cvd.clamav.net
Thu Feb 16 08:06:11 2023 -> WARNING: Invalid DNS reply. Falling back to HTTP 
mode.
Thu Feb 16 08:06:11 2023 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Feb 16 08:06:11 2023 -> WARNING: remote_cvdhead: Download failed (6) Thu Feb 
16 08:06:11 2023 -> WARNING:  Message: Couldn't resolve host name
Thu Feb 16 08:06:11 2023 -> WARNING: Failed to get daily database version 
information from server: https://database.clamav.net
Thu Feb 16 08:06:11 2023 -> ERROR: check_for_new_database_version: Failed to 
find daily database using server https://database.clamav.net.
Thu Feb 16 08:06:11 2023 -> Trying again in 5 secs...
Thu Feb 16 08:06:16 2023 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Feb 16 08:06:16 2023 -> WARNING: remote_cvdhead: Download failed (6) Thu Feb 
16 08:06:16 2023 -> WARNING:  Message: Couldn't resolve host name
Thu Feb 16 08:06:16 2023 -> WARNING: Failed to get daily database version 
information from server: https://database.clamav.net
Thu Feb 16 08:06:16 2023 -> ERROR: check_for_new_database_version: Failed to 
find daily database using server https://database.clamav.net.

this looks like the DNS lookups are not vailable, no matter what your check
says.


Thu Feb 16 08:06:16 2023 -> Trying again in 5 secs...
Thu Feb 16 08:06:21 2023 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Feb 16 08:06:21 2023 -> OK
Thu Feb 16 08:06:21 2023 -> daily database available for download (remote 
version: 26813)
Thu Feb 16 08:06:30 2023 -> Testing database: 
'/var/lib/clamav/tmp.a828aef201/clamav-83875921b32bc900edab2d0ee431fcad.tmp-daily.cvd'
 ...
Thu Feb 16 08:06:37 2023 -> Database test passed.
Thu Feb 16 08:06:37 2023 -> daily.cvd updated (version: 26813, sigs: 2020949, 
f-level: 90, builder: raynman)
Thu Feb 16 08:06:37 2023 -> Trying to retrieve CVD header from 
https://database.clamav.net/main.cvd
Thu Feb 16 08:06:37 2023 -> OK
Thu Feb 16 08:06:37 2023 -> main database available for download (remote 
version: 62)
Thu Feb 16 08:07:04 2023 -> Testing database: 
'/var/lib/clamav/tmp.a828aef201/clamav-35347411896e0523e7b74f2c91338b97.tmp-main.cvd'
 ...
Thu Feb 16 08:07:10 2023 -> Database test passed.
Thu Feb 16 08:07:10 2023 -> main.cvd updated (version: 62, sigs: 6647427, 
f-level: 90, builder: sigmgr)
Thu Feb 16 08:07:10 2023 -> Trying to retrieve CVD header from 
https://database.clamav.net/bytecode.cvd
Thu Feb 16 08:07:10 2023 -> OK
Thu Feb 16 08:07:10 2023 -> bytecode database available for download (remote 
version: 333)
Thu Feb 16 08:07:11 2023 -> Testing database: 
'/var/lib/clamav/tmp.a828aef201/clamav-2f58bc478b2afd84ba98c4d288a63ac1.tmp-bytecode.cvd'
 ...
Thu Feb 16 08:07:11 2023 -> Database test passed.
Thu Feb 16 08:07:11 2023 -> bytecode.cvd updated (version: 333, sigs: 92, 
f-level: 63, builder: awillia2)
Thu Feb 16 09:46:56 2023 -> --

there seems to be no issue further.


Is there another way to solve the issue?
Current i have set an sleep 60 to work arround.

do you use clamav that comes with ubuntu?

try running:

% ls -ld /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service 
/lib/systemd/system/clamav-freshclam.service
lrwxrwxrwx 1 root root  44 Jun 23  2018 
/etc/systemd/system/multi-user.target.wants/clamav-freshclam.service -> 
/lib/systemd/system/clamav-freshclam.service
-rw-r--r-- 1 root root 412 Aug 21 21:28 
/lib/systemd/system/clamav-fre

[clamav-users] Strange Problem when trying update after reboot (Ubuntu 22.04.1 ClamAV 0.103.6)

[newcomer01 via clamav-users]

Hi @ all,

i know, i have asked the same thing before some weeks.
But i will post this again.
When i fresh reboot my Ubuntu 22.04.1 at morning my script test at first if dns 
is available and only if it is, it starts the download from clamav sig-files.
But when i do this, i got this error messages:


Thu Feb 16 08:06:11 2023 -> ClamAV update process started at Thu Feb 16 
08:06:11 2023
Thu Feb 16 08:06:11 2023 -> WARNING: Can't query current.cvd.clamav.net
Thu Feb 16 08:06:11 2023 -> WARNING: Invalid DNS reply. Falling back to HTTP 
mode.
Thu Feb 16 08:06:11 2023 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Feb 16 08:06:11 2023 -> WARNING: remote_cvdhead: Download failed (6) Thu Feb 
16 08:06:11 2023 -> WARNING:  Message: Couldn't resolve host name
Thu Feb 16 08:06:11 2023 -> WARNING: Failed to get daily database version 
information from server: https://database.clamav.net
Thu Feb 16 08:06:11 2023 -> ERROR: check_for_new_database_version: Failed to 
find daily database using server https://database.clamav.net.
Thu Feb 16 08:06:11 2023 -> Trying again in 5 secs...
Thu Feb 16 08:06:16 2023 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Feb 16 08:06:16 2023 -> WARNING: remote_cvdhead: Download failed (6) Thu Feb 
16 08:06:16 2023 -> WARNING:  Message: Couldn't resolve host name
Thu Feb 16 08:06:16 2023 -> WARNING: Failed to get daily database version 
information from server: https://database.clamav.net
Thu Feb 16 08:06:16 2023 -> ERROR: check_for_new_database_version: Failed to 
find daily database using server https://database.clamav.net.
Thu Feb 16 08:06:16 2023 -> Trying again in 5 secs...
Thu Feb 16 08:06:21 2023 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Feb 16 08:06:21 2023 -> OK
Thu Feb 16 08:06:21 2023 -> daily database available for download (remote 
version: 26813)
Thu Feb 16 08:06:30 2023 -> Testing database: 
'/var/lib/clamav/tmp.a828aef201/clamav-83875921b32bc900edab2d0ee431fcad.tmp-daily.cvd'
 ...
Thu Feb 16 08:06:37 2023 -> Database test passed.
Thu Feb 16 08:06:37 2023 -> daily.cvd updated (version: 26813, sigs: 2020949, 
f-level: 90, builder: raynman)
Thu Feb 16 08:06:37 2023 -> Trying to retrieve CVD header from 
https://database.clamav.net/main.cvd
Thu Feb 16 08:06:37 2023 -> OK
Thu Feb 16 08:06:37 2023 -> main database available for download (remote 
version: 62)
Thu Feb 16 08:07:04 2023 -> Testing database: 
'/var/lib/clamav/tmp.a828aef201/clamav-35347411896e0523e7b74f2c91338b97.tmp-main.cvd'
 ...
Thu Feb 16 08:07:10 2023 -> Database test passed.
Thu Feb 16 08:07:10 2023 -> main.cvd updated (version: 62, sigs: 6647427, 
f-level: 90, builder: sigmgr)
Thu Feb 16 08:07:10 2023 -> Trying to retrieve CVD header from 
https://database.clamav.net/bytecode.cvd
Thu Feb 16 08:07:10 2023 -> OK
Thu Feb 16 08:07:10 2023 -> bytecode database available for download (remote 
version: 333)
Thu Feb 16 08:07:11 2023 -> Testing database: 
'/var/lib/clamav/tmp.a828aef201/clamav-2f58bc478b2afd84ba98c4d288a63ac1.tmp-bytecode.cvd'
 ...
Thu Feb 16 08:07:11 2023 -> Database test passed.
Thu Feb 16 08:07:11 2023 -> bytecode.cvd updated (version: 333, sigs: 92, 
f-level: 63, builder: awillia2)
Thu Feb 16 09:46:56 2023 -> --


Is there another way to solve the issue?
Current i have set an sleep 60 to work arround.

This is the first act of my script before I try to download signatures:


        if [ "$(host -W 60 -t TXT "current.cvd.clamav.net")" != "" ]; then

            # standardwert fuer libs update std - 2
            LIBS_UPD_STD="2"

            # standardwert fuer libs uli std - 5
            LIBS_ULI_STD="5"

            # update anstossen - 1 oder 0
            START_FRESHCLAM="1"

            # setze wert fuer netzwerkverbindung - 0 nicht vorhanden, 1 
vorhanden
            NETZWERK_VORHANDEN="1"

        # falls nicht innerhalb von xx sekunden der descriptive txt geholt 
werden kann
        elif [ "$(host -W 60 -t TXT "current.cvd.clamav.net")" = "" ]; then

            # standardwert fuer libs update std - 2
            LIBS_UPD_STD="2"

            # standardwert fuer libs uli std - 5
            LIBS_ULI_STD="5"

            # update anstossen - 1 oder 0
            START_FRESHCLAM="0"

            # setze wert fuer netzwerkverbindung - 0 nicht vorhanden, 1 
vorhanden
            NETZWERK_VORHANDEN="0"

        fi


and only when "$NETZWERK_VORHANDEN" -eq "1" (NETZWERK_VORHANDEN is german = 
NETWORK_AVAILABLE) I start update (what is this time), but it seems that clamav CDN have a problem 
in case.
But why?
My code checks if dns from current.cvd.clamav.net  is available and starts, but 
freshclam says can't resolve host name.

kind regards
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV 

Re: [clamav-users] ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published

[Newcomer01 via clamav-users]

Unfortunately Ubuntu (22.04.1) has not released 0.103.7 since today... We 
are on 0.103.6 and get always warnings from feshclam that we use an 
outdated version  Don't know, when Ubuntu will push this fixed 
version. I will really update, but when we don't get the new packages...


Am 15. Februar 2023 20:58:18 schrieb "Micah Snyder \(micasnyd\) via 
clamav-users" :

Read this online at
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html


-



Today, we are releasing the following critical patch versions for ClamAV:
0.103.8
0.105.2
1.0.1
ClamAV 0.104 has reached end-of-life according to the

ClamAV End of Life (EOL) policy and will not be patched. Anyone using 
ClamAV 0.104 must switch to a supported version. All users should update as 
soon as possible to patch for two remote code execution vulnerabilities 
that we recently discovered and patched.

The release files are available for download on
ClamAV.net, on the

Github Release page, and through Docker Hub.
1.0.1
ClamAV 1.0.1 is a critical patch release with the following fixes:
CVE-2023-20032: Fixed a possible remote code execution vulnerability in the 
HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and 
earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting 
this issue.
CVE-2023-20052: Fixed a possible remote information leak vulnerability in 
the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 
and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for 
reporting this issue.

Fix an allmatch detection issue with the preclass bytecode hook.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/825
Update the vendored libmspack library to version 0.11alpha.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/828
0.105.2
ClamAV 0.105.2 is a critical patch release with the following fixes:
CVE-2023-20032: Fixed a possible remote code execution vulnerability in the 
HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and 
earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting 
this issue.
CVE-2023-20052: Fixed a possible remote information leak vulnerability in 
the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 
and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for 
reporting this issue.
Fixed an issue loading Yara rules containing regex strings with an escaped 
forward-slash (\/) followed by a colon (:).

GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/695
Moved the ClamAV Docker files for building containers to a new Git 
repository. The Docker files are now in 
https://github.com/Cisco-Talos/clamav-docker. This change enables us to fix 
issues with the images and with the supporting scripts used to publish and 
update the images without committing changes directly to files in the 
ClamAV release branches.

GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/765
Update the vendored libmspack library to version 0.11alpha.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/829
0.103.8
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032: Fixed a possible remote code execution vulnerability in the 
HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and 
earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting 
this issue.
CVE-2023-20052: Fixed a possible remote information leak vulnerability in 
the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 
and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for 
reporting this issue.

Update the vendored libmspack library to version 0.11alpha.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/830




Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Fwd: Funny --include-dir behaviour

[newcomer01 via clamav-users]

i have filed a bug for this now
https://github.com/Cisco-Talos/clamav/issues/836


Von / From: Clamav User Mailinglist 
An / To: Clamav User Mailinglist 
Gesendet / Sent: Montag, Februar 13, 2023 um 10:51 (at 10:51 AM) +0100
Betreff / Subject: [clamav-users] Funny --include-dir behaviour
this is hilarious, why this won't work?

                 nice -n -20 clamscan \
 --include-dir="^/home/$SUDO_USER/.thunderbird/Marc/Mail/" \
                 --recursive="yes" \
                 --quiet \
                 --infected \
                 --alert-broken-media="no" \
                 --database="/var/lib/clamav" \
                 --log="/var/log/clamav/clamscan.log"
                 #--move="/etc/clamav/virusevent.d/Mail"

this should scan only the included path recursive

But when i do this:

                 nice -n -20 clamscan \
                 "/home/$SUDO_USER/.thunderbird/Marc/Mail" \
                 --recursive="yes" \
                 --quiet \
                 --infected \
                 --alert-broken-media="no" \
                 --database="/var/lib/clamav" \
                 --log="/var/log/clamav/clamscan.log"
                 #--move="/etc/clamav/virusevent.d/Mail"

it worked well.
Can someone explain what's the reason for this?
Oh and the var SUDO_USER is the whoami

regards,
Marc

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Funny --include-dir behaviour

[newcomer01 via clamav-users]

this is hilarious, why this won't work?

                nice -n -20 clamscan \
--include-dir="^/home/$SUDO_USER/.thunderbird/Marc/Mail/" \
                --recursive="yes" \
                --quiet \
                --infected \
                --alert-broken-media="no" \
                --database="/var/lib/clamav" \
                --log="/var/log/clamav/clamscan.log"
                #--move="/etc/clamav/virusevent.d/Mail"

this should scan only the included path recursive

But when i do this:

                nice -n -20 clamscan \
                "/home/$SUDO_USER/.thunderbird/Marc/Mail" \
                --recursive="yes" \
                --quiet \
                --infected \
                --alert-broken-media="no" \
                --database="/var/lib/clamav" \
                --log="/var/log/clamav/clamscan.log"
                #--move="/etc/clamav/virusevent.d/Mail"

it worked well.
Can someone explain what's the reason for this?
Oh and the var SUDO_USER is the whoami

regards,
Marc

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Five units : Four denied FreshClam

[newcomer01 via clamav-users]

you can donwload the signature databases to our local maschine and update all 
servers by copying the files manually to the servers folders


Von / From: Mike Lieberman 
An / To: Newcomer01 
Gesendet / Sent: Samstag, Februar 11, 2023 um 06:41 (at 06:41 AM) +0100
Betreff / Subject: [clamav-users] Five units : Four denied FreshClam

I successfully installed ClamAV in a server at 12 12:15:39. But there
other three servers and a workstation I am installing the code on and I
am getting this when I try to run FreshClam on the initial install on
each of the remaining hosts...

  * Sat Feb 11 13:22:23 2023 -> ClamAV update process started at Sat Feb
11 13:22:23 2023
  * Sat Feb 11 13:22:23 2023 -> ^FreshClam previously received error
code 429 or 403 from the ClamAV Content Delivery Network (CDN).
  * Sat Feb 11 13:22:23 2023 -> This means that you have been rate
limited or blocked by the CDN.
  * Sat Feb 11 13:22:23 2023 -> 2. Run FreshClam no more than once an
hour to check for updates.
  * Sat Feb 11 13:22:23 2023 -> ^You are still on cool-down until after:
2023-02-12 12:15:39

Even if I was limited to one an hour, (waiting an hour before I update
the next host) that timeout was satisfied. As I am not running ten
host, there is according to your text, no need for a mirror. How to I
get around this block?

══
Ellis Michael "Mike" Lieberman
Purok 13, Morales Subd.
Brgy Mabuhay, General Santos City, 9500 Philippines

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Five units : Four denied FreshClam

[newcomer01 via clamav-users]

https://docs.clamav.net/faq/faq-freshclam.html
HTTP Error Codes

If you are receiving a 403, 503, or 1020 error codes when downloading from 
Cloudflare, then you are either explicitly blocked, using an EOL'ed version of 
ClamAV or you are downloading incorrectly.

If FreshClam is failing and you're not sure why, you may run freshclam -v for "Verbose 
Mode" to see the HTTP request & response details (ClamAV 0.102+).

After checking that you are using a current version of ClamAV, please 
discontinue whatever method of download you are using and immediately move to 
using either FreshClam or cvdupdate. These are the two supported methods for 
downloading AV updates from ClamAV. All other methods may be rate limited, or 
blocked at our discretion. Use of Wget, Curl, or other command line tools that 
are scripted are explicitly denied.

If you are receiving a 429, that means you are rate limited. You're downloading 
too fast or too much. Please use Freshclam or cvdupdate. If you are using a 
shared hosting provider, like Amazon AWS, Google Cloud Computing, Oracle, 
Azure, etc, you will most likely be rate limited, however cvdupdate should 
handle this gracefully. If you continue to receive these, we recommend you try 
from a different external IP address.

If you are receiving a 403 specifically on the safebrowsing.cvd file, please 
read this blog post immediately!

Are you running a version of FreshClam/ClamAV lower than 0.103.2? If so, you 
should immediately upgrade to at least 0.103.2.

If you have checked all of the above and you are still seeing errors, please 
open a ticket using the below link.

https://docs.clamav.net/appendix/CvdPrivateMirror.html


Von / From: Mike Lieberman 
An / To: Newcomer01 
Gesendet / Sent: Samstag, Februar 11, 2023 um 06:41 (at 06:41 AM) +0100
Betreff / Subject: [clamav-users] Five units : Four denied FreshClam

I successfully installed ClamAV in a server at 12 12:15:39. But there
other three servers and a workstation I am installing the code on and I
am getting this when I try to run FreshClam on the initial install on
each of the remaining hosts...

  * Sat Feb 11 13:22:23 2023 -> ClamAV update process started at Sat Feb
11 13:22:23 2023
  * Sat Feb 11 13:22:23 2023 -> ^FreshClam previously received error
code 429 or 403 from the ClamAV Content Delivery Network (CDN).
  * Sat Feb 11 13:22:23 2023 -> This means that you have been rate
limited or blocked by the CDN.
  * Sat Feb 11 13:22:23 2023 -> 2. Run FreshClam no more than once an
hour to check for updates.
  * Sat Feb 11 13:22:23 2023 -> ^You are still on cool-down until after:
2023-02-12 12:15:39

Even if I was limited to one an hour, (waiting an hour before I update
the next host) that timeout was satisfied. As I am not running ten
host, there is according to your text, no need for a mirror. How to I
get around this block?

══
Ellis Michael "Mike" Lieberman
Purok 13, Morales Subd.
Brgy Mabuhay, General Santos City, 9500 Philippines

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV Private Mirror Question

[newcomer01--- via clamav-users]

thanks for the hint Micah.

unfortunately Ubuntu doesn't have a field in "stat" to store the version number 
(or am i blind?), then you could really compare the already existing versions with the 
currently delivered version and only update when versions differ.

Currently you have only a chance to do something like this, when you read the creation 
date from the txt and set that as the modification date of the file (touch -m -t 
mmdd.ss), then you can compare these times (file time from the existing ones and the 
"new" file time).

Or change clamscan or clamdscan this dates while running?

Regards,
Marc

Von / From: Micah Snyder (Micasnyd) <mailto:micas...@cisco.com>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
Gesendet / Sent: Montag, Januar 30, 2023 um 20:16 (at 08:16 PM) +0100
Betreff / Subject: Re: [clamav-users] ClamAV Private Mirror Question

Very close.  The 49192 number is for the version of (now defunct) 
safebrowsing.cvd.

But yes, if they're able to access DNS and compare the version of 
daily/main/bytecode with what is in the DNS record then that will also be 
useful.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
--
*From:* clamav-users  on behalf of newcomer01 
via clamav-users 
*Sent:* Monday, January 30, 2023 10:43 AM
*To:* ClamAV User Mailinglist 
*Cc:* newcomer01 
*Subject:* Re: [clamav-users] ClamAV Private Mirror Question
additional you can do this little more complcated like me:

$(host -W "60" -t TXT "current.cvd.clamav.net")

and cut all needed informations from descriptive text

for example:

# current.cvd.clamav.net descriptive text 
"0.103.7:62:26777:1673344800:1:90:49192:333"

0.103.7 is the suggested software version
62 is version of main.cld or main.cvd
26777 is version of daily.cld or cvd
1673344800 unixdate when the files created from clamav
90 is the f-level for daily.cld or daily.cvd
49192 is probably the version of freshclam.dat (i'm not sure, but it can't 
really be anything else)
333 is the version of bytecode.cvd

Am I right Micah?

i had once found an explanation of the descriptive txt but i can't find it 
anymore


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net 
<mailto:clamav-users@lists.clamav.net>>
An / To: Newcomer01 <mailto:newcome...@posteo.de <mailto:newcome...@posteo.de>>
CC / CC: Micah Snyder \(Micasnyd\) <mailto:micas...@cisco.com <mailto:micas...@cisco.com>>, 
Bryan Whipkey <mailto:cloud81...@live.com <mailto:cloud81...@live.com>>
Gesendet / Sent: Montag, Januar 30, 2023 um 18:33 (at 06:33 PM) +0100
Betreff / Subject: Re: [clamav-users] ClamAV Private Mirror Question
> Hello,
>
> You can use this command to print the build information which will include 
the date it was published:
>
> |sigtool --info /path/to/database|​
>
> For example:
>
> ❯ sigtool --info /var/lib/clamav/daily.cld
> File: /var/lib/clamav/daily.cld
> Build time: 30 Jan 2023 03:24 -0500
> Version: 26797
> Signatures: 2018753
> Functionality level: 90
> Build

Re: [clamav-users] ClamAV Private Mirror Question

[newcomer01 via clamav-users]

additional you can do this little more complcated like me:

$(host -W "60" -t TXT "current.cvd.clamav.net")

and cut all needed informations from descriptive text

for example:

# current.cvd.clamav.net descriptive text 
"0.103.7:62:26777:1673344800:1:90:49192:333"

0.103.7 is the suggested software version
62 is version of main.cld or main.cvd
26777 is version of daily.cld or cvd
1673344800 unixdate when the files created from clamav
90 is the f-level for daily.cld or daily.cvd
49192 is probably the version of freshclam.dat (i'm not sure, but it can't 
really be anything else)
333 is the version of bytecode.cvd

Am I right Micah?

i had once found an explanation of the descriptive txt but i can't find it 
anymore


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Micah Snyder \(Micasnyd\) , Bryan Whipkey 

Gesendet / Sent: Montag, Januar 30, 2023 um 18:33 (at 06:33 PM) +0100
Betreff / Subject: Re: [clamav-users] ClamAV Private Mirror Question

Hello,

You can use this command to print the build information which will include the 
date it was published:

|sigtool --info /path/to/database|​

For example:

❯ sigtool --info /var/lib/clamav/daily.cld
File: /var/lib/clamav/daily.cld
Build time: 30 Jan 2023 03:24 -0500
Version: 26797
Signatures: 2018753
Functionality level: 90
Builder: raynman
Verification OK.

Is that what you're looking for?

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

--
*From:* clamav-users  on behalf of Bryan 
Whipkey via clamav-users 
*Sent:* Sunday, January 29, 2023 2:01 AM
*To:* clamav-users@lists.clamav.net 
*Cc:* Bryan Whipkey 
*Subject:* [clamav-users] ClamAV Private Mirror Question
Hello,

I have setup a private mirror for ClamAV. I have pointed it to the private 
mirror on freshclam.conf. My question is how do i test this to make sure I am 
pulling the most up to date definitions from the private mirror to the server 
being scanned? Thanks in advance.

Sent from my iPhone. Please excuse any typos.
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV logs JAVA System

[newcomer01 via clamav-users]

i'am not trained in java but i can explain what you can do in UNIX Systems:

for example:


if [ "VAR" = "VAL" ]; then

    # create new clamscan.conf

    # unlink "old" clamscan.conf
    unlink /etc/clamav/clamscan.conf

    # check retval from unlink
    RETVAL_ULI="$?"

    if [ "$RETVAL_ULI" -eq = "0" ]; then

        # if no error occur write your new conf file

        # reate
        exec 3> /etc/clamav/clamscan.conf

        # write this
        echo 1>&3 "all your needed stats comes in"
        echo 1>&3 "LogFile /var/log/clamav/YOUR_NAME_FOR_LOG.log

        # close
        exec 3>&-

    fi


    # run clamcsan

    /usr/bib/clamascan

    HERE YOUR SCAN OPTONS

fi

an other way can be:

comment out in your clamscan.conf
LogFile /var/log/clamav/clamscan.log

# run clamscan

/usr/bin/clamscan

--log="/var/log/clamav/HERE_YOUR_NAME.log"

but you must find an solution for JAVA, here i can't help - sorry.



Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Antonio Galdieri 
Gesendet / Sent: Montag, Januar 30, 2023 um 15:00 (at 03:00 PM) +0100
Betreff / Subject: [clamav-users] ClamAV logs JAVA System


Hi, After a long time we were able to successfully install clamav on our systems , on our ABAP systems we were able to use a script to allow us to be notified whenever a virus was found on the system,the latter was reported in a log that was then sent by mail to us, but now we are trying to create something similar on a JAVA system, on the JAVA system we have already located the log where the virus is reported by the ClamAV, now we would similarly like to create a script for the java that does the same as the script on the Abap systems, the biggest problem for now is that the log on which the Java writes is always the same,meaning that if we used the script we wouldn't be sure if it is a new virus or an old virus that has been on that log since forever, so my question is,do you know if there is some clamav setting to allow us to write different logs every time a virus is found? I’ll write the script we used on the abap system hoping itcan help (if it can help you we are on 
clamav 0.103.7-3.21.2 and clamsap 0.104.3-3.12.1 Thanks!: #!/bin/bash LOGFILE="/var/log/clamd-$(date +'%Y-%m-%d').log"; EMAIL_MSG="Please see the log file attached."; EMAIL_FROM="clamav-da...@zambongroup.com"; EMAIL_TO="antonio.galdi...@techedgegroup.com"; DIRTOSCAN="/tmp"; for S in ${DIRTOSCAN}; do DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1); echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE"."; clamscan -ri "$S" >> "$LOGFILE"; # get the value of "Infected lines" MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3); # if the value is not equal to zero, send an email with the log file attached if [ "$MALWARE" -ne "0" ];then # using heirloom-mailx below echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO" -v .; fi done exit 0


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV logs JAVA System

[newcomer01 via clamav-users]

mybe you can rename the original log name (clamscan.log) with the needed one 
after the scan process is done


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Antonio Galdieri 
Gesendet / Sent: Montag, Januar 30, 2023 um 15:00 (at 03:00 PM) +0100
Betreff / Subject: [clamav-users] ClamAV logs JAVA System


Hi, After a long time we were able to successfully install clamav on our systems , on our ABAP systems we were able to use a script to allow us to be notified whenever a virus was found on the system,the latter was reported in a log that was then sent by mail to us, but now we are trying to create something similar on a JAVA system, on the JAVA system we have already located the log where the virus is reported by the ClamAV, now we would similarly like to create a script for the java that does the same as the script on the Abap systems, the biggest problem for now is that the log on which the Java writes is always the same,meaning that if we used the script we wouldn't be sure if it is a new virus or an old virus that has been on that log since forever, so my question is,do you know if there is some clamav setting to allow us to write different logs every time a virus is found? I’ll write the script we used on the abap system hoping itcan help (if it can help you we are on 
clamav 0.103.7-3.21.2 and clamsap 0.104.3-3.12.1 Thanks!: #!/bin/bash LOGFILE="/var/log/clamd-$(date +'%Y-%m-%d').log"; EMAIL_MSG="Please see the log file attached."; EMAIL_FROM="clamav-da...@zambongroup.com"; EMAIL_TO="antonio.galdi...@techedgegroup.com"; DIRTOSCAN="/tmp"; for S in ${DIRTOSCAN}; do DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1); echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE"."; clamscan -ri "$S" >> "$LOGFILE"; # get the value of "Infected lines" MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3); # if the value is not equal to zero, send an email with the log file attached if [ "$MALWARE" -ne "0" ];then # using heirloom-mailx below echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO" -v .; fi done exit 0


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] basic question: clamscan

[newcomer01 via clamav-users]

hi there,

basic question: with clamscan is it better to work with --include-dir or with 
--exclude-dir? My clamscan scans my whole PC extremely slow
or shoud i set the process priority high?

kind regards
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] clamscan exclude-dir on Windows

[newcomer01 via clamav-users]

Hello Richard,

maybe it is now time to switch to Linux? 
Here we have lot of options to exculde and include paths for scanning (with 
regex support too) 
Sorry, i have no experience with clamav on Win as reason that I switched long 
time ago to Ubuntu LTS
But filesize problems while scan we have on Linux too.

Hope that someone other user can support you with the Win Version of clamav.

kind regards,
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Richard Rosner 
Gesendet / Sent: Samstag, Januar 28, 2023 um 12:49 (at 12:49 PM) +0100
Betreff / Subject: [clamav-users] clamscan exclude-dir on Windows

Hi,
I'm trying to make a full scan of my PC with clamscan.exe on Win10. Unfortunately, my C Volume is too big and my PC too 
slow to finish the scan in a day. So of course when I start it the next day, I want to exclude larger directories that 
already have been scanned. That works great with some directories, but I just can't figure out a way to exclude 
C:\Program Files\ and C:\Program Files (x86)\ from the scan. And I did try many variations. "C:\\Program Files 
(x86)\\", "C:\\Program Files*\\", %ProgramFiles(x86)%\\, C:\\"Program Files (x86)"\\ or 
"C:\\Program^ Files^ ^(x86^)\\" but nothing works. Sadly, Googling for that also doesn't bring up anything 
helpful.

Can anybody make any suggestions? And could such tips be included to the 
documentation or somewhere else?

Best Greeting
Richard

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] ClamAV 0.103.7 for Ubuntu 22.04.1 LTS

[newcomer01 via clamav-users]

does anyone happen to know when ClamAV 0.103.7 for Ubuntu 22.04.1 LTS will be 
pushed by Ubuntu? Unfortunately I have absolutely no idea how to compile the 
software myself ... surely it won't be long and the 0.103.7 will be outdated 
again ;-)
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Scanning result in socket connection for each file under a folder?

[newcomer01 via clamav-users]

you can do tis on a similar way:


#!/bin/sh
 #
 #   @(#)maillog_report_clamav_matches 2022-11-25 Sylvain Robitaille
 #
 # report on which clamav signatures have matched, and how many times
 # each have matched from the latest maillog file (or the file(s) named
 # as argument(s).

 PATH=/usr/local/bin:/usr/bin:/bin
 # 
 IFS="
 "
 export PATH;
 export IFS;
 umask 022

 # if we have no arguments, we'll default to the current maillog file;
 # else the arguments are the list;
 if [ "$*" ]; then
MAILLOG=$*
 else
MAILLOG="/var/log/maillog"
 fi

 # That's it ...
 grep -w FOUND ${MAILLOG} |\
awk '{print $(NF-1)}' |\
sort -h |\
uniq -c |\
sort -rh |\
awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'




Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Jorge Elissalde 
Gesendet / Sent: Dienstag, Januar 10, 2023 um 16:16 (at 04:16 PM) +0100
Betreff / Subject: [clamav-users] Scanning result in socket connection for each 
file under a folder?

Hi,

When I scan a folder using socket connection to clamd (SCAN [folder]) I don't 
get an individual result for each file in the connection.
For example, if I send to scan the folder c:\testme, I will get (if everything 
goes ok) only the line: c:\testme: OK
Individual files scanned and result are stored in the log file, like this one:

LOG> c:\testme\file1: OK
LOG> c:\testme\file2: OK
SOCKET> c:\testme: OK

Is there a chance to get every individual scanned file result also reported in 
the socket connection?

Thank you

Jorge

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Fwd: Fwd: exception rule - help needed

[newcomer01 via clamav-users]

okay, now i found a permission issue.

Ubuntu sets the clamav-deamon and clamav-freshclam automatically to chmod 0644 
(in /etc/init.d/) and this is completely wrong.

I have now set chmod 0755 to this files (must run as program) and now my wdb 
file is read by clamscan, but it noticed me, that this database is malformed.
Now i have removed all new lines and comments, maybe this solve the issue - 
don't know now.

Is there a detailed explanation available how to have i format this .wbd file?
I find unfortunately the clamav.net Docu is not detailed enough.

I create this wdb file in this way:

exec 3> /var/lib/clamav/daily.wdb
echo 1>&3 "Some Line"
echo 1>&3 "Some Line"
echo 1>&3 "Some Line"
exec 3>&-


Von / From: Clamav User Mailinglist 
An / To: Clamav User Mailinglist 
Gesendet / Sent: Mittwoch, Januar 04, 2023 um 16:48 (at 04:48 PM) +0100
Betreff / Subject: [clamav-users] Fwd: exception rule - help needed
no one can help me?


Von / From: Clamav User Mailinglist 
An / To: Clamav User Mailinglist 
Gesendet / Sent: Dienstag, Januar 03, 2023 um 20:03 (at 08:03 PM) +0100
Betreff / Subject: [clamav-users] exception rule - help needed
Hi @ all and happy new year!

I need help to create an exception rule for my Bank e-mails.

Currently, I have a "whitelist.wbd" file in the lib folder of clamav, but all 
of my rules seems not work.
Please help me to get the expected result, and it is generally no way for me, 
to disable this checks for all.


# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://www.facebook.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://twitter.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://www.instagram.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://www.youtube.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://play.google.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://apps.apple.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
#
X:(http:\/\/|https:\/\/)(.+)(facebook|twitter|instagram|youtube|play\.google|apps\.apple)(.+):(http:\/\/|https:\/\/)(.+)(sparkasse|sls\-direkt)\.de([\/?].*)?:20-
M:facebook.com:mailing.sparkasse.de
M:https://twitter.com:mailing.sparkasse.de
M:instagram.com:mailing.sparkasse.de
M:youtube.com:mailing.sparkasse.de
M:play.google.com:mailing.sparkasse.de
M:apps.apple.com:mailing.sparkasse.de


kind regards,
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Fwd: exception rule - help needed

[newcomer01 via clamav-users]

no one can help me?


Von / From: Clamav User Mailinglist 
An / To: Clamav User Mailinglist 
Gesendet / Sent: Dienstag, Januar 03, 2023 um 20:03 (at 08:03 PM) +0100
Betreff / Subject: [clamav-users] exception rule - help needed
Hi @ all and happy new year!

I need help to create an exception rule for my Bank e-mails.

Currently, I have a "whitelist.wbd" file in the lib folder of clamav, but all 
of my rules seems not work.
Please help me to get the expected result, and it is generally no way for me, 
to disable this checks for all.


# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://www.facebook.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://twitter.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://www.instagram.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://www.youtube.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://play.google.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://apps.apple.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
#
X:(http:\/\/|https:\/\/)(.+)(facebook|twitter|instagram|youtube|play\.google|apps\.apple)(.+):(http:\/\/|https:\/\/)(.+)(sparkasse|sls\-direkt)\.de([\/?].*)?:20-
M:facebook.com:mailing.sparkasse.de
M:https://twitter.com:mailing.sparkasse.de
M:instagram.com:mailing.sparkasse.de
M:youtube.com:mailing.sparkasse.de
M:play.google.com:mailing.sparkasse.de
M:apps.apple.com:mailing.sparkasse.de


kind regards,
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] exception rule - help needed

[newcomer01 via clamav-users]

Hi @ all and happy new year!

I need help to create an exception rule for my Bank e-mails.

Currently, I have a "whitelist.wbd" file in the lib folder of clamav, but all 
of my rules seems not work.
Please help me to get the expected result, and it is generally no way for me, 
to disable this checks for all.


# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://www.facebook.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://twitter.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://www.instagram.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://www.youtube.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://play.google.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
# LibClamAV info: Suspicious link found!
# LibClamAV info:   Real URL:    https://apps.apple.com
# LibClamAV info:   Display URL: https://mailing.sparkasse.de
#
X:(http:\/\/|https:\/\/)(.+)(facebook|twitter|instagram|youtube|play\.google|apps\.apple)(.+):(http:\/\/|https:\/\/)(.+)(sparkasse|sls\-direkt)\.de([\/?].*)?:20-
M:facebook.com:mailing.sparkasse.de
M:https://twitter.com:mailing.sparkasse.de
M:instagram.com:mailing.sparkasse.de
M:youtube.com:mailing.sparkasse.de
M:play.google.com:mailing.sparkasse.de
M:apps.apple.com:mailing.sparkasse.de


kind regards,
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Question Exception Rule

[newcomer01 via clamav-users]

Hi Eric,

i know about this support-page but i don't understand what i should have to do.
How can I create such a daily.pdb file and what should i write in it ... the 
problem is, what is the displayed url e.g.
Is it possible, that you assist me in this process?

kind regards
Marc


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Eric Tykwinski <mailto:eric-l...@truenet.com>
Gesendet / Sent: Donnerstag, Dezember 29, 2022 um 16:17 (at 04:17 PM) +0100
Betreff / Subject: Re: [clamav-users] Question Exception Rule

Marc,


-Original Message-
From: clamav-users  On Behalf Of

newcomer01 via clamav-users

Sent: Thursday, December 29, 2022 10:05 AM
To: ClamAV User Mailinglist 
Cc: newcomer01 
Subject: [clamav-users] Question Exception Rule

Hi @ all,

who can I contact to get an exemption for ClamAV

("Heuristics.Phishing.Email.SpoofedDomain")?

This in my case is an absolutely legitimize sender (my Bank).

It's in the documentation:
https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format


Regards
Marc

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300




___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Question Exception Rule

[newcomer01 via clamav-users]

Hi @ all,

who can I contact to get an exemption for ClamAV 
("Heuristics.Phishing.Email.SpoofedDomain")?
This in my case is an absolutely legitimize sender (my Bank).

Regards
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Problem with freshclam

[newcomer01 via clamav-users]

Hi @ all,

i have this problem with freshclam since long time and I can't fix it (Ubuntu 
22.04.1)
When i run freshclam  with a cron job (@rebot) this log come's up:


Thu Dec 29 13:36:51 2022 -> --
Thu Dec 29 13:36:51 2022 -> ClamAV update process started at Thu Dec 29 
13:36:51 2022
Thu Dec 29 13:36:51 2022 -> WARNING: Can't query current.cvd.clamav.net
Thu Dec 29 13:36:51 2022 -> WARNING: Invalid DNS reply. Falling back to HTTP 
mode.
Thu Dec 29 13:36:51 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Dec 29 13:36:51 2022 -> WARNING: remote_cvdhead: Download failed (6) Thu Dec 
29 13:36:51 2022 -> WARNING:  Message: Couldn't resolve host name
Thu Dec 29 13:36:51 2022 -> WARNING: Failed to get daily database version 
information from server: https://database.clamav.net
Thu Dec 29 13:36:51 2022 -> ERROR: check_for_new_database_version: Failed to 
find daily database using server https://database.clamav.net.
Thu Dec 29 13:36:51 2022 -> Trying again in 5 secs...
Thu Dec 29 13:36:56 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Dec 29 13:36:56 2022 -> WARNING: remote_cvdhead: Download failed (6) Thu Dec 
29 13:36:56 2022 -> WARNING:  Message: Couldn't resolve host name
Thu Dec 29 13:36:56 2022 -> WARNING: Failed to get daily database version 
information from server: https://database.clamav.net
Thu Dec 29 13:36:56 2022 -> ERROR: check_for_new_database_version: Failed to 
find daily database using server https://database.clamav.net.
Thu Dec 29 13:36:56 2022 -> Trying again in 5 secs...
Thu Dec 29 13:37:01 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Thu Dec 29 13:37:01 2022 -> OK
Thu Dec 29 13:37:01 2022 -> daily database available for download (remote 
version: 26765)
Thu Dec 29 13:37:12 2022 -> Testing database: 
'/var/lib/clamav/tmp.3cb7e09743/clamav-85bea499e24cfdaa871411c2b4b92e38.tmp-daily.cvd'
 ...
Thu Dec 29 13:37:20 2022 -> Database test passed.
Thu Dec 29 13:37:20 2022 -> daily.cvd updated (version: 26765, sigs: 2014567, 
f-level: 90, builder: raynman)
Thu Dec 29 13:37:20 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/main.cvd
Thu Dec 29 13:37:20 2022 -> OK
Thu Dec 29 13:37:20 2022 -> main database available for download (remote 
version: 62)
Thu Dec 29 13:37:47 2022 -> Testing database: 
'/var/lib/clamav/tmp.3cb7e09743/clamav-3d85cd963c0af4f35466d5a069aff5e5.tmp-main.cvd'
 ...
Thu Dec 29 13:37:54 2022 -> Database test passed.
Thu Dec 29 13:37:54 2022 -> main.cvd updated (version: 62, sigs: 6647427, 
f-level: 90, builder: sigmgr)
Thu Dec 29 13:37:54 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/bytecode.cvd
Thu Dec 29 13:37:54 2022 -> OK
Thu Dec 29 13:37:54 2022 -> bytecode database available for download (remote 
version: 333)
Thu Dec 29 13:37:54 2022 -> Testing database: 
'/var/lib/clamav/tmp.3cb7e09743/clamav-e15dec8534c6c98f62a54cdab9ce00fb.tmp-bytecode.cvd'
 ...
Thu Dec 29 13:37:54 2022 -> Database test passed.
Thu Dec 29 13:37:54 2022 -> bytecode.cvd updated (version: 333, sigs: 92, 
f-level: 63, builder: awillia2)


When I run the same command later in the day, all is fine.
What can I do to solve the issue?

Regards,Marc

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] prolem with freshclam when no sudo user is logged in the system

[newcomer01 via clamav-users]

okay, i have now added dns server to my local lan-connection for IPv4 and IPv6

v4

v6

hope this woll work now


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Richard <mailto:inbound-lists-cla...@listmail.innovate.net>
Gesendet / Sent: Montag, Dezember 26, 2022 um 20:36 (at 08:36 PM) +0100
Betreff / Subject: Re: [clamav-users] prolem with freshclam when no sudo user 
is logged in the system

your local machine needs have functioning dns - i.e., be able to get
responses to name lookups. to do that it needs point to nameservers.
that's generally done/shown in your /etc/resolv.conf file. if your
local machine has static ipnumbers you will likely have set the
nameservers explicitly when you set that up. if it uses dhcp it
should get them from your dhcp server.

in my previous mention of resolve.conf and clamav/CDN, that should
have been /etc/hosts.

[it would have better if you hadn't top posted, but as you have i'm
going to continue that - hence the replies will be a bit jumbled.]

[i am on this mailing list. please do *not* also include my email
address in direct replies.]




Date: Monday, December 26, 2022 17:57:57 +0000
From: newcomer01 via clamav-users
To: Richard via clamav-users

my dns services are set inside the router directly (AVM FritzBox)
and link to cloudflares dns servers (IPv4 and IPv6) are set up here.
on my local machine i didn't use dns or something


Von / From: Clamav User Mailinglist
<mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01<mailto:newcome...@posteo.de>
CC / CC: Richard<mailto:inbound-lists-cla...@listmail.innovate.net>
Gesendet / Sent: Montag, Dezember 26, 2022 um 18:22 (at 06:22 PM)
+0100
Betreff / Subject: Re: [clamav-users] prolem with freshclam when no
sudo user is logged in the system

Date: Monday, December 26, 2022 13:46:54 +0000
From: newcomer01 via clamav-users

Hi There,

now i have a small problem with freshlcam, when i run a freshclam
query on @reboot with user cronjob
(/var/spool/cron/cronjobs/USERNAME):

Mon Dec 26 13:18:24 2022 -> --
Mon Dec 26 13:18:24 2022 -> ClamAV update process started at Mon
Dec 26 13:18:24 2022
Mon Dec 26 13:18:24 2022 -> WARNING: Can't query
current.cvd.clamav.net
Mon Dec 26 13:18:24 2022 -> WARNING: Invalid DNS reply. Falling
back to HTTP mode.
Mon Dec 26 13:18:24 2022 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
Mon Dec 26 13:18:24 2022 -> WARNING: remote_cvdhead: Download
failed (6) Mon Dec 26 13:18:24 2022 -> WARNING:  Message:
Couldn't resolve host name

It looks like you have a DNS issue when this is trying to run. You
should look to see how/that dns is working on this machine. The
cronjobs run after the system startup so, in general, it shouldn't
be a timing issue but could be depending on how you have things
set up.

The response that you get from a:
   
host -t txt current.cvd.clamav.net


command should look something like:

current.cvd.clamav.net descriptive text
"0.103.7:62:26762:1672074000:1:90:49192:333"

The *.clamav.net services run off a CDN so the IPnumbers can change
at will, so don't try to overcome your dns issue by putting
something in our resolve.conf.




___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] prolem with freshclam when no sudo user is logged in the system

[newcomer01 via clamav-users]

i do not also include your e-mail-adress, i answer your posting only.

Sorry, replies on top is the default setting of my client ...
what in my configuration i should change? I use mostly the default settings of 
ubuntu 22.04.1 ... okay, i must change the the permissions of 
/var/spool/cron/cronjobs and my own cronjob file, otherwise nothing of my 
cronjobs have worked - why? I don't know.


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Richard <mailto:inbound-lists-cla...@listmail.innovate.net>
Gesendet / Sent: Montag, Dezember 26, 2022 um 20:36 (at 08:36 PM) +0100
Betreff / Subject: Re: [clamav-users] prolem with freshclam when no sudo user 
is logged in the system

your local machine needs have functioning dns - i.e., be able to get
responses to name lookups. to do that it needs point to nameservers.
that's generally done/shown in your /etc/resolv.conf file. if your
local machine has static ipnumbers you will likely have set the
nameservers explicitly when you set that up. if it uses dhcp it
should get them from your dhcp server.

in my previous mention of resolve.conf and clamav/CDN, that should
have been /etc/hosts.

[it would have better if you hadn't top posted, but as you have i'm
going to continue that - hence the replies will be a bit jumbled.]

[i am on this mailing list. please do *not* also include my email
address in direct replies.]




Date: Monday, December 26, 2022 17:57:57 +0000
From: newcomer01 via clamav-users 
To: Richard via clamav-users 

my dns services are set inside the router directly (AVM FritzBox)
and link to cloudflares dns servers (IPv4 and IPv6) are set up here.
on my local machine i didn't use dns or something


Von / From: Clamav User Mailinglist
<mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Richard <mailto:inbound-lists-cla...@listmail.innovate.net>
Gesendet / Sent: Montag, Dezember 26, 2022 um 18:22 (at 06:22 PM)
+0100
Betreff / Subject: Re: [clamav-users] prolem with freshclam when no
sudo user is logged in the system

Date: Monday, December 26, 2022 13:46:54 +0000
From: newcomer01 via clamav-users 

Hi There,

now i have a small problem with freshlcam, when i run a freshclam
query on @reboot with user cronjob
(/var/spool/cron/cronjobs/USERNAME):

Mon Dec 26 13:18:24 2022 -> --
Mon Dec 26 13:18:24 2022 -> ClamAV update process started at Mon
Dec 26 13:18:24 2022
Mon Dec 26 13:18:24 2022 -> WARNING: Can't query
current.cvd.clamav.net
Mon Dec 26 13:18:24 2022 -> WARNING: Invalid DNS reply. Falling
back to HTTP mode.
Mon Dec 26 13:18:24 2022 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
Mon Dec 26 13:18:24 2022 -> WARNING: remote_cvdhead: Download
failed (6) Mon Dec 26 13:18:24 2022 -> WARNING:  Message:
Couldn't resolve host name

It looks like you have a DNS issue when this is trying to run. You
should look to see how/that dns is working on this machine. The
cronjobs run after the system startup so, in general, it shouldn't
be a timing issue but could be depending on how you have things
set up.

The response that you get from a:
   
host -t txt current.cvd.clamav.net


command should look something like:

current.cvd.clamav.net descriptive text
"0.103.7:62:26762:1672074000:1:90:49192:333"

The *.clamav.net services run off a CDN so the IPnumbers can change
at will, so don't try to overcome your dns issue by putting
something in our resolve.conf.




___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] prolem with freshclam when no sudo user is logged in the system

[newcomer01 via clamav-users]

my dns services are set inside the router directly (AVM FritzBox) and link to 
cloudflares dns servers (IPv4 and IPv6) are set up here.
on my local machine i didn't use dns or something


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Richard <mailto:inbound-lists-cla...@listmail.innovate.net>
Gesendet / Sent: Montag, Dezember 26, 2022 um 18:22 (at 06:22 PM) +0100
Betreff / Subject: Re: [clamav-users] prolem with freshclam when no sudo user 
is logged in the system

Date: Monday, December 26, 2022 13:46:54 +0000
From: newcomer01 via clamav-users 

Hi There,

now i have a small problem with freshlcam, when i run a freshclam
query on @reboot with user cronjob
(/var/spool/cron/cronjobs/USERNAME):

Mon Dec 26 13:18:24 2022 -> --
Mon Dec 26 13:18:24 2022 -> ClamAV update process started at Mon
Dec 26 13:18:24 2022
Mon Dec 26 13:18:24 2022 -> WARNING: Can't query
current.cvd.clamav.net
Mon Dec 26 13:18:24 2022 -> WARNING: Invalid DNS reply. Falling
back to HTTP mode.
Mon Dec 26 13:18:24 2022 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
Mon Dec 26 13:18:24 2022 -> WARNING: remote_cvdhead: Download
failed (6) Mon Dec 26 13:18:24 2022 -> WARNING:  Message: Couldn't
resolve host name


It looks like you have a DNS issue when this is trying to run. You
should look to see how/that dns is working on this machine. The
cronjobs run after the system startup so, in general, it shouldn't be
a timing issue but could be depending on how you have things set up.

The response that you get from a:
  
   host -t txt current.cvd.clamav.net


command should look something like:

   current.cvd.clamav.net descriptive text
"0.103.7:62:26762:1672074000:1:90:49192:333"

The *.clamav.net services run off a CDN so the IPnumbers can change
at will, so don't try to overcome your dns issue by putting something
in our resolve.conf.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] freshclam: Verification: Can't verify database integrity

[newcomer01 via clamav-users]

i mean the default setting in freshclam.conf is set to every hour (12x at day) 
will start an update process for virus databases ...

maybe you can sing up for the otter mailing-list 
clamav-viru...@lists.clamav.net with this special topic


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Jim Popovitch <mailto:jim...@domainmail.org>
Gesendet / Sent: Montag, Dezember 26, 2022 um 15:13 (at 03:13 PM) +0100
Betreff / Subject: Re: [clamav-users] freshclam: Verification: Can't verify 
database integrity

On Mon, 2022-12-26 at 13:15 +0000, newcomer01 via clamav-users wrote:

you can try to delete all files in lib folder and start freshclam again.

I tried that on the 24th, it had had no affect.


by the way: you should maximum once per day refresh your signature files 
otherwise the cdn will block you for 24 hours.

If freshclam is trying more than once per day than that is a freshclam
bug, no?


Do you habe seen this page?
https://docs.clamav.net/faq/faq-troubleshoot.html

Yes, and a few others, they are of no help with the specific problem in
the subject.

I suspect that this particular CDN endpoint is serving a corrupt file.
(why isn't there a freshclam logged entry indicating which CDN mirror is
giving the error, after all the CDN can log the cooldown specifics)


-Jim P.



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] prolem with freshclam when no sudo user is logged in the system

[newcomer01 via clamav-users]

Hi There,

now i have a small problem with freshlcam, when i run a freshclam query on 
@reboot with user cronjob (/var/spool/cron/cronjobs/USERNAME):

Mon Dec 26 13:18:24 2022 -> --
Mon Dec 26 13:18:24 2022 -> ClamAV update process started at Mon Dec 26 
13:18:24 2022
Mon Dec 26 13:18:24 2022 -> WARNING: Can't query current.cvd.clamav.net
Mon Dec 26 13:18:24 2022 -> WARNING: Invalid DNS reply. Falling back to HTTP 
mode.
Mon Dec 26 13:18:24 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Mon Dec 26 13:18:24 2022 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec 
26 13:18:24 2022 -> WARNING:  Message: Couldn't resolve host name
Mon Dec 26 13:18:24 2022 -> WARNING: Failed to get daily database version 
information from server: https://database.clamav.net
Mon Dec 26 13:18:24 2022 -> ERROR: check_for_new_database_version: Failed to 
find daily database using server https://database.clamav.net.
Mon Dec 26 13:18:24 2022 -> Trying again in 5 secs...
Mon Dec 26 13:18:29 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Mon Dec 26 13:18:29 2022 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec 
26 13:18:29 2022 -> WARNING:  Message: Couldn't resolve host name
Mon Dec 26 13:18:29 2022 -> WARNING: Failed to get daily database version 
information from server: https://database.clamav.net
Mon Dec 26 13:18:29 2022 -> ERROR: check_for_new_database_version: Failed to 
find daily database using server https://database.clamav.net.
Mon Dec 26 13:18:29 2022 -> Trying again in 5 secs...
Mon Dec 26 13:18:34 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/daily.cvd
Mon Dec 26 13:18:35 2022 -> OK
Mon Dec 26 13:18:35 2022 -> daily database available for update (local version: 
26761, remote version: 26762)
Mon Dec 26 13:18:36 2022 -> Testing database: 
'/var/lib/clamav/tmp.131abfe023/clamav-e8580f4a0c38bf88fb8b13c30fca810d.tmp-daily.cld'
 ...
Mon Dec 26 13:18:40 2022 -> Database test passed.
Mon Dec 26 13:18:40 2022 -> daily.cld updated (version: 26762, sigs: 2014386, 
f-level: 90, builder: raynman)
Mon Dec 26 13:18:40 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/main.cvd
Mon Dec 26 13:18:40 2022 -> main.cvd database is up-to-date (version: 62, sigs: 
6647427, f-level: 90, builder: sigmgr)
Mon Dec 26 13:18:40 2022 -> Trying to retrieve CVD header from 
https://database.clamav.net/bytecode.cvd
Mon Dec 26 13:18:40 2022 -> bytecode.cvd database is up-to-date (version: 333, 
sigs: 92, f-level: 63, builder: awillia2)

this happens if no sudo user is currently signed in the system.
i have checked this page https://docs.clamav.net/faq/faq-troubleshoot.html

in my etc/resolv.conf i have no entries for clamav.

when i manually run host -t txt current.cvd.clamav.net i get following response

bnhg
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] freshclam: Verification: Can't verify database integrity

[newcomer01 via clamav-users]

you can try to delete all files in lib folder and start freshclam again.
by the way: you should maximum once per day refresh your signature files 
otherwise the cdn will block you for 24 hours.
Do you habe seen this page?
https://docs.clamav.net/faq/faq-troubleshoot.html


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Jim Popovitch 
Gesendet / Sent: Sonntag, Dezember 25, 2022 um 22:16 (at 10:16 PM) +0100
Betreff / Subject: [clamav-users] freshclam: Verification: Can't verify 
database integrity

What the heck could be causing freshclam verification problems for the
past 2 days?  I'm getting rate-limited over and over because freshclam
fails to verify daily.cvd (and then retries over and over).  Is there a
known problem with daily.cvd downloads being corrupt?  Google says to
"wget http://database.clamav.net/daily.cvd; but that no longer works.
What should I be doing differently?


~$ grep freshclam /var/log/syslog
Dec 25 18:29:29 mx3 freshclam[1013]: freshclam daemon 0.103.7 (OS: linux-gnu, 
ARCH: x86_64, CPU: x86_64)
Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 
25 18:29:29 2022
Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 
25 18:29:29 2022
Dec 25 18:29:29 mx3 freshclam[1013]: WARNING: FreshClam previously received 
error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam previously received error code 
429 or 403 from the ClamAV Content Delivery Network (CDN).
Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited 
or blocked by the CDN.
Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited 
or blocked by the CDN.
Dec 25 18:29:29 mx3 freshclam[1013]:  1. Verify that you're running a supported 
ClamAV version.
Dec 25 18:29:29 mx3 freshclam[1013]: See 
https://docs.clamav.net/faq/faq-eol.html for details.
Dec 25 18:29:29 mx3 freshclam[1013]:  2. Run FreshClam no more than once an 
hour to check for updates.
Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam should check DNS first to 
see if an update is needed.
Dec 25 18:29:29 mx3 freshclam[1013]:  3. If you have more than 10 hosts on your 
network attempting to download,
Dec 25 18:29:29 mx3 freshclam[1013]:  1. Verify that you're running a supported 
ClamAV version.
Dec 25 18:29:29 mx3 freshclam[1013]: it is recommended that you set up a 
private mirror on your network using
Dec 25 18:29:29 mx3 freshclam[1013]: cvdupdate 
(https://pypi.org/project/cvdupdate/) to save bandwidth on the
Dec 25 18:29:29 mx3 freshclam[1013]: CDN and your own network.
Dec 25 18:29:29 mx3 freshclam[1013]:  4. Please do not open a ticket asking for 
an exemption from the rate limit,
Dec 25 18:29:29 mx3 freshclam[1013]: it will not be granted.
Dec 25 18:29:29 mx3 freshclam[1013]: WARNING: You are still on cool-down until 
after: 2022-12-25 20:05:17
Dec 25 18:29:29 mx3 freshclam[1013]: See 
https://docs.clamav.net/faq/faq-eol.html for details.
Dec 25 18:29:29 mx3 freshclam[1013]:  2. Run FreshClam no more than once an 
hour to check for updates.
Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam should check DNS first to 
see if an update is needed.
Dec 25 18:29:29 mx3 freshclam[1013]:  3. If you have more than 10 hosts on your 
network attempting to download,
Dec 25 18:29:29 mx3 freshclam[1013]: it is recommended that you set up a 
private mirror on your network using
Dec 25 18:29:29 mx3 freshclam[1013]: cvdupdate 
(https://pypi.org/project/cvdupdate/) to save bandwidth on the
Dec 25 18:29:29 mx3 freshclam[1013]: CDN and your own network.
Dec 25 18:29:29 mx3 freshclam[1013]:  4. Please do not open a ticket asking for 
an exemption from the rate limit,
Dec 25 18:29:29 mx3 freshclam[1013]: it will not be granted.
Dec 25 18:29:29 mx3 freshclam[1013]: You are still on cool-down until after: 
2022-12-25 20:05:17
Dec 25 18:29:29 mx3 freshclam[1013]: --
Dec 25 20:29:29 mx3 freshclam[1013]: Received signal: wake up
Dec 25 20:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 
25 20:29:29 2022
Dec 25 20:29:29 mx3 freshclam[1013]: Received signal: wake up
Dec 25 20:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 
25 20:29:29 2022
Dec 25 20:29:29 mx3 freshclam[1013]: WARNING: Cool-down expired, ok to try 
again.
Dec 25 20:29:29 mx3 freshclam[1013]: daily database available for download 
(remote version: 26761)
Dec 25 20:29:29 mx3 freshclam[1013]: Cool-down expired, ok to try again.
Dec 25 20:29:29 mx3 freshclam[1013]: daily database available for download 
(remote version: 26761)
Dec 25 20:29:30 mx3 freshclam[1013]: ERROR: Verification: Can't verify database 
integrity
Dec 25 20:29:30 mx3 freshclam[1013]: Verification: Can't verify database 
integrity
Dec 25 20:29:30 mx3 freshclam[1013]: 

Re: [clamav-users] false positive

[newcomer01 via clamav-users]

one header is from sendnode.com and the other one from sls-direct.de

this is one of the MIME-header:


X-Spam-Status: No, score=-1.619 tagged_above=-1000 required=7
tests=[AV:Heuristics.Phishing.Email.SpoofedDomain=0.1,
HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_FONT_LOW_CONTRAST=0.001,
HTML_MESSAGE=0.001, POSTEO_BTC_B=0.01, POSTEO_GENERICS_LP_CCOUNT=0.01,
RCVD_IN_ABUSIX_WHITE=-2, RCVD_IN_DNSWL_NONE=-0.0001,
T_RCVD_IN_CSA_WHITELIST=0.01] autolearn=disabled
X-Posteo-Antispam-Signature: v=1; e=base64; a=aes-256-gcm; 
d=tq7ngM2/JpxeKCE7x3oKNbzuOK5a2NHnEt9R6s548o4NWBMTE18t0Fx9xkJQ7nTZU1TM0nP2xqIosfmpQT/nSQQCVDyrJVgj2HE1PoGeP+i+dkcA9t6Uv5C9FPSCEcPE+u6/iFv5
Authentication-Results: posteo.de; dmarc=none (p=none dis=none) 
header.from=sls-direkt.de
Authentication-Results: posteo.de;
dkim=pass (2048-bit key) header.d=sendnode.com header.i=@sendnode.com 
header.b=Ms2neRyO;
dkim-atps=neutral
X-Posteo-TLS-Received-Status: TLSv1.3
Received: from mda38f.sendnode.com (mda38f.sendnode.com [185.98.184.143])
by mx04.posteo.de (Postfix) with ESMTPS id 4Gln4t192Mz10WC
for ; Thu, 12 Aug 2021 15:06:22 +0200 (CEST)
MIME-Version: 1.0
Date: Thu, 12 Aug 2021 15:06:09 +0200
Message-ID: <5j4.57t...@sendnode.com>
From: Sparkasse Langen-Seligenstadt 
To: 
Reply-To: 
Subject: Herzlich willkommen!
List-Unsubscribe: 
<https://mailing.sparkasse.de/-list-unsubscribe/7168/6761/701/vUQn8vSJ>,
  <mailto:list-unsubscr...@sendnode.com?subject=7168-6761-701-vUQn8vSJ>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-ID: <1c00.1a69.sendnode.com>
X-Abuse-ID: MTI3LjAuMC4xLTcxNjgtNjc2MS03MDEtem5lcC5jaHJmcHVyeUBjYmZncmIucXI=
X-SendJob-ID: 206828196
X-Complaints-To: 
X-CSA-Complaints: 
X-Mailer: Mailingwork
X-Fi-Abs-Verify: SFP
DKIM-Signature: v=1;
  a=rsa-sha256;
  q=dns/txt;
  l=47242;
  s=mdkv20200702;
  t=1628773569;
  c=relaxed/simple;
  
h=From:To:Reply-To:Subject:X-CSA-Complaints:List-Unsubscribe-Post:List-Unsubscribe;
  d=sendnode.com;
  bh=U8HbPK6DbgmQ2Aw524utUF5pT+EcPCR6uPh9N1oJDTc=;
  
b=Ms2neRyObxjnw/5kqX3YBADyoWW81EA2kavDX5NmBjq480N9Bv8LZgrOpBg4zM36ZjfbDIqD4v4bw0rHTFDDGehb0nDEgkK710Qhkil4Oeyrb1RoNVAFJnhM3Eh2sENnCdH6q0sMJFptEMjb9e5vf4+KHrON6VCbdJlLTv3sAPHH8b2E8GqhXinaI5PLB1JJqE8XW46VuekFMcbLvy6tRYGdy0HUciuKRkZiylneESKvzHbJ3vBrRWBNEo/8s2GaZuYNEjJsO/DOoRCZrmpJpEhcwn2/T7OneqTVtZXQOGWnsBpLJwbAamVMuwkrf7XTDSkyM74nGaT9jm3Nwh1/Ng==
Content-Type: multipart/alternative;
  boundary="=_alternative_db2ca59dbda23e1a4edb30eaa2ffedc6"




Von / From: Matus Uhlar - Fantomas <mailto:uh...@fantomas.sk>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
Gesendet / Sent: Freitag, Dezember 23, 2022 um 16:54 (at 04:54 PM) +0100
Betreff / Subject: Re: [clamav-users] false positive

On Dec 23, 2022, at 03:26, newcomer01 via clamav-users 
 wrote:
is there a way to submit a false positive "Phishing.Email.SpoofedDomain" so 
that an exception can be added?

On 23.12.22 05:28, Al Varnell via clamav-users wrote:

A good start would be to tell us what the domain in question is.

What those domains in question are.
Phishing.Email.SpoofedDomain means there are two different domains in name
and URL, IIRC.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] false positive

[newcomer01 via clamav-users]

Hi @ all,

is there a way to submit a false positive "Phishing.Email.SpoofedDomain" so 
that an exception can be added?

kind regards,
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] CDV file?

[newcomer01 via clamav-users]

.cvd files are the libraries which comes with starting freshclam update service 
directly from clamav.net cdn.



Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Armando P 
Gesendet / Sent: Donnerstag, Dezember 15, 2022 um 02:18 (at 02:18 AM) +0100
Betreff / Subject: [clamav-users] CDV file?


I have a NAS that uses Clamav as it’s antivirus software. I wanted to make sure 
that it is updated. It says it needs a *.cvd files, but I cannot find that. I 
have downloaded the zip file for windows 64 at clamav.net, but nothing with 
that extension is located there. Please help. Thank you.

Sent from Mail  for Windows


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file.

[newcomer01 via clamav-users]

Sorry, I was busy writing this mail.

Well, I'm not ClamAV, but I would bring order into the file chaos.
clam*d*scan should have its own config and clamscan too, because the two 
configs are not compatible.
For this reason I would wish that there would be also the option 
--config-file=URL with clamscan, in order to be able to load then the ONLY FOR 
clamscan valid settings.
As I said, as soon as you want to use an option of clam*d* scan for clamdscan, 
the whole process stops, customer-friendly is so I think not.

If the daemon also has its own configuration, then you have to think about what 
the config file could be called.



Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Andrew C Aitchison <mailto:cla...@aitchison.me.uk>
Gesendet / Sent: Montag, Dezember 12, 2022 um 17:34 (at 05:34 PM) +0100
Betreff / Subject: Re: [clamav-users] LibClamAV Warning: PNG: Unexpected early 
end-of-file.

On Mon, 12 Dec 2022, newcomer01 wrote:


Well on my PC I changed a lot because the naming was too messy for me.

I have "program" clam*d*scan for which I have a clam*d*.conf and a "program"
clamscan for which I have a clamscan.conf. And then the normal "program"
freshclam with the freshclam.conf.
That is logic ;-)

To feed clam*d*scan and clamscan with the same conf is stupid, because both
programs have different options.

clamscan (no 'd') does not have a config file at all.
Which options do you want to be different ?
Many of the options are the same. At least as a default I would expect the
   --scan-* --alert-* --max-* --*-pua options to be the same.

(Ignoring the freshclam config) clamscan *does not have a config file*
so there is curently no need for an option
--config-file=FILE

As I asked before,
which settings do you expect clamscan to read from this config ?



Now it would be still super, if one would have the option --config-file=FILE
with the clamscan, as it is also the case with the clam*d*scan. If I want to
use the clamscan mutze and --config-file=URL, then this is of course not
possible and it breaks everything!

Von / From: Andrew C Aitchison <mailto:and...@aitchison.me.uk>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
Gesendet / Sent: Montag, Dezember 12, 2022 um 16:33 (at 04:33 PM) +0100
Betreff / Subject: Re: [clamav-users] LibClamAV Warning: PNG: Unexpected
early end-of-file.

On Mon, 12 Dec 2022, newcomer01 via clamav-users wrote:


can nobody explain, what this message exactly mean?
I Get the on lot of my E-mails
LibClamAV Warning: PNG: Unexpected early end-of-file.

That just means that the PNG file is either not a PNG for or is corrupted
- perhaps truncated.


Should i change something in my config for clamscan?

No.


And mybe devs of clamav reas here to, it would be really nice, if you can
add
the optional paramteter "---cofig-file="FILE" to clamscan too. Currnty
only
cmab*d*scan has the option

The config file is for the clamd *daemon*.
clamd and clamdscan refer to it, but clamscan does not refer
this config file (although it *does* refer to freshclam.conf).

Which settings do you expect clamscan to read from this config ?


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] LibClamAV Warning: PNG: Unexpected early end-of-file.

[newcomer01 via clamav-users]

can nobody explain, what this message exactly mean? I Get the on lot of my 
E-mails
LibClamAV Warning: PNG: Unexpected early end-of-file. Should i change something 
in my config for clamscan?

And mybe devs of clamav reas here to, it would be really nice, if you can add the optional 
paramteter "---cofig-file="FILE" to clamscan too. Currnty only cmab*d*scan has 
the option

kind regards
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Whish for new "--option" in clamscan (not clamdscan)

[newcomer01 via clamav-users]

Hi @ all,

i would really whish a new property for the clamscan module, which is currently 
only in clamdscan available.
I would need --config-file="FILE" to give clamscan this file in very scan give 
to.

kind regards,
Marc___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Message PNG: Unexpected Early-End-Of-File

[newcomer01 via clamav-users]

Hi @ all,

an other most frequment "Message" is PNG: Unexpected Eealy-End-Of-File
I get this in really much e-mails from my Thunderbird maildir ...
What does this Message exactly mean?

kind regards
Marc

Von / From: Clamav User Mailinglist 
An / To: newcomer01 
CC / CC: Andy Ragusa \(Aragusa\) 
Gesendet / Sent: Freitag, Dezember 09, 2022 um 22:07 (at 10:07 PM) +0100
Betreff / Subject: Re: [clamav-users] Memory Allocation error, clamd stop 
running

Hi Jorge,

I have attempted to reproduce the issue and haven't had any luck.  Here is what 
I tried, please let me know what I could be doing wrong.

 1.  Downloaded the prebuilt clamav-1.0.0.win.x64.zip
 2. clamd.exe --log=
 3. clamdscan --log= --multiscan 

the scan folder had 23k files.

I then tried separating the files into multiple folders, and passing all the 
folders into clamdscan

 4. clamdscan --log= --multiscan   ...

Neither of these were able to reproduce the behavior you are seeing.  Can you 
tell me a little more about your particular configuration, and what else I can 
try to reproduce this?

Thanks,
Andy

--
*From:* clamav-users  on behalf of Jorge 
Elissalde via clamav-users 
*Sent:* Thursday, December 8, 2022 6:20 AM
*To:* ClamAV users ML 
*Cc:* Jorge Elissalde 
*Subject:* Re: [clamav-users] Memory Allocation error, clamd stop running
Hi,

This is a very frequent error in the log:

LibClamAV Error: cli_calloc(): Can't allocate memory (65013504 bytes).
LibClamAV Error: cli_ac_init: Can't allocate memory for 
data->lsigsuboff_(last|first)[0]
C:\Windows\SysWOW64\odbcad32.exe: Can't allocate memory ERROR
calloc_problem: Not enough space
LibClamAV Error: cli_calloc(): Can't allocate memory (65013504 bytes).
calloc_problem: Not enough space
LibClamAV Error: cli_calloc(): Can't allocate memory (65013504 bytes).
LibClamAV Error: cli_ac_init: Can't allocate memory for 
data->lsigsuboff_(last|first)[0]
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe: Can't allocate 
memory ERROR

Thanks,

Jorge


El mié, 7 dic 2022 a las 18:43, Andy Ragusa (aragusa) via clamav-users 
() escribió:

Hi Jorge,

Is it a particular file that is being scanned when this happens?

Could you please send clamd's logs to help determine what is going on?

Thanks,
Andy

--
*From:* clamav-users  on behalf of Jorge 
Elissalde via clamav-users 
*Sent:* Wednesday, December 7, 2022 3:41 PM
*To:* ClamAV users ML 
*Cc:* Jorge Elissalde 
*Subject:* [clamav-users] Memory Allocation error, clamd stop running
Hi,

I'm using the latest Windows Clamav version (1.0.0).
I'm connected to clamd and I request a folder scan having 94,249 files, 
10GB total.
The command I send is MULTISCAN [folder].
When scanner is over 9,075 files it stops working and the message is:

memory allocation of 1048576 bytes failed

Clamd stop running.
I'm running with next relevant settings in 

[clamav-users] Ubuntu file needed

[newcomer01 via clamav-users]

hello again,

can an Ubuntu 22.04.1 user send me the file "clamav-update" from source 
/etc/init.d/
Here i have clamav-daeamon and clamav-freshclam included but the 
clamav-freshclam can probably not be triggered from a cron job ...

kind regads
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Ubuntu 22.04.1 permissions

[newcomer01 via clamav-users]

can someone showm me screesnhots on the setted permissons from:

/ etc/ init.d / clamav-daemon and
/ etc / init.d / freshclam

please?
And additionally must this files run as program too?

kind regards & big thank you!___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] ppa for ClamAV for Ubuntu 22.04.1

[newcomer01 via clamav-users]

does everyone know, if exists an ppa to install always the current stable 
version of ClamAV for Ubuntu 22.04.1?
The Ubuntu releases are so slow ...
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Have anyone the current clamav-freshclam file from init.d Folder from Ubuntu

[newcomer01 via clamav-users]

Hey there, can everyone send me the current clamav-freshclam file from 
/etc/init.d/ source of Ubuntu 22.04.1?
By an accident is have delete my one and I get it not restored

kind regards,
Marc
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat