Re: [clamav-users] Daily 23161 broke Clam (workaround)

2017-03-05 Thread Adam Gibson 
I didn't see any problems on CentOS 7 or CentOS 6 on my systems using
clamav with the 23161 daily update.  Are you saying you had a problem with
them?  The only problem was with CentOS 5 on my systems.  The workaround
would apply to any distribution though that was affected by the regexp not
working on pcre libraries older than 7.0. If the whitelist.ign2 file is put
in the database directory where daily.cvd was updated, it would work around
the problem for those 2 signatures.

The point of my post is that this can be a quick workaround to get clamd
working again if a regexp problem like this pops up.  I was going in all
different directions myself trying to get clamd working (recompiling,
daily.cvd manipulations, etc) until I stumbled onto the much simpler
whitelist.ign2 feature which I was not aware of until a few days ago.  I
really wanted to stick with pre-built rpm packages on the installs.  I am
just trying to spread the info in case others were not aware of the
whitelist feature in clamav/clamd.

On Sun, Mar 5, 2017 at 8:45 PM, Benny Pedersen  wrote:

> Adam Gibson skrev den 2017-03-05 16:29:
>
> This whitelists those patterns so they do not even get processed to cause
>> the crash in the regexp engine that clamd uses.  Clamd started up fine for
>> me with CentOS 5 after doing that.
>>
>
> did you test that this is same problem in centos 7 ?
>
> come on :=)
>
> you have more problems then just clamav with centos 5
>
> i dont care really, but now i sayed it
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Daily 23161 broke Clam (workaround)

2017-03-05 Thread Benny Pedersen 

Adam Gibson skrev den 2017-03-05 16:29:

This whitelists those patterns so they do not even get processed to 
cause
the crash in the regexp engine that clamd uses.  Clamd started up fine 
for

me with CentOS 5 after doing that.


did you test that this is same problem in centos 7 ?

come on :=)

you have more problems then just clamav with centos 5

i dont care really, but now i sayed it
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Daily 23161 broke Clam (workaround)

2017-03-05 Thread Adam Gibson 
I had email domain issues which kept me from posting this the day of the
problem unfortunately so this info is just for future reference I guess.

If a problem like this comes up again, I found that you can create a
whitelist file to ignore some signatures.

I put the following file in the virus database directory (/var/lib/clamav/
for my system)...

Created a file called whitelist.ign2

Put the following content in it...

Doc.Macro.GenericHeuristic-5931846-1
Doc.Macro.GenericHeuristic-5901772-0

This whitelists those patterns so they do not even get processed to cause
the crash in the regexp engine that clamd uses.  Clamd started up fine for
me with CentOS 5 after doing that.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml