replacement for Virex etc, at least not yet!?
regards,
Gavin
Mark Allan
IT Support
George Watson's College
W: www.gwc.org.uk
E: [EMAIL PROTECTED]
P: +44 (0)131 446 6070
---
This SF.Net email is sponsored
Hi all,
I've finally bitten the bullet and released my clamav GUI for Mac OS X.
It's called clamXav, and you can download it from
http://www.markallan.co.uk/clamXav_v0.8b.zip or from the program info
page at http://www.markallan.co.uk/clamXav (no trailing slash please,
it messes up my
Hi,
I'm developing clamXav (clamav GUI for Mac OS X) and I was wondering
two things:
Firstly, could we add an option for a dummy scan? What I mean is to
have clamscan goes through the process of what it would normally do,
but not actually perform any scanning? Basically what I'm after is a
D'oh! I didn't realise .80rc4 was out. I wrote that email a couple of
days ago and only just got round to sending it!
Sorry.
On 11 Oct 2004, at 11:35 pm, Tomasz Kojm wrote:
On Mon, 11 Oct 2004 23:32:12 +0100
Mark Allan [EMAIL PROTECTED] wrote:
Hi guys,
With the release of 8.0 imminent, can I
Having searched the archives to the best of my abilities, I can't
seem to find an answer to why complex regular expressions are not
enabled for ClamAV. Can anyone shed any light on this please? It
*appears* to work fine on OS X 10.3 and 10.4 so I'm wondering if it's
the other Unix
As there is no date to show when this article was written, I'm not
sure if it takes into account 0.85.1 Can anyone comment?
http://www.securityfocus.com/bid/13795/discussion/
Thanks,
Mark
Article contents:
Clam Anti-Virus ClamAV running on Mac OS X is affected by a command
execution
Take a look at the FIRST line. I said I don't know when the article
was written - it may have been before 0.85.1 and maybe even before 0.84!
On 28 May 2005, at 11:15 pm, Jakub Jankowski wrote:
Take a look at the last line you've pasted:
___
On 28 May 2005, at 11:25 pm, Jakub Jankowski wrote:
http://www.securityfocus.com/bid/13795
quote
not vulnerable Clam Anti-Virus ClamAV 0.84
Clam Anti-Virus ClamAV 0.85
Clam Anti-Virus ClamAV 0.85.1
/quote
Ok, now I feel stupid - I never
What ever happened to this feature? I'd really like to use it,
especially in my GUI front end, but with 0.88.2 I'm still getting the
rotating pipe character.
Thanks,
Mark
On 8 Mar 2006, at 13:29pm, Tomasz Kojm wrote:
On Thu, 2 Feb 2006 18:20:19 +
Robert Hogan [EMAIL PROTECTED] wrote:
Hi,
Is there a reason for clamd not supporting the include, exclude and
exclude-dir options? I've tried adding them as switches to clamdscan
but I get a message back saying:
WARNING: Ignoring option --exclude: please edit clamd.conf instead
So I then tried editing clamd.conf but
Hi folks,
Here's a patch to allow ClamAV to configure properly on Mac OS X
10.5. The nidump tool was deprecated a long time ago and is no longer
included in 10.5 as netinfo doesn't exist any more. The dscl tool is
the preferred method from at least 10.3 onwards. Unfortunately I
don't
The regular expressions being excluded or included are compiled
just once and stored in memory
Brilliant!
On the one hand, you're right that were clamscan to have a command-
line option to tell it to read a list of files on stdin, the logic I
built into it could be implemented
On 17 May 2010, at 7:32 pm, Török Edwin wrote:
A real fix would be to detect the Apple-style universal build
(configure
does this already), and build both ppc and x86 then.
If you open a bugreport I'll try to do that for 0.96.2.
OK, filed as bug 2030.
Hi Don,
This is the mailing list for ClamAV - the separate software which does the
actual malware scanning.
For information about developments in ClamXav, you should check the website at
www.clamxav.com and the support forums at www.clamxav.com/support
Mark
On 11 Apr 2012, at 20:20, Don
Looks like relying on OpenSSL might cause problems for ClamAV on OS X.
Al (a regular contributor to this list) pointed me towards the following blog
post
https://hynek.me/articles/apple-openssl-verification-surprises/
It explains some of the problems with Apple's installation of OpenSSL, and
It used to compile on OSX just fine as recently as a month ago.
I haven't built from source manually in a while but it does 0.98.1 did
build for me using MacPorts on Mavericks back in January. That was XCode 5
but not 5.1. MacPorts builds with CFLAGS -O0.
I can confirm that the update
Just out of interest, did you test to see if it *actually* worked?
My configure output shows that dmg and xar are supported, but it doesn't
actually detect the Eicar test file within a disk image.
configure: Summary of engine detection features
autoit_ea06 : yes
...@uvasoftware.comwrote:
Interesting... let me run some tests and get back to you.
On Mar 19, 2014, at 8:33 AM, Mark Allan markjal...@gmail.com wrote:
Just out of interest, did you test to see if it *actually* worked?
My configure output shows that dmg and xar are supported, but it doesn't
so why waste my time.
-- Dale
On Mar 19, 2014, at 11:34 AM, Rafael Ferreira wrote:
Interesting... let me run some tests and get back to you.
On Mar 19, 2014, at 8:33 AM, Mark Allan
markjal...@gmail.commailto:markjal...@gmail.com wrote:
Just out of interest, did you test to see
Hi all,
Given the (as yet undisclosed) problems with 0.98.2 and its subsequent pulling,
and the release of 0.98.3 which followed shortly thereafter and which also
appears to be problematic for some, might it be worth considering reinstating
Release Candidates again?
If an announcement had
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
On May 8, 2014, at 12:30 PM, Mark Allan
markjal...@gmail.commailto:markjal...@gmail.com wrote:
Hi all,
Given the (as yet undisclosed) problems with 0.98.2 and its subsequent
pulling, and the release
All works fine for me on OS X 10.6 - 10.9.
For info, compiled on 10.9.2 with support for 10.6 onwards.
CFLAGS=-O2 -g -D_FILE_OFFSET_BITS=64 -mmacosx-version-min=10.6 -arch x86_64
CXXFLAGS=-O2 -g -D_FILE_OFFSET_BITS=64 -mmacosx-version-min=10.6 -arch
x86_64 ./configure
On 9 Jul 2014, at 12:15 am, Joel Esler (jesler) jes...@cisco.com wrote:
ClamAV 0.98.5 beta has been posted!
The ClamAV team is proud to announce the availability of ClamAV 0.98.5 beta
ready for testing!
http://blog.clamav.net/2014/07/clamav-0985-beta-has-been-posted.html
Compiled and
Hi,
I'm seeing an increase in instances of false positive reports for emails marked
as phishing. In particular Heuristics.Phishing.Email.SpoofedDomain.
This is typically showing up in genuine PayPal or eBay emails but I've also
seen it with genuine emails from credit card suppliers.
These
t;
> For the warnings you get from 'freshclam ---no-warnings', please open a
> bugzilla ticket containing the warning messages and we can get those fixed.
>
> Let us know how things work out with OpenSSL, libxml2, and PCRE installed.
>
> Thanks,
> Steve
>
> On Fri
much unless you're using
> untrusted sigs. Everything should still compile and run just fine, even
> with 8.37.
>
> - Mickey
>
> On Fri, Nov 20, 2015 at 8:08 AM, Mark Allan <markjal...@gmail.com> wrote:
>
>> Hi all,
>>
>> I saw the blog post ab
was added in
> 8.33. It's possible that the flag existed on the source machine but not the
> destination.Are the PCRE configure options consistent across the source and
> all the destination machines?
>
> -Kevin
>
>
>
> On Tue, Dec 8, 2015 at 12:15 PM, Mark Allan <
gt;
> Can I ask you to try this patch and tell me if it fixes the issue? If the
> issue persists, please submit the debug log. Thanks.
>
> -Kevin
>
> On Tue, Dec 8, 2015 at 2:00 PM, Mark Allan <markjal...@gmail.com> wrote:
>
>> Hi Kevin,
>>
>> Thanks.
Hi all,
With the release of 0.99, I got caught out by a change to freshclam's output.
The end result is the same (defs do/don't get updated) so none of my automated
tests caught it, but when you actually sit and watch the output, I'm not
getting the download progress meter in my GUI any more.
Hi all,
I saw the blog post about v0.99 rc 2 and have downloaded it for testing.
It looks like bug 11411 [ https://bugzilla.clamav.net/show_bug.cgi?id=11411 ]
is still open, so I decided to download and build PCRE as well.
I initially tried the PCRE2 branch but it wasn't recognised by ClamAV's
ctice, the pcre exploit ClamAV warns about (
> http://www.securitytracker.com/id/1032453) relies upon an explicitly
> malicious regex, so you don't have to worry too much unless you're using
> untrusted sigs. Everything should still compile and run just fine, even
> with 8.37.
>
> - M
Sorry to dredge up an old thread, but I'm still curious about this.
Joel, your last two replies seem to indicate that it's OK for commercial,
closed-source applications to link against LibClamav - presumably via dynamic
linking rather than static linking so as to maintain the distinction
To whitelist specific files this way, you need to add the m5sum to a file with
the .fp extension. So, in your example, it should be sigtool --md5
my_file_name.exe >> local.fp
If you want to ignore the signature altogether, you add the signature name to a
file with the extension ign2.
For
I have two files which are being wrongly reported as infected by 0.99.3 beta 1.
ClamAV 0.99.2 doesn't detect any issues with the files.
The first is a single email file (extension .emlx) with md5 checksum of
245ec37768c235da265014add38bdf4d and a file size of 2777 bytes. It's being
detected
Hi all
This email is two-part: an FP report and a bug report - both only concerning
0.99.3
I just uploaded an FP which is only being detected by 0.99.3 beta 1. The
checksum for the submitted file (PDFSigQFormalRep.pdf) is
1a29b1f3d6df9f1e47c8a77dde142238
It's part of Adobe Acrobat
Hi all,
Another issue with 0.99.3 beta 1.
The clamd process crashes on macOS 10.6.8 because it can't find the strndup
symbol. There are a couple of references to strndup in the source for clamd
and libclamav - should these be changed to cli_strndup or am I better to
include a static
) &&
(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ <= 1068))
size_t strnlen(const char *s, size_t n) __attribute__((weak));
size_t strnlen(const char *s, size_t n)
{
Hope that's useful.
Mark
> On 13 Aug 2017, at 10:25 pm, Mark Allan <markjal...@gmail.com> wrote:
>
> Hi all,
>
>
Hi all,
Is there a way to compile ClamAV using LibreSSL instead of OpenSSL?
I keep getting an error during ./config phase:
> configure: error: Your OpenSSL installation is misconfigured or missing
I eventually figured it's because the system I'm compiling on has LibreSSL
2.2.7 instead of
Hi all,
I just updated Xcode (Apple's developer tools for macOS) to version 9 and I'm
no longer able to compile ClamAV 0.99.2 with libxml2 support.
Here's the relevant output from the configure script:
> ...
> checking for libxml2 installation... /usr
> checking xml2-config version... 2.9.4
>
rk,
>
> The file config.log should contain the details of the configure test
> performed for -lxml2.
>
> Can you tell what are the relevant differences in those files?
>
> Thanks,
> Steve
>
> On Tue, Oct 10, 2017 at 7:48 AM, Mark Allan <markjal...@gmail.com> wrote:
>
>
gt;
> On Tue, Oct 10, 2017 at 12:02 PM, Mark Allan <markjal...@gmail.com> wrote:
>
>> Hi Steve,
>>
>> Attached are the extracted lines from the config.log of the non-working
>> version. The one which works just gives the following output:
>>
>>>
patch allows the scan of the current file to continue.
> ClamAV is not aborting scans of subsequent files, right?
>
> THanks,
> Steve
>
>
> On Mon, Oct 30, 2017 at 1:03 PM, Mark Allan <markjal...@gmail.com> wrote:
>
>> Hi Micah,
>>
>> Thanks for getti
Hi folks,
I've attached the output from 3 scans, all of which were started at root (/)
with no other volumes mounted on the system.
I'm running the scans with parameters -riv (recursive, print infected only,
verbose) as well as --debug. The verbose flag prints out the name of each file
being
ng for
>> /usr/lib/system/libsystem_darwin.dylib for x64.
>>
>> Steve
>>
>> On Tue, Oct 10, 2017 at 12:02 PM, Mark Allan <markjal...@gmail.com> wrote:
>>
>>> Hi Steve,
>>>
>>> Attached are the extracted lines from the confi
h it.
>
> Can you send us your patch to tweak the switch statement for review? I agree
> that a seek error in one file shouldn't halt the entire scan.
>
> Cheers,
> Micah
>
> Micah Snyder
> Software Engineer
> Talos Intelligence
> Cisco Systems, Inc.
>
&g
Hi there,
For a while now, ClamAV 0.99.2 has been terminating unexpectedly with error 13
when running on the latest version of OS X (macOS 10.13) but only on drives
formatted with the new APFS, so I chalked it up to an APFS issue and reported
it to Apple. Today, however, I received a report
Looks like the problem actually stems from a new #define in
"freshclam/freshclamcodes.h". Change the value of FC_UPTODATE from 1 to 0
and you'll get the old/correct functionality. Patch below.
Cheers
Mark
diff -Naurw freshclamOrig/freshclamcodes.h freshclam/freshclamcodes.h
---
Hi,
I think there's a bug with ClamAV not honouring the contents of a .fp file
within the database directory.
I've tested 0.101.2 as well as previous versions of ClamAV going back to
0.99.4 and the issue seems to have appeared as of 0.100.0 onwards.
To re-create the issue:
Find a zip file
:1)
Time: 33.865 sec (0 m 33 s)
fix_devel_head.patch
Description: Binary data
fix_101_2.patch
Description: Binary data
> On 12 Jul 2019, at 11:07 pm, Mark Allan wrote:
>
> Hi,
>
> I think there's a bug with ClamAV not honouring the contents of a .fp file
> within th
er (micasnyd)
> wrote:
>
> Hi Mark,
>
> Did you have any luck identifying the source of the bug? I admit I
> bookmarked your email and failed to find time to look into it myself after
> that.
>
> -Micah
>
> On 7/12/19, 6:09 PM, "clamav-devel on be
Hi folks,
I'm still testing 0.102.3 but I've hit a few issues where some known-good files
are being detected as infected because they're generating the following error:
Can't allocate memory ERROR
Output from clamscan and clamdscan are as follows:
> $ /usr/local/bin/clamscan
:
(null) FOUND
Does anyone have any thoughts at all?
Thanks,
Mark
> On 29 May 2020, at 1:26 am, Mark Allan wrote:
>
> Hi folks,
>
> I'm still testing 0.102.3 but I've hit a few issues where some known-good
> files are being detected as infected because they're generating the
an, you get
> different output...albeit still very wrong!
>/Applications/Microsoft
> Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll:
> (null) FOUND
>
> Does anyone have any thoughts at all?
>
> Th
flag is passed to clamdscan, you get
>> different output...albeit still very wrong!
>> /Applications/Microsoft
>> Excel.app/Contents/SharedSupport/Microsoft.Mashup.Container.app/Contents/SharedSupport/System.ValueTuple.dll:
>> (null) FOUND
>>
>> Does a
Hi all,
It looks like the additional image file type support in 0.103.1 has introduced
an issue with a particular signature which has been in the database since 2018
Img.Exploit.CVE_2018_4904-6449838-0
It's flagging up thousands of known-good files. As far as I can tell, they're
all
would hadcode the build directory into the
> release materials which is poor form.
>
> Pending anything more official about the whole static-linking thing with
> UnRAR, I don't have a great answer.
>
> -Micah
>
>> -Original Message-
>> From: clamav-deve
; started alerting on TIFF files (as it should've) because the new
>>> CL_TYPE_TIFF also alerts on
>>> Target:5 (graphics) types. We never added the CL_TYPE_GRAPHICS
>>> variant for 0.103.0 and prior, which is why it appeared to be an issue with
>> 0.103.1.
&
signature directory:
> `echo "BC.Img.Exploit.CVE_2018_4891-6453673-2" > test.ign2`. Can you
> elaborate on how you are creating the .ign2 file?
>
> Thanks again,
>
> -Andrew
>
> On Thu, Mar 4, 2021 at 11:16 AM Mark Allan wrote:
>
>> Looks like we
elcome!
>
> Sure, please send a patch my way. I'd prefer if no one had to apply patches
> to use ClamAV, so getting those things working upstream is ideal.
>
> -Micah
>
>> -Original Message-----
>> From: clamav-devel On Behalf Of
>> Mark Allan
>&
list to do the same for macOS, and to add it
> into our internal Jenkins CI pipeline. I suppose I should consider making at
> least the macOS one static.
>
> -Micah
>
>> -Original Message-
>> From: clamav-devel On Behalf Of
>> Mark Allan
>
Hi there,
Ever since enabling the macOS hardened runtime for ClamAV, I've been getting
the following error/warning message whenever I try to call any of the ClamAV
binaries:
> LibClamAV Warning: Cannot dlopen libclamunrar_iface:
> dlopen(libclamunrar_iface.a, 2): no suitable image found. Did
uld share a sample or two with me to test. I'm really
> curious what changed and would like to debug each version with a sample or
> two.
>
> -Micah
>
>> -Original Message-
>> From: clamav-devel On Behalf Of
>> Mark Allan
>> Sent: Monday, Febru
amAV Development
>> Subject: Re: [Clamav-devel] Issue with FP only on 0.103.1
>>
>> Thank you Mark! We'll take a look.
>>
>> -Micah
>>
>>> -Original Message-
>>> From: clamav-devel On Behalf
>>> Of Mark Allan
>>>
Hi all,
I'm trying to build the ClamAV 1.0.0 RC and saw this in the documentation "Some
of the dependencies are optional if you elect to not build all of the command
line applications, or elect to only build the libclamav library. Specifically:
libcurl: required for libfreshclam,
I thought there was an issue with v1.0 rc2, as a comparison with a previous
installation (0.104.1) on the same machine showed massively increased scan
times. After about an hour of digging and laboriously comparing output from
clamscan --debug, as well as the man pages and clamd.conf, I finally
> On 26 Nov 2022, at 12:58 pm, G.W. Haywood
> wrote:
>
> On Sat, 26 Nov 2022, Mark Allan via clamav-devel-requ...@lists.clamav.net
> wrote:
>
>> I thought there was an issue with v1.0 rc2, as a comparison with a
>> previous installation (0.104.1) on the
> On 19 Nov 2022, at 1:29 pm, G.W. Haywood
> wrote:
>
> On Sat, 19 Nov 2022, Mark Allan wrote:
>
>> I'm trying to build the ClamAV 1.0.0 RC and saw this in the documentation
>> "Some of the dependencies are optional if you elect to not build all
>> of t
67 matches
Mail list logo