I'm not entirely familiar with yara, but based on
https://yara.readthedocs.io/en/latest/modules/elf.html , there is no
such function as "is__elf".
Based on a whole search in the yara doc, there's only is_dll, is_32bit
and is_64bit.
Further googling shows this:
Your bug was already reported by me. See this
bug: https://bugzilla.clamav.net/show_bug.cgi?id=12306 (and it
contains a workaround too)
Franky
Op Woensdag, 09-10-2019 om 17:32 schreef Arthur Ramsey via
clamav-users:
Hello,
I’m trying to implement on access scanning for docker containers
using
(micasnyd):
Perhaps there is something we can do to make it easier to statically
link libcurl, specifically, with freshclam, clamsubmit, and clamonacc.
Regards,
Micah
On 10/7/19, 9:22 AM, "clamav-users on behalf of Franky Van
Liedekerke via clamav-users" wrote:
Op Maandag, 07-10-201
Op Maandag, 07-10-2019 om 14:18 schreef J.R. via clamav-users:
> > This particular hard requirement (libcurl) affects the communication channel
> > which is different than causing the code to fail to run at all. So the
> > question
> > is do the new libcurl requirements immediately break existing
Op Maandag, 30-09-2019 om 15:27 schreef Franky Van Liedekerke via clamav-users:
> Op Maandag, 30-09-2019 om 15:14 schreef J.R. via clamav-users:
> > > While I applaud the re-use of existing components, requiring this
> > > (minimum) version of libcurl will be a proble
Op Maandag, 30-09-2019 om 15:14 schreef J.R. via clamav-users:
> > While I applaud the re-use of existing components, requiring this
> > (minimum) version of libcurl will be a problem for redhat/centOS 7
> > users: everybody is still on RHEL7 (RHEL8 is "just" released and still
> > lacks support
Hi Micah,
While I applaud the re-use of existing components, requiring this
(minimum) version of libcurl will be a problem for redhat/centOS 7
users: everybody is still on RHEL7 (RHEL8 is "just" released and still
lacks support from many vendors).
In RHEL/Centos, clamav is only packaged in EPEL,
Op Donderdag, 26-09-2019 om 20:14 schreef Franky Van Liedekerke:
> Op Donderdag, 26-09-2019 om 19:17 schreef G.W. Haywood via clamav-users:
> > Hello again,
> >
> > On Thu, 26 Sep 2019, CROFT Ian via clamav-users wrote:
> >
> > > ... making sure they are all strings looks better now in most
I'm replying to this because of the blog entry concerning the new
version:
CURL (VERSION >= 7.45) REQUIRED FOR INSTALLATION:
This is only relevant if you are installing from source, but it is
worth noting.
It seems a new curl is needed, even on fully patched rhel7 servers.
While this is not
Op Donderdag, 26-09-2019 om 19:17 schreef G.W. Haywood via clamav-users:
> Hello again,
>
> On Thu, 26 Sep 2019, CROFT Ian via clamav-users wrote:
>
> > ... making sure they are all strings looks better now in most cases.
> >
> > So I now have these :-
> >
> > OnAccessIncludePath /var/log
> > (
Indeed, I'm having this problem too. Probably the include wins
over the exclude, even with this in the logs:
clamd[4940]: ScanOnAccess: Protecting directory '/var/log' (and all
sub-directories)
clamd[4940]: ScanOnAccess: Protecting directory '/var' (and all
sub-directories)
clamd[4940]:
Op Donderdag, 26-09-2019 om 11:22 schreef G.W. Haywood via clamav-users:
> Hi there,
>
> On Thu, 26 Sep 2019, CROFT Ian wrote:
>
> > But when I put an EICAR test txt file in /var/log/test.txt it is getting
> > picked up by the OnAccess scanner.
> >
> > I have tried ^/var/log/ and ^/var/log/* -
While it is not recommended to scan everything under /var (or /var
at all), the reason it fails is because you have /var submounts
(/var/log, /var/tmp).
This is currently a known bug in clamav (I reported
it: https://bugzilla.clamav.net/show_bug.cgi?id=12306 ), and the
workaround in your case is:
To be complete: I'm running clamav 0.101.4 on RHEL7 (fully
patched)
Franky
Op Dinsdag, 24-09-2019 om 13:22 schreef Al Varnell via clamav-users:
I suspect it will depend on what platform you are running it on.
-Al-
On Sep 24, 2019, at 04:20, Franky Van Liedekerke via clamav-users
wrote
Hi all,
currently I have onaccess scanning up and running just fine in clamav.
However, some people claim this can be bypassed (so access a file and
not force it to be scanned), so I have some questions:
- is this true? Can onaccess be bypassed?
- if so: can I force a scan of all files that
Do you want the info in journald or just in syslog? Because
rsyslog can monitor logfiles directly too.
Your call to clamscan from cron might refuse to output info (because
no tty perhaps), maybe first try to get logs from clamscan via cron
directly?
Franky
Op Donderdag, 04-04-2019 om 09:46
If you want the version to appear in EL7 stable, go to
https://apps.fedoraproject.org/packages/clamav/ and add karma.
Franky
Op Vrijdag, 29-03-2019 om 19:01 schreef G.W. Haywood via clamav-users:
Hi there,
On Fri, 29 Mar 2019, Micah Snyder wrote:
> This won't help you right now, but our
Op Vrijdag, 15-03-2019 om 16:04 schreef instaham--- via clamav-users:
> Leonardo Rodrigues wrote:
> > the databases are digitally signed, and any modification, such in
> > a man-in-the-middle attack, would break the signature and freshclam
> > would refuse to run the files.
>
> Sounds good.
When using onaccess scanning together with selinux, it seems these
2 are not sufficient:
setsebool -P antivirus_can_scan_system 1
setsebool -P clamd_use_jit 1
Onaccess scanning will still fail to initialize (at least when
launched via systemd). Currently I added this:
semanage permissive -a
Hi,
I seem to be encountering the same issue someone described here:
https://www.mail-archive.com/clamav-users@lists.clamav.net/msg46022.html
For me the null-message arrived when switching to root:
ScanOnAccess: /root/.bash_history: (null) FOUND
I'm running on RHEL7 server, latest updates with
20 matches
Mail list logo
