Re: [clamav-users] parallel processes fail at startup when clamd is running

Hi there, On Mon, 28 Nov 2022, JOHN URBAN via clamav-users wrote: Doing a scan of the entire locally attached storage on Linux nodes, Seems likely that this is just a resource exhaustion problem. including /tmp and /var; ... Probably a bad idea. Recursion in /tmp? Try it without these

Re: [clamav-users] parallel processes fail at startup when clamd is running

Hi there, On Mon, 28 Nov 2022, JOHN URBAN via clamav-users wrote: We are experiencing a large number of MPI jobs failing indicating the fabric is unavailable when the scans are running. Early in the investigation so not sure if locking, timing, response time or other factors are involved, but

Re: [clamav-users] Scanned files count

Hi there, On Sun, 27 Nov 2022, Jorge Elissalde via clamav-users wrote: Is there a way to get the count of scanned files for a "SCAN folder" command? The question lacks context, but maybe something like this instead? find /path/ -type f | xargs -I'{}' clamdscan '{}' -- 73, Ged.

Re: [clamav-users] Socket closed after command

Hi there, On Sat, 26 Nov 2022, Jorge Elissalde via clamav-users wrote: ... I cannot send CONTSCAN command using IDSESSION. After scanning the file using CONTSCAN command clamd closes the socket. The same happens for any command not using IDSESSION. That's correct. Why does clamd closes

Re: [clamav-users] Database update error

Hi there, On Thu, 24 Nov 2022, Carlos Andres Oviedo Guerra wrote: I've installed clamav on my computer, but the database update failed, when I tried to reach the database update URL I got this error message. As Mr. Giese mentioned, you need to use freshclam (or, exceptionally, cvdupdate) to

Re: [clamav-users] PUA - Category List, invalid URL in config sample! Packer Category?

Hi there, On Sat, 19 Nov 2022, Andy Schmidt via clamav-users wrote: Unfortunately, while will specifying "Win.Packer" or even "PUA.Win.Packer" will APPEAR to work, the program logic in ExcludePUA is completely faulty (almost arbitrary). Yes, it WILL exclude those two - but the problem is,

Re: [clamav-users] On Access Scanning Configuration

Hi there, On Wed, 16 Nov 2022, Nikola Nikolić via clamav-users wrote: ... Nov 16 02:25:33 ubuntu systemd[1]: Started Clam AntiVirus userspace daemon. Nov 16 02:25:33 ubuntu clamd[2266]: ERROR: Can't save PID to file /var/run/clam Nov 16 02:25:33 ubuntu systemd[1]: clamav-daemon.service: Main

Re: [clamav-users] On Access Scanning Configuration

Hi there, On Wed, 16 Nov 2022, Nikola Nikolić via clamav-users wrote: sre, 16. nov 2022. G.W. Haywood via clamav-users је написао/ла: On Wed, 16 Nov 2022, Nikola Nikolić via clamav-users wrote: I’m trying to setup OnAccessScanning on my VM but I’m running in a lot of problems. Every time I

Re: [clamav-users] On Access Scanning Configuration

Hi there, On Wed, 16 Nov 2022, Nikola Nikolić via clamav-users wrote: *I’m trying to setup OnAccessScanning on my VM but I’m running in a lot of problems.* *Every time I do “sudo clamonacc” I get next:* *ERROR: ClamClient: Could not connect to clamd, Couldn't connect to server* *ERROR:

Re: [clamav-users] Can't access file ERROR - clamdscan - 0.103.7-1

Hello again, On Mon, 7 Nov 2022, An Schall via clamav-users wrote: the command we are using is: sudo -H clamdscan -v -c /etc/clamd.d/scan.conf --multiscan --fdpass Try it without '--fdpass'. What do you mean the '-H' to do for you? [Micah, I've just noticed that '-c file' doesn't appear

Re: [clamav-users] Can't access file ERROR - clamdscan - 0.103.7-1

Hi there, On Mon, 7 Nov 2022, An Schall via clamav-users wrote: we do have 2 workstations running RHEL 8 and clamav / clamd using an identical software stack / configuration. In particular we integrate the clamav packages via the RHEL EPEL repos. So far we have been using 0.103.6-1.el8 without

Re: [clamav-users] version numbers of updated libraries in 0.105.1-2

Hi there, On Wed, 2 Nov 2022, Anjana Patel via clamav-users wrote: During the build process of 0.105.1-2 on a RHEL7 system (installing from source) I noticed the following scroll up (I've only listed the two that are relevant) : Compiling jpeg-decoder v0.2.6 Compiling tiff v0.7.3 The email

Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7, 0.104.4, 0.105.1 to resolve CVE's

Hi there, On Tue, 1 Nov 2022, G.W. Haywood via clamav-users wrote: On Tue, 1 Nov 2022, Micah Snyder (micasnyd) via clamav-users wrote: On Tue, 1 Nov 2022, G.W. Haywood via clamav-users wrote: > On Mon, 31 Oct 2022, Micah Snyder (micasnyd) wrote: > > > Today we are publishing upda

Re: [clamav-users] Malformed DB in daily-26708.cdiff?

Hi there, On Wed, 2 Nov 2022, Ben Argyle via clamav-users wrote: I'll admit up front I'm running ClamAV v100.3 on RHEL 6. This is not my fault, but also nothing I can do anything about (the hosts doing so are long-scheduled for decommissioning). As such I don't expect any help. But I am

Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7, 0.104.4, 0.105.1 to resolve CVE's

Hi Micah, On Tue, 1 Nov 2022, Micah Snyder (micasnyd) via clamav-users wrote: On Tue, 1 Nov 2022, G.W. Haywood via clamav-users wrote: > On Mon, 31 Oct 2022, Micah Snyder (micasnyd) wrote: > > > Today we are publishing updated packages for ClamAV 0.103.7 ... > > Maybe I've don

Re: [clamav-users] [Clamav-announce] New packages for ClamAV 0.103.7, 0.104.4, 0.105.1 to resolve CVE's

Hi there, On Mon, 31 Oct 2022, Micah Snyder (micasnyd) wrote: Today we are publishing updated packages for ClamAV 0.103.7 ... Maybe I've done something stupid... Nov 1 17:16:48 mail6 x3[3078]: 2A1HGPGJ007261: xm_clamav_scan( 2425): [74.121.52.251], [AS19795], Response from ClamAV daemon

Re: [clamav-users] Txt.Downloader.Generic-6298945-0 FOUND

Hi there, On Fri, 28 Oct 2022, Wally Spratz wrote: ... Does anybody have any idea of what this Malware does The clue is in the name: ".Generic-". Mr. Varnell has shown you the signature. As he pointed out it's one which has been around for several years, so that's evidence that it's not

Re: [clamav-users] freshclam-sleep doesn't exist in epel8 packages

Hi there, On Fri, 28 Oct 2022, khodor barakat via clamav-users wrote: ... the redhat 8 package is missing the following : /etc/cron.d/clamav-update /usr/share/clamav/freshclam-sleep is this a normal behavior ? I think you should ask Red Hat. They don't exist in the official source. --

Re: [clamav-users] [Clamav-announce] ClamAV 1.0.0 release candidate now available

Hi there, On Tue, 25 Oct 2022, Micah Snyder (micasnyd) wrote: Please help us validate this release by providing feedback via the ClamAV mailing list... ~/clamav-1.0.0-rc/build $ cmake .. -D CMAKE_BUILD_TYPE=Release ... ... ~/clamav-1.0.0-rc/build $ cmake --build . ... ... [ 42%] Built

Re: [clamav-users] i am not a killer psycho but unfornately do you thing some hackers edit both clamd.conf.exemple and freshclam.conf.exemple finally for keep their threat safe ?

Hi there, On Thu, 20 Oct 2022, Dorian ROSSE via clamav-users wrote: i am not a killer psycho but unfornately do you thing some hackers edit both clamd.conf.exemple and freshclam.conf.exemple finally for keep their threat without problems ? I think that is most unlikely. It would expect it

Re: [clamav-users] RE : i have often an error in the scan

Hi there, On Wed, 19 Oct 2022, Dorian ROSSE via clamav-users wrote: This isn’t the same ask for advice now because finally I ask if I may use your program by kind administrator, Your English is not good enough to express your meaning clearly. I do not always understand your questions.

Re: [clamav-users] i have often an error in the scan

Hi there, On Tue, 18 Oct 2022, Dorian ROSSE via clamav-users wrote: I have often an error in the scan below on my windows system : LibClamAV Warning: crtmgr_rsa_verify: verification failed: fp_exptmod failed with 1 I don't understand why I am got this error often, If this is a bad error

Re: [clamav-users] GCP Management

Hi there, On Mon, 17 Oct 2022, Jason Hamrick via clamav-users wrote: I am receiving an error in the logs that I am being blocked until a specified time this evening. I am not able to load any new files into the unscanned bucket, they continue to error out. It would be more helpful if instead

Re: [clamav-users] GCP Management

Hello again, On Mon, 17 Oct 2022, Jason Hamrick via clamav-users wrote: On Mon, 17 Oct 2022, G.W. Haywood wrote: On Mon, 17 Oct 2022, Jason Hamrick wrote: I was testing the scanner in my GCP project, however I seem to be unable to upgrade and am being limited. Is there an updated package or

Re: [clamav-users] GCP Management

Hi there, On Mon, 17 Oct 2022, Jason Hamrick via clamav-users wrote: I was testing the scanner in my GCP project, however I seem to be unable to upgrade and am being limited. Is there an updated package or any way to update this within the GCP terminal shell? I'm unfamiliar with GCP. I take

Re: [clamav-users] on my microsoft windows with both edited freshclam.conf and clamd.conf unfornately i can't update and i can't scan

Hi there, On Sun, 16 Oct 2022, Dorian ROSSE via clamav-users wrote: on my microsoft windows with both edited freshclam.conf and clamd.conf unfornately i can't update and i can't scan ... It looks like you did not do what is required at

Re: [clamav-users] ClamAV Action is not working on WHM/cPanel

Hi there, On Thu, 13 Oct 2022, Javier Camacho via clamav-users wrote: Hi there, I am not sure if this the correct channel to request help. We have a dedicated WHM/cPanel server at Inmotion Hosting. We have been using ClamAV for years and it still working well to detect email infected and

Re: [clamav-users] Are there test results for ClamAV and which malware is supported

Hi there, On Thu, 6 Oct 2022, Julia - via clamav-users wrote: I have a general question to ClamAV regarding how good ClamAV is. It's a good question. Most people seem not to ask it. In the internet there are lot of tests with other known products but I cannot find any for ClamAV. So, are

Re: [clamav-users] Log time in clamd logs

Hi there, On Mon, 3 Oct 2022, Jerome Teano via clamav-users wrote: I need to enable time stamps for clamd logs. I already enabled log time to yes in the scan.conf file but still, the clamd log files dont show time stamp. Thank you. The clamd daemon only reads its configuration when it

Re: [clamav-users] PDF scan

Hi there, On Tue, 20 Sep 2022, Tsutomu Oyamada wrote: I hava a question about ClamAV 0.104.2 on IBM AIX7.3 system. Version 0.104.2 is vintage January 2022. You really should upgrade: https://blog.clamav.net/ it takes about 8 seconds to scan PDF file(total 645 page). (sample file is here:

Re: [clamav-users] Anyone running a cluster on K8s?

Hi there, On Mon, 12 Sep 2022, Eric Tykwinski via clamav-users wrote: I’ve been more and more moving things over to K8s from Docker ... Could you explain that a bit more for me? My understanding was that Kubernetes and Docker were more than a little bit complementary. [1] Disclaimer: I've

Re: [clamav-users] hello help with config please

Hi there, On Sat, 10 Sep 2022, colin course via clamav-users wrote: You are full of Ged i wish someone else had answerd rather than you just my luck , You are so up yourself that if you went any further you would diseapear which probally would be a good thing As a general rule, Colin,

Re: [clamav-users] hello help with config please

Hi there, On Sat, 10 Sep 2022, colin course via clamav-users wrote: could you take a quick look at my freshclam config please ... The configuration for freshclam determines things like when and how the signature database for ClamAV on your computer will be updated. If you want us to guess

Re: [clamav-users] remove me

Hi there, On Thu, 8 Sep 2022, Michael Piziak via clamav-users wrote: remove me It would more polite to read the headers of any mail sent to you by the list, wherein you will find the information you need to remove yourself. -- 73, Ged. ___

Re: [clamav-users] Incremental updates and server memory

Hi there, On Thu, 8 Sep 2022, Andrew C Aitchison via clamav-users wrote: I guess that this would be a long term project ... The malware databases are updated with cdiffs, which means that the whole database does not have to be re-downloaded with each update. However, the running daemon has

Re: [clamav-users] Best practices when using caching http proxy as cvd private mirror

Hi there, On Thu, 8 Sep 2022, Aaron Leliaert via clamav-users wrote: On https://docs.clamav.net/appendix/CvdPrivateMirror.html#use-an-http-proxy Am looking for best practices on how an http proxy should be configured in this scenario.  Some questions: 1) What mechanism should a proxy use to

Re: [clamav-users] How to set max file size for clamav in docker compose

Hi there, On Wed, 7 Sep 2022, Adrian Bielefeldt via clamav-users wrote: I'm trying to setup a docker container with clamav and am struggling to allow for larger files to be scanned. I've set up my docker-compose.yml like this: version: "3.3" services: clamav: image: clamav/clamav:latest

[clamav-users] Two very similar attachments, one detected, one not.

Hi there, This morning an attempt was made by Digitalocean IP 143.110.237.196 to send to us a message which contains two malicious attachments. The two attachments are almost identical: 8<-- $ atool -l AWB\ #\

Re: [clamav-users] Clam AV on NAS/Personal Cloud Device?

Hi there, On Fri, 2 Sep 2022, tim.pennick--- via clamav-users wrote: Apologies for the OT follow-up. I attempted to send this off list, but was rejected. Sorry, my mail system is a bit picky about replies to mailing list posts. :) Very many thanks for your extremely helpful response. I

Re: [clamav-users] Clam AV on NAS/Personal Cloud Device?

Hi there, On Thu, 1 Sep 2022, tim.pennick--- via clamav-users wrote: Grateful for any advice, and apologies in advance for the necessarily detailed message below. You're welcome in advance, and within reason the more detail the better. More often there isn't nearly enough. :) I recently

Re: [clamav-users] Please help

Hi there, On Wed, 31 Aug 2022, Jan Elliott wrote: TO: "clamd user questions" QUESTION: When I try to execute the command "clamd" I get the following message: ERROR: Please define server type (local and/or TCP) The tool (possibly 'clamdscan', but whatever it is) which tells clamd what

Re: [clamav-users] Getting 1020 error when curling

Hi there, On Mon, 29 Aug 2022, Yong Jie YEOH (GOVTECH) via clamav-users wrote: I would like to check. I have a QA environment which has a forward proxy to forward to specific whitelisted url. Just a few days ago, I got to know that my clamav fails to update daily. I went to the forward

Re: [clamav-users] Inquiry about ClamAV's clamdscan scan timeout

Greetings from England, On Wed, 24 Aug 2022, Tachibanaki Nozomi (橘木 希美) wrote: 1. Is there any way to check when a scan timeout occurs? (e.g., display a message, etc.) Because clamd can be asked to scan multiple items in a single command it is sometimes easier to know what happened by

Re: [clamav-users] Starting Clamd

Hi there, On Wed, 17 Aug 2022, John wrote: ... # clamconf -n Checking configuration files in /usr/--sysconfdir=/etc/clamav/etc clamd.conf not found freshclam.conf not found clamav-milter.conf not found ... Ouch. Did this clamconf binary come from a package?? What's the output of

Re: [clamav-users] Starting clamd

Hi there, On Tue, 16 Aug 2022, John wrote: I apologise in advance if this question is trivial but I am getting very lost. [...] recently I started using the Debian package rather that a self-build (mainly because clamav requires an increase of support code) It isn't too difficult to set up a

Re: [clamav-users] excluding a URL from "heueristics" scanning

Hi there, On Thu, 11 Aug 2022, joe a wrote: [...] I post the contents of an obfuscated "[...]gud-uns.wdb". [...] Is it known behavior? An anomaly of my formatting? A bug? I have no idea. I don't have time to mess about with obfuscated information. -- 73, Ged.

Re: [clamav-users] excluding a URL from "heueristics" scanning

Hi there, On Thu, 11 Aug 2022, joe a wrote: I do not understand why, when entering more than one URL, the first line in my "exclude" file: "/var/lib/clamav/ImaOK2day.wdb" seems to be able to match when entered "in plain text", while subsequent lines seem to want actual "regex" notation

Re: [clamav-users] excluding a URL from "heueristics" scanning

Hi there, On Thu, 11 Aug 2022, joe a wrote: A while back discussed excluding some URL's from triggering the heueristics scan. Seemed to work. Postfix, spamassassin, clamav in use. Now seems some addtional URL's are involved. Perhaps I am doing something wrong here. Been determining (?)

Re: [clamav-users] Meaning of the exit code -1073740791

Hello again Anastasiia, On Wed, 10 Aug 2022, Anastasiia Korzhylova wrote: ... ClamAV crushes in the attempt to scan any, unfortunately... For example, I've been using the file in the attachment ("Test.pdf") for testing purposes - and the scan failed. As Micah said in his reply to you, if

Re: [clamav-users] Meaning of the exit code -1073740791

Hi there, On Tue, 9 Aug 2022, Anastasiia Korzhylova wrote: I am using ClamAV for work in my company and am contacting you to inquire about an exit code, which the software returns at my attempt to scan an ordinary, virus-free PDF file: -1073740791. Could you, please, tell me,

Re: [clamav-users] freshclam error - ^downloadFile: Unexpected response (502) ...Can't Download CVD

Hi there, On Mon, 8 Aug 2022, Ganesh Kachare, Vodafone (External) via clamav-users wrote: My local mirror static webserver has 4GB memory.. I can download the CVD files with Debian based docker image but since it has so much variabilities, I am using alpine image. What are the

Re: [clamav-users] freshclam error - ^downloadFile: Unexpected response (502) ...Can't Download CVD

Hi there, On Mon, 8 Aug 2022, Ganesh Kachare, Vodafone (External) via clamav-users wrote: I am trying to download the clamav updates from private local mirror on my custom clamav alpine docker image and I am keep getting ^downloadFile: Unexpected response (502) error from freshclam. Its

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

Hi Viktor, On Tue, 2 Aug 2022, Viktor Rosenfeld via clamav-users wrote: 22:51 hesk@kenny:~ $ clamscan /opt/homebrew/Cellar/node/18.7.0/bin/node Loading: 7s, ETA: 0s [>]8.62M/8.62M sigs Compiling: 2s, ETA: 0s [>] 41/41 tasks

Re: [clamav-users] No daily sig since July 28th

Hi there, On Mon, 1 Aug 2022, Al Varnell via clamav-users wrote: There have been no such announcements on the [clamav-virusdb] email list since the 28th. My guess is that somebody at Talos went on holiday. :) Al, the real reason for this post is that you mentioned the other day that you'd

[clamav-users] New kid on the block?

Hi there, Our scanner found this at about 09:33 UTC today in incoming mail. Our automated system reported it to the ClamAV team, using 'clamsubmit' at that time. Apparently this is the first time the threat has been seen by Jotti; I just thought I'd mention it because firstly it's a Windows

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

Hi there, On Mon, 1 Aug 2022, Viktor Rosenfeld via clamav-users wrote: about a month ago I reported a possible false positive on nodejs executables and related files [1]. After checking with Jotti’s Virus Scan and Virustotal, I also (twice) submitted the files to the ClamAV website as false

Re: [clamav-users] Inquire about clamav latest stable version -

Hi there, On Thu, 28 Jul 2022, Paul Kosinski via clamav-users wrote: On Thu, 28 Jul 2022, I wrote: At the moment three versions are officially supported by Cisco's Talos, the authors of the software. Cisco's Talos are the *current* authors of the software. ... Gladly I stand corrected.

Re: [clamav-users] Inquire about clamav latest stable version -

Hi Jiayi, Thanks for the extra information. To answer your questions: On Wed, 27 Jul 2022, Yang, Jiayi via clamav-users wrote: 1. If we use a relatively older version, for example, 0.103.6, which is supported by "RedHat & Fedora" and "Fedora & EPEL" package distribution currently. I will

Re: [clamav-users] Inquire about clamav latest stable version -

Hi there, On Wed, 27 Jul 2022, Yang, Jiayi via clamav-users wrote: We want to get the latest stable version of clamav and use it in our environment. From the release note (https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html), we see the v0.105.0 is released with 0.104.3 and

Re: [clamav-users] Mail contains virus ? MBL_162040584.UNOFFICIAL and some errors.

Hi there, On Fri, 22 Jul 2022, Thomas Barth via clamav-users wrote: ... Google docs under general suspicion :-) ... Correct. :) -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Mail contains virus ? MBL_162040584.UNOFFICIAL and some errors.

Hi there, On Fri, 22 Jul 2022, Thomas Barth via clamav-users wrote: I use ClamAV unofficial signatures and it seems that I get a false positiv ... I think you're probably right, but to get a dozen or so other opinions you can submit the file to VirusTotal or Jotti's Malware Scan:

Re: [clamav-users] clamav overload ec2 instances

Hi there, On Tue, 19 Jul 2022, Emanuel Gonzalez wrote: Hi, i use clamav in AWS ec2 instances c5.large. When I run the clamscan command /home/user/testfile the cpu usage is triggered and the instance stops responding. Here my config: clamd --version ClamAV 0.103.6/26606/Tue Jul 19 04:57:30

Re: [clamav-users] Inquiries about ClamAV operating environment

Hi there, On Wed, 13 Jul 2022, Tachibanaki Nozomi (橘木 希美) wrote: I am Tachibanaki from Ricoh IT Solutions Co., Ltd.. I am writing to you for the first time. Greetings from England. :) I see in the ClamAV Documentation that ClamAV can run inside a Docker container, but will ClamAV be

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Hi there, On Sat, 9 Jul 2022, Al Varnell via clamav-users wrote: I've never seen a user post to that list and I've subscribed to it for decades. My impression has always been it's for database update announcements only. You might be right Al but I took the URI from a list post and ISTR that

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Hi there, On Sat, 9 Jul 2022, Al Varnell via clamav-users wrote: ... --- SCAN SUMMARY --- Known viruses: 12318966 Engine version: 0.104.1 ... ... it would appear that there is a valid False Positive entry in the database for four different files ... ... So why it's being

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Hi there, On Sat, 9 Jul 2022, Yaron Elharar via clamav-users wrote: My program has recently started to be flagged with Win.Dropper.Tinba-9943147-0 by ClamAV at Virus Total File hash 2852bc241913dc07ca13f865f766f0f07596e7d3209bc8caad767ff7f1e39ee9 I've tried to reach out to the team through

Re: [clamav-users] ClamAV does not detect viruses in "ar archive" file format

Hi there, On Fri, 8 Jul 2022, Schroeffu via clamav-users wrote: I am trying to scan "ar archive" format like .deb packages are. ClamAV unfortunately does not detect the eicar inside the ar archive. Do I miss something to configure so clamav scans/unpacks "ar archive" formats correctly? If

Re: [clamav-users] Clamav high resource usage

Hi there, On Fri, 8 Jul 2022, Asier Gomez via clamav-users wrote: We are trying to run Clamav in some instances what not more than 1Gb of free memory, so when Clamscan runs the scan, the instance dies. This is to be expected. You really should read the documentation. See "Recommended

Re: [clamav-users] Permanently banned from clamav

Hi there, On Sun, 3 Jul 2022, Calogero Di Legami via clamav-users wrote: ... i am the guy who started the discussion... Yes, we know. Hello again. :) ... i download the database trough clamwin ... You could have saved us a lot of time by mentioning that earlier. :/ The current version

Re: [clamav-users] Permanently banned from clamav

Hi Grant, On Sat, 2 Jul 2022, Grant Taylor via clamav-users wrote: ... the questions are somewhat academic ... https://en.wikipedia.org/wiki/How_many_angels_can_dance_on_the_head_of_a_pin%3F :) I assume you are saying that "regularly" specifies what the cadence is. No. My "Yes, it

Re: [clamav-users] Permanently banned from clamav

Hi Grant, On Sat, 2 Jul 2022, Grant Taylor via clamav-users wrote: On 7/2/22 7:50 AM, G.W. Haywood via clamav-users wrote: Regular downloading of the entire daily database is not acceptable. Please clarify what "regularly" means in this case? I think Mr. Broekman has answered w

Re: [clamav-users] Permanently banned from clamav

Hi there, On Sat, 2 Jul 2022, Calogero Di Legami via clamav-users wrote: Hi, i'm Calogero Di Legami, I'm 24 and I live in Italy My ISP is Tiscali, a normal Italian ISP This morning when i tried to download “daily.cvd”, cloudflare told me that i was permanently banned Why? There has been

Re: [clamav-users] Off topic question...

Hi there, On Wed, 29 Jun 2022, Eric Tykwinski via clamav-users wrote: Any one have an abuse contact for Cisco IronPorts hosted service? Customer of ours received a phishing email from a Cisco client but wasn't sent by them, at least that what I'm being told. I don't think you can rely on

Re: [clamav-users] false positives for firefox add-ons?

Hi there, On Sat, 25 Jun 2022, Christian wrote: ... Archive.Test.Agent2-9953724-0 FOUND/ ... A false positive, as it turns out this is a signature which should never have been published: https://lists.clamav.net/pipermail/clamav-users/2022-June/012731.html It should go away on the next

Re: [clamav-users] Clamav found in php files Archive.Test.Agent2-9953724-0

Hi there, On Fri, 24 Jun 2022, Cyrille37 wrote: I don't understand why, but it appends this morning on already existed files (in the wp-cli cache folder) : Start Date: 2022:06:24 12:15:01 End Date:   2022:06:24 12:15:17 /home/caf37-pt/.wp-cli/cache/core/wordpress-5.8.3-fr_FR.zip:

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

Hi there, On Tue, 21 Jun 2022, Viktor Rosenfeld via clamav-users wrote: A recent scan of my system found 8 infected files. On closer inspection, these are all nodejs binaries, either installed through Homebrew or inside another app (e.g., Docker or Adobe). Clamav reports that they are infected

Re: [clamav-users] human friendly signatures

Hi there, This is a more or less random data point. On Mon, 14 Mar 2022, Micah Snyder (micasnyd) via clamav-users wrote: Sorry that this response come so late that is nearly a necro-thread. ... Er, ditto. ... If anyone has any other ideas about it, I'd love to hear them. ... One thing

Re: [clamav-users] Critical Bug Report - Docker Image Crashing

Hi there, On Mon, 20 Jun 2022, Sam Smith wrote: Good morning, I am using the standard Docker image for a client. This morning's anti-virus update is crashing Docker during update. I re-downloaded the image, and re-ran the process. I assume this is affecting many users - final lines of output

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain false positive desjardins.com and rbc.com

Hi there, On Wed, 15 Jun 2022, joe a wrote: To semi-hijack, I was attempting to deal with my own occasional false positive by using this thread as a clue. Attempting to follow the docs, I hit a wall here: "To help you identify what triggered a heuristic phishing alert, clamscan or clamd

Re: [clamav-users] On-Access Scanning don't detect new file

Hi there, On Wed, 15 Jun 2022, Tobias Mächler via clamav-users wrote: I have just configured the On-Access Scanning with clamav. When I use the command line to download a virus to the new directory it gets scanned correctly. However I have an application running on the server (centos 7) and

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain false positive desjardins.com and rbc.com

Hi there, On Mon, 13 Jun 2022, Mathieu Morier via clamav-users wrote: Look like many Canadian Banks are switching their corporate email to Office 365 ( Microsoft cloud ) and all the links in their email are then automatically change ... Don't get me started. ... links to ... hit the

Re: [clamav-users] MS Word Follina - CVE-2022-30190

Hi there, On Thu, 9 Jun 2022, Vangelis Katsikaros via clamav-users wrote: I am not a security person so I apologize if the question sounds stupid. It doesn't sound stupid. :) I'd like to ask if there is a signature in the clamav DB to recognise Microsoft word documents affected by the

Re: [clamav-users] About virus scanning of temporary files

Hi there, On Thu, 9 Jun 2022, ichijo toru via clamav-users wrote: Hello, I have a question about virus scanning for folders that generate temporary files. I do not understand what you mean. Folders do not generate anything, the processes which use them do that. ClamAV neither knows nor

Re: [clamav-users] Uninstall macos universal package

Hi there, On Wed, 1 Jun 2022, Ismael via clamav-users wrote: I installed the clamav-0.105.0.macos.universal.pkg and I want to remove whatever was installed on my system but I can't find anything when searching. How can I remove and find what was installed? This is less a question about

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain false positive desjardins.com

Hi there, On Mon, 30 May 2022, Mathieu Morier via clamav-users wrote: desjardins.com is a Québec Canada Coop Bank Institution and for a couple weeks, all their email to our email server as flag my CLAM for Heuristics.Phishing.Email.SpoofedDomain ... They probably did

Re: [clamav-users] How often can I run cvdupdate?

Hi there, On Wed, 25 May 2022, Orion Poplawski via clamav-users wrote: We're starting to run clamav on more local hosts and were starting to see rate limiting messages. So I've setup a local private mirror with cvdupdate ... I'm starting to see warnings like: Received signal: wake up

Re: [clamav-users] rust on IBM i PASE environment - a must ?

Hi there, On Thu, 19 May 2022, Zvi Kave via clamav-users wrote: We have ClamAV 0.104.1 compiled from sources and working  fine in IBM i PASE environment - which is quite same architecture like IBM AIX binaries. We have a problem to compile ClamAV 0.105.0 because at present we have not rust

Re: [clamav-users] ClamAV Queries on Maximum file size

Hi there, On Thu, 19 May 2022, Deenadhayalan Natarajan via clamav-users wrote: I would like to get some details about the maximum file size clamAV can support. As we got to know from the documentation that it supports upto 4GB of maximum file size but would like any possibilities of extending

Re: [clamav-users] clamav "Can't unlink file ERROR"

Hi there, On Tue, 17 May 2022, An Schall via clamav-users wrote: we are trying to get clamscan / clamdscan functional on a RHEL with GPFS as a filesystem. Is the operating system also on GPFS or is this a separate filesystem? Do you have any examples of clamdscan actually being able to

Re: [clamav-users] ClamAV 0.105.0 service deployed as a Docker container on AWS ECS seem to stop abruptly on startup

Hi there, On Wed, 11 May 2022, John Varghese via clamav-users wrote: ... Tue May 10 20:14:59 2022 -> Reading databases from /var/lib/clamav I need help understanding why the clamav service seems to hang after the container starts. Using clamd with Docker is a bit new. I never tried it - I

Re: [clamav-users] The antivirus signatures are outdated

Hi there, On Tue, 10 May 2022, Pena, Moises T [US] (SP) via clamav-users wrote: Does anyone know how to extend the period in ClamTK so that the message "The antivirus signatures are outdated" is displayed only if the definitions are older than 30 days? Why would you want to do this? It

Re: [clamav-users] ClamAV on Amazon Linux 2 with Graviton

Hi there, On Mon, 9 May 2022, Ben Steranka via clamav-users wrote: ... WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.101.4 Recommended version: 0.103.6 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav WARNING: Can't download main.cvd from

Re: [clamav-users] mimedefang/clamav plagued with 'problem running virus scanner'

Hi there, On Mon, 9 May 2022, Anthony Griffiths via clamav-users wrote: clamav will not create a clamd.sock file when started up. I've tried so many different things but I don't know what else to do to get clamav to create this socket file. There are quite a few things which can go wrong.

Re: [clamav-users] newbie: can't get clamd started

Hi there, On Fri, 6 May 2022, Anthony Griffiths via clamav-users wrote: I managed to install clamav-0.103.5 but I can't get it to work with mimedefang. In the maillog I always get: mimedefang.pl[3520]: 245Fuojh003739: Could not connect to clamd daemon at /var/spool/MIMEDefang/clamd.sock

Re: [clamav-users] newbie: can't get clamd started

Hi there, On Fri, 6 May 2022, Anthony Griffiths via clamav-users wrote: On Fri, May 6, 2022 at 12:10 AM G.W. Haywood wrote: On Thu, 5 May 2022, Anthony Griffiths via clamav-users wrote: I'm running clamav on centos 7, got it using clamav-0.101.4.tar.gz. ... ClamAV version 0.101.4 is almost

Re: [clamav-users] newbie: can't get clamd started

Hi there, On Thu, 5 May 2022, Anthony Griffiths via clamav-users wrote: I'm running clamav on centos 7, got it using clamav-0.101.4.tar.gz. ... ClamAV version 0.101.4 is almost certainly no use to you because it's past EOL and it will be blocked from downloading signature databases. Check

Re: [clamav-users] How to stop receive messages.

Hi there, On Thu, 5 May 2022, Eric Jin via clamav-users wrote: I don't want to receive any posted messages. Please tell me how to stop it. Instructions are in the headers of any mail which you receive from the list. -- 73, Ged. ___ clamav-users

Re: [clamav-users] error files in /

Hi there, On Wed, 4 May 2022, Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users wrote: I am getting these strange files in the root file system "/" on my linux servers. -rw-r-. 1 root root98 Apr 13 08:00 @??E?U -rw-r-. 1 root root75 Apr 26 08:00 @g6??U -rw-r-. 1

Re: [clamav-users] clamav/safebrowsing updates?

Hi there, On Mon, 25 Apr 2022, Alex via clamav-users wrote: Is the clamav-safebrowsing repository still maintained? https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html -- 73, Ged. ___ clamav-users mailing list

Re: [clamav-users] Update problem today

Hi there, On Sat, 23 Apr 2022, Paul Smith via clamav-users wrote: Hi, I'm using ClamAV 104.2 (for Windows) and am getting an update problem which looks like one of the mirrors isn't updated properly. It's been doing this all day. It's seeing that the latest version is 26521, but the file it's

  1   2   3   4   5   6   7   8   9   >