t;
> Hi Orion, I wrote Sergio a few months ago about implementing ip/port lookups
> dynamically. Did some of this find its way into these updates?
I'm not exactly sure what you are referring to. Have you filed an issue at
bugzilla.redhat.com? That's the best way to track things.
--
Orio
On Behalf Of Orion
> Poplawski via clamav-users
> Sent: 27 April 2024 01:06
> To: ClamAV users ML
> Cc: Orion Poplawski
> Subject: [clamav-users] ClamAV 1.0.X for EPEL 7 & 8
>
> With the help of John Sullivan and Sérgio M. Basto we have gotten the
> Fedora Clam
this to EPEL proper just after RHEL 8.10 is
released, presumably in May. But testing and feedback of the COPR
builds before that would be welcome.
Orion
--
Orion Poplawski
he/him/his - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA
0.103.X goes EOL. We're basically
just waiting on one issue to get resolved at the moment:
https://github.com/Cisco-Talos/clamav/issues/842
We will probably provide a COPR repo for early adopters once that issue
is resolved.
--
Orion Poplawski
he/him/his - surely the least important thing
CS support enabled.
Feb 18 17:40:51 f37 clamd[741]: HWP3 support enabled.
Feb 18 17:40:51 f37 clamd[741]: Self checking every 600 seconds.
Feb 18 17:40:51 f37 systemd[1]: Started clamd@scan.service - clamd
scanner (scan) daemon.
--
Orion Poplawski
he/him/his - surely the least important thin
], as COPR does not have the restrictions on internet downloads.
However, it won't have the "EPEL" appellation.
I am hopeful that we will be able to provide clamav 1.X in EPEL9.
[1] - https://bugzilla.redhat.com/show_bug.cgi?id=2170297#c3
[2] - https://copr.fedorainfracloud.org/
--
Orion Po
? A patch would be appreciated.
--
Orion Poplawski
he/him/his - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301
file, it reports OK. But
if I scan on a truncated version (say just the first 16MB) it reports as
infected. Although I guess this is a result of it being larger than the
maximum file scan size.
I've reported the FP to the clamav.net website.
clamav-0.103.7-1.el7.x86_64
--
Orion Poplawski
.
--
Orion Poplawski
he/him/his - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301 https://www.nwra.com
hour interval. Can I run it
more often? Although I suppose there always may be an interval between
when a client might see the new version and the mirror downloads it, so
I may just have to exclude these types of warnings from logwatch.
--
Orion Poplawski
he/him/his - surely the least
1340:1:90:49192:333"
--
Orion Poplawski
he/him/his - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301
>
> I scanned the tar balls at gnome.org and didn't find anything though, but
> maybe you got it from somewhere else.
>
> Sincerely,
>
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
>
> -Original Message-
> From: clamav-users On Behalf Of Orio
clamav is reporting BC.Gif.Exploit.Agent-1425366.Agent for a gif inside of the
gdk-pixbuf2 tarball. I've tried adding it do our local whitelist.ign2 file,
but that doesn't appear to take effect. Any way to ignore this definition?
Thanks,
Orion
--
Orion Poplawski
IT Systems Manager
on legitimate files anymore.
Please update your ClamAV database and if you still have some issues
please let me know.
Best regards,
Lilia Gonzalez
Malware Research Team
Cisco Talos
On Tue, Jan 12, 2021 at 12:54 PM Orion Poplawski <mailto:or...@nwra.com>> wrote:
Lilia -
if the issue
> persists.
>
> Best regards,
>
> Lilia Gonzalez
> Malware Research Team
> Cisco Talos
>
>
> On Wed, Jan 6, 2021 at 4:59 PM Orion Poplawski <mailto:or...@nwra.com>> wrote:
>
> Lilia -
>
> Thanks for the respo
egards,
>
> Lilia Gonzalez
> Malware Research Team
> Cisco Talos
>
> On Wed, Dec 23, 2020 at 1:11 PM Orion Poplawski <mailto:or...@nwra.com>> wrote:
>
> Can anyone give me some details about the Urlhaus.Malware.452652-9766253-0
> signature? We're se
boveandbelow.com.au/cgi-bin/http:/sites/b4q7eajmmm2moxgkq/
>
> Sincerely,
>
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
>
> -Original Message-
> From: clamav-users On Behalf Of
> Orion Poplawski
> Sent: Wednesday, December 23, 2020 1:11 PM
>
URLs for the urlhaus filter. Does ClamAV
deem urlhaus a bad actor?
Thanks,
Orion
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301
a and EPEL users
are pretty used to it at this point.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
sert_msg("failed to open output file: %s", filename);
| ^~~~
In this case it appears that the ck_assert_msg() call is missing the
condition check. I've filed
https://github.com/Cisco-Talos/clamav-devel/pull/138 with I think th
lightbase.com.br>
*+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF*
**
/*Software livre! Abrace essa idéia!*/**
*/"Aqueles que negam liberdade aos outros não a merecem para si mesmos."/*
*/Abraham Lincoln
/*
--
Orion Poplawski
Manager of NWRA Technical
havior
of an antivirus engine, that is, remove threats automatically. If he
doesn't do this by default what should I do to make him do it?
Consult "man clamd.conf" and the comments in /etc/clamd.d/scan.conf for
your options.
--
Orion Poplawski
Manager of NWRA Technical Systems
the same as before:
systemctl start clamd@scan
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301 https://www.nwra.com
/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane
always what it started
immediately so that it can respond quickly when needed. I would
recommend just dropping it.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane
)
* Win.Trojan.Generic-6840770-0 :
http://2.au.download.windowsupdate.com/c/msdownload/update/software/defu/2019/02/am_delta_680ce842d92a7839abe55fd13955eb08f21c9aaa.exe:
4 Time(s)
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415
of such a crash after updating to 0.101.0 -
but the user hadn't seen it since. If you can get a backtrace with
debug info that might be helpful.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane
can I get this updated?
yum --enablerepo=epel-testing upgrade clam\*
I believe we're waiting for a bugfix to prevent crashed on some third-party
rules before pushing to stable.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-
Not sure when
it will be updated to 0.100.
As for definition updates, it would just be a matter of transferring the
definitions in /var/lib/clamav from an updated system to the standalone one.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-
/db.us.big.clamav.net/bytecode.cvd 2>&1 >/dev/null
>
> dp
>
>
> On 4/5/18 2:56 PM, Orion Poplawski wrote:
>> On 03/30/2018 09:48 AM, Orion Poplawski wrote:
>>> And still having persistent problems with 72.21.91.8 as reported here:
>>> ht
On 03/30/2018 09:48 AM, Orion Poplawski wrote:
>
> And still having persistent problems with 72.21.91.8 as reported here:
> https://bugzilla.clamav.net/show_bug.cgi?id=12068
>
And it is still not there:
# curl --resolve db.us.clamav.net:80:72.21.91.8
http://db.us.clamav.net/daily
u. All the mirrors are in round-robin dns pools.
>
> dp
>
> On 3/27/18 4:32 PM, Orion Poplawski wrote:
>> On 03/27/2018 05:21 PM, Al Varnell wrote:
>>> Using the same IP each time with failure will also cause mirrors.dat to
>>> temporarily block that IP's use
I don't think mirrors.dat comes into play here as the proxy is doing the dns
lookup, not freshclam.
>
> On Tue, Mar 27, 2018 at 03:40 PM, Orion Poplawski wrote:
>> On 03/27/2018 03:13 PM, Orion Poplawski wrote:
>>> Thanks for the response.
>>>
>>> I
On 03/27/2018 03:13 PM, Orion Poplawski wrote:
> Thanks for the response.
>
> I ended up switching freshclam to use our proxy servers and increasing the
> ConnectTimeout to 60 seconds. This has helped a bit, but I still get the
> occasional issue. Latest was trying to get daily-2
r
> also create a ticket and specifically state it is a mirror YOU maintain and
> what seems to be the issue-
>
>
> Thank you,
>
>
>
> Tom McCourt | Talos: Open Source Team| tmcco...@cisco.com
>
>
>
>
> On 3/23/18, 11:47 AM, "clamav-u
It seems like in the last month or so I'm seeing more timeouts connecting to
the clamav DB mirrors. Is anyone else seeing this? I have a bit of a strange
mirror setup so it might just be my configuration.
Thanks.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA
Cannot prepare for JIT, LLVM is not compiled or
>>> not
>>> linked
>>>
>>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
Agent-6384732-0:73
>
> -Al-
> ClamXAV User
>
> On Tue, Jan 30, 2018 at 08:50 AM, Orion Poplawski wrote:
>> How can I determine what exactly is triggering a match?
>>
>> $ clamscan IguanaTex_v1_55.ppam
>> IguanaTex_v1_55.ppam: Doc.Dropper.Agent-6384732-0
How can I determine what exactly is triggering a match?
$ clamscan IguanaTex_v1_55.ppam
IguanaTex_v1_55.ppam: Doc.Dropper.Agent-6384732-0 FOUND
I'd like to know what exactly was matched, but I'm not being able to find
where the source for the virus definitions are.
--
Orion Poplawski
Manager
/main_site/528/8923/en_US/stylesheets/screen.css
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301 https://www.nwra.com
syslogd.conf:
#*.emerg*
This happens with versions 0.67 and above. I think it may have started
with 0.67, though I'm not sure.
Any help on stopping these would be greatly appreciated.
- Orion
--
Orion Poplawski
System Administrator
--
Orion Poplawski
System Administrator 303-415-9701 x222
Colorado Research Associates/NWRA FAX: 303-415-9702
3380 Mitchell Lane, Boulder CO 80301 http://www.co-ra.com
---
This SF.Net email is sponsored by: IBM Linux
Todd Lyons wrote:
On Fri, 2004-04-02 at 09:40, Orion Poplawski wrote:
Mar 28 07:55:53 earth clamav-milter[953]: write failure to clamd
Mar 28 07:55:53 earth sendmail[18248]: i2SEqA0C018248: Milter: data,
reject=451 4.7.1 Please try again later
I had the same problem, regardless of message size
to
timeout.
Mar 6 04:09:17 earth sendmail[23420]: i26B5Fkq023420: Milter
(clmilter): timeout before d
ata read
Mar 6 04:09:17 earth sendmail[23420]: i26B5Fkq023420: Milter
(clmilter): to error state
If there is any additional logging I can enable that might be a help,
let me know.
--
Orion
]: i0TBnbQU017144: Milter
(clmilter): error connecting to filter: Connection refused by
/var/run/clamav/clamav-milter.sock
--
Orion Poplawski
System Administrator 303-415-9701 x222
Colorado Research Associates/NWRA FAX: 303-415-9702
3380 Mitchell Lane, Boulder CO 80301 http
[EMAIL PROTECTED] wrote:
That is due to hi traffic of SCO virus. Increase max-children
in CLAMAV_FLAGS of clamav-milter . Try with 40
I understand why it hit the limit, and I'm happy to increase it. But, I
posit that clamav-milter shouldn't *crash* because of it.
--
Orion Poplawski
System
I've put the contents of a src.rpm that I've been using to build rpms of
the latest snapshots to ftp://ftp.cora.nwra.com/software/linux/clamav.
Hope people find it useful. Note that it uses /var/lib/clamav for the
databases and /var/run/clamav for socket and pid file.
--
Orion Poplawski
== 0) ((cpt = cfgopt(copt, MaxThreads)) !=
NULL))
- max_children = atoi(cpt-strarg);
+ max_children = cpt-numarg;
/*
* Get the outgoing socket details - the way to talk to clamd
--
Orion Poplawski
System Administrator 303-415-9701 x222
48 matches
Mail list logo
