Re: [clamav-users] Ubuntu 16.04 - ClamAV with AMAVIS 100% CPU - very few Google results

[Reindl Harald]

Am 28.03.2017 um 23:02 schrieb Antonio Pavletich:

Thanks for the tip, I found the issue, it was that clamav-daemon was
running out of memory, crashing & serviced was indeed restarting it (only
for it the crash again & so it went).


yeah, clamav needs a ordinary amount of memory where others drive a 
dozenzs of production severs with the same hardware...



On 29 March 2017 at 00:58, Matus UHLAR - fantomas  wrote:


On 28.03.17 22:33, Antonio Pavletich wrote:


Since upgrading I'm found clamd is spiking and staying put at 100%.

I've deleted all files in /var/lib/clamav & re-ran freshclam only to have
the same issue occur on the next inbound email?



top - 11:07:58 up 3 days,  3:49,  2 users,  load average: 2.96, 4.30, 2.19




note that some time after start, clamd loads, virus signatures from disk
unpacks them and builds in-memory databse, so it is expected to eat 100% of
CPU for a few minutes.

logs spew out repeats of the below continuously?


Tue Mar 28 11:20:19 2017 -> +++ Started at Tue Mar 28 11:20:19 2017
Tue Mar 28 11:20:19 2017 -> Received 1 file descriptor(s) from systemd.



Tue Mar 28 11:20:27 2017 -> +++ Started at Tue Mar 28 11:20:27 2017

Tue Mar 28 11:20:27 2017 -> Received 1 file descriptor(s) from systemd.



Tue Mar 28 11:20:33 2017 -> +++ Started at Tue Mar 28 11:20:33 2017

Tue Mar 28 11:20:33 2017 -> Received 1 file descriptor(s) from systemd.



this looks like either the clamav process is crashing, or there is an error
related to how clamd is started from systemd, so systemd kills it and
starts
it repeatedly again  and again...


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Ubuntu 16.04 - ClamAV with AMAVIS 100% CPU - very few Google results

[Antonio Pavletich]

Thanks for the tip, I found the issue, it was that clamav-daemon was
running out of memory, crashing & serviced was indeed restarting it (only
for it the crash again & so it went).


On 29 March 2017 at 00:58, Matus UHLAR - fantomas  wrote:

> On 28.03.17 22:33, Antonio Pavletich wrote:
>
>> Since upgrading I'm found clamd is spiking and staying put at 100%.
>>
>> I've deleted all files in /var/lib/clamav & re-ran freshclam only to have
>> the same issue occur on the next inbound email?
>>
>
> top - 11:07:58 up 3 days,  3:49,  2 users,  load average: 2.96, 4.30, 2.19
>>
>
> note that some time after start, clamd loads, virus signatures from disk
> unpacks them and builds in-memory databse, so it is expected to eat 100% of
> CPU for a few minutes.
>
> logs spew out repeats of the below continuously?
>>
>> Tue Mar 28 11:20:19 2017 -> +++ Started at Tue Mar 28 11:20:19 2017
>> Tue Mar 28 11:20:19 2017 -> Received 1 file descriptor(s) from systemd.
>>
>
> Tue Mar 28 11:20:27 2017 -> +++ Started at Tue Mar 28 11:20:27 2017
>> Tue Mar 28 11:20:27 2017 -> Received 1 file descriptor(s) from systemd.
>>
>
> Tue Mar 28 11:20:33 2017 -> +++ Started at Tue Mar 28 11:20:33 2017
>> Tue Mar 28 11:20:33 2017 -> Received 1 file descriptor(s) from systemd.
>>
>
> this looks like either the clamav process is crashing, or there is an error
> related to how clamd is started from systemd, so systemd kills it and
> starts
> it repeatedly again  and again...
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
> "So does syphillis. Good thing we have penicillin." - Matthew Alton
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Filetype.ZipWithJS

[Al Varnell]

That's always been true in the past and they could be disabled in the config 
file, but that isn't the case here. For whatever reason, this is a signature 
which is being executed despite heuristics being disabled and it can be 
included in the .ign2 file successfully.

Not sure why this change.

Sent from Janet's iPad

-Al-
-- 
Al Varnell
Mountain View, CA

On Mar 28, 2017, at 5:23 AM, Reindl Harald wrote:

> Heuristics are *not* signatures


smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Ubuntu 16.04 - ClamAV with AMAVIS 100% CPU - very few Google results

[Matus UHLAR - fantomas]

On 28.03.17 22:33, Antonio Pavletich wrote:

Since upgrading I'm found clamd is spiking and staying put at 100%.

I've deleted all files in /var/lib/clamav & re-ran freshclam only to have
the same issue occur on the next inbound email?



top - 11:07:58 up 3 days,  3:49,  2 users,  load average: 2.96, 4.30, 2.19


note that some time after start, clamd loads, virus signatures from disk
unpacks them and builds in-memory databse, so it is expected to eat 100% of
CPU for a few minutes.


logs spew out repeats of the below continuously?

Tue Mar 28 11:20:19 2017 -> +++ Started at Tue Mar 28 11:20:19 2017
Tue Mar 28 11:20:19 2017 -> Received 1 file descriptor(s) from systemd.



Tue Mar 28 11:20:27 2017 -> +++ Started at Tue Mar 28 11:20:27 2017
Tue Mar 28 11:20:27 2017 -> Received 1 file descriptor(s) from systemd.



Tue Mar 28 11:20:33 2017 -> +++ Started at Tue Mar 28 11:20:33 2017
Tue Mar 28 11:20:33 2017 -> Received 1 file descriptor(s) from systemd.


this looks like either the clamav process is crashing, or there is an error
related to how clamd is started from systemd, so systemd kills it and starts
it repeatedly again  and again...


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Filetype.ZipWithJS

[Jonas Manusch]

Using the whitelist works in this case and is sufficient for my use.

Thanks & have a nice day, folks.

Am 28.03.2017 um 13:53 schrieb Jonas Manusch:

Cheers folks,

since last weekend my clamscan states

Heuristics.Filetype.ZipWithJS-6162396-0 FOUND

on some files. These files are from 2015 and I assume it to be false 
positive. Since these files contain sensitive data I cannot hand out 
to third parties. I tried to find out what the above means, but only 
found very little information that was not really helpful. Also tried 
to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I 
got here with a couple of questions:


1. Where can I find information about what kind of threat this?
2. How could I disable only this one type?

Thanks.

Jonas

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Filetype.ZipWithJS

[Steve Basford]

On Tue, March 28, 2017 1:23 pm, Reindl Harald wrote:
>

>
> Am 28.03.2017 um 14:20 schrieb Matteo Dessalvi:
>
>> Hello.
>>
>>
>> Regarding your fist question you can execute the following
>> tools from the command line:
>>
>> sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool
>> --decode-sigs
>>
>
> Heuristics are *not* signatures

Except in this case... it's was a .cdb signature which *was* called
Heuristics.Filetype.ZipWithJS-6162396-0:

It was dropped...

http://lists.clamav.net/pipermail/clamav-virusdb/attachments/20170327/a00f1950/attachment.ksh

Dropped Detection Signatures:
Heuristics.Filetype.ZipWithJS-6162396-0

So, slightly confusing... but that's why sigtool --decode-sigs worked:

VIRUS NAME: Heuristics.Filetype.ZipWithJS-6136370-0
CONTAINER TYPE: CL_TYPE_ZIP
CONTAINER SIZE: ANY
FILENAME REGEX: \.[A-Za-z]{3}\.js$
COMPRESSED FILESIZE: ANY
UNCOMPRESSED FILESIZE: ANY
ENCRYPTION: IGNORED
FILE POSITION: 1
CRC SUM: ANY


-- 
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Filetype.ZipWithJS

[Matteo Dessalvi]

On 03/28/2017 02:23 PM, Reindl Harald wrote:


Heuristics are *not* signatures


Uh-oh, sorry. You are right, my mistake entirely.

Regards,
   Matteo
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Filetype.ZipWithJS

[Reindl Harald]

Am 28.03.2017 um 14:20 schrieb Matteo Dessalvi:

Hello.

Regarding your fist question you can execute the following
tools from the command line:

sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool
--decode-sigs


Heuristics are *not* signatures


'ZipWithJS' is for sure not in the ClamAV source code: it is just a part
of a string used to identify the signature of a possible threat (and
signature archives are distributed separately from ClamAV).


Heuristics are *not* signatures


Regarding your second question: you can create a whitelist
file which contains all the signatures that ClamAV should ignore.

Ref:
https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature


Heuristics are *not* signatures

stop spread wrong informations - you *can not* put heuristics in .ign2 
files, well you can, but it won't work



Usually this whitelist file should reside in the same directory
where ClamAV has installed the signatures archives (on most
Linux installations is by default under /var/lib/clamav).


Heuristics are *not* signatures


On 03/28/2017 01:53 PM, Jonas Manusch wrote:

Cheers folks,

since last weekend my clamscan states

Heuristics.Filetype.ZipWithJS-6162396-0 FOUND

on some files. These files are from 2015 and I assume it to be false
positive. Since these files contain sensitive data I cannot hand out
to third parties. I tried to find out what the above means, but only
found very little information that was not really helpful. Also tried
to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I
got here with a couple of questions:

1. Where can I find information about what kind of threat this?
2. How could I disable only this one type?

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Filetype.ZipWithJS

[Matteo Dessalvi]

Hello.

Regarding your fist question you can execute the following
tools from the command line:

sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool 
--decode-sigs


'ZipWithJS' is for sure not in the ClamAV source code: it is just a part
of a string used to identify the signature of a possible threat (and
signature archives are distributed separately from ClamAV).

Regarding your second question: you can create a whitelist
file which contains all the signatures that ClamAV should ignore.

Ref: 
https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature


Usually this whitelist file should reside in the same directory
where ClamAV has installed the signatures archives (on most
Linux installations is by default under /var/lib/clamav).

Regards,
   Matteo

On 03/28/2017 01:53 PM, Jonas Manusch wrote:

Cheers folks,

since last weekend my clamscan states

Heuristics.Filetype.ZipWithJS-6162396-0 FOUND

on some files. These files are from 2015 and I assume it to be false 
positive. Since these files contain sensitive data I cannot hand out 
to third parties. I tried to find out what the above means, but only 
found very little information that was not really helpful. Also tried 
to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I 
got here with a couple of questions:


1. Where can I find information about what kind of threat this?
2. How could I disable only this one type?

Thanks.

Jonas

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Filetype.ZipWithJS

[Steve Basford]

> 1. Where can I find information about what kind of threat this?

\.[A-Za-z]{3}\.js$

FP Source example:
https://www.mobileread.com/forums/showthread.php?p=3496981

Ie. any .js inside a zip file that's starts with 3 letters will get blocked.


-- 
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Filetype.ZipWithJS

[Giles Coochey]

On 28/03/17 12:53, Jonas Manusch wrote:

Cheers folks,

since last weekend my clamscan states

Heuristics.Filetype.ZipWithJS-6162396-0 FOUND

on some files. These files are from 2015 and I assume it to be false 
positive. Since these files contain sensitive data I cannot hand out 
to third parties. I tried to find out what the above means, but only 
found very little information that was not really helpful. Also tried 
to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I 
got here with a couple of questions:


1. Where can I find information about what kind of threat this?


Just guessing...

Sounds like it is going to fit on files of type ZIP containing .JS 
(Javascript) files inside.




2. How could I disable only this one type?

Thanks.

Jonas

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net




smime.p7s
Description: S/MIME Cryptographic Signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Filetype.ZipWithJS

[Reindl Harald]

Am 28.03.2017 um 13:53 schrieb Jonas Manusch:

Cheers folks,

since last weekend my clamscan states

Heuristics.Filetype.ZipWithJS-6162396-0 FOUND

on some files. These files are from 2015 and I assume it to be false
positive. Since these files contain sensitive data I cannot hand out to
third parties. I tried to find out what the above means, but only found
very little information that was not really helpful. Also tried to find
'ZipWithJS' in ClamAV sourcecode, but without success. So I got here
with a couple of questions:

1. Where can I find information about what kind of threat this?


many of the cryptomalware are .js files within zip-archives and .js on 
windows is executebale due windows scripting host - the major usecase of 
clamav is for inbound mailservers



2. How could I disable only this one type?


you only can disable heuristics at all and can't whitelist a single type 
which is a design mistake

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Heuristics.Filetype.ZipWithJS

[Jonas Manusch]

Cheers folks,

since last weekend my clamscan states

Heuristics.Filetype.ZipWithJS-6162396-0 FOUND

on some files. These files are from 2015 and I assume it to be false 
positive. Since these files contain sensitive data I cannot hand out to 
third parties. I tried to find out what the above means, but only found 
very little information that was not really helpful. Also tried to find 
'ZipWithJS' in ClamAV sourcecode, but without success. So I got here 
with a couple of questions:


1. Where can I find information about what kind of threat this?
2. How could I disable only this one type?

Thanks.

Jonas

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Ubuntu 16.04 - ClamAV with AMAVIS 100% CPU - very few Google results

[Antonio Pavletich]

Hi,

I've used clam-av for for years but not kept up to date with the many
changes.

Since upgrading I'm found clamd is spiking and staying put at 100%.

I've deleted all files in /var/lib/clamav & re-ran freshclam only to have
the same issue occur on the next inbound email?
I followed the guide at
https://www.howtoforge.com/tutorial/perfect-server-ubuntu-16.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/2/

If any other information is needed to aid in identifying this please let me
know.

Antonio

eg:

root@host:/var/lib/clamav# clamd -V
ClamAV 0.99.2/23244/Tue Mar 28 04:33:34 2017
root@host:/

top - 11:07:58 up 3 days,  3:49,  2 users,  load average: 2.96, 4.30, 2.19
Tasks: 195 total,   2 running, 193 sleeping,   0 stopped,   0 zombie
%Cpu(s):  1.0 us,  0.3 sy,  0.0 ni, 98.2 id,  0.5 wa,  0.0 hi,  0.0 si,
0.0 st
KiB Mem :  1014372 total,11140 free,   836764 used,   166468 buff/cache
KiB Swap:0 total,0 free,0 used.67920 avail Mem

  PID USER  PR  NIVIRTRESSHR S %CPU %MEM TIME+
COMMAND
20406 clamav20   0  574844 405512   3684 R 93.8 40.0   0:06.33
clamd
1 root  20   0  185248   4296   2396 S  0.0  0.4   0:17.99
systemd
2 root  20   0   0  0  0 S  0.0  0.0   0:00.00
kthreadd
3 root  20   0   0  0  0 S  0.0  0.0   0:05.96
ksoftirqd/0

logs spew out repeats of the below continuously?

Tue Mar 28 11:20:19 2017 -> +++ Started at Tue Mar 28 11:20:19 2017
Tue Mar 28 11:20:19 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:19 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:19 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:19 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:19 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:19 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:19 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:20:27 2017 -> +++ Started at Tue Mar 28 11:20:27 2017
Tue Mar 28 11:20:27 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:27 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:27 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:27 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:27 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:27 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:27 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:20:33 2017 -> +++ Started at Tue Mar 28 11:20:33 2017
Tue Mar 28 11:20:33 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:33 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:33 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:33 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:33 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:33 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:33 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:20:42 2017 -> +++ Started at Tue Mar 28 11:20:42 2017
Tue Mar 28 11:20:42 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:42 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:42 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:42 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:42 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:42 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:42 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:20:52 2017 -> +++ Started at Tue Mar 28 11:20:52 2017
Tue Mar 28 11:20:52 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:52 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:52 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:52 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:52 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:52 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:52 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:20:59 2017 -> +++ Started at Tue Mar 28 11:20:59 2017
Tue Mar 28 11:20:59 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:59 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:59 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:59 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:59 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:59 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:59 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:21:07 2017 -> +++ Started at Tue Mar 28 11:21:07 2017
___
clamav-users mailing list
clamav-users@lists.clamav.net