[clamav-users] ClamAV® blog: ClamAV 0.99.3 beta has been released!

[Joel Esler (jesler)]

http://blog.clamav.net/2017/08/clamav-0993-beta-has-been-released.html

ClamAV 0.99.3 beta has been released!
Join us as we welcome ClamAV 0.99.3 beta for testing!  Be sure and grab the 
beta release on our official ClamAV download 
site.

Welcome to ClamAV 0.99.3. In this release, we have included many code
submissions from the ClamAV community:


  *   Interfaces to the Prelude SIEM open source package for collecting ClamAV 
virus events.
  *   Visual Studio 2015 for building Microsoft Windows binaries.
  *   Support libmspack internal code or as a shared object library. The 
internal library is the default and contains additional integrity checks.
  *   Linking with openssl 1.1.0.
  *   Numerous code patches, typos, and compiler warning fixes.


Additionally, we have introduced important changes and new features in
ClamAV 0.99.3, including:


  *   Deprecating internal LLVM code support. The configure script has changed 
to search the system for an installed instance of the LLVM development 
libraries, and to otherwise use the bytecode interpreter for ClamAV bytecode 
signatures. To use the LLVM Just-In-Time compiler for executing bytecode 
signatures, please ensure that the LLVM development package at version 3.6 or 
lower is installed. Using the deprecated LLVM code is possible with the 
command: './configure --with-system-llvm=3Dno', but it no longer compile on all 
platforms.
  *   Compute and check PE import table hash (a.k.a. "imphash") signatures.
  *   Support file property collection and analysis for MHTML files.
  *   Raw scanning of PostScript files.
  *   Fix clamsubmit to use the new virus and false positive submission web 
interface.
  *   Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when 
size limitations are exceeded.
  *   Improve decoders for PDF files.


The ClamAV community thanks the following individuals for their ClamAV 0.99.3 
code submissions:

Sebastian Andrzej Siewior
Keith Jones
Bill Parker
Chris Miserva
Daniel J. Luke
Matthew Boedicker
Ningirsu
Michael Pelletier
Anthony Chan
Stephen Welker

Following are issues discovered during release testing. For additional 
information, please review the corresponding tickets on 
bugzilla.clamav.net:

11879 - cli_scanmscan() Failed to extract 4 in Windows beta when scanning cab 
files
11882 - ./configure does not automatically detect libxml2 on FreeBSD 10.3 and 
11.0
11884 - 'sudo make install' on FreeBSD 10.3 and 11.0 leaves files owned by 
root, subsequent make command fails
11885 - clamsubmit not building on FreeBSD 10.3 and 11.0
11887 - Failures of 'make check VG=1' on FreeBSD 10.3 and 11.0

We ask that feedback be provided via the ClamAV mailing 
lists.


--
Joel Esler | Talos: Manager | jes...@cisco.com






___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] sanesecurity: Permission denied

[Reindl Harald]

Am 03.08.2017 um 16:38 schrieb Steve Basford:

On Thu, August 3, 2017 3:06 pm, Reindl Harald wrote:



frankly you have one or more mirrors which just don't work at all for a
long time, a friend just looked for a working one, hardcoded the IP and
has never seen that errors again


The problem was fixed on 1 mirror but seems to have come back again... so
I've just removed the 1 mirror... for further testing.


likely it was not only one...


Aslo, please don't hardcode the IP it may have been a simple workaround..
but longer term it doesn't help


i don#t but also i don't understand why that can't be automatically 
tested since you must know anyways the IP's of mirrors

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] sanesecurity: Permission denied

[Steve Basford]

On Thu, August 3, 2017 3:06 pm, Reindl Harald wrote:
>

>
>
> frankly you have one or more mirrors which just don't work at all for a
> long time, a friend just looked for a working one, hardcoded the IP and
> has never seen that errors again

The problem was fixed on 1 mirror but seems to have come back again... so
I've just removed the 1 mirror... for further testing.

Aslo, please don't hardcode the IP it may have been a simple workaround..
but longer term it doesn't help.

-- 
Cheers,

Steve
Twitter: @sanesecurity

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] sanesecurity: Permission denied

[Reindl Harald]

Am 03.07.2017 um 13:37 schrieb Steve Basford:

On Mon, July 3, 2017 11:58 am, Reindl Harald wrote:

issues like below are also reported by a friend on his machines for some
days, randomly with different files


I'm looking into it -- will email off-list


frankly you have one or more mirrors which just don't work at all for a 
long time, a friend just looked for a working one, hardcoded the IP and 
has never seen that errors again


Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/MiscreantPunch099-Low.ldb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/Sanesecurity_sigtest.yara" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/Sanesecurity_spam.yara" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/crdfam.clamav.hdb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/foxhole_all.cdb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/foxhole_all.ndb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/foxhole_filename.cdb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/foxhole_generic.cdb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/foxhole_js.cdb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/foxhole_js.ndb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/foxhole_mail.cdb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/hackingteam.hsb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/junk.ndb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/lott.ndb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/malware.expert.fp" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/malware.expert.hdb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/malware.expert.ldb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/malware.expert.ndb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/malwarehash.hsb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/scam.ndb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/shelter.ldb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/sigwhitelist.ign2" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/spear.ndb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/spearl.ndb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync: send_files failed to open 
"/winnow_phish_complete.ndb" (in sanesecurity): Permission denied (13)
Aug  3 13:55:12 buildserver bash: rsync error: some files/attrs were not 
transferred (see previous errors) (code 23) at main.c(1650) 
[generator=3.1.2]

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ScanOnAccess - How to be sure it works

[José Wojnacki]

Hello all,

I'm running clamav on archlinux. I have activated scan on access and
according to clamav.log it is working.

Thu Aug  3 11:43:32 2017 -> HWP3 support enabled.
Thu Aug  3 11:43:32 2017 -> Self checking every 600 seconds.
Thu Aug  3 11:43:32 2017 -> ScanOnAccess: notifying only for access
attempts.
Thu Aug  3 11:43:32 2017 -> ScanOnAccess: Protecting '/home/' and rest
of mount.
Thu Aug  3 11:43:32 2017 -> ScanOnAccess: Max file size limited to
5242880 bytes

To test it I have tried to open or copy the eicar.com.txt test file but
I never see any detection. I know clamav is working because if I run a
manual scan on this file it is detected as an infected file. Is there
something in the ScanOnAcess that may not be properly configured or
this particular file is not good for this kind of testing??

Best Regards, josé.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml