Re: [clamav-users] Difference between datadir and datarootdir

2019-03-06 Thread Michael Orlitzky via clamav-users 
On 3/4/19 9:28 PM, Jobst Schmalenbach via clamav-users wrote:
> 
> This is really confusing as datadir points DATAROOTDIR.
> 
> Can I make them the same?
> 

It's confusing in clamav because it's confusing everywhere. Those
directories and their meanings' come from autotools:

  https://www.gnu.org/prep/standards/html_node/Directory-Variables.html

but you shouldn't expect to be enlightened after reading that page.
Probably the best way to understand it is with an example. First, many
of the other directories (datadir, mandir, infodir,...) are defined in
terms of datarootdir. So, for example, we might have

  * DATADIR=$(DATAROOTDIR),
  * MANDIR=$(DATAROOTDIR)/man, and
  * INFODIR=$(DATAROOTDIR)/info

That means that if you want to move *all of that stuff*, then you would
move the datarootdir.

But then what is datadir for? Well... historically, some people have
wanted to treat e.g. games as second-class packages. So, for example,
they wanted to put all of the graphics files for games under
/usr/share/games/. That's fine, if the games themselves
know where to look for that stuff. But things like man/info pages can't
go there -- they need to be in the place where "man" or "info" will look
for them! And basically, you can set DATADIR=/usr/share/games to
accomplish that sort of thing.

So to summarize: yes, you can set them the same, and they will usually
be the same.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with new safebrowsing file

2019-03-06 Thread Chris Pollock via clamav-users 
On Wed, 2019-03-06 at 17:55 -0500, Maarten Broekman via clamav-users
wrote:
> I have 48472 and 48473. The 48474 I got was the gdb file that was
> downloaded as part of the cdiff. The freshclam process hung after
> downloading though.  The order of the 48474 gdb file was no different
> from the order of the 48473 file.
> 
> Freshclam gets this far before hanging after the download. The gdb
> file listed there has the same format.
> > Wed Mar  6 16:50:46 2019 -> *main.cvd version from DNS: 58
> > Wed Mar  6 16:50:46 2019 -> main.cvd is up to date (version: 58,
> > sigs: 4566249, f-level: 60, builder: sigmgr)
> > Wed Mar  6 16:50:46 2019 -> *daily.cvd version from DNS: 25380
> > Wed Mar  6 16:50:46 2019 -> daily.cvd is up to date (version:
> > 25380, sigs: 1503528, f-level: 63, builder: raynman)
> > Wed Mar  6 16:50:46 2019 -> *safebrowsing.cvd version from DNS:
> > 48474
> > LibClamAV debug: in cli_untgz()
> > LibClamAV debug: cli_untgz: Unpacking
> > /home/logins/mbroekman/analysis/tmp/clamav-
> > 317041d4b9d853e83b60005464dd098c.tmp/clamav-
> > b4a94beaae2191e11c7805c6e49be7e6.tmp/COPYING
> > LibClamAV debug: cli_untgz: Unpacking
> > /home/logins/mbroekman/analysis/tmp/clamav-
> > 317041d4b9d853e83b60005464dd098c.tmp/clamav-
> > b4a94beaae2191e11c7805c6e49be7e6.tmp/safebrowsing.info
> > LibClamAV debug: cli_untgz: Unpacking
> > /home/logins/mbroekman/analysis/tmp/clamav-
> > 317041d4b9d853e83b60005464dd098c.tmp/clamav-
> > b4a94beaae2191e11c7805c6e49be7e6.tmp/safebrowsing.gdb
> > LibClamAV debug: in cli_untgz_cleanup()
> > Wed Mar  6 16:50:49 2019 -> *Retrieving 
> > http://db.US.clamav.net/safebrowsing-48474.cdiff
> > Wed Mar  6 16:50:49 2019 -> nonblock_connect: connect(): fd=4
> > errno=101: Network is unreachable
> > Wed Mar  6 16:50:49 2019 -> Can't connect to port 80 of host
> > db.US.clamav.net (IP: 2606:4700::6810:da54)
> > Wed Mar  6 16:50:49 2019 -> *Trying to download 
> > http://db.US.clamav.net/safebrowsing-48474.cdiff (IP:
> > 104.16.219.84)
> > Wed Mar  6 16:50:49 2019 -> Downloading safebrowsing-48474.cdiff
> > [100%]

Same here, 

Wed Mar  6 16:00:00 2019 -> Downloading safebrowsing-48474.cdiff [100%]
and it's now 17:12CST. Top shows
1997 clamav20   0  578112 450352  21692 R 100.0  2.9 123:49.48
freshclam

I stopped and restarted freshclam:

Wed Mar  6 17:13:54 2019 -> Downloading safebrowsing-48474.cdiff [100%]
32439 clamav20   0  167716  40428  22256 R  99.7  0.3   3:12.59
freshclam 

Something is definitely amiss somewhere. For now I'll have to stop the
freshclam process until the issue is resolved.

-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
17:11:37 up 1 day, 17 min, 1 user, load average: 2.47, 2.25, 2.05
Description:Ubuntu 18.04.2 LTS, kernel 4.15.0-46-generic


signature.asc
Description: This is a digitally signed message part

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread David Raynor 
>From my local validation with ClamAV, I can confidently say that
safebrowsing CVD 48474 will load much faster than safebrowsing CVD 48473.
It's all in the ordering. We'll be keeping track of that going forward.

Safebrowsing 48474 is available from the mirror network now.

Dave R.

On Wed, Mar 6, 2019 at 12:19 PM David Raynor  wrote:

> Maarten,
>
> Thanks for reporting that. There is an ordering difference of the content
> in the latest GDB file which is affecting the load time, and we will be
> fixing that in the next safebrowsing CVD version.
>
> Dave R.
>
> On Wed, Mar 6, 2019 at 10:42 AM Maarten Broekman via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> I'm not sure if the safebrowsing.cld is included in the daily cdiff, but
>> the current safebrowsing.cld takes between 50 and 70 seconds to *load* into
>> clamscan, where a copy from February loads in <5 seconds.
>>
>> safebrowsing data:
>> Old (fast):  ClamAV-VDB:13 Feb 2019 13-16
>> -0500:48472:3041760:63:X:X:google:1550081775
>>
>>
>> New (slow): ClamAV-VDB:05 Mar 2019 19-20
>> -0500:48473:3229612:63:X:X:google:1551831615
>>
>>
>>
>> Anyone know what might have changed in there to so drastically increased
>> the load time?
>>
>> This happened after freshclam ran last night.
>>
>> # /opt/clamav/clamav/bin/clamscan -d ~/safebrowsing.cld
>> samples/clam_test.html
>> samples/clam_test.html: OK
>>
>> --- SCAN SUMMARY ---
>> Known viruses: 3041760
>> Engine version: 0.100.2
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.00 MB
>> Data read: 0.00 MB (ratio 0.00:1)
>> Time: 2.423 sec (0 m 2 s)
>>
>> # /opt/clamav/clamav/bin/clamscan -d
>> /opt/clamav/var/lib/clamav/safebrowsing.cld samples/clam_test.html
>> samples/clam_test.html: OK
>>
>> --- SCAN SUMMARY ---
>> Known viruses: 3229612
>> Engine version: 0.100.2
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.00 MB
>> Data read: 0.00 MB (ratio 0.00:1)
>> Time: 64.429 sec (1 m 4 s)
>>
>>
>> On Wed, Mar 6, 2019 at 10:17 AM Micah Snyder (micasnyd) via clamav-users <
>> clamav-users@lists.clamav.net> wrote:
>>
>>> I confirmed with our signature management team that the extended time
>>> processing daily-25380 is because this change is significantly larger than
>>> a standard update.
>>> This update drops 768053 hash-based signatures for malware that is
>>> detected by other more efficient logical signatures.  The net result will
>>> be a leaner database that should load a little faster and take up less
>>> memory.
>>>
>>> The validation stage when creating the daily had estimated less than 26
>>> minutes for the cdiff to apply.  You may be correct that it's much faster
>>> on x86 than on Sparc.  3h15m is definitely worse than expected, and I
>>> apologize for the inconvenience.
>>>
>>> Regards,
>>> Micah
>>>
>>> Micah Snyder
>>> ClamAV Development
>>> Talos
>>> Cisco Systems, Inc.
>>>
>>>
>>> On 3/6/19, 9:31 AM, "Pierre Dehaen"  wrote:
>>>
>>> Yes Micah, it finished while I was checking the computer because of
>>> the messages received
>>> on the mailing list.
>>>
>>> $ tail -50 /var/log/freshclam.log
>>> ...
>>> --
>>> ClamAV update process started at Wed Mar  6 11:37:46 2019
>>> WARNING: Your ClamAV installation is OUTDATED!
>>> WARNING: Local version: 0.100.0 Recommended version: 0.101.1
>>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>>> securiteinfo.hdb is up to date (version: custom database)
>>> securiteinfo.ign2 is up to date (version: custom database)
>>> Downloading javascript.ndb [*]
>>> javascript.ndb updated (version: custom database, sigs: 45008)
>>> securiteinfohtml.hdb is up to date (version: custom database)
>>> securiteinfoascii.hdb is up to date (version: custom database)
>>> securiteinfopdf.hdb is up to date (version: custom database)
>>> Downloading spam_marketing.ndb [*]
>>> spam_marketing.ndb updated (version: custom database, sigs: 24199)
>>> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
>>> builder: sigmgr)
>>> Downloading daily-25380.cdiff [100%]
>>> daily.cld updated (version: 25380, sigs: 1503528, f-level: 63,
>>> builder: raynman)
>>> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
>>> builder: neo)
>>> Database updated (6139078 signatures) from db.be.clamav.net (IP:
>>> 104.16.219.84)
>>> Clamd successfully notified about the update.
>>>
>>> $ ls -l /var/log/freshclam.log
>>> -rw-r--r--   1 clamav   clamav701634 Mar  6 14:51
>>> /var/log/freshclam.log
>>>
>>> It ran from 11:37 to 14:51. It might run faster on x86 computers
>>> though.
>>>
>>> Pierre
>>>
>>> On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users
>>> wrote:
>>>
>>> Pierre,
>>>
>>> So you're saying it actually did finish after 3 hours, 15 minutes on
>>> its own?  Tha

Re: [clamav-users] Problem with new safebrowsing file

2019-03-06 Thread Maarten Broekman via clamav-users 
I have 48472 and 48473. The 48474 I got was the gdb file that was
downloaded as part of the cdiff. The freshclam process hung after
downloading though.  The order of the 48474 gdb file was no different from
the order of the 48473 file.

Freshclam gets this far before hanging after the download. The gdb file
listed there has the same format.

Wed Mar  6 16:50:46 2019 -> *main.cvd version from DNS: 58
Wed Mar  6 16:50:46 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Mar  6 16:50:46 2019 -> *daily.cvd version from DNS: 25380
Wed Mar  6 16:50:46 2019 -> daily.cvd is up to date (version: 25380, sigs:
1503528, f-level: 63, builder: raynman)
Wed Mar  6 16:50:46 2019 -> *safebrowsing.cvd version from DNS: 48474
LibClamAV debug: in cli_untgz()
LibClamAV debug: cli_untgz: Unpacking
/home/logins/mbroekman/analysis/tmp/clamav-317041d4b9d853e83b60005464dd098c.tmp/clamav-b4a94beaae2191e11c7805c6e49be7e6.tmp/COPYING
LibClamAV debug: cli_untgz: Unpacking
/home/logins/mbroekman/analysis/tmp/clamav-317041d4b9d853e83b60005464dd098c.tmp/clamav-b4a94beaae2191e11c7805c6e49be7e6.tmp/
safebrowsing.info
LibClamAV debug: cli_untgz: Unpacking
/home/logins/mbroekman/analysis/tmp/clamav-317041d4b9d853e83b60005464dd098c.tmp/clamav-b4a94beaae2191e11c7805c6e49be7e6.tmp/safebrowsing.gdb
LibClamAV debug: in cli_untgz_cleanup()
Wed Mar  6 16:50:49 2019 -> *Retrieving
http://db.US.clamav.net/safebrowsing-48474.cdiff
Wed Mar  6 16:50:49 2019 -> nonblock_connect: connect(): fd=4 errno=101:
Network is unreachable
Wed Mar  6 16:50:49 2019 -> Can't connect to port 80 of host
db.US.clamav.net (IP: 2606:4700::6810:da54)
Wed Mar  6 16:50:49 2019 -> *Trying to download
http://db.US.clamav.net/safebrowsing-48474.cdiff (IP: 104.16.219.84)
Wed Mar  6 16:50:49 2019 -> Downloading safebrowsing-48474.cdiff [100%]


The last time I ran freshclam, I was stuck at 100% on the download for 40
minutes before I killed the process.

The info file in the tmpdir shows:

ClamAV-VDB:06 Mar 2019 13-24 -0500:48474:3232286:63:X:X:google:1551896655
safebrowsing.gdb:132636452:7f6645b8d865de3992be1ad5de215afd848acee4c021eed4818fdb760f76b57e
DSIG:NxsTJGIb7EQ9e71CjIH2QJYzp+BhrH0qK1Mb0Ef5BQfO5WZnm8qZSqj/y6vstcjAOUfWwLG8ba3RemesF+KxIuk/HMkDgRCJep+shVvz8nAccajvbBN1ZnmpTkf1T0QgTsDbuBK9cTItdlQWupKfuiV1aKKdF1jSLvtRJU4zoZl+B3/qgIAPi7sqmkh8W5qKplYdsICdfmDLxK5dDwCkGmdtXZol5pHHXTQb1/LJqml8SORrFydkYizuVl07/uuc332dk5Uk1NfZrDj94wG0dIIloWiwfPzj563Vl5e7GvCvCdMR1Gfq3EGYZGSPftR7a/K7TashvsoWP2Uma0Fq/





On Wed, Mar 6, 2019 at 5:47 PM David Raynor  wrote:

> That's strange, the 48474 I have should have the sorting changed and has
> the improved loading time we're talking about.
>
> $ sigtool --info safebrowsing.cvd
> File: safebrowsing.cvd
> Build time: 06 Mar 2019 13:24 -0500
> Version: 48474
> Signatures: 3232286
> Functionality level: 63
> Builder: google
> MD5: 70c61f41e52b5a2134ff7e272f5a6df1
>
> SHA256 (safebrowsing.gdb) =
> 7f6645b8d865de3992be1ad5de215afd848acee4c021eed4818fdb760f76b57e
>
> Something must be different.
>
> Dave R.
>
> On Wed, Mar 6, 2019 at 5:39 PM Maarten Broekman via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> The new safebrowsing cvd (starting with version 48473) seems to be sorted
>> in a way that increases the load time of that file by several orders of
>> magnitude.
>>
>> I have a previous version from February where the entries in the gdb
>> section are sorted like this:
>>
>> S2:F:917787cff7b0993917209809ff3d94bec7e1de7188b323d9b88e0273cb71
>> S2:F:000149794d90dc5bce4f685deed6076d00c9209bd81cef4cbdf8a4e41f0a2153
>> S2:F:00042c895c912fd567afa35450cfe5d321d0d68eb3833156925c4e27d2c29aa2
>> S2:F:0006d4dcb0d939d725e676a9e68aaeb303e04478e6861d2a77469d1b6a0a0f7d
>> S2:F:0007bf7c1808d12177f0ae90d336d60c5a7a3d89703806955b75c56f898dd919
>> ...
>> S2:P:9177
>> S2:P:00014979
>> S2:P:00042c89
>> S2:P:0006d4dc
>> S2:P:0007bf7c
>> ...
>> S:F:0860493997b798861956e06d3d3606f82384259b971bb922f94f886a4b55
>> S:F:0bddafae162a7a2f1249b3b38c8e4b6d3cb8bf0c30c26cc354ebcba16b37
>> S:F:46cad35fbecbcc8dd4ebb244bd08aa6dbf1078279115c82f8e21b2cf8478
>> S:F:684200da7b11f38a6f4719bda4ec6c6ae8b2be1f7e12a16605b2d3a5d490
>> S:F:72f3f33e47a2f97b8711d240267462aa3f0a5f8130845b119a2ad3798292
>> ...
>> S:P:0860
>> S:P:0bdd
>> S:P:46ca
>> S:P:6842
>> S:P:72f3
>>
>>
>> That loads into clamd (and clamscan) in under 5 seconds for the 3041760
>> entries in it.
>>
>> Version 48473 and 48474 are sorted like this:
>>
>> S2:P:9177
>> S2:F:917787cff7b0993917209809ff3d94bec7e1de7188b323d9b88e0273cb71
>> S2:P:00014979
>> S2:F:000149794d90dc5bce4f685deed6076d00c9209bd81cef4cbdf8a4e41f0a2153
>> ...
>>
>>
>> That version loads in 50+ seconds for the 3229612 entries in it.
>>
>> If I flip the order of the entries so the :F: entries comes before the
>> corresponding :P: entry, it loads the same number of entries in 5 - 10
>> seconds.
>> If I reorder the entire file so that _all_ the :F: entries for

Re: [clamav-users] Problem with new safebrowsing file

2019-03-06 Thread David Raynor 
That's strange, the 48474 I have should have the sorting changed and has
the improved loading time we're talking about.

$ sigtool --info safebrowsing.cvd
File: safebrowsing.cvd
Build time: 06 Mar 2019 13:24 -0500
Version: 48474
Signatures: 3232286
Functionality level: 63
Builder: google
MD5: 70c61f41e52b5a2134ff7e272f5a6df1

SHA256 (safebrowsing.gdb) =
7f6645b8d865de3992be1ad5de215afd848acee4c021eed4818fdb760f76b57e

Something must be different.

Dave R.

On Wed, Mar 6, 2019 at 5:39 PM Maarten Broekman via clamav-users <
clamav-users@lists.clamav.net> wrote:

> The new safebrowsing cvd (starting with version 48473) seems to be sorted
> in a way that increases the load time of that file by several orders of
> magnitude.
>
> I have a previous version from February where the entries in the gdb
> section are sorted like this:
>
> S2:F:917787cff7b0993917209809ff3d94bec7e1de7188b323d9b88e0273cb71
> S2:F:000149794d90dc5bce4f685deed6076d00c9209bd81cef4cbdf8a4e41f0a2153
> S2:F:00042c895c912fd567afa35450cfe5d321d0d68eb3833156925c4e27d2c29aa2
> S2:F:0006d4dcb0d939d725e676a9e68aaeb303e04478e6861d2a77469d1b6a0a0f7d
> S2:F:0007bf7c1808d12177f0ae90d336d60c5a7a3d89703806955b75c56f898dd919
> ...
> S2:P:9177
> S2:P:00014979
> S2:P:00042c89
> S2:P:0006d4dc
> S2:P:0007bf7c
> ...
> S:F:0860493997b798861956e06d3d3606f82384259b971bb922f94f886a4b55
> S:F:0bddafae162a7a2f1249b3b38c8e4b6d3cb8bf0c30c26cc354ebcba16b37
> S:F:46cad35fbecbcc8dd4ebb244bd08aa6dbf1078279115c82f8e21b2cf8478
> S:F:684200da7b11f38a6f4719bda4ec6c6ae8b2be1f7e12a16605b2d3a5d490
> S:F:72f3f33e47a2f97b8711d240267462aa3f0a5f8130845b119a2ad3798292
> ...
> S:P:0860
> S:P:0bdd
> S:P:46ca
> S:P:6842
> S:P:72f3
>
>
> That loads into clamd (and clamscan) in under 5 seconds for the 3041760
> entries in it.
>
> Version 48473 and 48474 are sorted like this:
>
> S2:P:9177
> S2:F:917787cff7b0993917209809ff3d94bec7e1de7188b323d9b88e0273cb71
> S2:P:00014979
> S2:F:000149794d90dc5bce4f685deed6076d00c9209bd81cef4cbdf8a4e41f0a2153
> ...
>
>
> That version loads in 50+ seconds for the 3229612 entries in it.
>
> If I flip the order of the entries so the :F: entries comes before the
> corresponding :P: entry, it loads the same number of entries in 5 - 10
> seconds.
> If I reorder the entire file so that _all_ the :F: entries for each
> section (S or S2) come before the :P: entries for that section, it loads in
> under 5 seconds again.
>
> Earlier today it was mentioned that 'the next version of the CVD' would
> fix it (when 48473 was the current version). That seems to have not been
> the case since 48474 didn't fix it. Is there a plan to fix it? Or will we
> have to live with the enormous load times for this database?
>
> --Maarten
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 
---
Dave Raynor
Talos Security Intelligence and Research Group
dray...@sourcefire.com

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Problem with new safebrowsing file

2019-03-06 Thread Maarten Broekman via clamav-users 
The new safebrowsing cvd (starting with version 48473) seems to be sorted
in a way that increases the load time of that file by several orders of
magnitude.

I have a previous version from February where the entries in the gdb
section are sorted like this:

S2:F:917787cff7b0993917209809ff3d94bec7e1de7188b323d9b88e0273cb71
S2:F:000149794d90dc5bce4f685deed6076d00c9209bd81cef4cbdf8a4e41f0a2153
S2:F:00042c895c912fd567afa35450cfe5d321d0d68eb3833156925c4e27d2c29aa2
S2:F:0006d4dcb0d939d725e676a9e68aaeb303e04478e6861d2a77469d1b6a0a0f7d
S2:F:0007bf7c1808d12177f0ae90d336d60c5a7a3d89703806955b75c56f898dd919
...
S2:P:9177
S2:P:00014979
S2:P:00042c89
S2:P:0006d4dc
S2:P:0007bf7c
...
S:F:0860493997b798861956e06d3d3606f82384259b971bb922f94f886a4b55
S:F:0bddafae162a7a2f1249b3b38c8e4b6d3cb8bf0c30c26cc354ebcba16b37
S:F:46cad35fbecbcc8dd4ebb244bd08aa6dbf1078279115c82f8e21b2cf8478
S:F:684200da7b11f38a6f4719bda4ec6c6ae8b2be1f7e12a16605b2d3a5d490
S:F:72f3f33e47a2f97b8711d240267462aa3f0a5f8130845b119a2ad3798292
...
S:P:0860
S:P:0bdd
S:P:46ca
S:P:6842
S:P:72f3


That loads into clamd (and clamscan) in under 5 seconds for the 3041760
entries in it.

Version 48473 and 48474 are sorted like this:

S2:P:9177
S2:F:917787cff7b0993917209809ff3d94bec7e1de7188b323d9b88e0273cb71
S2:P:00014979
S2:F:000149794d90dc5bce4f685deed6076d00c9209bd81cef4cbdf8a4e41f0a2153
...


That version loads in 50+ seconds for the 3229612 entries in it.

If I flip the order of the entries so the :F: entries comes before the
corresponding :P: entry, it loads the same number of entries in 5 - 10
seconds.
If I reorder the entire file so that _all_ the :F: entries for each section
(S or S2) come before the :P: entries for that section, it loads in under 5
seconds again.

Earlier today it was mentioned that 'the next version of the CVD' would fix
it (when 48473 was the current version). That seems to have not been the
case since 48474 didn't fix it. Is there a plan to fix it? Or will we have
to live with the enormous load times for this database?

--Maarten

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Maarten Broekman via clamav-users 
Hi Dave,
 I noticed that the safebrowsing CVD was updated (I'm seeing version 48474
now) but the cdiff takes a VERY long time to apply and the new gdb file
takes about the same time to load.

Freshclam hangs at this point:
Wed Mar  6 16:03:05 2019 -> *Retrieving
http://db.US.clamav.net/safebrowsing-48474.cdiff
Wed Mar  6 16:03:05 2019 -> *Trying to download
http://db.US.clamav.net/safebrowsing-48474.cdiff (IP: 104.16.218.84)
Wed Mar  6 16:03:06 2019 -> Downloading safebrowsing-48474.cdiff [100%]

# /opt/clamav/clamav/bin/clamscan -d ./safebrowsing.gdb
/opt/scripts/signatures/samples/clam_test.html
/opt/scripts/signatures/samples/clam_test.html: OK

--- SCAN SUMMARY ---
Known viruses: 3229612
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 79.206 sec (1 m 19 s)

Looking at the gdb contents, the file is still sorted in the same way as
version 48473 (by the hash in the third field), rather than by the second
field (P / F). When I re-sort the file by the second field, it loads in
under 5 seconds.

--Maarten

On Wed, Mar 6, 2019 at 12:22 PM David Raynor  wrote:

> Maarten,
>
> Thanks for reporting that. There is an ordering difference of the content
> in the latest GDB file which is affecting the load time, and we will be
> fixing that in the next safebrowsing CVD version.
>
> Dave R.
>
> On Wed, Mar 6, 2019 at 10:42 AM Maarten Broekman via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> I'm not sure if the safebrowsing.cld is included in the daily cdiff, but
>> the current safebrowsing.cld takes between 50 and 70 seconds to *load* into
>> clamscan, where a copy from February loads in <5 seconds.
>>
>> safebrowsing data:
>> Old (fast):  ClamAV-VDB:13 Feb 2019 13-16
>> -0500:48472:3041760:63:X:X:google:1550081775
>>
>>
>> New (slow): ClamAV-VDB:05 Mar 2019 19-20
>> -0500:48473:3229612:63:X:X:google:1551831615
>>
>>
>>
>> Anyone know what might have changed in there to so drastically increased
>> the load time?
>>
>> This happened after freshclam ran last night.
>>
>> # /opt/clamav/clamav/bin/clamscan -d ~/safebrowsing.cld
>> samples/clam_test.html
>> samples/clam_test.html: OK
>>
>> --- SCAN SUMMARY ---
>> Known viruses: 3041760
>> Engine version: 0.100.2
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.00 MB
>> Data read: 0.00 MB (ratio 0.00:1)
>> Time: 2.423 sec (0 m 2 s)
>>
>> # /opt/clamav/clamav/bin/clamscan -d
>> /opt/clamav/var/lib/clamav/safebrowsing.cld samples/clam_test.html
>> samples/clam_test.html: OK
>>
>> --- SCAN SUMMARY ---
>> Known viruses: 3229612
>> Engine version: 0.100.2
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.00 MB
>> Data read: 0.00 MB (ratio 0.00:1)
>> Time: 64.429 sec (1 m 4 s)
>>
>>
>> On Wed, Mar 6, 2019 at 10:17 AM Micah Snyder (micasnyd) via clamav-users <
>> clamav-users@lists.clamav.net> wrote:
>>
>>> I confirmed with our signature management team that the extended time
>>> processing daily-25380 is because this change is significantly larger than
>>> a standard update.
>>> This update drops 768053 hash-based signatures for malware that is
>>> detected by other more efficient logical signatures.  The net result will
>>> be a leaner database that should load a little faster and take up less
>>> memory.
>>>
>>> The validation stage when creating the daily had estimated less than 26
>>> minutes for the cdiff to apply.  You may be correct that it's much faster
>>> on x86 than on Sparc.  3h15m is definitely worse than expected, and I
>>> apologize for the inconvenience.
>>>
>>> Regards,
>>> Micah
>>>
>>> Micah Snyder
>>> ClamAV Development
>>> Talos
>>> Cisco Systems, Inc.
>>>
>>>
>>> On 3/6/19, 9:31 AM, "Pierre Dehaen"  wrote:
>>>
>>> Yes Micah, it finished while I was checking the computer because of
>>> the messages received
>>> on the mailing list.
>>>
>>> $ tail -50 /var/log/freshclam.log
>>> ...
>>> --
>>> ClamAV update process started at Wed Mar  6 11:37:46 2019
>>> WARNING: Your ClamAV installation is OUTDATED!
>>> WARNING: Local version: 0.100.0 Recommended version: 0.101.1
>>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>>> securiteinfo.hdb is up to date (version: custom database)
>>> securiteinfo.ign2 is up to date (version: custom database)
>>> Downloading javascript.ndb [*]
>>> javascript.ndb updated (version: custom database, sigs: 45008)
>>> securiteinfohtml.hdb is up to date (version: custom database)
>>> securiteinfoascii.hdb is up to date (version: custom database)
>>> securiteinfopdf.hdb is up to date (version: custom database)
>>> Downloading spam_marketing.ndb [*]
>>> spam_marketing.ndb updated (version: custom database, sigs: 24199)
>>> main.cld is up to date (version: 58, sigs: 4566249, f-level

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Paul Kosinski via clamav-users 
I spoke too soon! Although 0.100.2 didn't hang, it did have to download
25380 several times -- while claiming success each time!


On Wed, 6 Mar 2019 15:54:04 -0500
Paul Kosinski via clamav-users  wrote:

> For once (?) we're not having any problem with this update. Maybe it's
> because we're still running 0.100.2?
> 
> 
> On Wed, 6 Mar 2019 14:05:30 +
> "Micah Snyder \(micasnyd\) via clamav-users"
>  wrote:
> 
> > I also am seeing the same thing.
> > Killing freshclam an starting it again reproduces the process (and
> > locks up again).
> > 
> > You may have to delete daily.cld/cvd from your database directory in
> > order to get past this.
> > 
> > For those who are interested in the code, it is caught in a loop
> > here:
> > https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.102/shared/cdiff.c#L922
> > I haven’t yet looked at it long enough to know why.  I will
> > continue to investigate and welcome any input from others who may
> > have some insight.
> > 
> > Regards,
> > Micah
> > 
> > Micah Snyder
> > ClamAV Development
> > Talos
> > Cisco Systems, Inc.
> > 
> > 
> > From: clamav-users  on behalf
> > of Paul via clamav-users  Reply-To:
> > ClamAV users ML  Date: Wednesday,
> > March 6, 2019 at 7:30 AM To: "clamav-users@lists.clamav.net"
> >  Cc: Paul 
> > Subject: Re: [clamav-users] Problem with freshclam updating
> > daily-25380.cdiff
> > 
> > 
> > Same here ..
> > 
> > 
> > On 06/03/2019 11:31, Vijayakumar U via clamav-users wrote:
> > Yes. Same here too...
> > 
> > On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez
> > mailto:carlos.gar...@f-integra.org>>
> > wrote: Hello,
> > 
> > When crontab execs freshclam
> > CPU server goes to 100%
> > Hanged finishing Downloading daily-25380.cdiff [100%]
> 
> 
> [remainder deleted]

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Paul Kosinski via clamav-users 
For once (?) we're not having any problem with this update. Maybe it's
because we're still running 0.100.2?


On Wed, 6 Mar 2019 14:05:30 +
"Micah Snyder \(micasnyd\) via clamav-users"
 wrote:

> I also am seeing the same thing.
> Killing freshclam an starting it again reproduces the process (and
> locks up again).
> 
> You may have to delete daily.cld/cvd from your database directory in
> order to get past this.
> 
> For those who are interested in the code, it is caught in a loop here:
> https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.102/shared/cdiff.c#L922
> I haven’t yet looked at it long enough to know why.  I will continue
> to investigate and welcome any input from others who may have some
> insight.
> 
> Regards,
> Micah
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
> 
> From: clamav-users  on behalf
> of Paul via clamav-users  Reply-To:
> ClamAV users ML  Date: Wednesday,
> March 6, 2019 at 7:30 AM To: "clamav-users@lists.clamav.net"
>  Cc: Paul 
> Subject: Re: [clamav-users] Problem with freshclam updating
> daily-25380.cdiff
> 
> 
> Same here ..
> 
> 
> On 06/03/2019 11:31, Vijayakumar U via clamav-users wrote:
> Yes. Same here too...
> 
> On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez
> mailto:carlos.gar...@f-integra.org>>
> wrote: Hello,
> 
> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]


[remainder deleted]

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread David Raynor 
Maarten,

Thanks for reporting that. There is an ordering difference of the content
in the latest GDB file which is affecting the load time, and we will be
fixing that in the next safebrowsing CVD version.

Dave R.

On Wed, Mar 6, 2019 at 10:42 AM Maarten Broekman via clamav-users <
clamav-users@lists.clamav.net> wrote:

> I'm not sure if the safebrowsing.cld is included in the daily cdiff, but
> the current safebrowsing.cld takes between 50 and 70 seconds to *load* into
> clamscan, where a copy from February loads in <5 seconds.
>
> safebrowsing data:
> Old (fast):  ClamAV-VDB:13 Feb 2019 13-16
> -0500:48472:3041760:63:X:X:google:1550081775
>
>
> New (slow): ClamAV-VDB:05 Mar 2019 19-20
> -0500:48473:3229612:63:X:X:google:1551831615
>
>
>
> Anyone know what might have changed in there to so drastically increased
> the load time?
>
> This happened after freshclam ran last night.
>
> # /opt/clamav/clamav/bin/clamscan -d ~/safebrowsing.cld
> samples/clam_test.html
> samples/clam_test.html: OK
>
> --- SCAN SUMMARY ---
> Known viruses: 3041760
> Engine version: 0.100.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 2.423 sec (0 m 2 s)
>
> # /opt/clamav/clamav/bin/clamscan -d
> /opt/clamav/var/lib/clamav/safebrowsing.cld samples/clam_test.html
> samples/clam_test.html: OK
>
> --- SCAN SUMMARY ---
> Known viruses: 3229612
> Engine version: 0.100.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 64.429 sec (1 m 4 s)
>
>
> On Wed, Mar 6, 2019 at 10:17 AM Micah Snyder (micasnyd) via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> I confirmed with our signature management team that the extended time
>> processing daily-25380 is because this change is significantly larger than
>> a standard update.
>> This update drops 768053 hash-based signatures for malware that is
>> detected by other more efficient logical signatures.  The net result will
>> be a leaner database that should load a little faster and take up less
>> memory.
>>
>> The validation stage when creating the daily had estimated less than 26
>> minutes for the cdiff to apply.  You may be correct that it's much faster
>> on x86 than on Sparc.  3h15m is definitely worse than expected, and I
>> apologize for the inconvenience.
>>
>> Regards,
>> Micah
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>>
>>
>> On 3/6/19, 9:31 AM, "Pierre Dehaen"  wrote:
>>
>> Yes Micah, it finished while I was checking the computer because of
>> the messages received
>> on the mailing list.
>>
>> $ tail -50 /var/log/freshclam.log
>> ...
>> --
>> ClamAV update process started at Wed Mar  6 11:37:46 2019
>> WARNING: Your ClamAV installation is OUTDATED!
>> WARNING: Local version: 0.100.0 Recommended version: 0.101.1
>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>> securiteinfo.hdb is up to date (version: custom database)
>> securiteinfo.ign2 is up to date (version: custom database)
>> Downloading javascript.ndb [*]
>> javascript.ndb updated (version: custom database, sigs: 45008)
>> securiteinfohtml.hdb is up to date (version: custom database)
>> securiteinfoascii.hdb is up to date (version: custom database)
>> securiteinfopdf.hdb is up to date (version: custom database)
>> Downloading spam_marketing.ndb [*]
>> spam_marketing.ndb updated (version: custom database, sigs: 24199)
>> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
>> builder: sigmgr)
>> Downloading daily-25380.cdiff [100%]
>> daily.cld updated (version: 25380, sigs: 1503528, f-level: 63,
>> builder: raynman)
>> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
>> builder: neo)
>> Database updated (6139078 signatures) from db.be.clamav.net (IP:
>> 104.16.219.84)
>> Clamd successfully notified about the update.
>>
>> $ ls -l /var/log/freshclam.log
>> -rw-r--r--   1 clamav   clamav701634 Mar  6 14:51
>> /var/log/freshclam.log
>>
>> It ran from 11:37 to 14:51. It might run faster on x86 computers
>> though.
>>
>> Pierre
>>
>> On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users
>> wrote:
>>
>> Pierre,
>>
>> So you're saying it actually did finish after 3 hours, 15 minutes on
>> its own?  That is good news
>> for all of the automated systems, even if this is a potentially
>> terrible bug.
>>
>> I'm still investigating the cause, and asking our signature
>> management team if they have any
>> additional details.
>>
>> Micah
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>>
>>
>>
>> On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen"
>> > boun...@lists.clamav.net on behalf of deha...@drev

Re: [clamav-users] possible to use clamscan to search for strings in mail?

2019-03-06 Thread Alex 
Great, thanks!

 All I had to do was writing an new.ldb rule with hex patterns to
search for:

Sig1;Target:4;(0|1|2|3|4|5|6|7|8|9|10|11|12);e2e5ede0eb;c2c5cdc0cb;fe32
;de32;d7c5cec1cc;f7e5eee1ec;c032;e032;d0b2d0b5d0bdd0b0d0bb;d092d095d09d
d090d09b;d18e32;d0ae32;7576656e616c

 and run clamscan:

clamscan -f ~/list -i -d ~/new.ldb

On Wed, 2019-03-06 at 10:50 +0100, Arnaud Jacques wrote:
> Hello Alex,
> 
> 
> > We do have a large IMAP ~200GB, and in order to find letters 
> > containing specific "keyword",
> > grep is not good because of base64 encoding. So the idea is to
> > look 
> > through with antivirus scanner for "virus" inside letters, which
> > is 
> > not a virus but a (not sure, may be) "bytecode signature" =
> > "keyword"
> > 
> > Sounds good? A link to a howto will be appreciated.
> 
> Yes it is possible. Please see the official documentation :
> https://www.clamav.net/documents/creating-signatures-for-clamav
> 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] is this realy a positive? Html.Trojan.Exploit-112 FOUND

2019-03-06 Thread Matthew Molyett 
Henrik,

The reference file that we have for that signature appears to
contain CVE-2006-3227.

If you can share the file then use the FP reporting option <
http://www.clamav.net/reports/fp> to have the signature reassessed.

Thank you.

On Mon, Mar 4, 2019 at 3:57 AM Al Varnell via clamav-users <
clamav-users@lists.clamav.net> wrote:

> It's been in the database for many years, so doubt that it's invalid, but
> could still be an FP in your specific case. The signature looks like this:
>
> VIRUS NAME: Html.Trojan.Exploit-112
> TARGET TYPE: HTML
> OFFSET: *
> bc f3 e3 f2 e9 f0 f4
> [I padded the hex string with spaces to prevent this e-mail from being
> detected].
>
> ClamAV doesn't publish detailed information most of it's signatures. Only
> the original signature writer might have it in his notes and I doubt he
> still works for them. Each vendor uses it's own unique name for signatures,
> so it's no wonder you weren't able to find anything, although I did find
> this from Dec 2017 which appears to believe it might be a False Positive
> from a Time Machine backup: <
> https://forum.qnapclub.de/thread/45902-virenfund-timemachinebackup-wie-finde-ich-die-dateien-auf-dem-macbook/
> >.
>
> You should upload that file to  to help make
> your case.
>
> Then it should be uploaded to  so that
> it get's to the ClamAV signature team for resolution.
>
> You may get faster results if you post the link to VirusTotal results and
> a hash value for the file back here, to make it easier for all to help
> resolve it.
>
> -Al-
>
> > On Mar 4, 2019, at 00:24, Henrik Hoeg Thomsen1 via clamav-users <
> clamav-users@lists.clamav.net> wrote:
> >
> > Our Clamav scan just reported this signature to be forund in one of my
> syslogarchives.
> >
> > Html.Trojan.Exploit-112 FOUND
> >
> > My best guess is that it is false-positive, as  this filesystem is
> totally isolated from any interactive user access.
> >
> > But where can i find the details behind this alert ?
> >
> > Google has no match on this.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 

Matthew Molyett
Malware Researcher

mmoly...@cisco.com

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Maarten Broekman via clamav-users 
I'm not sure if the safebrowsing.cld is included in the daily cdiff, but
the current safebrowsing.cld takes between 50 and 70 seconds to *load* into
clamscan, where a copy from February loads in <5 seconds.

safebrowsing data:
Old (fast):  ClamAV-VDB:13 Feb 2019 13-16
-0500:48472:3041760:63:X:X:google:1550081775


New (slow): ClamAV-VDB:05 Mar 2019 19-20
-0500:48473:3229612:63:X:X:google:1551831615



Anyone know what might have changed in there to so drastically increased
the load time?

This happened after freshclam ran last night.

# /opt/clamav/clamav/bin/clamscan -d ~/safebrowsing.cld
samples/clam_test.html
samples/clam_test.html: OK

--- SCAN SUMMARY ---
Known viruses: 3041760
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 2.423 sec (0 m 2 s)

# /opt/clamav/clamav/bin/clamscan -d
/opt/clamav/var/lib/clamav/safebrowsing.cld samples/clam_test.html
samples/clam_test.html: OK

--- SCAN SUMMARY ---
Known viruses: 3229612
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 64.429 sec (1 m 4 s)


On Wed, Mar 6, 2019 at 10:17 AM Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> I confirmed with our signature management team that the extended time
> processing daily-25380 is because this change is significantly larger than
> a standard update.
> This update drops 768053 hash-based signatures for malware that is
> detected by other more efficient logical signatures.  The net result will
> be a leaner database that should load a little faster and take up less
> memory.
>
> The validation stage when creating the daily had estimated less than 26
> minutes for the cdiff to apply.  You may be correct that it's much faster
> on x86 than on Sparc.  3h15m is definitely worse than expected, and I
> apologize for the inconvenience.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On 3/6/19, 9:31 AM, "Pierre Dehaen"  wrote:
>
> Yes Micah, it finished while I was checking the computer because of
> the messages received
> on the mailing list.
>
> $ tail -50 /var/log/freshclam.log
> ...
> --
> ClamAV update process started at Wed Mar  6 11:37:46 2019
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.101.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> securiteinfo.hdb is up to date (version: custom database)
> securiteinfo.ign2 is up to date (version: custom database)
> Downloading javascript.ndb [*]
> javascript.ndb updated (version: custom database, sigs: 45008)
> securiteinfohtml.hdb is up to date (version: custom database)
> securiteinfoascii.hdb is up to date (version: custom database)
> securiteinfopdf.hdb is up to date (version: custom database)
> Downloading spam_marketing.ndb [*]
> spam_marketing.ndb updated (version: custom database, sigs: 24199)
> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
> builder: sigmgr)
> Downloading daily-25380.cdiff [100%]
> daily.cld updated (version: 25380, sigs: 1503528, f-level: 63,
> builder: raynman)
> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
> builder: neo)
> Database updated (6139078 signatures) from db.be.clamav.net (IP:
> 104.16.219.84)
> Clamd successfully notified about the update.
>
> $ ls -l /var/log/freshclam.log
> -rw-r--r--   1 clamav   clamav701634 Mar  6 14:51
> /var/log/freshclam.log
>
> It ran from 11:37 to 14:51. It might run faster on x86 computers
> though.
>
> Pierre
>
> On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users wrote:
>
> Pierre,
>
> So you're saying it actually did finish after 3 hours, 15 minutes on
> its own?  That is good news
> for all of the automated systems, even if this is a potentially
> terrible bug.
>
> I'm still investigating the cause, and asking our signature management
> team if they have any
> additional details.
>
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
>
> On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen"
>  boun...@lists.clamav.net on behalf of deha...@drever.be> wrote:
>
> Here too: it took about 3 hours and 15 minutes to calm down
> (SPARC, Solaris 11,
> v0.100.0)... without noticiable error in freshclam.log.
>
> On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:
>
> > When crontab execs freshclam
> > CPU server goes to 100%
> > Hanged finishing Downloading daily-25380.cdiff [100%]
>
> Just checked my server and it happened to me too! A little after
> 5am
> central time.  :(
>
>

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Micah Snyder (micasnyd) via clamav-users 
I confirmed with our signature management team that the extended time 
processing daily-25380 is because this change is significantly larger than a 
standard update.
This update drops 768053 hash-based signatures for malware that is detected by 
other more efficient logical signatures.  The net result will be a leaner 
database that should load a little faster and take up less memory.

The validation stage when creating the daily had estimated less than 26 minutes 
for the cdiff to apply.  You may be correct that it's much faster on x86 than 
on Sparc.  3h15m is definitely worse than expected, and I apologize for the 
inconvenience.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On 3/6/19, 9:31 AM, "Pierre Dehaen"  wrote:

Yes Micah, it finished while I was checking the computer because of the 
messages received 
on the mailing list.

$ tail -50 /var/log/freshclam.log
...
--
ClamAV update process started at Wed Mar  6 11:37:46 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.101.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
securiteinfo.hdb is up to date (version: custom database)
securiteinfo.ign2 is up to date (version: custom database)
Downloading javascript.ndb [*]
javascript.ndb updated (version: custom database, sigs: 45008)
securiteinfohtml.hdb is up to date (version: custom database)
securiteinfoascii.hdb is up to date (version: custom database)
securiteinfopdf.hdb is up to date (version: custom database)
Downloading spam_marketing.ndb [*]
spam_marketing.ndb updated (version: custom database, sigs: 24199)
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
sigmgr)
Downloading daily-25380.cdiff [100%]
daily.cld updated (version: 25380, sigs: 1503528, f-level: 63, builder: 
raynman)
bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: 
neo)
Database updated (6139078 signatures) from db.be.clamav.net (IP: 
104.16.219.84)
Clamd successfully notified about the update.

$ ls -l /var/log/freshclam.log
-rw-r--r--   1 clamav   clamav701634 Mar  6 14:51 /var/log/freshclam.log

It ran from 11:37 to 14:51. It might run faster on x86 computers though.

Pierre

On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users wrote:

Pierre,

So you're saying it actually did finish after 3 hours, 15 minutes on its 
own?  That is good news 
for all of the automated systems, even if this is a potentially terrible 
bug.

I'm still investigating the cause, and asking our signature management team 
if they have any 
additional details.

Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.



On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen"  wrote:

Here too: it took about 3 hours and 15 minutes to calm down (SPARC, 
Solaris 11, 
v0.100.0)... without noticiable error in freshclam.log.

On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time.  :(

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml





___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Chris Pollock via clamav-users 
On Wed, 2019-03-06 at 14:20 +, Micah Snyder (micasnyd) via clamav-
users wrote:
> Pierre,
> 
> So you're saying it actually did finish after 3 hours, 15 minutes on
> its own?  That is good news for all of the automated systems, even if
> this is a potentially terrible bug.
> 
> I'm still investigating the cause, and asking our signature
> management team if they have any additional details.
> 
> Micah
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
It took right at 57 minutes to update here:

Wed Mar  6 05:02:57 2019 -> Downloading daily-25380.cdiff [100%]
Wed Mar  6 05:57:24 2019 -> cdiff_apply: Parsed 771787 lines and
executed 771787 commands
Wed Mar  6 05:57:25 2019 -> Loading signatures from daily.cld
Wed Mar  6 05:57:30 2019 -> Properly loaded 1503528 signatures from new
daily.cld
Wed Mar  6 05:57:30 2019 -> daily.cld updated (version: 25380, sigs:
1503528, f-level: 63, builder: raynman)

-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
09:09:31 up 16:15, 1 user, load average: 1.40, 0.90, 0.82
Description:Ubuntu 18.04.2 LTS, kernel 4.15.0-46-generic



signature.asc
Description: This is a digitally signed message part

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Pierre Dehaen 
Yes Micah, it finished while I was checking the computer because of the 
messages received 
on the mailing list.

$ tail -50 /var/log/freshclam.log
...
--
ClamAV update process started at Wed Mar  6 11:37:46 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.101.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
securiteinfo.hdb is up to date (version: custom database)
securiteinfo.ign2 is up to date (version: custom database)
Downloading javascript.ndb [*]
javascript.ndb updated (version: custom database, sigs: 45008)
securiteinfohtml.hdb is up to date (version: custom database)
securiteinfoascii.hdb is up to date (version: custom database)
securiteinfopdf.hdb is up to date (version: custom database)
Downloading spam_marketing.ndb [*]
spam_marketing.ndb updated (version: custom database, sigs: 24199)
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
sigmgr)
Downloading daily-25380.cdiff [100%]
daily.cld updated (version: 25380, sigs: 1503528, f-level: 63, builder: raynman)
bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
Database updated (6139078 signatures) from db.be.clamav.net (IP: 104.16.219.84)
Clamd successfully notified about the update.

$ ls -l /var/log/freshclam.log
-rw-r--r--   1 clamav   clamav701634 Mar  6 14:51 /var/log/freshclam.log

It ran from 11:37 to 14:51. It might run faster on x86 computers though.

Pierre

On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users wrote:

Pierre,

So you're saying it actually did finish after 3 hours, 15 minutes on its own?  
That is good news 
for all of the automated systems, even if this is a potentially terrible bug.

I'm still investigating the cause, and asking our signature management team if 
they have any 
additional details.

Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.



On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen"  wrote:

Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 
11, 
v0.100.0)... without noticiable error in freshclam.log.

On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time.  :(

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Micah Snyder (micasnyd) via clamav-users 
Pierre,

So you're saying it actually did finish after 3 hours, 15 minutes on its own?  
That is good news for all of the automated systems, even if this is a 
potentially terrible bug.

I'm still investigating the cause, and asking our signature management team if 
they have any additional details.

Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.



On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen" 
 wrote:

Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 
11, 
v0.100.0)... without noticiable error in freshclam.log.

On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time.  :(

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Dennis Hermannsen via clamav-users 
Seems like this has been fixed.
Remove /var/lib/clamav/daily.* (either cld or cvd) and run freshclam again. 
When freshclam failed to update, it was stuck on a .cld file. After removing 
it, it downloaded daily.cvd and could be updated afterwards.

 
Dennis Hermannsen
System administrator | cHosting ApS
site: chosting.dk [https://chosting.dk]
email: den...@chosting.dk [mailto:den...@chosting.dk]
address: Overgade 14E, 5000 Odense C
[https://facebook.com/cHosting]
[https://twitter.com/cHostingDK]
På 06-03-2019 15:08:02, Pierre Dehaen  skrev:
Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 11,
v0.100.0)... without noticiable error in freshclam.log.

On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time. :(

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Micah Snyder (micasnyd) via clamav-users 
I also am seeing the same thing.
Killing freshclam an starting it again reproduces the process (and locks up 
again).

You may have to delete daily.cld/cvd from your database directory in order to 
get past this.

For those who are interested in the code, it is caught in a loop here:
https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.102/shared/cdiff.c#L922
I haven’t yet looked at it long enough to know why.  I will continue to 
investigate and welcome any input from others who may have some insight.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


From: clamav-users  on behalf of Paul 
via clamav-users 
Reply-To: ClamAV users ML 
Date: Wednesday, March 6, 2019 at 7:30 AM
To: "clamav-users@lists.clamav.net" 
Cc: Paul 
Subject: Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff


Same here ..


On 06/03/2019 11:31, Vijayakumar U via clamav-users wrote:
Yes. Same here too...

On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez 
mailto:carlos.gar...@f-integra.org>> wrote:
Hello,

When crontab execs freshclam
CPU server goes to 100%
Hanged finishing Downloading daily-25380.cdiff [100%]


/home/vmail/antivirus/clamav/bin/freshclam -v --debug
Current working dir is /home/vmail/antivirus/clamav-0.101.1/share/clamav
ClamAV update process started at Wed Mar  6 11:50:17 2019
Using IPv6 aware code
Max retries == 3
Querying current.cvd.clamav.net
TTL: 297
Software version from DNS: 0.101.1
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
sigmgr)
daily.cvd version from DNS: 25380
LibClamAV debug: in cli_untgz()
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/COPYING
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.info
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cfg
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign2
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ftm
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Pierre Dehaen 
Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 11, 
v0.100.0)... without noticiable error in freshclam.log.

On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time.  :(

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV definitions vs LMD/maldet

2019-03-06 Thread J.R. via clamav-users 
> So basically it does nothing extra, just has more definitions
> which I can import to clamav anyway?

You can download the program and look it over without installing, it's
just bash scripts. It does appear in its own sigs directory there are
additional signature files:

-rw-r--r-- 1 root root 443304 Feb 25 04:07 hex.dat
-rw-r--r-- 1 root root 14 Feb 25 04:07 maldet.sigs.ver
-rw-r--r-- 1 root root 775382 Feb 25 04:07 md5.dat
-rw-r--r-- 1 root root 846582 Feb 25 04:07 md5v2.dat
-rw-r--r-- 1 root root 849117 Feb 25 04:07 rfxn.hdb
-rw-r--r-- 1 root root 451444 Feb 25 04:07 rfxn.ndb
-rw-r--r-- 1 root root 408598 Feb 25 04:07 rfxn.yara

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Paul via clamav-users 

Same here ..


On 06/03/2019 11:31, Vijayakumar U via clamav-users wrote:

Yes. Same here too...

On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez 
mailto:carlos.gar...@f-integra.org>> wrote:


Hello,
When crontab execs freshclam
CPU server goes to 100%
Hanged finishing Downloading daily-25380.cdiff [100%]

/home/vmail/antivirus/clamav/bin/freshclam -v --debug
Current working dir is
/home/vmail/antivirus/clamav-0.101.1/share/clamav
ClamAV update process started at Wed Mar  6 11:50:17 2019
Using IPv6 aware code
Max retries == 3
Querying current.cvd.clamav.net 
TTL: 297
Software version from DNS: 0.101.1
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level:
60, builder: sigmgr)
daily.cvd version from DNS: 25380
LibClamAV debug: in cli_untgz()
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/COPYING
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.info

LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cfg
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign2
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ftm
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdb
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdu
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsb
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsu
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdb
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdu
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msb
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msu
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndb
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndu
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldb
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldu
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.idb
LibClamAV debug: cli_untgz: Unpacking

/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread J.R. via clamav-users 
> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time.  :(

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Vijayakumar U via clamav-users 
Yes. Same here too...

On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez <
carlos.gar...@f-integra.org> wrote:

> Hello,
>
> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]
>
>
>
> /home/vmail/antivirus/clamav/bin/freshclam -v --debug
> Current working dir is /home/vmail/antivirus/clamav-0.101.1/share/clamav
> ClamAV update process started at Wed Mar  6 11:50:17 2019
> Using IPv6 aware code
> Max retries == 3
> Querying current.cvd.clamav.net
> TTL: 297
> Software version from DNS: 0.101.1
> main.cvd version from DNS: 58
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
> sigmgr)
> daily.cvd version from DNS: 25380
> LibClamAV debug: in cli_untgz()
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/COPYING
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/
> daily.info
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cfg
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign2
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ftm
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.idb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.fp
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.sfp
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.pdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0

Re: [clamav-users] ClamAV definitions vs LMD/maldet

2019-03-06 Thread Jakub Filo via clamav-users 
Thanks for the reply.So basically it does nothing extra, just has more definitions which I can import to clamav anyway?On Mar 6, 2019 4:01 AM, "J.R. via clamav-users"  wrote:> does anyone here have experience/knowledge about LMD/maldet?

>

> What I don't understand is whether it provides any advantage over

> running just ClamAV for regular weekly scans. If I understand it

> correctly, the malware definitions are shared among these programs, does

> maldet give any advantage?



maldet uses ClamAV as the backend with custom signature files. I

honestly couldn't tell you how many are unique from other 3rd party

signatures.



I'm pretty sure the clamav-unofficial-sigs script downloads the same

signature files as maldet. The maldet program itself gives you

turn-key ability for various scanning, logging, and cleaning

options...



___



clamav-users mailing list

clamav-users@lists.clamav.net

https://lists.clamav.net/mailman/listinfo/clamav-users





Help us build a comprehensive ClamAV guide:

https://github.com/vrtadmin/clamav-faq



http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Unsubscribe

2019-03-06 Thread Garon Govender 


Garon Govender
Green Swan Infrastructure
Mobile: +2778678

*Sent from my iPhone*

On 06 Mar 2019, at 12:53, Carlos García Gómez  
wrote:

Hello,
 
When crontab execs freshclam
CPU server goes to 100%
Hanged finishing Downloading daily-25380.cdiff [100%]
 
 
/home/vmail/antivirus/clamav/bin/freshclam -v --debug
Current working dir is /home/vmail/antivirus/clamav-0.101.1/share/clamav
ClamAV update process started at Wed Mar  6 11:50:17 2019
Using IPv6 aware code
Max retries == 3
Querying current.cvd.clamav.net
TTL: 297
Software version from DNS: 0.101.1
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
sigmgr)
daily.cvd version from DNS: 25380
LibClamAV debug: in cli_untgz()
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/COPYING
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.info
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cfg
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign2
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ftm
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldu
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.idb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.fp
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.sfp
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.pdb
LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283

[clamav-users] Problem with freshclam updating daily-25380.cdiff

2019-03-06 Thread Carlos García Gómez 
Hello,

When crontab execs freshclam 
CPU server goes to 100%
Hanged finishing Downloading daily-25380.cdiff [100%]


  /home/vmail/antivirus/clamav/bin/freshclam -v --debug
  Current working dir is /home/vmail/antivirus/clamav-0.101.1/share/clamav
  ClamAV update process started at Wed Mar  6 11:50:17 2019
  Using IPv6 aware code
  Max retries == 3
  Querying current.cvd.clamav.net
  TTL: 297
  Software version from DNS: 0.101.1
  main.cvd version from DNS: 58
  main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
sigmgr)
  daily.cvd version from DNS: 25380
  LibClamAV debug: in cli_untgz()
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/COPYING
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.info
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cfg
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign2
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ftm
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdb
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdu
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsb
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsu
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdb
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdu
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msb
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msu
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndb
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndu
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldb
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldu
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.idb
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.fp
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.sfp
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.pdb
  LibClamAV debug: cli_untgz: Unpacking 
/home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.wdb
  LibClamAV debug: cli_untgz: Un

Re: [clamav-users] ClamAV definitions vs LMD/maldet

2019-03-06 Thread Brent Clark via clamav-users 




On 2019/03/06 05:01, J.R. via clamav-users wrote:

I'm pretty sure the clamav-unofficial-sigs script downloads the same
signature files as maldet. The maldet program itself gives you
turn-key ability for various scanning, logging, and cleaning
options...



clamav-unofficial-sigs does

vagrant@stretch:/var/lib/clamav$ ls -la rfxn.*
-rw-r--r-- 1 clamav clamav 849117 Feb 25 05:13 rfxn.hdb
-rw-r--r-- 1 clamav clamav 451444 Feb 25 05:13 rfxn.ndb

HTH
Regards
Brent

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] broken link

2019-03-06 Thread Arnaud Jacques 

Hello,

https://www.clamav.net/documents/doc is broken.
Link found at https://www.clamav.net/documents/miscellaneous-faq.

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] possible to use clamscan to search for strings in mail?

2019-03-06 Thread Arnaud Jacques 

Hello Alex,


We do have a large IMAP ~200GB, and in order to find letters 
containing specific "keyword",
grep is not good because of base64 encoding. So the idea is to look 
through with antivirus scanner for "virus" inside letters, which is 
not a virus but a (not sure, may be) "bytecode signature" = "keyword"


Sounds good? A link to a howto will be appreciated.


Yes it is possible. Please see the official documentation :
https://www.clamav.net/documents/creating-signatures-for-clamav

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] possible to use clamscan to search for strings in mail?

2019-03-06 Thread Alex 
Hi all,

is it worth trying? 

We do have a large IMAP ~200GB, and in order to find letters containing
specific "keyword",
grep is not good because of base64 encoding. So the idea is to look
through with antivirus scanner for "virus" inside letters, which is not
a virus but a (not sure, may be) "bytecode signature" = "keyword"

Sounds good? A link to a howto will be appreciated.

Thanks.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml