Re: [clamav-users] issues with mirror - 194.186.47.19

2017-06-15 Thread Joel Esler (jesler) 
#1 Correct

#2 Its in my backlog.  But there are only so many hours in the day.


--
Joel Esler | Talos: Manager | jes...@cisco.com






On Jun 15, 2017, at 6:31 PM, Al Varnell 
> wrote:

I am under the impression that the mirrors list is only open to mirror 
operators and ClamAV.

The Mirrors status page was taken down several years ago with a promise to 
replace it some day with something more useful, but obviously not a high 
priority, at least for user use.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] issues with mirror - 194.186.47.19

2017-06-15 Thread Al Varnell 
On Thu, Jun 15, 2017 at 09:54 AM, Orrick, Diana wrote:
> 
> We pull sig file updates down to a local server that serves as a proxy for 
> updates to disperse to local servers.
> 
> Very recently this mirror 194.186.47.19 has had extremely slow response and 
> the wget ends up failing
> or running for hours rather than the quick speeds we're used to.
> 
> Any one else having similar issues? We're also looking into local networking, 
> etc.
> 
> I've requested to join the mirrors list to review archives, waiting on 
> subscription notice.
> 
> Reviewed docs and can't locate the Mirrors status output info, hoping that 
> will be part of the mirrors list output.

Looks like that mirror is in Russia.

> inetnum:194.186.47.0 - 194.186.47.255
> netname:GLDN-IT-hosts
> descr:  Golden telecom IT hosting
> descr:  Moscow, Russia
> country:RU
> admin-c:TELE1-RIPE
> tech-c: TELE1-RIPE
> status: ASSIGNED PA
> mnt-by: AS3216-MNT
> created:2005-04-28T09:54:02Z
> last-modified:  2005-04-28T09:54:02Z
> source: RIPE # Filtered
> 
> role:   Teleross NOC
> address:111250  Russia Moscow, Krasnokazarmennaja, 12
> org:ORG-ES15-RIPE
> admin-c:SVNT2-RIPE
> tech-c: SVNT2-RIPE
> tech-c: rj631-ripe
> nic-hdl:TELE1-RIPE
> abuse-mailbox:  abuse-...@beeline.ru
> mnt-by: AS3216-MNT
> remarks:formely Sovam Teleport NOC
> created:2002-05-27T14:37:41Z
> last-modified:  2016-01-22T09:25:28Z
> source: RIPE # Filtered

A Trace get's lost but times connect times are indeed abysmal.

> Trace route (tcp) en1 10.0.1.117
> to: 194.186.47.19:80 (194.186.47.19)
> 
>  1 10.0.1.1 [AS4565]  1.963 ms1.075 ms
> 1.161 ms
>  2 96.120.89.145 [AS7922] (US)   15.170 ms   10.224 ms
> 9.911 ms
>  3 be-20003-sur04.santaclara.ca.sfba.comcast.net (68.86.249.249) [AS7922] (US)
>  10.954 ms   10.454 ms   
> 10.638 ms
>  4 162.151.78.129 [AS7922] (US)  10.371 ms   11.451 ms   
> 12.455 ms
>  5 be-232-ar01.santaclara.ca.sfba.comcast.net (162.151.78.253) [AS7922] (US)
>  11.086 ms   10.468 ms   
> 11.114 ms
>  6   *   *
>*
>  7   *   *
>*
>  8 mx01.amsterdam.gldn.net (213.19.197.214) [AS3356] (GB)
> 191.124 ms  190.631 ms  
> 189.545 ms
>  9 pe25.moscow.gldn.net (194.186.159.113) [AS3216] (RU)
> 189.038 ms
>  9 pe27.moscow.gldn.net (194.186.156.213) [AS3216] (RU)
> 193.299 ms  202.537 ms
> 10 gig-hub-12.moscow.gldn.net (194.186.156.214) [AS3216] (RU)
> 200.534 ms  194.365 ms  
> 204.910 ms
> 11   *   *
>*
> 12   *   *
>*
> 13   *   *
>*
> 14   *   *
>*
> 15   *   *
>*
> 16   *   *
>*
> 17   *   *
>*
> 18   *   *
> 19   *   *
>*
> 20   *   *
>*
> 21   *   *
>*
> 22   *   *
>*
> 23   *   *
>*
> 24   *   *
>*
> 25   *   *
>*
> 26   *   *
>*
> 27   *   *
>*
> 28   *   *
>*
> 29   *   *
>*
> 30   *   *
>*
> 
> Maximum hop count reached: 
> Elapsed (sec): 68.917

I am

Re: [clamav-users] issues with mirror - 194.186.47.19

2017-06-15 Thread Noel Jones 
Some mail systems such as gmail, outlook.com, and probably others,
don't display the list copy of your own posts as a duplicate.

But your posts really do make it to the list.  You can check one of
the online archives if you want to verify.  Hopefully you would get
a non-delivery notice if the post didn't go through.



  -- Noel Jones


On 6/15/2017 12:36 PM, Orrick, Diana wrote:
> Appreciate the prompt response Joel.
> 
> I did not get a list copy of my own reply (below, sent at 1:12 pm)
> 
> 
> On 6/15/2017 1:32 PM, Joel Esler (jesler) wrote:
>> I got your post just fine.  Maybe just that one recipient.
>> -- 
>> Joel Esler | Talos: Manager |
>> jes...@cisco.com
>>
>>
>>
>>
>>
>>
>> On Jun 15, 2017, at 1:12 PM, Orrick, Diana
>> > wrote:
>>
>> I don't know why my post failed fraud detection?
>>
>> I don't post often...
>>
>>
>> On 6/15/2017 12:54 PM, Orrick, Diana wrote:
>> [This sender failed our fraud detection checks and may not be who
>> they appear to be. Learn about spoofing at
>> http://aka.ms/LearnAboutSpoofing]
>>
>> -- 
>>
>>
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> 

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] issues with mirror - 194.186.47.19

2017-06-15 Thread Orrick, Diana 

Appreciate the prompt response Joel.

I did not get a list copy of my own reply (below, sent at 1:12 pm)


On 6/15/2017 1:32 PM, Joel Esler (jesler) wrote:

I got your post just fine.  Maybe just that one recipient.
--
Joel Esler | Talos: Manager | jes...@cisco.com






On Jun 15, 2017, at 1:12 PM, Orrick, Diana 
> wrote:

I don't know why my post failed fraud detection?

I don't post often...


On 6/15/2017 12:54 PM, Orrick, Diana wrote:
[This sender failed our fraud detection checks and may not be who they appear 
to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing]

--


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--



Diana Mayer Orrick

Information Technology Services

Florida State University

orr...@fsu.edu - (850) 645-8009



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] issues with mirror - 194.186.47.19

2017-06-15 Thread Joel Esler (jesler) 
I got your post just fine.  Maybe just that one recipient.
--
Joel Esler | Talos: Manager | jes...@cisco.com






On Jun 15, 2017, at 1:12 PM, Orrick, Diana 
> wrote:

I don't know why my post failed fraud detection?

I don't post often...


On 6/15/2017 12:54 PM, Orrick, Diana wrote:
[This sender failed our fraud detection checks and may not be who they appear 
to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing]

--



Diana Mayer Orrick

Information Technology Services

Florida State University

orr...@fsu.edu - (850) 645-8009



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] issues with mirror - 194.186.47.19

2017-06-15 Thread Orrick, Diana 

I don't know why my post failed fraud detection?

I don't post often...


On 6/15/2017 12:54 PM, Orrick, Diana wrote:
[This sender failed our fraud detection checks and may not be who they 
appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing]


--



Diana Mayer Orrick

Information Technology Services

Florida State University

orr...@fsu.edu - (850) 645-8009



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] issues with mirror - 194.186.47.19

2017-06-15 Thread Orrick, Diana 
We pull sig file updates down to a local server that serves as a proxy 
for updates to disperse to local servers.


Very recently this mirror 194.186.47.19 has had extremely slow response 
and the wget ends up failing

or running for hours rather than the quick speeds we're used to.

Any one else having similar issues? We're also looking into local 
networking, etc.


I've requested to join the mirrors list to review archives, waiting on 
subscription notice.


Reviewed docs and can't locate the Mirrors status output info, hoping 
that will be part of the mirrors list output.


--



Diana Mayer Orrick

Information Technology Services

Florida State University

orr...@fsu.edu - (850) 645-8009



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] daily-23474 & daily-23475 updates are failing to load

2017-06-15 Thread David Raynor 
Thanks for reporting it. That signature is marked with the wrong "Engine"
limits, so that error message only affects some point releases of 0.98. We
are dropping that signature in the next daily CVD and will add a
replacement later.

To work around the trouble, you can add the "Win.Worm.Fadok-6328944-0" to a
local ign2 file in the same directory as the daily.cvd or daily.cld and any
affected ClamAV versions will load properly.

Dave R.

On Thu, Jun 15, 2017 at 2:37 AM, Jason J. W. Williams <
jasonjwwilli...@gmail.com> wrote:

> Hi Guys,
>
> Earlier this evening all of our healthchecks for the freshness of our
> ClamAV servers' databases started to go off indicating all of them were 2
> versions behind. Investigating the freshclam logs, all of the servers are
> reporting the same error loading the daily cdiffs:
>
> freshclam daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
> ClamAV update process started at Thu Jun 15 06:30:48 2017
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.98.7 Recommended version: 0.99.2
> DON'T PANIC! Read http://www.clamav.net/support/faq
> Downloading main-58.cdiff [100%]
> main.cld updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
> Downloading daily-23474.cdiff [100%]
> Downloading daily-23475.cdiff [100%]
> WARNING: [LibClamAV] cli_ac_addsig: Signature for Win.Worm.Fadok-6328944-0
> is too short
> WARNING: [LibClamAV] cli_parse_add(): Problem adding signature (3).
> WARNING: [LibClamAV] Problem parsing database at line 2793
> WARNING: [LibClamAV] Can't load daily.ldb: Malformed database
> WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb
> WARNING: [LibClamAV] Can't load
> /var/lib/clamav/clamav-67926f9ec604f961a16747a484057689.tmp/clamav-
> 250dc2257e1473258a61b534dbdef759.cld:
> Malformed database
> ERROR: Failed to load new database: Malformed database
> WARNING: Database load exited with status 55
> ERROR: Failed to load new database
>
> Is this a known issue, or is there something else we should be doing to
> clear the problem? Thank you in advance for your help.
>
> -J
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



-- 
---
Dave Raynor
Talos Security Intelligence and Research Group
dray...@sourcefire.com
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] daily-23474 & daily-23475 updates are failing to load

2017-06-15 Thread Ladar Levison 
n 06/15/2017 01:37 AM, Jason J. W. Williams wrote:
> WARNING: [LibClamAV] cli_ac_addsig: Signature for Win.Worm.Fadok-6328944-0 is 
> too short
> WARNING: [LibClamAV] cli_parse_add(): Problem adding signature (3).
> WARNING: [LibClamAV] Problem parsing database at line 2793
> WARNING: [LibClamAV] Can't load daily.ldb: Malformed database
> WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb
> WARNING: [LibClamAV] Can't load 
> /var/lib/clamav/clamav-67926f9ec604f961a16747a484057689.tmp/clamav-250dc2257e1473258a61b534dbdef759.cld:
>  Malformed database
> ERROR: Failed to load new database: Malformed database
> WARNING: Database load exited with status 55
> ERROR: Failed to load new database
>

I am also seeing this issue... with identical error messages - only it's
causing our mail daemon to lock up during the load process. What I need
to know is whether a) this issue is limited to past releases (I'm also
using 0.98.7 in production, and haven't had time to recompile with
0.99.2), and b) was it intentional, or did someone push out a corrupted
database by accident... ?

For those desperately searching for a solution... deleting daily.cld
will side step the issue. Just make sure you also disable freshclam...
at least until the issue is resolved...

LibClamAV Error: cli_ac_addsig: Signature for Win.Worm.Fadok-6328944-0
is too short
LibClamAV Error: cli_parse_add(): Problem adding signature (3).
LibClamAV Error: Problem parsing database at line 2793
LibClamAV Error: Can't load daily.ldb: Malformed database
LibClamAV Error: cli_tgzload: Can't load daily.ldb
LibClamAV Error: Can't load /var/lib/clamav/daily.cld: Malformed database




___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Lots of "fmap_readpage" errors with ClamAV 0.99.2 on centos 7

2017-06-15 Thread Ardavast Dayleryan 
In strace, the error looks like that:

[pid  2062] readlink("/proc/self/fd/10",
"/usr/share/dbus-1/system-services", 1023) = 33
[pid  2062] fstat(10, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid  2062] fstat(10, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid  2062] fstat(10, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid  2062] fstat(10, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid  2062] mmap(NULL, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f547b1dc000
[pid  2062] madvise(0x7f547b1dc000, 8192, MADV_DOFORK) = 0
[pid  2062] pread(10, 0x7f547b1dd000, 4096, 0) = -1 EISDIR (Is a directory)
[pid  2062] write(2, "LibClamAV Error: fmap_readpage: pread error: Is a
directory\n", 60) = 60

or, when I try /bin/ls /
[pid  2562] readlink("/proc/self/fd/22", "/", 1023) = 1
[pid  2562] fstat(22, {st_mode=S_IFDIR|0555, st_size=259, ...}) = 0
[pid  2562] fstat(22, {st_mode=S_IFDIR|0555, st_size=259, ...}) = 0
[pid  2562] fstat(22, {st_mode=S_IFDIR|0555, st_size=259, ...}) = 0
[pid  2562] fstat(22, {st_mode=S_IFDIR|0555, st_size=259, ...}) = 0
[pid  2562] mmap(NULL, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fadbb7f2000
[pid  2562] madvise(0x7fadbb7f2000, 8192, MADV_DOFORK) = 0
[pid  2562] pread(22, 0x7fadbb7f3000, 259, 0) = -1 EISDIR (Is a directory)
[pid  2562] write(2, "LibClamAV Error: fmap_readpage: pread error: Is a
directory\n", 60) = 60

I guess that this happens in onas_fan_th() when it gets an event about a
directory, but I'm not sure what to do now.
Does anybody have suggestions?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Slow database loading

2017-06-15 Thread Reindl Harald 



Am 15.06.2017 um 10:51 schrieb Renaud Allard:

On 11/23/2016 09:41 AM, Arnaud Jacques / SecuriteInfo.com wrote:

Hello Ferdinand,


After I put it back, reloading took over one minute again:
While reloading with the javascript.ndb in place the CPU usage of the clamd
process really goes up:


javascript.ndb will soon be smaller in Basic subsciption. Keep an eye on it.
Pro subscription has this problem resolved.


I am sorry to revive such an old topic, but it exactly corresponds my
current issues. Since I have enabled securiteinfo pro signatures, clamav
database reload takes more than 90s, while it was in the less than 10s
range before. This is not memory related, I have plenty of Gbs of RAM free.
I am using the following signatures:
-rw-r--r--  1 _clamav  _clamav  16.1M Jun 14 18:09 javascript.ndb
-rw-r--r--  1 _clamav  _clamav   296M Jun 14 21:16 securiteinfo.hdb
-rw-r--r--  1 _clamav  _clamav   9.0K Jun 13 21:44 securiteinfo.ign2
-rw-r--r--  1 _clamav  _clamav   8.3M Jun 15 08:30 securiteinfoandroid.hdb
-rw-r--r--  1 _clamav  _clamav   7.9M Jun 14 19:11 securiteinfoascii.hdb
-rw-r--r--  1 _clamav  _clamav   3.7M Jun 15 10:26 securiteinfohtml.hdb


why don't you contact the party you have a subscription with?

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Slow database loading

2017-06-15 Thread Al Varnell 
On Thu, Jun 15, 2017 at 01:51 AM, Renaud Allard wrote:
> On 11/23/2016 09:41 AM, Arnaud Jacques / SecuriteInfo.com wrote:
>> Hello Ferdinand,
>> 
>>> After I put it back, reloading took over one minute again:
>>> While reloading with the javascript.ndb in place the CPU usage of the clamd
>>> process really goes up:
>> 
>> javascript.ndb will soon be smaller in Basic subsciption. Keep an eye on it.
>> Pro subscription has this problem resolved.
> 
> Hello,
> 
> I am sorry to revive such an old topic, but it exactly corresponds my
> current issues. Since I have enabled securiteinfo pro signatures, clamav
> database reload takes more than 90s, while it was in the less than 10s
> range before. This is not memory related, I have plenty of Gbs of RAM free.
> I am using the following signatures:
> -rw-r--r--  1 _clamav  _clamav  16.1M Jun 14 18:09 javascript.ndb
> -rw-r--r--  1 _clamav  _clamav   296M Jun 14 21:16 securiteinfo.hdb
> -rw-r--r--  1 _clamav  _clamav   9.0K Jun 13 21:44 securiteinfo.ign2
> -rw-r--r--  1 _clamav  _clamav   8.3M Jun 15 08:30 securiteinfoandroid.hdb
> -rw-r--r--  1 _clamav  _clamav   7.9M Jun 14 19:11 securiteinfoascii.hdb
> -rw-r--r--  1 _clamav  _clamav   3.7M Jun 15 10:26 securiteinfohtml.hdb
> 
> Thank you,
> Best Regards

Yes, but this is not a ClamAV issue, so you need to contact Arnaud Jacques 
directly. Try i...@securiteinfo.com.

-Al-
-- 
Mountain View
ClamXav User

smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Slow database loading

2017-06-15 Thread Renaud Allard 
On 11/23/2016 09:41 AM, Arnaud Jacques / SecuriteInfo.com wrote:
> Hello Ferdinand,
> 
>> After I put it back, reloading took over one minute again:
>> While reloading with the javascript.ndb in place the CPU usage of the clamd
>> process really goes up:
> 
> javascript.ndb will soon be smaller in Basic subsciption. Keep an eye on it.
> Pro subscription has this problem resolved.
> 

Hello,

I am sorry to revive such an old topic, but it exactly corresponds my
current issues. Since I have enabled securiteinfo pro signatures, clamav
database reload takes more than 90s, while it was in the less than 10s
range before. This is not memory related, I have plenty of Gbs of RAM free.
I am using the following signatures:
-rw-r--r--  1 _clamav  _clamav  16.1M Jun 14 18:09 javascript.ndb
-rw-r--r--  1 _clamav  _clamav   296M Jun 14 21:16 securiteinfo.hdb
-rw-r--r--  1 _clamav  _clamav   9.0K Jun 13 21:44 securiteinfo.ign2
-rw-r--r--  1 _clamav  _clamav   8.3M Jun 15 08:30 securiteinfoandroid.hdb
-rw-r--r--  1 _clamav  _clamav   7.9M Jun 14 19:11 securiteinfoascii.hdb
-rw-r--r--  1 _clamav  _clamav   3.7M Jun 15 10:26 securiteinfohtml.hdb

Thank you,
Best Regards



smime.p7s
Description: S/MIME Cryptographic Signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Lots of "fmap_readpage" errors with ClamAV 0.99.2 on centos 7

2017-06-15 Thread Ardavast Dayleryan 
I tried this:
OnAccessMountPath /var
TemporaryDirectory /tmp

The error still persists.

I also tried the following:
OnAccessIncludePath /var
TemporaryDirectory /tmp

But then the protection doesn't work, and I got this in the log:
Jun 15 08:38:10 clamav7 clamd[1136]: ScanOnAccess: Protecting directory
'/var' (and all sub-directories)
Jun 15 08:38:10 clamav7 clamd: ScanOnAccess: Protecting directory '/var'
(and all sub-directories)
Jun 15 08:38:10 clamav7 clamd: ERROR: ScanOnAccess: Could not watch path
'/var', Success
Jun 15 08:38:10 clamav7 clamd[1136]: ScanOnAccess: Could not watch path
'/var', Success



On Wed, Jun 14, 2017 at 7:04 PM, Steven Morgan 
wrote:

> Hello,
>
> I looked at the debug trace and reviewed the clamd.conf. Can you try
> setting clamd's TemporaryDirectory to somewhere that is not under your
> onaccess mount path? Also, can you try running clamscan rather than clamd
> (to test if the behavior is the same)?
>
> Steve
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav daemon quitting unexpectedly

2017-06-15 Thread Fabrizio Mazzoni 
Hi Added the debug option

I have noticed that when the daemon stops these lines appear in the syslog:

Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc54f0 of 448 bytes at 0x7f5279bff170
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc54f0_wrap of 15 bytes at 0x7f5279bff340
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc55f0 of 1088 bytes at 0x7f5279bff360
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc55f1 of 244 bytes at 0x7f5279bff7b0
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc55f0_wrap of 15 bytes at 0x7f5279bff8b0
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc56f0 of 331 bytes at 0x7f5279bff8d0
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc56f0_wrap of 15 bytes at 0x7f5279bffa30
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc57f0 of 180 bytes at 0x7f5279bffa50
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc57f0_wrap of 15 bytes at 0x7f5279bffb10
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc58f0 of 1441 bytes at 0x7f5279bffb30
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc58f0_wrap of 15 bytes at 0x7f5279c000e0
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc59f0 of 432 bytes at 0x7f5279c00100
Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: 
emitted function bc59f0_wrap of 15 bytes at 0x7f5279c002c0


Thanks


Fabrizio Mazzoni - ICT Consultant
 +255 755 46 88 26   mazzofab.tz  
   www.fsm.co.tz    
  

> On 14 Jun 2017, at 18:43, Fabrizio Mazzoni  wrote:
> 
> Thanks. I'll give it a go.
> 
> I have added swap space today and this seems to have sorted the issue. Could 
> this be the cause?
> 
> 
> 
> Fabrizio Mazzoni. IT/Database/Programmer Consultant.
>  +255 755 46 88 26
> www.fsm.co.tz
> 
>> On 14 Jun 2017, at 18:36, Steven Morgan  wrote:
>> 
>> Hi,
>> 
>> Try adding "Debug true"  to clamd.conf. It may provide some insight into
>> what is going on.
>> 
>> Steve
>> 
>> 
>> On Wed, Jun 14, 2017 at 2:08 AM, Fabrizio Mazzoni 
>> wrote:
>> 
>>> Good Morning too all!
>>> 
>>> I’m having an issue whereas clamp is quitting unexpectedly and I have no
>>> clue what is causing this. There is not trace in the logs.
>>> 
>>> I had thought it was due to space issues in /tmp as my tmp is only 500MB
>>> and it was full of clam files.
>>> 
>>> 
>>> 
>>> I changed the clams.conf to read:
>>> 
>>> TemporaryDirectory /clamtmp
>>> 
>>> And created the directory with permissions 1777
>>> 
>>> but that does not seem to solve the problem.
>>> 
>>> Any help appreciated!
>>> 
>>> 
>>> Fabrizio Mazzoni - ICT Consultant
>>> +255 755 46 88 26    mazzofab.tz
>>>    www.fsm.co.tz <
>>> https://fsm.co.tz/>
>>> 
>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] daily-23474 & daily-23475 updates are failing to load

2017-06-15 Thread Jason J. W. Williams 
Hi Guys,

Earlier this evening all of our healthchecks for the freshness of our
ClamAV servers' databases started to go off indicating all of them were 2
versions behind. Investigating the freshclam logs, all of the servers are
reporting the same error loading the daily cdiffs:

freshclam daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
ClamAV update process started at Thu Jun 15 06:30:48 2017
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.7 Recommended version: 0.99.2
DON'T PANIC! Read http://www.clamav.net/support/faq
Downloading main-58.cdiff [100%]
main.cld updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily-23474.cdiff [100%]
Downloading daily-23475.cdiff [100%]
WARNING: [LibClamAV] cli_ac_addsig: Signature for Win.Worm.Fadok-6328944-0
is too short
WARNING: [LibClamAV] cli_parse_add(): Problem adding signature (3).
WARNING: [LibClamAV] Problem parsing database at line 2793
WARNING: [LibClamAV] Can't load daily.ldb: Malformed database
WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb
WARNING: [LibClamAV] Can't load
/var/lib/clamav/clamav-67926f9ec604f961a16747a484057689.tmp/clamav-250dc2257e1473258a61b534dbdef759.cld:
Malformed database
ERROR: Failed to load new database: Malformed database
WARNING: Database load exited with status 55
ERROR: Failed to load new database

Is this a known issue, or is there something else we should be doing to
clear the problem? Thank you in advance for your help.

-J
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml