[clamav-users] Upgrade to 0.100.0 disables CL_TYPE_ZIP regex signatures for Office files

2018-06-30 Thread David Shrimpton
Upgrade of clamav to 0.100.0 disables Container CL_TYPE_ZIP regex signatures for Office 2007+ files. Eg signatures attempting to match a contained file of an Office zip. Prior to 0.100.0 the Container for Office files was classified only as CL_TYPE_ZIP. With 0.100.0 the Container is classified

Re: [clamav-users] update report

2018-06-30 Thread Gene Heskett
On Saturday 30 June 2018 20:30:57 Joel Esler (jesler) wrote: > Interesting. Can you give us a -debug? > Is this something I can put in the crontab, Joel? How? > Sent from my iPhone > > > On Jun 30, 2018, at 20:22, Gene Heskett > > wrote: > > > > I'm still logging this about every other

[clamav-users] CVE verification

2018-06-30 Thread Dajuan Mcdonald
Hi, Regarding CVE-2017-12941 and CVE-2017-12942, unrar-5.5.6 is affected. There is a fixed version of unrar-5.5.7. I am asking: [1] are the CVEs known to affect any versions of clamav, if so which versions are not affected? [2] These are the vulnerable code examples: #Vulnerable unrar

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-06-30 Thread Joel Esler (jesler)
Ping.clamav.net is an identification lookup. Helps us see what versions people are running out there and what version of ClamAV people are using. It’s failure shouldn’t stop the update process. Please give us a debug. Sent from my iPhone > On Jun 30, 2018, at 19:28, Paul Kosinski wrote: >

Re: [clamav-users] update report

2018-06-30 Thread Joel Esler (jesler)
Interesting. Can you give us a -debug? Sent from my iPhone > On Jun 30, 2018, at 20:22, Gene Heskett wrote: > > I'm still logging this about every other freshclam run: > > Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101: > Network is unreachable > Sat Jun 30

[clamav-users] update report

2018-06-30 Thread Gene Heskett
I'm still logging this about every other freshclam run: Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101: Network is unreachable Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a) And I've rm'd mirrors.dat

[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-06-30 Thread Paul Kosinski
We are *still* failing to get ClamAV cvd files updates reliably -- even after deleting mirrors.dat before each attempt! The basic problem seems to be that the query to (e.g.): daily.24710.85.1.0.6810BB8A.ping.clamav.net fails as often as not (e.g.): Querying

[clamav-users] Problems with freshclam (Can't create new socket: Address family not supported by protocol)

2018-06-30 Thread Klaus Ethgen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi folks, since several months I get the message "Can't create new socket: Address family not supported by protocol" several times the day. It is only freshclam that acts this wrong, no other tool/service has this problem. The machine I use

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-30 Thread Nikita Yerenkov-Scott
Dear Al, Thank you very much for your response. Completely understand the ClamAV position. Perhaps one day if you expand then there will be more capability for documentation of the samples. Best wishes, Nikita On Sat, 30 Jun 2018 at 12:34, Nikita Yerenkov-Scott wrote: > > Dear Al, > > Thank

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-30 Thread Nikita Yerenkov-Scott
Dear Al, Thank you very much for your response. Completely understand the ClamAV position. Perhaps one day if you expand then there will be more capability for documentation of the samples. Best wishes, Nikita On Sat, 30 Jun 2018 at 04:09, Al Varnell wrote: > I'm not sure I understand