ClamAV’s Bugzilla system upgrade was mostly successful. However, late this
afternoon it was discovered that database settings are preventing new
attachments from being added to Bugzilla tickets. The issue will be resolved
as soon as we’re able.
It is still possible to create new Bugzilla tick
Hi all,
I couldn't get this issue to reproduce on my test system, but I've put
together a very quick and dirty patch that *should* allow for clamd to
recover from an unexpected SELinux denial. It's not an ideal fix, but I'm
hoping it'll work as intended and will fit your needs until the policy is
Does SA scan attachments now?
dp
On 2/14/19 8:07 AM, Alessandro Vesely wrote:
On Sat 09/Feb/2019 00:07:28 +0100 Gene Heskett wrote:
Has anyone rigged clamd to check what looks like questionable links
contained in incoming emails? It seems over the last 2 weeks my spam has
tripled, and I suspec
Paul,
I know what you mean. We had encountered this type of behavior when we were
adding the byte-compare signature feature and we initially put in a change
(specific to byte-compare) to prevent the 2nd scan from occurring. We ended up
reverting that change when we realized that we really nee
Hi Micah
I can code to handle this but basing handling code on "appears to
behaviour" is far from an ideal start.
The multiple matches on test/clam.mail from the clamav 101.1 sources
with Clamav.Test.File-6 reported twice sure looks like a bug to me.
Regards Paul
On 14/02/2019 19:46, Mi
Paul,
You may be seeing cases where a signature match of the raw file also matches
the file after it has been:
* normalized (for html or other text files)
* extracted (eg uncompressed archives or archives where compression has little
effect)
* or otherwise parsed (eg where a signature written to
Paul wrote:
Hi
I have been looking at using the -z option on either clamdscan or
clamscan and stumbled onto some odd behavior.
This is with version 101.1. 101.0 also behaves the same.
Take 2 paultest-010E110713-000 is constructed from test/clam.mail with
the addition of a line of text to
Hi
I have been looking at using the -z option on either clamdscan or
clamscan and stumbled onto some odd behavior.
This is with version 101.1. 101.0 also behaves the same.
Take 1
clamscan -z ./clamav-0.101.1/test/clam.mail
./clamav-0.101.1/test/clam.mail: Clamav.Test.File-6 FOUND
./clamav
> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Alessandro Vesely
> Sent: Thursday, February 14, 2019 11:08 AM
>
> Shouldn't that be done with SA?
> http://uribl.com/usage.shtml
It really depends on your goal. For me I use ClamAV to
On Sat 09/Feb/2019 00:07:28 +0100 Gene Heskett wrote:
>
> Has anyone rigged clamd to check what looks like questionable links
> contained in incoming emails? It seems over the last 2 weeks my spam has
> tripled, and I suspect the real payload is in the urls in the message.
Shouldn't that be don
Osx.Trojan.EmPyre-6852410-0 has been dropped.
On Wed, Feb 13, 2019 at 9:04 PM Al Varnell wrote:
> Not only that, it's the installer package for an update to the macOS
> Malware Removal Tool and only being detected by ClamAV here:
> <
> https://www.virustotal.com/#/file/c81d0180cbfa858d6f3faf4455
Hi,
We are also seeing the same issue. Did anyone make any progress with this?
The odd thing is, we aren't even seeing any denials in the audit log for
SELinux, and we have the SELinux booleans set for ClamAV.
When we try to do exclusions, we are also seeing things like this:
"Permission denied
12 matches
Mail list logo