JME,
As you've pointed out, it appears that some signatures containing a PCRE regex
components are responsible for slow scan times on larger email files.
I did a bunch of profiling similar to what Maarten did earlier in order to
narrow it down. I found that Email.Phishing.VOF2 signatures are p
I think most suggest using an SSH tunnel between server and host.
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf
Of David Hendrick
Sent: Wednesday, April 10, 2019 1:19 PM
To: clamav-users@lists.clamav
Thanks; I'm well aware of that.
I can well understand the rationale behind the signature - however it looks
like the code is established in normal usage. The user in question requested a
more recent copy of the template sheet they work with from the upstream
organisation, which too was blocked
Hi there,
I was wondering if there's any way to introduce any sort of encryption on
the requests sent to ClamAV using port 3310?
Thanks,
David
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/list
Helo,
I managed to significantly reduce the problems of very long analysis, more than
400sec on some emails. Not by disabling PhishingSignatures that did not work.
But putting: PCRERecMatchLimit to 1.
The PCRE analyzes are thus bypassed, but SafeBrawsing and the other scans
continue to work. Is
To whitelist a specific signature from the database you just add the
signature name into a local file with the .ign2 extension and store it
inside /var/lib/clamav.
i.e. echo 'Doc.Trojan.Agent-6923110-0' >> /var/lib/clamav/whitelist.ign2
HTH
Regards
Brent Clark
On 2019/04/10 13:46, Graeme Fow
Doc.Trojan.Agent-6923110-0 added 5th April (I think).
Detects potentially dodgy VB/VBA/VBScript macros in Excel docs, but we have one
user who has a completely genuine spreadsheet which contains several complex
database-lookup-related macros which are triggering that sig.
Nothing else has.
Unf
Thanks for doing this.
What Im getting out of your feedback is that maybe you guys need to look
to implementing or relooking at your CI process(es).
Before pushing a commit, your CI can run the same test(s) and alert on
slow or long running scans.
All this can be automated and report on iss
On 2019-04-09 22:29, Micah Snyder (micasnyd) via clamav-users wrote:
Maarten,
Looking at a few of the Phish.Phishing signatures, these appear to
have the same issue (href="http:// prefix). In testing with scan of a
PDF document, I was able to reduce the scan time from 31.987 sec down
to 2.632
