Re: [clamav-users] clamonsacc not working on centos7

[Joël Labby via clamav-users]

No Selinux is desactivated.

But I made a step into this problem...

I've commented the line

#LocalSocket /run/clamd.scan/clamd.sock

And Clanonacc can now run.

I just have another concern.

I've set it like this :

OnAccessIncludePath /home/afifd

but when I start the process I can see in the log :

ClamFanotif: recursively watching the mount point '/home/user'

and

ClamWorker: performing scanning on file 
'/var/clamav/tmp/clamav-eee4bd3426e13922b0708f8cae552dfa.tmp'


So the path defined doesn't seem to work.

I've also tried to define

OnAccessExcludePath /var/clamav/tmp

If you have any idea.. You are welcome :-)

Thanks

joel

Le 27/07/21 à 20:06, G.W. Haywood via clamav-users a écrit :

Hi there,

On Tue, 27 Jul 2021, Joël Labby via clamav-users wrote:


...
I can use clamscan to scan a file

but clamonacc return this error :

ERROR: ClamClient: Could not connect to clamd, Couldn't connect to 
server
ERROR: Clamonacc: daemon is local, but a connection could not be 
established


any idea ?


Are you running SELinux?


--


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can't cmake 1.0.4rc

[Gene Heskett via clamav-users]

On Tuesday 27 July 2021 14:22:39 Rick Cooper wrote:

> Create the build dir in the source dir
> Or reference.. /you clam source dir instead of..

wordwrap is off so what you see is what I got

The only reply I got, obviously from someone who didn't actually read 
my msg.

Starting from the src directory unpacked from the tarball the first 
instruction line from INSTALL.md is:

mkdir build && cd build

so my path is then

gene@coyote:~/src/clamav-0.104.0-rc/build$

The next instruction line from INSTALL.md is:

cmake .. -D CMAKE_BUILD_TYPE="Release"

Which generates this response:

CMake Error: The source directory 
"/home/gene/src/clamav-0.104.0-rc/build/CMAKE_BUILD_TYPE=Release" does not 
exist.
Specify --help for usage, or press the help button on the CMake GUI.

So that error is itself erronious, that build directory is there and I an cd'd
into it.

So my simple point is that even the 2nd step of the "install" does not work.
cmake does not have a gui, and despite having used it before, I have never
seen its gui if it has one.

That tarball is exactly as it was unpacked.
>From that "build" directory, an ls ..shows this:
build clamav-version.h.in  clam-format 
CMakeOptions.cmake  dockerfiles  INSTALL.md   libclamunrar_iface  README.md
ChangeLog.md  clambc   clamonacc   
CODE_OF_CONDUCT.md  docs Jenkinsfile  libfreshclam
SECURITY.md
clamav-config.h.cmake.in  clamconf clamscancommon   
   etc  libclamavlogo.pngsigtool
clamav-config.in  clamdclamsubmit  COPYING  
   examples libclamav.pc.in  NEWS.md 
target.h.cmake.in
clamav-milter clamdscancmake   COPYING.txt  
   freshclamlibclammspackplatform.h.in   unit_tests
clamav-types.h.in clamdtop CMakeLists.txt  Dockerfile   
   fuzz libclamunrar README.Docker.mdwin32

Did I download a bad tarball?

cmake --version RETURN says:
cmake version 3.7.2

CMake suite maintained and supported by Kitware (kitware.com/cmake).

So my next question was:

Next?

Which generated this msg's quoted opening text, and which makes zero sense to me
since the empty build directory does exist and I am cd'd into it..

Seems to me the instructions should Just Work, but its not working, so what is 
missing?

I haven't a clue what else I can copy/paste from that shells window that
might be helpfull. Better yet, remake the tarball with working instructions.

Thanks.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Paul Kosinski via clamav-users]

On Tue, 27 Jul 2021 16:41:03 +0100
Mark Fortescue via clamav-users  wrote:

> Hi Joel,
> 
> One quick answer to why people do not upgrade the OS is that the 
> hardware does not support the upgrade (mostly due to memory and x86_64).
> 
> I work with embedded systems where the code is very specific to the 
> hardware so new hardware is not an option.
> 
> For others it may just be the hassle of starting setting up a new OS and 
> fixing all the distribution bugs/annoyances that get installed with each 
> new OS all over again.
> 
> Regards
>   Mark.


In my case, I can't simply upgrade to the latest Debian (or any other distro), 
as one of the systems is our home firewall and gateway -- with iptables, 
multi-LAN routing (with local DNS), a bit of bridging, encrypted tunnels to 
elsewhere, etc. This means we would lose *all* Internet connectivity for who 
knows how long if I tried an in-place upgrade.

So the only way to move forward seems to be to rebuild our system on separate 
hardware. I have started this on hardware I already mainly have (being retired, 
and thus without corporate budget or staff). Then I plan get the new build more 
or less working, and hope that I don't have to move cables between the old and 
new (and change IP addresses back and forth) more than a few times, thereby 
only having a few short periods of time without Internet connectivity.

Finally, building this new system is made even more difficult by the fact that 
iptables has recently been replaced by nftables, whose native syntax has been 
"improved" to be quite different. There is, at least, a legacy iptables 
interface to it, and it may actually be behaviorally identical to the old 
iptables for my > 2000 custom rules (built up over a dozen years) which govern 
LAN[i] <=> LAN[j] and LAN[i] <=> Internet routing and firewalling.

P.S. The last time I upgraded our firewall, from x86 to x86_64, at least 
iptables was quite compatible with ipchains, and Linux as a whole was still in 
the early stages of its exponential growth in complexity.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi again,

I needed to read all of the INSTALL.md file not just the top bit.

Got the cmake build to work and the binaries test OK.

Not as user friendly as configure scripts when you are doing something 
different. The big advantage of the configure script is that it can be 
tweaked when it gets something wrong or at least opened in an editor to 
see what it is actually doing. Not sure where to start if cmake does not 
do what it is meant to do.


Regards
Mark.

On 28/07/2021 00:14, Mark Fortescue via clamav-users wrote:

Hi all,

I have two curl installations. One is not suitable for clamav (the 
system installed version).


How do I force cmake to pick up the correct library as it is always 
picking up the system library not the one in /usr/local/clamav/lib.


In order to move to cmake it would be useful to have a conversion from 
all the configure script options to there cmake equivalents. Is there a 
way of getting cmake to display all the variables that can be set 
(equivalent to ./configure --help) ?


Regards
 Mark.

On 22/07/2021 17:18, Joel Esler (jesler) via clamav-users wrote:




https://blog.clamav.net/2021/07/clamav-01040-release-candidate-is-here.html 




  ClamAV 0.104.0 Release Candidate is here!

We are pleased to announce the ClamAV 0.104.0 release candidate 
.


Please help us validate this release. We need your feedback, so let 
us know what you find and join us on the ClamAV mailing list 
, or on our 
Discord , which is bridged with our IRC.


This release candidate phase is only expected to last about two to 
four weeks before the 0.104.0 Stable version will be published. Take 
this opportunity to verify that you 0.104.0 can build and run in your 
environment.


Please submit bug reports to the ClamAV project GitHub Issues 
.


ClamAV 0.104.0 includes the following improvements and changes.


  
 




  New Requirements

 *

    As of ClamAV 0.104, CMake is required to build ClamAV.

  * We have added comprehensive build instructions for using CMake to
    the new |INSTALL.md| file. The online documentation will also be
    updated to include CMake build instructions.
  * The Autotools and the Visual Studio build systems have been removed.


  
 




  Major changes

 *

    The built-in LLVM for the bytecode runtime has been removed.

  * The bytecode interpreter is the default runtime for bytecode
    signatures just as it was in ClamAV 0.103.
  * We wished to add support for newer versions of LLVM, but ran out
    of time. If you're building ClamAV from source and you wish to use
    LLVM instead of the bytecode interpreter, you will need to supply
    the development libraries for LLVM version 3.6.2. See |INSTALL.md|
    to learn more.
 *

    There are now official ClamAV images on Docker Hub.

  o /Note/: Until ClamAV 0.104.0 is released, these images are
    limited to "unstable" versions, which are updated daily with
    the latest changes in the default branch on GitHub.

You can find the images on Docker Hub under |clamav| 
.


Docker Hub ClamAV tags:

 *

    |clamav/clamav:|: A release preloaded with signature
    databases.

    Using this container will save the ClamAV project some bandwidth.
    Use this if you will keep the image around so that you don't
    download the entire database set every time you start a new
    container. Updating with FreshClam from the existing databases set
    does not use much data.

 *

    |clamav/clamav:_base|: A release with no signature 
databases.


    Use this container *only* if you mount a volume in your container
    under |/var/lib/clamav| to persist your signature database
    databases. This method is the best option because it will reduce
    data costs for ClamAV and for the Docker registry, but it does
    require advanced familiarity with Linux and Docker.

    /Caution/: Using this image without mounting an existing
    database directory will cause FreshClam to download the entire
    database set each time you start a new container.

You can use the |unstable| version (i.e. |clamav/clamav:unstable| or 
|clamav/clamav:unstable_base|) to try the latest from our development 
branch.


Please, be kind when using "free" bandwidth for the virus databases 
and Docker registry. Try not to download the entire database set or 
the larger ClamAV database images on a regular basis.


For more details, see the ClamAV Docker documentation 
.


Special thanks to Olliver Schinagl for his excellent work creating 
ClamAV's new Docker files, image database deployment 

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi all,

I have two curl installations. One is not suitable for clamav (the 
system installed version).


How do I force cmake to pick up the correct library as it is always 
picking up the system library not the one in /usr/local/clamav/lib.


In order to move to cmake it would be useful to have a conversion from 
all the configure script options to there cmake equivalents. Is there a 
way of getting cmake to display all the variables that can be set 
(equivalent to ./configure --help) ?


Regards
Mark.

On 22/07/2021 17:18, Joel Esler (jesler) via clamav-users wrote:




https://blog.clamav.net/2021/07/clamav-01040-release-candidate-is-here.html


  ClamAV 0.104.0 Release Candidate is here!

We are pleased to announce the ClamAV 0.104.0 release candidate 
.


Please help us validate this release. We need your feedback, so let us 
know what you find and join us on the ClamAV mailing list 
, or on our 
Discord , which is bridged with our IRC.


This release candidate phase is only expected to last about two to 
four weeks before the 0.104.0 Stable version will be published. Take 
this opportunity to verify that you 0.104.0 can build and run in your 
environment.


Please submit bug reports to the ClamAV project GitHub Issues 
.


ClamAV 0.104.0 includes the following improvements and changes.


  



  New Requirements

 *

As of ClamAV 0.104, CMake is required to build ClamAV.

  * We have added comprehensive build instructions for using CMake to
the new |INSTALL.md| file. The online documentation will also be
updated to include CMake build instructions.
  * The Autotools and the Visual Studio build systems have been removed.


  



  Major changes

 *

The built-in LLVM for the bytecode runtime has been removed.

  * The bytecode interpreter is the default runtime for bytecode
signatures just as it was in ClamAV 0.103.
  * We wished to add support for newer versions of LLVM, but ran out
of time. If you're building ClamAV from source and you wish to use
LLVM instead of the bytecode interpreter, you will need to supply
the development libraries for LLVM version 3.6.2. See |INSTALL.md|
to learn more.
 *

There are now official ClamAV images on Docker Hub.

  o /Note/: Until ClamAV 0.104.0 is released, these images are
limited to "unstable" versions, which are updated daily with
the latest changes in the default branch on GitHub.

You can find the images on Docker Hub under |clamav| 
.


Docker Hub ClamAV tags:

 *

|clamav/clamav:|: A release preloaded with signature
databases.

Using this container will save the ClamAV project some bandwidth.
Use this if you will keep the image around so that you don't
download the entire database set every time you start a new
container. Updating with FreshClam from the existing databases set
does not use much data.

 *

|clamav/clamav:_base|: A release with no signature databases.

Use this container *only* if you mount a volume in your container
under |/var/lib/clamav| to persist your signature database
databases. This method is the best option because it will reduce
data costs for ClamAV and for the Docker registry, but it does
require advanced familiarity with Linux and Docker.

/Caution/: Using this image without mounting an existing
database directory will cause FreshClam to download the entire
database set each time you start a new container.

You can use the |unstable| version (i.e. |clamav/clamav:unstable| or 
|clamav/clamav:unstable_base|) to try the latest from our development 
branch.


Please, be kind when using "free" bandwidth for the virus databases 
and Docker registry. Try not to download the entire database set or 
the larger ClamAV database images on a regular basis.


For more details, see the ClamAV Docker documentation 
.


Special thanks to Olliver Schinagl for his excellent work creating 
ClamAV's new Docker files, image database deployment tooling, and user 
documentation.


 *

|clamd| and |freshclam| are now available as Windows services. To
install and run them, use the |--install-service| option and |net
start [name]| command.

Special thanks to Gianluigi Tiesi for his original work on this
feature.


  



  Notable changes

We added these features in 0.103.1 but wanted to re-post them here, as 
patch versions do not generally introduce new options:


 *

Added a new 

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Micah Snyder (micasnyd) via clamav-users]

All:

I and others on the development team struggled with Autotools and felt plagued 
by a myriad of little bugs. Whenever we had a problem with autotools (and there 
were plenty) it was always, “Heeey you’re the Autotools expert. You got this, 
right?…” No one wanted to deal with it.

CMake is far less confusing and less error-prone (at least to me). The 
documentation is great. It has built in features to detect loads of 
system-installed libraries. More recent versions even have system similar to 
pkg-config for importing build targets exactly as they were created when 
compiled, so that you never miss a library dependency. No more mussing about 
with LDFLAGS and LIBS variables and various directory variables. Honestly, it’s 
a breath of fresh air. And CMake supports Windows which allowed us to drop the 
old Visual Studio project files. There’s more, but I think that should be 
enough. No it won’t necessarily improve detection, unless you were one of those 
people who didn’t realize you needed libbz2 or some such “optional” dependency 
in order to get the most out of ClamAV.

Anyways, there are many reasons why CMake is better than Autotools but I don’t 
want to ramble on about it any more than I already have. I recommend reading up 
on some modern CMake features. You may find that you like it.

But if you really don’t want to deal with it, you can wait until your system’s 
packaging system has the next ClamAV version. That’s what most people will do 
anyways.

Mark:

I’m sorry about breaking your scripts. For what it’s worth, all of the 
dependency builds should stay the same but you’ll have to change the commands 
for building ClamAV itself.

One of those reasons why CMake is awesome is that it’s really easy to build 
installers. Just last week Hanspeter and I figured out how to link ClamAV with 
a static libcurl build and have it bring along all of libcurl’s dependencies. 
This was a roadblock for a couple things to include building a PKG installer 
for macOS. After seeing your comments about Homebrew, and with that roadblock 
finally removed, you successfully nerd-sniped me into figuring out the rest of 
the macOS installer build.

I just finished a pull-request to add support to build a PKG installer for Mac. 
I would love your input on it: https://github.com/Cisco-Talos/clamav/pull/228
Note that I picked an install path /opt/clamav rather arbitrarily.  If we’re 
going to add a macOS PKG installer to our Downloads page, I’d appreciate input 
on where you think it should actually install to.

My example in the PR (and commit message) rely on having used Mussels, our 
dependency build automation tool, to build all of the static libs 
(https://github.com/Cisco-Talos/Mussels).
We use Mussels to build the dependencies for Windows and for Linux (for 
OSS-Fuzz). Crafting recipes for static libs for macOS wasn’t so bad. I added 
those last night. You can review the recipes the “clamav cookbook” uses to 
build each dependency here: 
https://github.com/Cisco-Talos/clamav-mussels-cookbook/

If you want to give it a try instead of using your own build tools, the Mussels 
project page has some basic instructions but for a leg up here are some 
commands to get you started:

python3 -m pip install mussels
msl --help
msl up
msl cookbook trust clamav
msl build --help
msl build clamav_deps -t host-static --dry-run
msl build clamav_deps -t host-static

I have not yet modified the clamav recipe to build the PKG installer, since the 
above PR hasn’t merged yet, but “msl build clamav -t host-static” should also 
work.

Anyways, please let me know what you think.

Respectfully,
Micah


From: clamav-users  On Behalf Of Mark 
Allan via clamav-users
Sent: Monday, July 26, 2021 5:27 PM
To: ClamAV users ML 
Cc: Mark Allan 
Subject: Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is 
here!

I find myself asking the same question. Just from a personal point of view, 
I've invested a lot of time over the years creating scripts that pull down 
dependencies, build & install them in the right order, and then build package 
and deploy ClamAV. Looks like I'll now have to spend even more time, trying to 
get my head around making them work with CMakeand for what? What benefit 
does it bring?

Of course, I understand that this is your project and you can do whatever you 
like with it, and that you don't owe us any explanation for doing anything, but 
it still seems odd to change the whole build process without at least saying 
what the benefits are.

...and don't get me started on the official recommendation to use Homebrew on 
macOS.

Regards
Mark


On 26 Jul 2021, at 4:35 pm, Rick Cooper 
mailto:rcoo...@dwford.com>> wrote:

And what, exactly, is the reason for moving to cmake? I am sure you know it's 
going to be problematic for thousands of people so I am curious what tremendous 
gain of speed, size, memory usage or seciurity the other users get from this 
change, or if it's just a convenience thing for the 

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Paul Kosinski via clamav-users]

On Tue, 27 Jul 2021 15:30:05 +
"Joel Esler (jesler)"  wrote:

> You can’t support everything, forever.

When you are part of critical infrastructure -- as computers have become -- you 
must. (Well, not quite forever.)

Compare the rollout of IPv6 with the rollout of x86_64 (not to mention the 
rollout years ago of Area Codes and Direct Distance Dialing).

IPv6 is better than IPv4 in providing many more IP addresses, but it hasn't 
replaced it: it's incompatible. (Why didn't they simply add more bits, like 
int32 => int64?)

In CPUs, x86_64, which is backward compatible, has taken over, while its 
"replacement", Itanium is gone. (ARM is spreading, of course, but not because 
x86_64 is being dropped upon software upgrade; even Apple can't do that for a 
few years).

And imagine what would have happened 50 years ago if you had needed new 
telephones and a second telephone number to take advantage of DDD.

Of course ClamAV now belongs to Cisco, and there is no money cost to users, but 
the work cost to keep up-to-date has gotten much worse recently (mainly because 
of the response to bandwidth abuse), and some less dedicated users are probably 
giving up.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[fxkl47BF via clamav-users]

‐‐‐ Original Message ‐‐‐

On Tuesday, July 27th, 2021 at 11:51 AM, Matus UHLAR - fantomas 
 wrote:

> > > On Tuesday, July 27th, 2021 at 10:28 AM, Joel Esler (jesler) 
> > > jes...@cisco.com wrote:
> > >
> > > > Maybe try raising your receivetimeout?  
> > > > https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html
>
> > On Tuesday, July 27th, 2021 at 10:46 AM, fxkl47BF via clamav-users 
> > clamav-users@lists.clamav.net wrote:
> >
> > > i changed the receivetimeout to 300 as described in the article
> > >
> > > i'll see what happens after the cool down ends
>
> On 27.07.21 16:37, fxkl47BF via clamav-users wrote:
>
> > it made no difference
> >
> > Tue Jul 27 11:34:03 2021 -> Received signal: wake up
> > Tue Jul 27 11:34:03 2021 -> ClamAV update process started at Tue Jul 27 
> > 11:34:03 2021
> > Tue Jul 27 11:34:03 2021 -> WARNING: Your ClamAV installation is OUTDATED!
> > Tue Jul 27 11:34:03 2021 -> WARNING: Local version: 0.103.2 Recommended 
> > version: 0.103.3
> > Tue Jul 27 11:34:03 2021 -> DON'T PANIC! Read 
> > https://www.clamav.net/documents/upgrading-clamav
> > Tue Jul 27 11:34:03 2021 -> WARNING: Cool-down expired, ok to try again.
> > Tue Jul 27 11:34:03 2021 -> daily database available for update (local 
> > version: 26231, remote version: 26245)
> > Tue Jul 27 11:34:05 2021 -> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) 
> > failed
> > Tue Jul 27 11:34:05 2021 -> ERROR: downloadPatch: Can't apply patch
> > Tue Jul 27 11:34:05 2021 -> WARNING: Incremental update failed, trying to 
> > download daily.cvd
> > Tue Jul 27 11:34:06 2021 -> WARNING: Can't download daily.cvd from 
> > https://database.clamav.net/daily.cvd
> > Tue Jul 27 11:34:06 2021 -> WARNING: FreshClam received error code 429 from 
> > the ClamAV Content Delivery Network (CDN).
>
> you weren't unblocked by changing receivetimeout.
> wait until you are unblocked (up to 24 hours) and then you should be able to
> download the file.
> what's your bandwidth? the receive can take longer than 5 minutes./

for many years it's worked fine with timeout set at 30 seconds


> How many machines in your network?

two
only one has clamav


> If more than one, creating local mirror should be better.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamonsacc not working on centos7

[Eero Volotinen]

try running with strace

something like this

strace -s 255 -f -o /tmp/logfile command

ja upload logfile to pastebin or similar

Eero

On Tue 27. Jul 2021 at 21.09, G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Tue, 27 Jul 2021, Joël Labby via clamav-users wrote:
>
> > ...
> > I can use clamscan to scan a file
> >
> > but clamonacc return this error :
> >
> > ERROR: ClamClient: Could not connect to clamd, Couldn't connect to server
> > ERROR: Clamonacc: daemon is local, but a connection could not be
> established
> >
> > any idea ?
>
> Are you running SELinux?
>
> --
>
> 73,
> Ged.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can't cmake 1.0.4rc

[Rick Cooper]

Create the build dir in the source dir
Or reference.. /you clam source dir instead of.. 
-- 
rcoo...@dwford.com
Phone : (260) 414-8566

On July 27, 2021 12:31:13 PM EDT, Gene Heskett via clamav-users 
 wrote:
>Greetings;
>
>unpack freshly downloaded tarball, 1st step from INSTALL.md is 
>mkdir build && cd build .. no prob
>
>Then:
>cmake .. -D CMAKE_BUILD_TYPE="Release", but that returns:
>gene@coyote:~/src/clamav-0.104.0-rc/build$ cmake .. -D 
>CMAKE_BUILD_TYPE="Release"
>CMake Error: The source 
>directory "/home/gene/src/clamav-0.104.0-rc/build/CMAKE_BUILD_TYPE=Release" 
>does not exist.
>Specify --help for usage, or press the help button on the CMake GUI.
>
>That build directory does exist, but if I was supposed to move or rename 
>a file, IDK. That FILE does not exist in the tarball.
>
>Next?
>
>Cheers, Gene Heskett
>-- 
>"There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
>-Ed Howdershelt (Author)
>If we desire respect for the law, we must first make the law respectable.
> - Louis D. Brandeis
>Genes Web page 
>
>___
>
>clamav-users mailing list
>clamav-users@lists.clamav.net
>https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
>Help us build a comprehensive ClamAV guide:
>https://github.com/vrtadmin/clamav-faq
>
>http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can't cmake 1.0.4rc

[Gene Heskett via clamav-users]

On Tuesday 27 July 2021 13:33:07 Frans de Boer wrote:

> On 7/27/21 6:31 PM, Gene Heskett via clamav-users wrote:
> > Greetings;
> >
> > unpack freshly downloaded tarball, 1st step from INSTALL.md is
> > mkdir build && cd build .. no prob
> >
> > Then:
> > cmake .. -D CMAKE_BUILD_TYPE="Release", but that returns:
> > gene@coyote:~/src/clamav-0.104.0-rc/build$ cmake .. -D
> > CMAKE_BUILD_TYPE="Release"
> > CMake Error: The source
> > directory
> > "/home/gene/src/clamav-0.104.0-rc/build/CMAKE_BUILD_TYPE=Release"
> > does not exist.
> > Specify --help for usage, or press the help button on the CMake GUI.
> >
> > That build directory does exist, but if I was supposed to move or
> > rename a file, IDK. That FILE does not exist in the tarball.
> >
> > Next?
> >
> > Cheers, Gene Heskett
>
> did you type
>
> cmake .. -D
> CMAKE_BUILD_TYPE="Release"
>
> or
> cmake .. -D CMAKE_BUILD_TYPE="Release"
This latter, word wrap struck again
> --- Frans.


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamonsacc not working on centos7

[G.W. Haywood via clamav-users]

Hi there,

On Tue, 27 Jul 2021, Joël Labby via clamav-users wrote:


...
I can use clamscan to scan a file

but clamonacc return this error :

ERROR: ClamClient: Could not connect to clamd, Couldn't connect to server
ERROR: Clamonacc: daemon is local, but a connection could not be established

any idea ?


Are you running SELinux?

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[G.W. Haywood via clamav-users]

Hi there,

On Tue, 27 Jul 2021, Joel Esler wrote:

On Jul 27, 2021, at 11:27 AM, Paul Kosinski wrote:

On Mon, 26 Jul 2021 11:35:29 Rick Cooper wrote:


And what, exactly, is the reason for moving to cmake? I am sure
you know it's going to be problematic for thousands of people so I
am curious what tremendous gain of speed, size, memory usage or
seciurity the other users get from this change, or if it's just a
convenience thing for the developers?


I get the impression that *all* recent software development (at
least in Open Source) has given up any notion of backward
compatibility. ...

Now I wonder what will happen when I next try to build ClamAV on my
three different Debian systems (7, 8 & 10).


You can’t support everything, forever.  You have to push forward
with new tools and technology that make securing your customers
easier and better and provide more functionality to us (the authors
of the ruleset) to better protect people (you).


I could get alongside this if I could see the evidence that the better
security and functionality was actually happening.  We're still stuck
with version 2 of Yara, and a parser that's so riddled that I've often
considered Python tools instead.  Despite being swallowed up by Cisco,
(a near hundred-billion-dollar corporation) eight years ago, ClamAV is
*still* very near the bottom of my detection rates league table:

https://marc.info/?l=clamav-users=162379914711853=2

If 'cmake' is going to change all that, please tell me how - and when.


If you’re using security software to protect yourself, why would you
not do the most basic things and upgrade the OS of the systems ... ?


While I'd agree in principle with the sentiment, there are some people
who are stuck with legacy software which makes upgrade very difficult.
Despite my warnings about the gear, I've seen clients make seven-digit
GBP investments in machine tools which rely on Windows XP, expecting
the tools to operate long after Winows XP reaches EOL, no upgrade path
whatever available.  There are accounting and ERP packages clinging on
by their fingernails too.  It sometimes seems like the only way to get
rid of them is to get the tax authorities to mandate some new feature
which they don't support.  There's a real world out there, and it's
unsatisfactory from many points of view, but it's the one we've got.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can't cmake 1.0.4rc

[Frans de Boer]

On 7/27/21 6:31 PM, Gene Heskett via clamav-users wrote:

Greetings;

unpack freshly downloaded tarball, 1st step from INSTALL.md is
mkdir build && cd build .. no prob

Then:
cmake .. -D CMAKE_BUILD_TYPE="Release", but that returns:
gene@coyote:~/src/clamav-0.104.0-rc/build$ cmake .. -D
CMAKE_BUILD_TYPE="Release"
CMake Error: The source
directory "/home/gene/src/clamav-0.104.0-rc/build/CMAKE_BUILD_TYPE=Release"
does not exist.
Specify --help for usage, or press the help button on the CMake GUI.

That build directory does exist, but if I was supposed to move or rename
a file, IDK. That FILE does not exist in the tarball.

Next?

Cheers, Gene Heskett

did you type

cmake .. -D
CMAKE_BUILD_TYPE="Release"

or
cmake .. -D CMAKE_BUILD_TYPE="Release"

--- Frans.

--
A: Yes, just like thatA: Ja, net zo
Q: Oh, Just like reading a book backwards Q: Oh, net als een boek 
achterstevoren lezen
A: Because it upsets the natural flow of a story  A: Omdat het de natuurlijke 
gang uit het verhaal haalt
Q: Why is top-posting annoying?   Q: Waarom is Top-posting zo 
irritant?


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[G.W. Haywood via clamav-users]

Hi there,

On Tue, 27 Jul 2021, Matus UHLAR - fantomas wrote:

On Tuesday, July 27th, 2021 at 10:46 AM, fxkl47BF wrote:

On Tuesday, July 27th, 2021 at 10:28 AM, Joel Esler wrote:

Maybe try raising your receivetimeout? 


i changed the receivetimeout to 300 as described in the article ...


... the receive can take longer than 5 minutes


Here on the end of the bit of wet string supplied by British Telecom
I had to change my receive timeout from half an hour to an hour:

$ grep -i timeout /etc/mail/clamav/freshclam.conf
ConnectTimeout 600
ReceiveTimeout 3600

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[Matus UHLAR - fantomas]

On Tuesday, July 27th, 2021 at 10:28 AM, Joel Esler (jesler) jes...@cisco.com 
wrote:
> Maybe try raising your receivetimeout?  
https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html



On Tuesday, July 27th, 2021 at 10:46 AM, fxkl47BF via clamav-users 
 wrote:

i changed the receivetimeout to 300 as described in the article
i'll see what happens after the cool down ends


On 27.07.21 16:37, fxkl47BF via clamav-users wrote:

it made no difference

Tue Jul 27 11:34:03 2021 -> Received signal: wake up
Tue Jul 27 11:34:03 2021 -> ClamAV update process started at Tue Jul 27 
11:34:03 2021
Tue Jul 27 11:34:03 2021 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Jul 27 11:34:03 2021 -> WARNING: Local version: 0.103.2 Recommended 
version: 0.103.3
Tue Jul 27 11:34:03 2021 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav
Tue Jul 27 11:34:03 2021 -> WARNING: Cool-down expired, ok to try again.
Tue Jul 27 11:34:03 2021 -> daily database available for update (local version: 
26231, remote version: 26245)
Tue Jul 27 11:34:05 2021 -> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) 
failed
Tue Jul 27 11:34:05 2021 -> ERROR: downloadPatch: Can't apply patch
Tue Jul 27 11:34:05 2021 -> WARNING: Incremental update failed, trying to 
download daily.cvd
Tue Jul 27 11:34:06 2021 -> WARNING: Can't download daily.cvd from 
https://database.clamav.net/daily.cvd
Tue Jul 27 11:34:06 2021 -> WARNING: FreshClam received error code 429 from the 
ClamAV Content Delivery Network (CDN).


you weren't unblocked by changing receivetimeout. 


wait until you are unblocked (up to 24 hours) and then you should be able to
download the file.

what's your bandwidth? the receive can take longer than 5 minutes./
How many machines in your network?
If more than one, creating local mirror should be better.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[fxkl47BF via clamav-users]

‐‐‐ Original Message ‐‐‐

On Tuesday, July 27th, 2021 at 10:46 AM, fxkl47BF via clamav-users 
 wrote:

> ‐‐‐ Original Message ‐‐‐
>
> On Tuesday, July 27th, 2021 at 10:28 AM, Joel Esler (jesler) jes...@cisco.com 
> wrote:
>
> > Maybe try raising your receivetimeout?  
> > https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html
>
> i changed the receivetimeout to 300 as described in the article
> i'll see what happens after the cool down ends

it made no difference

Tue Jul 27 11:34:03 2021 -> Received signal: wake up
Tue Jul 27 11:34:03 2021 -> ClamAV update process started at Tue Jul 27 
11:34:03 2021
Tue Jul 27 11:34:03 2021 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Jul 27 11:34:03 2021 -> WARNING: Local version: 0.103.2 Recommended 
version: 0.103.3
Tue Jul 27 11:34:03 2021 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav
Tue Jul 27 11:34:03 2021 -> WARNING: Cool-down expired, ok to try again.
Tue Jul 27 11:34:03 2021 -> daily database available for update (local version: 
26231, remote version: 26245)
Tue Jul 27 11:34:05 2021 -> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) 
failed
Tue Jul 27 11:34:05 2021 -> ERROR: downloadPatch: Can't apply patch
Tue Jul 27 11:34:05 2021 -> WARNING: Incremental update failed, trying to 
download daily.cvd
Tue Jul 27 11:34:06 2021 -> WARNING: Can't download daily.cvd from 
https://database.clamav.net/daily.cvd
Tue Jul 27 11:34:06 2021 -> WARNING: FreshClam received error code 429 from the 
ClamAV Content Delivery Network (CDN).
Tue Jul 27 11:34:06 2021 -> This means that you have been rate limited by the 
CDN.
Tue Jul 27 11:34:06 2021 ->  1. Run FreshClam no more than once an hour to 
check for updates.
Tue Jul 27 11:34:06 2021 -> FreshClam should check DNS first to see if an 
update is needed.
Tue Jul 27 11:34:06 2021 ->  2. If you have more than 10 hosts on your network 
attempting to download,
Tue Jul 27 11:34:06 2021 -> it is recommended that you set up a private 
mirror on your network using
Tue Jul 27 11:34:06 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) 
to save bandwidth on the
Tue Jul 27 11:34:06 2021 -> CDN and your own network.
Tue Jul 27 11:34:06 2021 ->  3. Please do not open a ticket asking for an 
exemption from the rate limit,
Tue Jul 27 11:34:06 2021 -> it will not be granted.
Tue Jul 27 11:34:06 2021 -> WARNING: You are on cool-down until after: 
2021-07-27 15:34:06
Tue Jul 27 11:34:06 2021 -> main database available for update (local version: 
59, remote version: 61)
Tue Jul 27 11:34:07 2021 -> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) 
failed
Tue Jul 27 11:34:07 2021 -> ERROR: downloadPatch: Can't apply patch
Tue Jul 27 11:34:07 2021 -> WARNING: Incremental update failed, trying to 
download main.cvd
Tue Jul 27 11:34:07 2021 -> WARNING: Can't download main.cvd from 
https://database.clamav.net/main.cvd
Tue Jul 27 11:34:07 2021 -> WARNING: FreshClam received error code 429 from the 
ClamAV Content Delivery Network (CDN).
Tue Jul 27 11:34:07 2021 -> This means that you have been rate limited by the 
CDN.
Tue Jul 27 11:34:07 2021 ->  1. Run FreshClam no more than once an hour to 
check for updates.
Tue Jul 27 11:34:07 2021 -> FreshClam should check DNS first to see if an 
update is needed.
Tue Jul 27 11:34:07 2021 ->  2. If you have more than 10 hosts on your network 
attempting to download,
Tue Jul 27 11:34:07 2021 -> it is recommended that you set up a private 
mirror on your network using
Tue Jul 27 11:34:07 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) 
to save bandwidth on the
Tue Jul 27 11:34:07 2021 -> CDN and your own network.
Tue Jul 27 11:34:07 2021 ->  3. Please do not open a ticket asking for an 
exemption from the rate limit,
Tue Jul 27 11:34:07 2021 -> it will not be granted.
Tue Jul 27 11:34:07 2021 -> WARNING: You are on cool-down until after: 
2021-07-27 15:34:07
Tue Jul 27 11:34:07 2021 -> bytecode.cld database is up-to-date (version: 333, 
sigs: 92, f-level: 63, builder: awillia2)
Tue Jul 27 11:34:07 2021 -> --



>
> > > On Jul 27, 2021, at 11:17 AM, fxkl47BF via clamav-users 
> > > clamav-users@lists.clamav.net wrote:
> > >
> > > ‐‐‐ Original Message ‐‐‐
> > >
> > > On Tuesday, July 27th, 2021 at 9:43 AM, Joel Esler (jesler) 
> > > jes...@cisco.com wrote:
> > >
> > > > > On Jul 27, 2021, at 10:34 AM, fxkl47BF via clamav-users 
> > > > > clamav-users@lists.clamav.net wrote:
> > > > >
> > > > > ‐‐‐ Original Message ‐‐‐
> > > > >
> > > > > On Tuesday, July 27th, 2021 at 9:29 AM, Joel Esler (jesler) 
> > > > > jes...@cisco.com wrote:
> > > > >
> > > > > > > On Jul 27, 2021, at 10:22 AM, fxkl47BF via clamav-users 
> > > > > > > clamav-users@lists.clamav.net wrote:
> > > > > > >
> > > > > > > On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas 
> > > > > > > uh...@fantomas.sk wrote:
> > > > > > >
> > > > > > > > On 27.07.21 12:47, 

[clamav-users] can't cmake 1.0.4rc

[Gene Heskett via clamav-users]

Greetings;

unpack freshly downloaded tarball, 1st step from INSTALL.md is 
mkdir build && cd build .. no prob

Then:
cmake .. -D CMAKE_BUILD_TYPE="Release", but that returns:
gene@coyote:~/src/clamav-0.104.0-rc/build$ cmake .. -D 
CMAKE_BUILD_TYPE="Release"
CMake Error: The source 
directory "/home/gene/src/clamav-0.104.0-rc/build/CMAKE_BUILD_TYPE=Release" 
does not exist.
Specify --help for usage, or press the help button on the CMake GUI.

That build directory does exist, but if I was supposed to move or rename 
a file, IDK. That FILE does not exist in the tarball.

Next?

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[fxkl47BF via clamav-users]

‐‐‐ Original Message ‐‐‐
On Tuesday, July 27th, 2021 at 10:28 AM, Joel Esler (jesler)  
wrote:

> Maybe try raising your receivetimeout?  
> https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html

i changed the receivetimeout to 300 as described in the article
i'll see what happens after the cool down ends

>
> > On Jul 27, 2021, at 11:17 AM, fxkl47BF via clamav-users 
> >  wrote:
> >
> > ‐‐‐ Original Message ‐‐‐
> >
> > On Tuesday, July 27th, 2021 at 9:43 AM, Joel Esler (jesler) 
> >  wrote:
> >
> > > > On Jul 27, 2021, at 10:34 AM, fxkl47BF via clamav-users 
> > > >  wrote:
> > > >
> > > > ‐‐‐ Original Message ‐‐‐
> > > >
> > > > On Tuesday, July 27th, 2021 at 9:29 AM, Joel Esler (jesler) 
> > > >  wrote:
> > > >
> > > > > > On Jul 27, 2021, at 10:22 AM, fxkl47BF via clamav-users 
> > > > > >  wrote:
> > > > > >
> > > > > > On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas 
> > > > > >  wrote:
> > > > > >
> > > > > > > On 27.07.21 12:47, fxkl47BF via clamav-users wrote:
> > > > > > >
> > > > > > > > for a couple of weeks i've not been able to download updates. i 
> > > > > > > > get a
> > > > > > > >
> > > > > > > > message about on a cool down until a certain future date and 
> > > > > > > > time. when
> > > > > > > >
> > > > > > > > that date and time expires the next update get a message with a 
> > > > > > > > new future
> > > > > > > >
> > > > > > > > date and time. should i abandon all hope of getting updates?
> > > > > > >
> > > > > > > it's described here:
> > > > > > >
> > > > > > > https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
> > > > > > >
> > > > > > > do you have multiple devices behind one IP address?
> > > > > > >
> > > > > > > Do any of those devices download clamav database diferently then 
> > > > > > > using
> > > > > > >
> > > > > > > freshclam?
> > > > > >
> > > > > > i have one device that uses freshclam once per hour
> > > > > >
> > > > > > i am using a vpn
> > > > > >
> > > > > > it looks like anyone that uses a vpn is probably screwed
> > > > > >
> > > > > > it was good while it lasted
> > > > >
> > > > > What is your public IP?
> > > >
> > > > 199.229.250.132
> > >
> > > You’re rate limited because you have one machine behind that IP that has 
> > > attempted to download the daily.cvd 50x in the last 24 hours, and the 
> > > main.cvd another 50x. Let alone the latest cdiff that it’s attempted to 
> > > download 80x.
> > >
> > > It’s not more than one machine, it’s a single machine.
> >
> > maybe i don't fully understand how this vpn works
> > i understood that this would be the ip address for anyone using this exit 
> > point
> > i have two machines
> > one is my work machine and has clamav
> > the other runs a cnc mill that hasn't been on for several days
> > i can send my whole freshclam log if it helps
> > maybe something needs to be changed in my config
> >
> > this is /etc/clamav/freshclam.conf
> >
> > # Automatically created by the clamav-freshclam postinst
> > # Comments will get lost when you reconfigure the clamav-freshclam package
> >
> > DatabaseOwner clamav
> > UpdateLogFile /var/log/clamav/freshclam.log
> > LogVerbose false
> > LogSyslog false
> > LogFacility LOG_LOCAL6
> > LogFileMaxSize 0
> > LogRotate true
> > LogTime true
> > Foreground false
> > Debug false
> > MaxAttempts 5
> > DatabaseDirectory /var/lib/clamav
> > DNSDatabaseInfocurrent.cvd.clamav.net
> > ConnectTimeout 30
> > ReceiveTimeout 30
> > TestDatabases yes
> > ScriptedUpdates yes
> > CompressLocalDatabase no
> > Bytecode true
> > NotifyClamd /etc/clamav/clamd.conf
> > # Check for new database 24 times a day
> > Checks 24
> > DatabaseMirrordb.local.clamav.net
> > DatabaseMirrordatabase.clamav.net
> >
> > ___
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Mark Fortescue via clamav-users]

Hi Joel,

One quick answer to why people do not upgrade the OS is that the 
hardware does not support the upgrade (mostly due to memory and x86_64).


I work with embedded systems where the code is very specific to the 
hardware so new hardware is not an option.


For others it may just be the hassle of starting setting up a new OS and 
fixing all the distribution bugs/annoyances that get installed with each 
new OS all over again.


Regards
Mark.

On 27/07/2021 16:30, Joel Esler (jesler) via clamav-users wrote:



On Jul 27, 2021, at 11:27 AM, Paul Kosinski via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


On Mon, 26 Jul 2021 11:35:29 -0400
"Rick Cooper" mailto:rcoo...@dwford.com>> wrote:


And what, exactly, is the reason for moving to cmake? I am sure you know
it's going to be problematic for thousands of people so I am curious what
tremendous gain of speed, size, memory usage or seciurity the other users
get from this change, or if it's just a convenience thing for the
developers?



I get the impression that *all* recent software development (at least 
in Open Source) has given up any notion of backward compatibility. For 
example, Firefox (even ESR) has been a disaster in the past few years, 
changing the UI with every major release, once totally blowing away 
users' bookmarks, and of course, completely invalidating many, many 
years of add-on development by many people due to switching from XUL 
to the less powerful WebExtensions.


Now I wonder what will happen when I next try to build ClamAV on my 
three different Debian systems (7, 8 & 10).


You can’t support everything, forever.  You have to push forward with 
new tools and technology that make securing your customers easier and 
better and provide more functionality to us (the authors of the ruleset) 
to better protect people (you).


If you’re using security software to protect yourself, why would you not 
do the most basic things and upgrade the OS of the systems underneath? 
  I never understood this.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Joel Esler (jesler) via clamav-users]

> On Jul 27, 2021, at 11:27 AM, Paul Kosinski via clamav-users 
>  wrote:
> 
> On Mon, 26 Jul 2021 11:35:29 -0400
> "Rick Cooper" mailto:rcoo...@dwford.com>> wrote:
> 
>> And what, exactly, is the reason for moving to cmake? I am sure you know
>> it's going to be problematic for thousands of people so I am curious what
>> tremendous gain of speed, size, memory usage or seciurity the other users
>> get from this change, or if it's just a convenience thing for the
>> developers?
> 
> 
> I get the impression that *all* recent software development (at least in Open 
> Source) has given up any notion of backward compatibility. For example, 
> Firefox (even ESR) has been a disaster in the past few years, changing the UI 
> with every major release, once totally blowing away users' bookmarks, and of 
> course, completely invalidating many, many years of add-on development by 
> many people due to switching from XUL to the less powerful WebExtensions.
> 
> Now I wonder what will happen when I next try to build ClamAV on my three 
> different Debian systems (7, 8 & 10).

You can’t support everything, forever.  You have to push forward with new tools 
and technology that make securing your customers easier and better and provide 
more functionality to us (the authors of the ruleset) to better protect people 
(you).

If you’re using security software to protect yourself, why would you not do the 
most basic things and upgrade the OS of the systems underneath?  I never 
understood this.

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[Joel Esler (jesler) via clamav-users]

Maybe try raising your receivetimeout?  
https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html 




> On Jul 27, 2021, at 11:17 AM, fxkl47BF via clamav-users 
>  wrote:
> 
> ‐‐‐ Original Message ‐‐‐
> 
> On Tuesday, July 27th, 2021 at 9:43 AM, Joel Esler (jesler)  > wrote:
> 
>>> On Jul 27, 2021, at 10:34 AM, fxkl47BF via clamav-users 
>>>  wrote:
>>> 
>>> ‐‐‐ Original Message ‐‐‐
>>> 
>>> On Tuesday, July 27th, 2021 at 9:29 AM, Joel Esler (jesler) 
>>>  wrote:
>>> 
> On Jul 27, 2021, at 10:22 AM, fxkl47BF via clamav-users 
>  wrote:
> 
> On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas 
>  wrote:
> 
>> On 27.07.21 12:47, fxkl47BF via clamav-users wrote:
>> 
>>> for a couple of weeks i've not been able to download updates. i get a
>>> 
>>> message about on a cool down until a certain future date and time. when
>>> 
>>> that date and time expires the next update get a message with a new 
>>> future
>>> 
>>> date and time. should i abandon all hope of getting updates?
>> 
>> it's described here:
>> 
>> https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
>> 
>> do you have multiple devices behind one IP address?
>> 
>> Do any of those devices download clamav database diferently then using
>> 
>> freshclam?
> 
> i have one device that uses freshclam once per hour
> 
> i am using a vpn
> 
> it looks like anyone that uses a vpn is probably screwed
> 
> it was good while it lasted
 
 What is your public IP?
>>> 
>>> 199.229.250.132
>> 
>> You’re rate limited because you have one machine behind that IP that has 
>> attempted to download the daily.cvd 50x in the last 24 hours, and the 
>> main.cvd another 50x. Let alone the latest cdiff that it’s attempted to 
>> download 80x.
>> 
>> It’s not more than one machine, it’s a single machine.
> 
> maybe i don't fully understand how this vpn works
> i understood that this would be the ip address for anyone using this exit 
> point
> i have two machines
> one is my work machine and has clamav
> the other runs a cnc mill that hasn't been on for several days
> i can send my whole freshclam log if it helps
> maybe something needs to be changed in my config
> 
> this is /etc/clamav/freshclam.conf
> 
> # Automatically created by the clamav-freshclam postinst
> # Comments will get lost when you reconfigure the clamav-freshclam package
> 
> DatabaseOwner clamav
> UpdateLogFile /var/log/clamav/freshclam.log
> LogVerbose false
> LogSyslog false
> LogFacility LOG_LOCAL6
> LogFileMaxSize 0
> LogRotate true
> LogTime true
> Foreground false
> Debug false
> MaxAttempts 5
> DatabaseDirectory /var/lib/clamav
> DNSDatabaseInfo current.cvd.clamav.net 
> ConnectTimeout 30
> ReceiveTimeout 30
> TestDatabases yes
> ScriptedUpdates yes
> CompressLocalDatabase no
> Bytecode true
> NotifyClamd /etc/clamav/clamd.conf
> # Check for new database 24 times a day
> Checks 24
> DatabaseMirror db.local.clamav.net 
> DatabaseMirror database.clamav.net 
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net 
> https://lists.clamav.net/mailman/listinfo/clamav-users 
> 
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq 
> 
> 
> http://www.clamav.net/contact.html#ml 


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

[Paul Kosinski via clamav-users]

On Mon, 26 Jul 2021 11:35:29 -0400
"Rick Cooper"  wrote:

> And what, exactly, is the reason for moving to cmake? I am sure you know
> it's going to be problematic for thousands of people so I am curious what
> tremendous gain of speed, size, memory usage or seciurity the other users
> get from this change, or if it's just a convenience thing for the
> developers?


I get the impression that *all* recent software development (at least in Open 
Source) has given up any notion of backward compatibility. For example, Firefox 
(even ESR) has been a disaster in the past few years, changing the UI with 
every major release, once totally blowing away users' bookmarks, and of course, 
completely invalidating many, many years of add-on development by many people 
due to switching from XUL to the less powerful WebExtensions.

Now I wonder what will happen when I next try to build ClamAV on my three 
different Debian systems (7, 8 & 10).

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[fxkl47BF via clamav-users]

‐‐‐ Original Message ‐‐‐

On Tuesday, July 27th, 2021 at 9:43 AM, Joel Esler (jesler)  
wrote:

> > On Jul 27, 2021, at 10:34 AM, fxkl47BF via clamav-users 
> >  wrote:
> >
> > ‐‐‐ Original Message ‐‐‐
> >
> > On Tuesday, July 27th, 2021 at 9:29 AM, Joel Esler (jesler) 
> >  wrote:
> >
> > > > On Jul 27, 2021, at 10:22 AM, fxkl47BF via clamav-users 
> > > >  wrote:
> > > >
> > > > On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas 
> > > >  wrote:
> > > >
> > > > > On 27.07.21 12:47, fxkl47BF via clamav-users wrote:
> > > > >
> > > > > > for a couple of weeks i've not been able to download updates. i get 
> > > > > > a
> > > > > >
> > > > > > message about on a cool down until a certain future date and time. 
> > > > > > when
> > > > > >
> > > > > > that date and time expires the next update get a message with a new 
> > > > > > future
> > > > > >
> > > > > > date and time. should i abandon all hope of getting updates?
> > > > >
> > > > > it's described here:
> > > > >
> > > > > https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
> > > > >
> > > > > do you have multiple devices behind one IP address?
> > > > >
> > > > > Do any of those devices download clamav database diferently then using
> > > > >
> > > > > freshclam?
> > > >
> > > > i have one device that uses freshclam once per hour
> > > >
> > > > i am using a vpn
> > > >
> > > > it looks like anyone that uses a vpn is probably screwed
> > > >
> > > > it was good while it lasted
> > >
> > > What is your public IP?
> >
> > 199.229.250.132
>
> You’re rate limited because you have one machine behind that IP that has 
> attempted to download the daily.cvd 50x in the last 24 hours, and the 
> main.cvd another 50x. Let alone the latest cdiff that it’s attempted to 
> download 80x.
>
> It’s not more than one machine, it’s a single machine.

maybe i don't fully understand how this vpn works
i understood that this would be the ip address for anyone using this exit point
i have two machines
one is my work machine and has clamav
the other runs a cnc mill that hasn't been on for several days
i can send my whole freshclam log if it helps
maybe something needs to be changed in my config

this is /etc/clamav/freshclam.conf

# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] clamonsacc not working on centos7

[Joël Labby via clamav-users]

Hello !

I've tried to install clamav on our linux computers.

clamd is configured like this :

LocalSocket = "/run/clamd.scan/clamd.sock"
LocalSocketGroup = "clamscan"
LocalSocketMode = "666"
TCPSocket = "3310"
TCPAddr = "127.0.0.1", "192.9.203.205"

The socket file is there and accessible :

srw-rw-rw- 1 clamscan clamscan 0 27 jui 15:47 /run/clamd.scan/clamd.sock

The port 3310 is opened and listening :

netstat -anp | grep -E "(clam)"

tcp    0  0 192.9.203.205:3310 0.0.0.0:*   
LISTEN  1863/clamd
tcp    0  0 127.0.0.1:3310 0.0.0.0:*   LISTEN  
1863/clamd
unix  2  [ ACC ] STREAM LISTENING 40300 
1863/clamd   /run/clamd.scan/clamd.sock

unix  2  [ ] DGRAM    40294 1863/clamd

I can use clamscan to scan a file

but clamonacc return this error :

ERROR: ClamClient: Could not connect to clamd, Couldn't connect to server
ERROR: Clamonacc: daemon is local, but a connection could not be established

any idea ?



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Cooldown much too long

[Joel Esler (jesler) via clamav-users]

> On Jul 26, 2021, at 6:02 PM, Markus Egg via clamav-users 
>  wrote:
> 
> I had that problem with "Incremental update failed, trying to download 
> main.cvd" also in
> version 0.103.2 of clamav on Ubuntu 18.04 .
> 
> So I waited and updated with the hope that 0.103.3 would solve it.
> But still that error is there.
> So I simply cleaned /var/lib/clamav (moved the content to another directory) 
> and now I get the message:
> 
> "This means that you have been rate limited by the CDN"
> 
> Why that?
> Simply because I tried to update several times previously and got no exact 
> information, why my update failed?
> 
> Tried after approx 5 min and got the message:
> "You are still on cool-down until after: 2021-07-27 03:42:35"
> which means more than 24hrs!!
> 
> Why didn't I get that error message about "This means that you have been rate 
> limited by the CDN"
> with version 0.103.2 and some information about how long this "cooldown" was 
> in the beginning.
> 
> This missing error message in 0.103.2 and 0.103.3 is surely a bug that causes 
> uninformed users enlarging their "cooldown"
> phase without knowing it.

The cooldown is 24 hours from the last time you violated the rate limit.

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[Joel Esler (jesler) via clamav-users]

> On Jul 27, 2021, at 10:34 AM, fxkl47BF via clamav-users 
>  wrote:
> 
> ‐‐‐ Original Message ‐‐‐
> On Tuesday, July 27th, 2021 at 9:29 AM, Joel Esler (jesler)  > wrote:
> 
>>> On Jul 27, 2021, at 10:22 AM, fxkl47BF via clamav-users 
>>>  wrote:
>>> 
>>> On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas 
>>>  wrote:
>>> 
 On 27.07.21 12:47, fxkl47BF via clamav-users wrote:
 
> for a couple of weeks i've not been able to download updates. i get a
> message about on a cool down until a certain future date and time. when
> that date and time expires the next update get a message with a new future
> date and time. should i abandon all hope of getting updates?
 
 it's described here:
 https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
 do you have multiple devices behind one IP address?
 Do any of those devices download clamav database diferently then using
 freshclam?
>>> 
>>> i have one device that uses freshclam once per hour
>>> i am using a vpn
>>> it looks like anyone that uses a vpn is probably screwed
>>> it was good while it lasted
>> 
>> What is your public IP?
> 
> 199.229.250.132

You’re rate limited because you have one machine behind that IP that has 
attempted to download the daily.cvd 50x in the last 24 hours, and the main.cvd 
another 50x. Let alone the latest cdiff that it’s attempted to download 80x.

It’s not more than one machine, it’s a single machine.

-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
https://www.talosintelligence.com | https://www.snort.org | 
https://www.clamav.net 

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[fxkl47BF via clamav-users]

‐‐‐ Original Message ‐‐‐

On Tuesday, July 27th, 2021 at 9:26 AM, Matus UHLAR - fantomas 
 wrote:

> > > On 27.07.21 12:47, fxkl47BF via clamav-users wrote:
> > >
> > > > for a couple of weeks i've not been able to download updates. i get a
> > > > message about on a cool down until a certain future date and time. when
> > > > that date and time expires the next update get a message with a new 
> > > > future
> > > > date and time. should i abandon all hope of getting updates?
>
> > On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas 
> > uh...@fantomas.sk wrote:
> >
> > > it's described here:
> > > https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
> > > do you have multiple devices behind one IP address?
> > > Do any of those devices download clamav database diferently then using
> > > freshclam?
>
> On 27.07.21 14:22, fxkl47BF via clamav-users wrote:
>
> > i have one device that uses freshclam once per hour
> > i am using a vpn
>
> why are you using a VPN for downloading virus definitions?

my whole network is routed through a vpn

> > it looks like anyone that uses a vpn is probably screwed
>
> I wouldn't say so, depends on what VPN.
>
> > it was good while it lasted
>
> yes, but people were abusing the service, that's why it got rate limited


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[fxkl47BF via clamav-users]

‐‐‐ Original Message ‐‐‐
On Tuesday, July 27th, 2021 at 9:29 AM, Joel Esler (jesler)  
wrote:

> > On Jul 27, 2021, at 10:22 AM, fxkl47BF via clamav-users 
> >  wrote:
> >
> > On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas 
> >  wrote:
> >
> > > On 27.07.21 12:47, fxkl47BF via clamav-users wrote:
> > >
> > > > for a couple of weeks i've not been able to download updates. i get a
> > > > message about on a cool down until a certain future date and time. when
> > > > that date and time expires the next update get a message with a new 
> > > > future
> > > > date and time. should i abandon all hope of getting updates?
> > >
> > > it's described here:
> > > https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
> > > do you have multiple devices behind one IP address?
> > > Do any of those devices download clamav database diferently then using
> > > freshclam?
> >
> > i have one device that uses freshclam once per hour
> > i am using a vpn
> > it looks like anyone that uses a vpn is probably screwed
> > it was good while it lasted
>
> What is your public IP?

199.229.250.132

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[Joel Esler (jesler) via clamav-users]

> On Jul 27, 2021, at 10:22 AM, fxkl47BF via clamav-users 
>  wrote:
> 
> On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas 
> mailto:uh...@fantomas.sk>> wrote:
> 
>> On 27.07.21 12:47, fxkl47BF via clamav-users wrote:
>>> for a couple of weeks i've not been able to download updates. i get a
>>> message about on a cool down until a certain future date and time. when
>>> that date and time expires the next update get a message with a new future
>>> date and time. should i abandon all hope of getting updates?
>> 
>> it's described here:
>> https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html 
>> 
>> do you have multiple devices behind one IP address?
>> Do any of those devices download clamav database diferently then using
>> freshclam?
> 
> i have one device that uses freshclam once per hour
> i am using a vpn
> it looks like anyone that uses a vpn is probably screwed
> it was good while it lasted

What is your public IP?

-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
https://www.talosintelligence.com | https://www.snort.org | 
https://www.clamav.net 

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[Matus UHLAR - fantomas]

On 27.07.21 12:47, fxkl47BF via clamav-users wrote:
> for a couple of weeks i've not been able to download updates. i get a
> message about on a cool down until a certain future date and time. when
> that date and time expires the next update get a message with a new future
> date and time. should i abandon all hope of getting updates?



On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas 
 wrote:

it's described here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
do you have multiple devices behind one IP address?
Do any of those devices download clamav database diferently then using
freshclam?


On 27.07.21 14:22, fxkl47BF via clamav-users wrote:

i have one device that uses freshclam once per hour
i am using a vpn


why are you using a VPN for downloading virus definitions?


it looks like anyone that uses a vpn is probably screwed


I wouldn't say so, depends on what VPN.


it was good while it lasted


yes, but people were abusing the service, that's why it got rate limited
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[fxkl47BF via clamav-users]

‐‐‐ Original Message ‐‐‐

On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas 
 wrote:

> On 27.07.21 12:47, fxkl47BF via clamav-users wrote:
> > for a couple of weeks i've not been able to download updates. i get a
> > message about on a cool down until a certain future date and time. when
> > that date and time expires the next update get a message with a new future
> > date and time. should i abandon all hope of getting updates?
>
> it's described here:
> https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
> do you have multiple devices behind one IP address?
> Do any of those devices download clamav database diferently then using
> freshclam?

i have one device that uses freshclam once per hour
i am using a vpn
it looks like anyone that uses a vpn is probably screwed
it was good while it lasted

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can not download updates

[Matus UHLAR - fantomas]

On 27.07.21 12:47, fxkl47BF via clamav-users wrote:

for a couple of weeks i've not been able to download updates.  i get a
message about on a cool down until a certain future date and time.  when
that date and time expires the next update get a message with a new future
date and time.  should i abandon all hope of getting updates?


it's described here:

https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html

do you have multiple devices behind one IP address?

Do any of those devices download clamav database diferently then using
freshclam?



Tue Jul 27 06:17:14 2021 -> Received signal: wake up
Tue Jul 27 06:17:14 2021 -> ClamAV update process started at Tue Jul 27 
06:17:14 2021
Tue Jul 27 06:17:14 2021 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Jul 27 06:17:14 2021 -> WARNING: Local version: 0.103.2 Recommended 
version: 0.103.3
Tue Jul 27 06:17:14 2021 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav
Tue Jul 27 06:17:14 2021 -> WARNING: FreshClam previously received error code 
429 from the ClamAV Content Delivery Network (CDN).
Tue Jul 27 06:17:14 2021 -> This means that you have been rate limited by the 
CDN.
Tue Jul 27 06:17:14 2021 ->  1. Run FreshClam no more than once an hour to 
check for updates.
Tue Jul 27 06:17:14 2021 -> FreshClam should check DNS first to see if an 
update is needed.
Tue Jul 27 06:17:14 2021 ->  2. If you have more than 10 hosts on your network 
attempting to download,
Tue Jul 27 06:17:14 2021 -> it is recommended that you set up a private 
mirror on your network using
Tue Jul 27 06:17:14 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) 
to save bandwidth on the
Tue Jul 27 06:17:14 2021 -> CDN and your own network.
Tue Jul 27 06:17:14 2021 ->  3. Please do not open a ticket asking for an 
exemption from the rate limit,
Tue Jul 27 06:17:14 2021 -> it will not be granted.
Tue Jul 27 06:17:14 2021 -> WARNING: You are still on cool-down until after: 
2021-07-27 07:17:13

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] can not download updates

[fxkl47BF via clamav-users]

for a couple of weeks i've not been able to download updates. i get a message 
about on a cool down until a certain future date and time. when that date and 
time expires the next update get a message with a new future date and time. 
should i abandon all hope of getting updates?

Tue Jul 27 06:17:14 2021 -> Received signal: wake up
Tue Jul 27 06:17:14 2021 -> ClamAV update process started at Tue Jul 27 
06:17:14 2021
Tue Jul 27 06:17:14 2021 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Jul 27 06:17:14 2021 -> WARNING: Local version: 0.103.2 Recommended 
version: 0.103.3
Tue Jul 27 06:17:14 2021 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav
Tue Jul 27 06:17:14 2021 -> WARNING: FreshClam previously received error code 
429 from the ClamAV Content Delivery Network (CDN).
Tue Jul 27 06:17:14 2021 -> This means that you have been rate limited by the 
CDN.
Tue Jul 27 06:17:14 2021 ->  1. Run FreshClam no more than once an hour to 
check for updates.
Tue Jul 27 06:17:14 2021 -> FreshClam should check DNS first to see if an 
update is needed.
Tue Jul 27 06:17:14 2021 ->  2. If you have more than 10 hosts on your network 
attempting to download,
Tue Jul 27 06:17:14 2021 -> it is recommended that you set up a private 
mirror on your network using
Tue Jul 27 06:17:14 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) 
to save bandwidth on the
Tue Jul 27 06:17:14 2021 -> CDN and your own network.
Tue Jul 27 06:17:14 2021 ->  3. Please do not open a ticket asking for an 
exemption from the rate limit,
Tue Jul 27 06:17:14 2021 -> it will not be granted.
Tue Jul 27 06:17:14 2021 -> WARNING: You are still on cool-down until after: 
2021-07-27 07:17:13
Tue Jul 27 06:17:14 2021 -> --
Tue Jul 27 07:17:14 2021 -> Received signal: wake up
Tue Jul 27 07:17:14 2021 -> ClamAV update process started at Tue Jul 27 
07:17:14 2021
Tue Jul 27 07:17:14 2021 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Jul 27 07:17:14 2021 -> WARNING: Local version: 0.103.2 Recommended 
version: 0.103.3
Tue Jul 27 07:17:14 2021 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav
Tue Jul 27 07:17:14 2021 -> WARNING: Cool-down expired, ok to try again.
Tue Jul 27 07:17:14 2021 -> daily database available for update (local version: 
26231, remote version: 26245)
Tue Jul 27 07:17:15 2021 -> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) 
failed
Tue Jul 27 07:17:15 2021 -> ERROR: downloadPatch: Can't apply patch
Tue Jul 27 07:17:15 2021 -> WARNING: Incremental update failed, trying to 
download daily.cvd
Tue Jul 27 07:17:16 2021 -> WARNING: Can't download daily.cvd from 
https://database.clamav.net/daily.cvd
Tue Jul 27 07:17:16 2021 -> WARNING: FreshClam received error code 429 from the 
ClamAV Content Delivery Network (CDN).
Tue Jul 27 07:17:16 2021 -> This means that you have been rate limited by the 
CDN.
Tue Jul 27 07:17:16 2021 ->  1. Run FreshClam no more than once an hour to 
check for updates.
Tue Jul 27 07:17:16 2021 -> FreshClam should check DNS first to see if an 
update is needed.
Tue Jul 27 07:17:16 2021 ->  2. If you have more than 10 hosts on your network 
attempting to download,
Tue Jul 27 07:17:16 2021 -> it is recommended that you set up a private 
mirror on your network using
Tue Jul 27 07:17:16 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) 
to save bandwidth on the
Tue Jul 27 07:17:16 2021 -> CDN and your own network.
Tue Jul 27 07:17:16 2021 ->  3. Please do not open a ticket asking for an 
exemption from the rate limit,
Tue Jul 27 07:17:16 2021 -> it will not be granted.
Tue Jul 27 07:17:16 2021 -> WARNING: You are on cool-down until after: 
2021-07-27 11:17:16
Tue Jul 27 07:17:16 2021 -> main database available for update (local version: 
59, remote version: 61)
Tue Jul 27 07:17:17 2021 -> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) 
failed
Tue Jul 27 07:17:17 2021 -> ERROR: downloadPatch: Can't apply patch
Tue Jul 27 07:17:17 2021 -> WARNING: Incremental update failed, trying to 
download main.cvd
Tue Jul 27 07:17:19 2021 -> WARNING: Can't download main.cvd from 
https://database.clamav.net/main.cvd
Tue Jul 27 07:17:19 2021 -> WARNING: FreshClam received error code 429 from the 
ClamAV Content Delivery Network (CDN).
Tue Jul 27 07:17:19 2021 -> This means that you have been rate limited by the 
CDN.
Tue Jul 27 07:17:19 2021 ->  1. Run FreshClam no more than once an hour to 
check for updates.
Tue Jul 27 07:17:19 2021 -> FreshClam should check DNS first to see if an 
update is needed.
Tue Jul 27 07:17:19 2021 ->  2. If you have more than 10 hosts on your network 
attempting to download,
Tue Jul 27 07:17:19 2021 -> it is recommended that you set up a private 
mirror on your network using
Tue Jul 27 07:17:19 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) 
to save bandwidth on the
Tue Jul 27 07:17:19 2021 -> CDN and your own network.
Tue Jul 27 07:17:19 

Re: [clamav-users] Scanning PDF for phishing links

[Matus UHLAR - fantomas]

On 30.06.21 20:41, Joel Esler (jesler) via clamav-users wrote:

Yes. I was just addressing everyone



On Jul 1, 2021, at 8:25 AM, Matus UHLAR - fantomas  wrote:
I have used to forward spam to spamcop, maybe I should start again?

I'm thinking about phishtank (well, they refuse my seamonkey so...)

Are you just curious or is there something behind your questions?


On 01.07.21 14:07, Joel Esler (jesler) via clamav-users wrote:

Curious, as I said, ClamAV, SpamCop, and Phishtank are all ran by us.  They 
feed the same ecosystem.  Leveraging one to power the other is important.


I'd be glad to help here, however in addition to block SeaMonkey, user
registration is disabled currently...

so while I receive some phish, can't report ich much...

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamd.log ERROR: reload_th: Database load failed: Malformed

[Gary R. Schmidt]

On 27/07/2021 18:54, G.W. Haywood via clamav-users wrote:

Hi there,

On Tue, 27 Jul 2021, Ashtec Cerenuela via clamav-users wrote:

I've been monitoring the clamd.log for my email server this past few 
weeks and I've seen errors like this everyday.
Sat Jul 24 19:28:27 2021 -> SelfCheck: Database modification detected. 
Forcing reload.
Sat Jul 24 19:28:27 2021 -> Reading databases from 
C:\ProgramData\.clamwin\db
Sat Jul 24 19:28:39 2021 -> ERROR: reload_th: Database load failed: 
Malformed database


Are you sure that you're using an up-to-date clamd version?  Clutching
at straws here, perhaps when you upgraded the daemon wasn't restarted?


...
ClamUpdateLog.txt says:
ClamAV update process started at Sat Jul 24 19:19:00 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.2 Recommended version: 0.103.3


Since you seem to be using ClamWin you will either have to live with
these warnings or use the Windows version from upstream.  Personally
after what I've seen of ClamWin I'd steer clear of it.  See comments
in the list archives for example:

https://lists.clamav.net/pipermail/clamav-users/2021-June/011286.html

daily database available for update (local version: 26241, remote 
version: 26242)
Testing database: 
'C:\ProgramData\.clamwin\db\tmp.5c43b1ecb8\clamav-632317d6ea0ad37e91e81295e905073d.tmp-daily.cld' 
...

Database test passed.
daily.cld updated (version: 26242, sigs: 1963537, f-level: 90, 
builder: raynman)
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 
90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 
63, builder: awillia2)


Your update process seem to be working OK.  Here's my freshclam log
(on Linux!) for about that time, as you see the numbers all match:

Sat Jul 24 20:21:55 2021 -> Received signal: wake up
Sat Jul 24 20:21:55 2021 -> ClamAV update process started at Sat Jul 24 
20:21:55 2021
Sat Jul 24 20:21:56 2021 -> daily.cld database is up-to-date (version: 
26242, sigs: 1963537, f-level: 90, builder: raynman)
Sat Jul 24 20:21:56 2021 -> main.cvd database is up-to-date (version: 
61, sigs: 6607162, f-level: 90, builder: sigmgr)
Sat Jul 24 20:21:56 2021 -> bytecode.cld database is up-to-date 
(version: 333, sigs: 92, f-level: 63, builder: awillia2)



Deleted daily.cld/main.cvd and downloaded with a new copy from
clamwin website.  After 24hrs of monitoring, the error occured again
after the update.  I'm not sure if this is normal or what.


I'm not sure what's normal for ClamWin.  Why not just use the official
sources and CDN?  In case it helps, if you check the MD5sum for the
main database it should be

8192d77d0032163244c7323a80d5f228

and I wouldn't expect that file to change for quite some time since
it's only very recently been updated.

Wasn't ClamWin 0.103.2 a "fake" update where they only changed the 
version number?


Or was that 0.103.3?

Either way, Ged's advice to throw it away and use a proper ClamAV build 
for winderss is correct.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Not able to start clamonacc

[Joël Labby via clamav-users]

Hello!

I've got exactly the same problem.

Did you find a solution ?

thanks !




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] PORT CONECTION

[G.W. Haywood via clamav-users]

Hi there,

On Mon, 26 Jul 2021, Salamanca Spain via clamav-users wrote:


To receive updates from the official clamav servers, which outgoing
port do you recommend I enable to communicate from my server to the
claimAV update server?


Connections use a 'source port' at the client end and a 'destination
port' at the server end.  These are agreed during the setup of the
connection, and last for its life (but there are oddities, like FTP,
which may use more than a single pair of ports).

Under normal circumstances the servers don't care which source port a
client uses, as long as it uses the correct destination port(s) for a
connection.  The destination port will normally be port 80 for HTTP,
and port 443 for HTTPS.

Outgoing connections for HTTP generally use an epehemeral port

https://en.wikipedia.org/wiki/Ephemeral_port

and the network stack software generally deals with all that for you.
It's completely transparent to the application using the connection.

It's an unusual question, is there a particular reason for posing it?

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamd.log ERROR: reload_th: Database load failed: Malformed

[G.W. Haywood via clamav-users]

Hi there,

On Tue, 27 Jul 2021, Ashtec Cerenuela via clamav-users wrote:


I've been monitoring the clamd.log for my email server this past few weeks and 
I've seen errors like this everyday.
Sat Jul 24 19:28:27 2021 -> SelfCheck: Database modification detected. Forcing 
reload.
Sat Jul 24 19:28:27 2021 -> Reading databases from C:\ProgramData\.clamwin\db
Sat Jul 24 19:28:39 2021 -> ERROR: reload_th: Database load failed: Malformed 
database


Are you sure that you're using an up-to-date clamd version?  Clutching
at straws here, perhaps when you upgraded the daemon wasn't restarted?


...
ClamUpdateLog.txt says:
ClamAV update process started at Sat Jul 24 19:19:00 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.2 Recommended version: 0.103.3


Since you seem to be using ClamWin you will either have to live with
these warnings or use the Windows version from upstream.  Personally
after what I've seen of ClamWin I'd steer clear of it.  See comments
in the list archives for example:

https://lists.clamav.net/pipermail/clamav-users/2021-June/011286.html


daily database available for update (local version: 26241, remote version: 
26242)
Testing database: 
'C:\ProgramData\.clamwin\db\tmp.5c43b1ecb8\clamav-632317d6ea0ad37e91e81295e905073d.tmp-daily.cld'
 ...
Database test passed.
daily.cld updated (version: 26242, sigs: 1963537, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, 
builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, 
builder: awillia2)


Your update process seem to be working OK.  Here's my freshclam log
(on Linux!) for about that time, as you see the numbers all match:

Sat Jul 24 20:21:55 2021 -> Received signal: wake up
Sat Jul 24 20:21:55 2021 -> ClamAV update process started at Sat Jul 24 
20:21:55 2021
Sat Jul 24 20:21:56 2021 -> daily.cld database is up-to-date (version: 26242, 
sigs: 1963537, f-level: 90, builder: raynman)
Sat Jul 24 20:21:56 2021 -> main.cvd database is up-to-date (version: 61, sigs: 
6607162, f-level: 90, builder: sigmgr)
Sat Jul 24 20:21:56 2021 -> bytecode.cld database is up-to-date (version: 333, 
sigs: 92, f-level: 63, builder: awillia2)


Deleted daily.cld/main.cvd and downloaded with a new copy from
clamwin website.  After 24hrs of monitoring, the error occured again
after the update.  I'm not sure if this is normal or what.


I'm not sure what's normal for ClamWin.  Why not just use the official
sources and CDN?  In case it helps, if you check the MD5sum for the
main database it should be

8192d77d0032163244c7323a80d5f228

and I wouldn't expect that file to change for quite some time since
it's only very recently been updated.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] PORT CONECTION

[Matus UHLAR - fantomas]

On 26.07.21 18:41, Salamanca Spain via clamav-users wrote:

To receive updates from the official clamav servers, which outgoing port do
you recommend I enable to communicate from my server to the claimAV update
server?


this  should completely not matter.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Clamd.log ERROR: reload_th: Database load failed: Malformed

[Ashtec Cerenuela via clamav-users]

Hi,

I've been monitoring the clamd.log for my email server this past few weeks and 
I've seen errors like this everyday.
Sat Jul 24 19:28:27 2021 -> SelfCheck: Database modification detected. Forcing 
reload.
Sat Jul 24 19:28:27 2021 -> Reading databases from C:\ProgramData\.clamwin\db
Sat Jul 24 19:28:39 2021 -> ERROR: reload_th: Database load failed: Malformed 
database
Sat Jul 24 19:28:40 2021 -> WARNING: Database reload failed, keeping the 
previous instance
Sat Jul 24 19:38:40 2021 -> SelfCheck: Database status OK.
Sat Jul 24 19:48:40 2021 -> SelfCheck: Database status OK.
ClamUpdateLog.txt says:
ClamAV update process started at Sat Jul 24 19:19:00 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.2 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
daily database available for update (local version: 26241, remote version: 
26242)
Testing database: 
'C:\ProgramData\.clamwin\db\tmp.5c43b1ecb8\clamav-632317d6ea0ad37e91e81295e905073d.tmp-daily.cld'
 ...
Database test passed.
daily.cld updated (version: 26242, sigs: 1963537, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, 
builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, 
builder: awillia2)
--
ClamAV update process started at Sun Jul 25 16:36:47 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.2 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
daily database available for update (local version: 26242, remote version: 
26243)
Testing database: 
'C:\ProgramData\.clamwin\db\tmp.fb09daa860\clamav-7d3f7a7d0ecf2b67df3ef7ed1de0cc43.tmp-daily.cld'
 ...
Database test passed.
daily.cld updated (version: 26243, sigs: 1963769, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, 
builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, 
builder: awillia2)
Deleted daily.cld/main.cvd and downloaded with a new copy from clamwin website. 
After 24hrs of monitoring, the error occured again after the update. I'm not 
sure if this is normal or what.

clamd.log
Mon Jul 26 18:58:41 2021 -> SelfCheck: Database status OK.
Mon Jul 26 19:08:42 2021 -> SelfCheck: Database status OK.
Mon Jul 26 19:18:42 2021 -> SelfCheck: Database status OK.
Mon Jul 26 19:28:42 2021 -> SelfCheck: Database modification detected. Forcing 
reload.
Mon Jul 26 19:28:42 2021 -> Reading databases from C:\ProgramData\.clamwin\db
Mon Jul 26 19:28:55 2021 -> ERROR: reload_th: Database load failed: Malformed 
database
Mon Jul 26 19:28:56 2021 -> WARNING: Database reload failed, keeping the 
previous instance
clamUpdate logClamAV update process started at Mon Jul 26 19:19:00 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.2 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
daily database available for update (local version: 26243, remote version: 
26244)
Testing database: 
'C:\ProgramData\.clamwin\db\tmp.d9f25da0b7\clamav-014be9f588f4d9ebe492edad93a97db3.tmp-daily.cld'
 ...
Database test passed.
daily.cld updated (version: 26244, sigs: 1964055, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, 
builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, 
builder: awillia2)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml