Re: [clamav-users] Anyone else having trouble reaching the ClamAV website?

[Paul Kosinski via clamav-users]

I occasionally see a similar message from sites other than clamav.net saying 
something equivalent to Cloudflare's "review the security of your connection".

The phrasing is pure gaslighting. It isn't for *connection* security -- HTTPS 
provides *that*. What it really means is that the site is trying to search your 
computer by running some Javascript (which I block by default via NoScript, 
thus causing the message). They assume, probably correctly, that most visitors 
will think it's for *their* benefit  After all, security is good, isn't it? 

Why can't Cloudflare et al be honest and say that they're trying to avoid 
Denial of Service attacks and other bandwidth overload?

  

On Thu, 5 Jan 2023 10:18:38 -0500
Kris Deugau  wrote:

> I went to load a semi-bookmarked page for signature writing 
> (https://docs.clamav.net/manual/Signatures.html), but it failed and kept 
> reloading Cloudflare's "security check" voodoo.
> 
> (Side question to pass up the chain at Cisco/Talos - is there a knob 
> that can be twisted somewhere to force that check to run exactly once, 
> then stop?  I can't imagine any scenario where running it over and over 
> and over has any benefit to anyone.  [And for bonus points, display an 
> error message that gives some sliver of a hint what 
> beyond-the-bleeding-edge headacheware the site or its security provider 
> insist on relying on this week.])
> 
> I then tried to load the main site, https://www.clamav.net, which also 
> went into the same loop.
> 
> I usually use Seamonkey (all-in-one Mozilla suite).  I tried Konqueror 
> which seemed to load things up fine.
> 
> Since starting to write this and putting it aside, I've come across a 
> small handful of other sites with the same issue, including one case 
> where the base site triggered the issue but a directory under the base 
> site did not.  Since I'm *not* seeing it across a large number of sites, 
> it's pretty clearly some specific security option in Cloudflare causing 
> the failure.
> 
> -kgd
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Testing for Big Endian Architectures

[Scott Kitterman via clamav-users]

On Thursday, January 5, 2023 8:51:27 AM EST Scott Kitterman via clamav-users 
wrote:
> We finally have Clamav 1.0.0 in Debian Unstable.
> 
> Unfortunately, unit tests fail on all big endian archs (shown in the PowerPC
> build log [1] - it's the same tests failing on all of them).  Does upstream
> testing include big endian?
> 
> Does anyone have suggestions on how to fix it?  I have access to hardware to
> test fixes if there are patches.
> 
> Scott K
> 
> [1]
> https://buildd.debian.org/status/fetch.php?pkg=clamav=powerpc=1.0.
> 0%2Bdfsg-4=1672878929=0

My Debian collaborator Sebastian Siewior confirmed there are endianness issues 
in libclamav/pe.c.  We have a patch we're testing which we will submit 
upstream to fix this.

Scott K

signature.asc
Description: This is a digitally signed message part.
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat