[clamav-users] ClamAV & Fedora 37 - Long Initialization Time at Boot
Hello, all. Running a recently-upgraded Fedora 37 server image, and I’ve noticed that the clamd@scan.service is taking about a minute to get running after a reboot. My boot times before were less than a minute, but now that service is really struggling (by eventually succeeds) to get started. The systemd-analyze critical-chain command gives me this: multi-user.target @1min 17.914s └─clamd@scan.service @20.838s +57.075s └─nss-lookup.target @20.826s └─named.service @17.367s +3.456s └─network.target @17.284s └─NetworkManager.service @16.337s +945ms └─network-pre.target @16.325s └─firewalld.service @12.114s +4.206s └─polkit.service @18.836s +1.207s └─basic.target @11.876s └─dbus-broker.service @11.115s +756ms └─dbus.socket @11.048s └─sysinit.target @11.020s └─systemd-resolved.service @10.499s +520ms └─systemd-tmpfiles-setup.service @10.123s +354ms └─local-fs.target @10.010s └─run-snapd-ns-tautulli.mnt.mount @32.737s └─run-snapd-ns.mount @32.106s └─local-fs-pre.target @8.406s └─lvm2-monitor.service @4.955s +3.449s └─dm-event.socket @4.899s └─system.slice └─-.slice So, while I get that networking is taking about 21 seconds to be available, I’m not sure why just upgrading to F37 would have changed what’s happening there. I’ve not changed anything about my ClamAV configuration from before the upgrade. Has anyone else run into this, or any other thoughts? These are the packages I’m currently running: clamav.x86_640.103.7-3.fc37 @updatesclamav-data.noarch 0.103.7-3.fc37 @updatesclamav-filesystem.noarch 0.103.7-3.fc37@updatesclamav-lib.x86_64 0.103.7-3.fc37 @updatesclamav-update.x86_64 0.103.7-3.fc37@updatesclamd.x86_64 0.103.7-3.fc37 @updates ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Subject: behaviour of clamAV with password protected pdf file.
Compared to the following, encrypted PDFs are a very minor issue (in my
opinion).
Most websites these days use HTTPS ("for security"), and make extensive use of
Javascript (find a site that doesn't). This means that browsers are always
executing code that can't be scanned (at least by ClamAV).
This flies in the face of the advice that we used to get in the days of DOS and
early Windows -- don't download and execute code from random sources. Yet
modern websites tend to pull Javascript from all over (as can be seen if you
use NoScript). This is especially problematic with financial sites. (Do they
screen their Javascript partners?)
I still use HAVP (which uses the ClamAV library), but it doesn't do anything
really useful with HTTPS traffic. HTTPS traffic is like an endless stream of
encrypted PDFs -- PDFs can optionally execute code, but Javascript always does.
I presume that some kind of browser modification could be devised to scan
Javascript, but Firefox (for one) made that much more difficult when they
radically changed their internal architecture a few years ago (partly for
"security", they say).
On Tue, 14 Feb 2023 13:49:48 +0700
Olivier via clamav-users wrote:
> > Hi team ,
> > We are using clamAVClient for scanning pdf and xlsx files in our Java
> > program. We came across the query,
> > does clamAV scan password protected pdf file or not? If yes ,
> > how we can restrict it? Kindly suggest. Best regards, Nahin Bagwan
>
> How do you expect ClamAV to know the password to decode the encrypted
> files?
>
> No it does not because it cannot.
>
> If you are concerned that encrypted files could be a security,
> quarantine these emails.
>
> Best regards,
>
> Olivier
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
