Re: [clamav-users] [ext] Segfaults with database version 26908

2023-05-16 Thread Micah Snyder (micasnyd) via clamav-users 
The daily database has been updated to drop the offending signature.

We're still investigating to understand what may cause a crash. I was able to 
see in https://github.com/Cisco-Talos/clamav/issues/923 that the crash may 
occur at database load time, and not during a scan.  So that is a relief.

But we of course still want to find and fix the bug.  If anyone has any 
additional leads or a backtrace / call stack from GDB that would be very 
helpful.

Thanks all,

Micah



Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of Micah 
Snyder (micasnyd) via clamav-users 
Sent: Tuesday, May 16, 2023 1:09 PM
To: Ralf Hildebrandt via clamav-users 
Cc: Micah Snyder (micasnyd) 
Subject: Re: [clamav-users] [ext] Segfaults with database version 26908

All,

For those who experience the crashes - is this happening when scanning any 
specific files with this signature in the database? If so, can you please share 
that with me directly?

I see the same warning, but I haven't observed any crashes yet.  I will 
continue to debug and try to figure out what may cause a crash.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of 
Matthias Rieber 
Sent: Tuesday, May 16, 2023 5:50 AM
To: Ralf Hildebrandt via clamav-users 
Subject: Re: [clamav-users] [ext] Segfaults with database version 26908

Hello,

On Tue, 16 May 2023, Ralf Hildebrandt via clamav-users wrote:

>> As far as I can tell this happens in
>>
>> 0x7fdfd44c377d 
>>
>> We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye.
>>
>> Has anyone seen this, too?
>
> I've seen this with 1.1.0-1 as well. Maybe they're related to the
> "pattern issue" I posted a while ago

yes, it turns out that you can mitigate this issue when you whitelist
this signature:

$ echo "Win.Downloader.LNKAgent-10001628-0" > /var/lib/clamav/bad_sig.ign2

Regards,
Matthias

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] End of life (EOL) policy change, 0.103 one year extension, 0.105 past end of life

2023-05-16 Thread Micah Snyder (micasnyd) via clamav-users 
Hi Paul,

Unlike Java or C#, Rust does not have any additional runtime library 
requirement.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of Paul 
Kosinski via clamav-users 
Sent: Monday, May 8, 2023 5:01 PM
To: clamav-users@lists.clamav.net 
Cc: Paul Kosinski 
Subject: Re: [clamav-users] End of life (EOL) policy change, 0.103 one year 
extension, 0.105 past end of life

Micah,

Great decision!

I was worried about needing Rust on some of our systems. Not only for 
compiling, but doesn't Rust also need its own run time libraries?

I'm still trying to figure out how to move from iptables to nftables, so not 
having also to use Rust "immediately" is a relief.

(They claim nftables is better, but their automatic translator doesn't handle 
all of the options iptables supported. This is probably because it looks that 
they just arbitrarily dropped some matchers, like 'u32', from the underlying 
engine.)



On Mon, 8 May 2023 17:55:57 +
"Micah Snyder \(micasnyd\) via clamav-users"  
wrote:

> Read this online at 
> https://blog.clamav.net/2023/05/end-of-life-eol-policy-change-0103-one.htm
>
>
> End of life (EOL) policy change
> ClamAV is making a minor change to our EOL 
> policy.
>
> The original EOL policy stated that Long Term Support (LTS) versions will 
> lose access to signature updates on the same date that we end support for 
> additional patch versions.
>
> We are changing the policy to allow signature updates for at least one year 
> after we stop supporting the release with patch versions.
>
> 0.103 support extension
> We are also announcing a one-year extension of support for ClamAV 0.103 LTS.
>
> We decided to extend the life of the 0.103 LTS release because of the 
> significant changes to the build system in 0.104 and the change in 0.105 
> requiring the Rust programming language toolchain to compile ClamAV.
>
> The one-year support extension does not apply to future LTS releases.
>
> ClamAV 0.103.0 was initially released on Sept. 14, 2020. With the additional 
> year of support, and considering the change in the EOL Policy that allows one 
> additional year of access for signature updates, this means that EOL dates 
> for ClamAV 0.103 LTS are as follows:
>
>   *   Expected End of Life (EOL): Sept. 14, 2024
>   *   Patch versions continue until: Sept. 14, 2024
>   *   Internal signature load testing until: Sept. 14, 2024
>   *   Database downloads allowed until: Sept. 14, 2025
>
> 0.105 EOL
> Finally, we would like to remind everyone that as per the EOL Policy, the 
> release of ClamAV 1.1 heralds the end of patch versions supporting ClamAV 
> 0.105. There will no more patch versions for ClamAV 0.105.
>
> ClamAV 0.105 will continue to have access to signature updates for an 
> additional four months after the 1.1 release, which was on May 1, 2023. This 
> means that we may block 0.105 from further updates after Sept. 1, 2023.
>
> Posted by
> Micah Snyder  at 1:24 
> PM
>  [https://img1.blogblog.com/img/icon18_email.gif]  
> 
> Email 
> ThisBlogThis!Share
>  to 
> TwitterShare
>  to 
> FacebookShare
>  to 
> Pinterest
> Labels: 0.103, 
> 0.105, 
> eol, 
> LTS
>
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] LibClamAV Warning: Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0

2023-05-16 Thread Micah Snyder (micasnyd) via clamav-users 
It appears that this warning was added by accident while fixing a bug shortly 
before release and no one noticed in review.  We'll remove the warning in 1.1.1 
and 1.2.0.

Sorry for the confusion!

Regards,
Micah



Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of Ralf 
Hildebrandt via clamav-users 
Sent: Tuesday, May 16, 2023 1:08 AM
To: clamav-users@lists.clamav.net 
Cc: Ralf Hildebrandt 
Subject: [clamav-users] LibClamAV Warning: Don't know how to create filter for: 
Win.Downloader.LNKAgent-10001628-0

clamav-1.1.0-1:
===

May 16 10:00:23 de freshclam[864]: Tue May 16 10:00:23 2023 -> daily database 
available for update (local version: 26907, remote version: 26908)
May 16 10:00:23 de freshclam[864]: WARNING: Tue May 16 10:00:23 2023 ->  
*** RESULT 200, SIZE: 7213 ***

Why does an 200 return code ("OK") warrant a warning?

May 16 10:00:24 de freshclam[864]: Tue May 16 10:00:24 2023 -> Testing 
database: 
'/var/lib/clamav/tmp.c022cc91c3/clamav-9a70f6b397596656b8338e5caf1d6bc7.tmp-daily.cld'
 ...
May 16 10:00:27 de freshclam[816014]: Tue May 16 10:00:27 2023 -> [LibClamAV] 
Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0
May 16 10:00:27 de freshclam[816014]: Tue May 16 10:00:27 2023 -> [LibClamAV] 
cli_ac_addsig: cannot use filter for trie

Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0
sounds a bit worrying...

May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> Database test 
passed.

but alas, despite errors the Database test passed?

May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> daily.cld 
updated (version: 26908, sigs: 2034816, f-level: 90, builder: raynman)
May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> Clamd 
successfully notified about the update.
May 16 10:00:33 de clamd[686]: LibClamAV Warning: Don't know how to create 
filter for: Win.Downloader.LNKAgent-10001628-0
May 16 10:00:33 de clamd[686]: LibClamAV Warning: cli_ac_addsig: cannot use 
filter for trie

--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] [ext] Segfaults with database version 26908

2023-05-16 Thread Micah Snyder (micasnyd) via clamav-users 
All,

For those who experience the crashes - is this happening when scanning any 
specific files with this signature in the database? If so, can you please share 
that with me directly?

I see the same warning, but I haven't observed any crashes yet.  I will 
continue to debug and try to figure out what may cause a crash.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of 
Matthias Rieber 
Sent: Tuesday, May 16, 2023 5:50 AM
To: Ralf Hildebrandt via clamav-users 
Subject: Re: [clamav-users] [ext] Segfaults with database version 26908

Hello,

On Tue, 16 May 2023, Ralf Hildebrandt via clamav-users wrote:

>> As far as I can tell this happens in
>>
>> 0x7fdfd44c377d 
>>
>> We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye.
>>
>> Has anyone seen this, too?
>
> I've seen this with 1.1.0-1 as well. Maybe they're related to the
> "pattern issue" I posted a while ago

yes, it turns out that you can mitigate this issue when you whitelist
this signature:

$ echo "Win.Downloader.LNKAgent-10001628-0" > /var/lib/clamav/bad_sig.ign2

Regards,
Matthias

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Segfaults with database version 26908

2023-05-16 Thread Arjen de Korte via clamav-users 

Citeren David Raynor :


Based on these reports we've started a take-back of the signature, so it
will be dropped in the next daily CVD publish. We'll also analyze to see
why this signature is triggering that behavior on some platforms.


Here freshclam (1.1.0) does complain about this signature, but so far  
no crashes/segfaults.


May 16 09:35:35 mail systemd[1]: Starting Clam AntiVirus database updater...
May 16 09:35:35 mail freshclam[26095]: ClamAV update process started  
at Tue May 16 09:35:35 2023
May 16 09:35:35 mail freshclam[26095]: daily database available for  
update (local version: 26907, remote version: 26908)
May 16 09:35:37 mail freshclam[26095]: WARNING:  *** RESULT 200,  
SIZE: 7213 ***
May 16 09:35:38 mail freshclam[26095]: Testing database:  
'/var/lib/clamav/tmp.32a46b71ab/clamav-0ccde10ac58d6d6c5dd79c0318b41381.tmp-daily.cld'  
...
May 16 09:35:43 mail freshclam[26097]: [LibClamAV] Don't know how to  
create filter for: Win.Downloader.LNKAgent-10001628-0
May 16 09:35:43 mail freshclam[26097]: [LibClamAV] cli_ac_addsig:  
cannot use filter for trie

May 16 09:35:47 mail freshclam[26095]: Database test passed.
May 16 09:35:49 mail freshclam[26095]: daily.cld updated (version:  
26908, sigs: 2034816, f-level: 90, builder: raynman)
May 16 09:35:49 mail freshclam[26095]: main.cvd database is up-to-date  
(version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
May 16 09:35:49 mail freshclam[26095]: bytecode.cvd database is  
up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
May 16 09:35:49 mail clamd[934]: SelfCheck: Database modification  
detected. Forcing reload.

May 16 09:35:49 mail clamd[934]: Reading databases from /var/lib/clamav
May 16 09:35:49 mail freshclam[26095]: Clamd successfully notified  
about the update.

May 16 09:35:49 mail systemd[1]: freshclam.service: Deactivated successfully.
May 16 09:35:49 mail systemd[1]: Finished Clam AntiVirus database updater.
May 16 09:35:49 mail systemd[1]: freshclam.service: Consumed 10.503s CPU time.
May 16 09:36:17 mail clamd[934]: Database correctly reloaded (8666724  
signatures)

May 16 09:36:17 mail clamd[934]: Activating the newly loaded database...

Maybe relevant, freshclam runs through a systemd.timer (so it is never  
daemonized).



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Segfaults with database version 26908

2023-05-16 Thread David Raynor 
Based on these reports we've started a take-back of the signature, so it
will be dropped in the next daily CVD publish. We'll also analyze to see
why this signature is triggering that behavior on some platforms.

Dave R.

On Tue, May 16, 2023 at 2:53 PM Claudio Cuqui 
wrote:

> Same here..same version, but compiled from source directly..and
> the same strange message when clamd is restarted:
>
> Starting clamd daemon: LibClamAV Warning: Don't know how to create filter
> for: Win.Downloader.LNKAgent-10001628-0
> LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie
>
> Best Regards,
>
> Claudio Cuqui
> On 5/16/23 07:02, Matthias Rieber wrote:
>
> Hello List,
>
> since the update to version 26908 we observe a high amount of segfaults.
>
> As far as I can tell this happens in
>
> 0x7fdfd44c377d 
>
> We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye.
>
> Has anyone seen this, too?
>
> Best regards,
> Matthias
> ___
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>
> ___
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>


-- 
---
Dave Raynor
Talos Security Intelligence and Research Group
dray...@sourcefire.com
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Segfaults with database version 26908

2023-05-16 Thread seena--- via clamav-users 
Hi All,I have joined this list just know after see the reported issue  Clamd service keep crashing with the following error code  clamsmtp-clamd.service: main process exited, code=killed, status=11/SEGVKernel logs (dmesg) shows :clamd[4053]: segfault at 7f081a3530bf ip 7f0719f42960 sp 7f06b5d12980 error 4 in libclamav.so.9.0.5[7f0719f04000+1e9000]As per the above thread , we have tried to do the following , after this service is working fine. $ echo "Win.Downloader.LNKAgent-10001628-0" > /var/lib/clamav/bad_sig.ign2Would like to understand , how did you find this is the issue ?RegardsSeena
  


  On May 17 2023, at 12:22 am, Claudio Cuqui  wrote:
  


  
  

  
  
Same here..same version, but compiled from source
  directly..and the same strange message when clamd is
  restarted:
Starting clamd daemon: LibClamAV Warning: Don't know how to
  create filter for: Win.Downloader.LNKAgent-10001628-0
  LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie
Best Regards,
Claudio Cuqui

On 5/16/23 07:02, Matthias Rieber
  wrote:

Hello
  List,
  
  
  since the update to version 26908 we observe a high amount of
  segfaults.
  
  
  As far as I can tell this happens in
  
  
  0x7fdfd44c377d 
  
  
  We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye.
  
  
  Has anyone seen this, too?
  
  
  Best regards,
  
  Matthias
  
  ___
  
  
  Manage your clamav-users mailing list subscription / unsubscribe:
  
  https://lists.clamav.net/mailman/listinfo/clamav-users
  
  
  
  Help us build a comprehensive ClamAV guide:
  
  https://github.com/Cisco-Talos/clamav-documentation
  
  
  https://docs.clamav.net/#mailing-lists-and-chat
  

  
  



  ___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Segfaults with database version 26908

2023-05-16 Thread Claudio Cuqui 
Same here..same version, but compiled from source directly..and 
the same strange message when clamd is restarted:


Starting clamd daemon: LibClamAV Warning: Don't know how to create 
filter for: Win.Downloader.LNKAgent-10001628-0

LibClamAV Warning: cli_ac_addpatt: cannot use filter for trie

Best Regards,

Claudio Cuqui

On 5/16/23 07:02, Matthias Rieber wrote:

Hello List,

since the update to version 26908 we observe a high amount of segfaults.

As far as I can tell this happens in

0x7fdfd44c377d 

We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye.

Has anyone seen this, too?

Best regards,
Matthias
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] [ext] Segfaults with database version 26908

2023-05-16 Thread Matthias Rieber 

Hello,

On Tue, 16 May 2023, Ralf Hildebrandt via clamav-users wrote:


As far as I can tell this happens in

0x7fdfd44c377d 

We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye.

Has anyone seen this, too?


I've seen this with 1.1.0-1 as well. Maybe they're related to the
"pattern issue" I posted a while ago


yes, it turns out that you can mitigate this issue when you whitelist 
this signature:


$ echo "Win.Downloader.LNKAgent-10001628-0" > /var/lib/clamav/bad_sig.ign2

Regards,
Matthias

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] [ext] Segfaults with database version 26908

2023-05-16 Thread Michael Orlitzky via clamav-users 
On Tue, 2023-05-16 at 12:08 +0200, Ralf Hildebrandt via clamav-users
wrote:
> 
> > 
> > Has anyone seen this, too?
> 
> I've seen this with 1.1.0-1 as well. Maybe they're related to the
> "pattern issue" I posted a while ago 
> 

Me three.

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] [ext] Segfaults with database version 26908

2023-05-16 Thread Ralf Hildebrandt via clamav-users 
* Matthias Rieber :
> Hello List,
> 
> since the update to version 26908 we observe a high amount of segfaults.

Same here.

> As far as I can tell this happens in
> 
> 0x7fdfd44c377d 
> 
> We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye.
> 
> Has anyone seen this, too?

I've seen this with 1.1.0-1 as well. Maybe they're related to the
"pattern issue" I posted a while ago 

-- 
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Segfaults with database version 26908

2023-05-16 Thread Matthias Rieber 

Hello List,

since the update to version 26908 we observe a high amount of segfaults.

As far as I can tell this happens in

0x7fdfd44c377d 

We use version 0.103.8+dfsg-0+deb11u1 on debian bullseye.

Has anyone seen this, too?

Best regards,
Matthias
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] LibClamAV Warning: Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0

2023-05-16 Thread Ralf Hildebrandt via clamav-users 
clamav-1.1.0-1:
===

May 16 10:00:23 de freshclam[864]: Tue May 16 10:00:23 2023 -> daily database 
available for update (local version: 26907, remote version: 26908)
May 16 10:00:23 de freshclam[864]: WARNING: Tue May 16 10:00:23 2023 ->  
*** RESULT 200, SIZE: 7213 ***

Why does an 200 return code ("OK") warrant a warning?

May 16 10:00:24 de freshclam[864]: Tue May 16 10:00:24 2023 -> Testing 
database: 
'/var/lib/clamav/tmp.c022cc91c3/clamav-9a70f6b397596656b8338e5caf1d6bc7.tmp-daily.cld'
 ...
May 16 10:00:27 de freshclam[816014]: Tue May 16 10:00:27 2023 -> [LibClamAV] 
Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0
May 16 10:00:27 de freshclam[816014]: Tue May 16 10:00:27 2023 -> [LibClamAV] 
cli_ac_addsig: cannot use filter for trie

Don't know how to create filter for: Win.Downloader.LNKAgent-10001628-0
sounds a bit worrying...

May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> Database test 
passed.

but alas, despite errors the Database test passed?

May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> daily.cld 
updated (version: 26908, sigs: 2034816, f-level: 90, builder: raynman)
May 16 10:00:29 de freshclam[864]: Tue May 16 10:00:29 2023 -> Clamd 
successfully notified about the update.
May 16 10:00:33 de clamd[686]: LibClamAV Warning: Don't know how to create 
filter for: Win.Downloader.LNKAgent-10001628-0
May 16 10:00:33 de clamd[686]: LibClamAV Warning: cli_ac_addsig: cannot use 
filter for trie

-- 
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
ralf.hildebra...@charite.de
https://www.charite.de
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat