Re: [clamav-users] Custom Database Match Priority

Nathan, The scanning functions inside libclamav run in a certain order, and once it detects an infection inside a file it short-circuits further scanning. For example, smaller offsets are checked before larger offsets. There is no way to change the order by changing configuration. Dave R. --

Re: [clamav-users] Identifying safebrowsing domains

The safebrowsing feature of ClamAV uses a separate domain list and whitelist from the other signatures. The blacklisted domains are stored in .pdb files, and the whitelist is stored in .wdb files. These process domains from URLs instead of virus signatures, so that's why trying to use your local

Re: [clamav-users] Can't create temporary directory ERROR

On Fri, Jun 15, 2012 at 2:42 PM, Daniel McDonald dan.mcdon...@austinenergy.com wrote: I just upgraded to clamav 0.97.5, and I am getting the following error: $ grep amavis-20120615T112026-02578/parts/p002 /var/log/clamav/clamd.log Fri Jun 15 11:22:06 2012 -

Re: [clamav-users] Can't create temporary directory ERROR

On Mon, Jun 18, 2012 at 1:08 PM, Bill Landry b...@inetmsg.com wrote: On 6/18/2012 8:01 AM, David Raynor wrote: On Fri, Jun 15, 2012 at 2:42 PM, Daniel McDonald dan.mcdon...@austinenergy.com wrote: I just upgraded to clamav 0.97.5, and I am getting the following error: $ grep amavis

Re: [clamav-users] clamav network mode setup

On Thu, Jul 5, 2012 at 2:24 PM, Tom Goerger t...@umn.edu wrote: The error is coming from the client side. I've verified that the clamd instance on the server is up and running on the TCP port for the server address, rather than localhost, and running on the correct port. From the log file

Re: [clamav-users] R: Reduced space in directory /var/lib/clamav

On Tue, Aug 7, 2012 at 3:49 PM, Stefano Tiberi s.tib...@traitorrforwarding.com wrote: I don't know where is the problem, I see there are a lot of sub-directories like these: clamav-52fdc32f7bca6eb1f11f81240d68e24a clamav-a89967f4619ac472cd996c667d22cf7e

Re: [clamav-users] Clamav update problem

On Mon, Aug 13, 2012 at 5:53 AM, Ильяс Досхожаев teriyaki...@mail.ruwrote: i updated clamav to last 0.97.5 on debian , nevertheless it show error #freshclam ClamAV update process started at Mon Aug 13 15:49:41 2012 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version:

Re: [clamav-users] Scanning image files with embedded malware

On Mon, Aug 13, 2012 at 4:28 PM, Maarten Broekman mbroek...@maileig.comwrote: All, I've been struggling with this particular issue for some time and I took a look at the recent git commits, but I'm not sure if this issue is covered by the fix for BB#5409 (I don't have access

Re: [clamav-users] Is there any way for clamscan to only print infected files but also show errors?

On Tue, Aug 14, 2012 at 10:25 AM, carlo.dico...@dfs.ny.gov wrote: I don't want to list every file clamscan checks (because there are many). When I use the -i option to only print infected files, my scan summary results indicate there were errors. However, the errors are not reported because

Re: [clamav-users] Do I have a disaster?

On Wed, Aug 15, 2012 at 1:11 PM, Chuck Swiger cswi...@mac.com wrote: On Aug 15, 2012, at 7:55 AM, Gene Heskett wrote: Greets all; I got one of those emails from what looked like the IRS yesterday, but the .doc file it linked to was .htm and supposedly infected my machine with either

Re: [clamav-users] Clamav update problem

On Thu, Aug 16, 2012 at 12:52 AM, Ильяс Досхожаев teriyaki...@mail.ruwrote: 1) i have updated client machine to dpkg -l | grep clamav ii clamav 0.97.5+dfsg-3~squeeze1 anti-virus utility for Unix - command-line interface ii clamav-base 0.97.5+dfsg-3~squeeze1 anti-virus utility for Unix - base

Re: [clamav-users] Anomaly Detected by OSSEC

On Tue, Aug 21, 2012 at 6:25 AM, teres vir teres@gmail.com wrote: Hi, For me, OSSEC is continuously triggering the following alert message when it is doing its daily rootkit checks : OSSEC HIDS Notification. 2012 Aug 19 04:33:47 Received From: (web-agent) 192.168.0.115-rootcheck

Re: [clamav-users] Time out under load

On Wed, Aug 22, 2012 at 10:14 AM, Binole, Bill bbin...@medplus.com wrote: We are seeing this error ERROR: ScanStream 31310: accept timeout. in our clamd log when we test calmd with a load. The failures happen when we have 10 simultaneous connections to clamd. We are stream scanning and are

Re: [clamav-users] Generating signatures for malware

On Wed, Aug 29, 2012 at 10:29 AM, Michael Orlitzky mich...@orlitzky.comwrote: On 08/29/2012 09:46 AM, Maarten Broekman wrote: -Original Message- Despite the statement of your objective it isn't clear to me what you think you're going to achieve. My expectation would be a very

Re: [clamav-users] What is the maximum file size ClamAV supports ??

On Fri, Sep 14, 2012 at 8:59 AM, Siranjeevi siranjee...@gmail.com wrote: Hi All, I changed the items in clamd.conf MaxScanSize = 157286400 MaxFileSize = 104857600 But Still, the changes are not reflected in clamscan. I couldn't scan large files which is of 75MB in size. clamscan

Re: [clamav-users] Clamav unable to detect trojan virus exe

On Fri, Sep 14, 2012 at 1:36 AM, gaurav singh gaurav.the.iiit...@gmail.comwrote: I have clamav with latest virus database on Ubuntu. When i try to scan a .exe file which is basically a trojan(detected by other anti-virus on Windows), it just passes as OK. Message with clamscan --debug logs

Re: [clamav-users] Problem compiling clamav-0.97.6 on Solaris 10

On Mon, Sep 17, 2012 at 5:02 PM, Christopher X. Candreva ch...@westnet.comwrote: Solaris 10, gcc 4.6.3, Program.cc gives the folloing errors: .. CXXProgram.lo In file included from llvm/lib/System/Unix/Program.inc:34:0, from llvm/lib/System/Program.cpp:52:

Re: [clamav-users] Problem compiling clamav-0.97.6 on Solaris 10

On Tue, Sep 18, 2012 at 4:07 PM, Peter Bonivart boniv...@opencsw.orgwrote: On Tue, Sep 18, 2012 at 4:47 PM, David Raynor dray...@sourcefire.com wrote: This error message is because of a gcc bug, specific to gcc version 4.6 on Solaris 10 (gcc bug 49347). That is fixed in gcc 4.7. I can

Re: [clamav-users] ClamAV is not detecting virus

On Tue, Sep 25, 2012 at 10:03 AM, Siranjeevi siranjee...@gmail.com wrote: As i mentioned in my previous mail the same here. I have tried with both clamscan and clamdscan. Both giving output as OK. I have added the eicar_com zip file inside a rar file. When i scan it with clamav it is passing

Re: [clamav-users] ClamAV is not detecting virus

On Thu, Sep 27, 2012 at 1:59 AM, Siranjeevi siranjee...@gmail.com wrote: @Paul Enlund : I have installed it thru yum( Reference link: http://solutionsfox.com/2011/04/install-clamav-on-redhat-or-centos/). I am using cent OS 5.5 @Dave R: Also, have you run the standard unit tests? - I

Re: [clamav-users] [Clamav-users] Clamscan detected a UNIX.Exploit.CVE_2010_3301

On Mon, Oct 22, 2012 at 4:35 AM, Christoph Mitasch cmita...@thomas-krenn.com wrote: Hello, I have the same problem since a few days. When I try to submit it as False Positive, it says it is not recognized by ClamAV. http://www.clamav.net/lang/en/sendvirus/submit-fp/ But on the

Re: [clamav-users] strange Can't create temporary directory ERROR

On Wed, Nov 7, 2012 at 3:20 AM, Philipp Schwaha phil...@schwaha.net wrote: hi everybody! I recently set up a combination of exim and clamav which was working very nicely until clamav seemingly started to choke. Switching debugging on I obtained the following: Wed Nov 7 01:52:06 2012 -

Re: [clamav-users] Signature matching algorithm

On Mon, Nov 12, 2012 at 3:05 AM, zahra tabari free_kab_b...@yahoo.comwrote: Dear Member List, I have faced with an anti virus project which uses Clam signatures. It uses Aho-Corasick algorithm for signature matching. I want to apply a replacement for Aho-Corasick algorithm, which has a

Re: [clamav-users] missed virus

On Thu, Nov 15, 2012 at 4:25 PM, McGranahan, Jamen jamen.mcgrana...@vanderbilt.edu wrote: OK, I'm stumped as to why clamav-milter did not catch this virus. It was from this address, being masked as from UPS: rowanhorst...@live.camailto:rowanhorst...@live.ca, masked as

Re: [clamav-users] safebrowsing.vsd not being updated since Friday 16th

On Tue, Nov 20, 2012 at 4:45 AM, Dave Willows spexa...@gmail.com wrote: Hi Guys, It seems that the safebrowsing.cvd has not been updated since Friday. is this a known issue? 24172680 Nov 16 10:02 safebrowsing.cvd ClamAV-VDB:15 Nov 2012 22-00 -0500:40001:1292217:63:X:X:google:1353034815

Re: [clamav-users] Local ClamAV DB mirror, clients fail to update...

On Tue, Nov 20, 2012 at 3:07 PM, Greg Folkert g...@donor.com wrote: Warning, this is longer than I intended. and updates.blah.com is a replacement for my real machine name. I am trying to use a local ClamAV-DB mirror, I've put in place the clamdownloader.pl, which works a treat, once I added

Re: [clamav-users] Local ClamAV DB mirror, clients fail to update...

On Tue, Nov 20, 2012 at 6:59 PM, Al Varnell alvarn...@mac.com wrote: On 11/20/12 2:11 PM, Greg Folkert wrote: how can i remove a bad mirror that is actually a good mirror now. without obliterating the mirrors.dat file? I've been advising users to trash mirrors.dat, but if you feel you

Re: [clamav-users] [Clamav-users] clamav no timestamp in the logs

On Thu, Dec 6, 2012 at 10:04 AM, Bowie Bailey bowie_bai...@buc.com wrote: On 12/6/2012 7:28 AM, franckm wrote: With clamdscan, it still does not show timestamps (see below) The default config (/etc/clamd.conf) is to no show LogTimes. I have changed that (LogTime yes). Is there anything I

Re: [clamav-users] False Positive for BC.Exploit.CVE_2012_1885-1

It is not the CVD files. The versions you list are the same versions as we have up to date [and the daily.cvd is 15708]. I'd wager there is some kind of non-default scan option that is changing the results. So let's try the easiest one first: how big is the file? If you have raised it past the

Re: [clamav-users] Mirror 217.173.238.34 outdated signatures

On Wed, Dec 12, 2012 at 4:48 AM, Al Varnell alvarn...@mac.com wrote: On 12/12/12 1:14 AM, Jake Bowl wrote: We have detected that ClamAV mirror 217.173.238.34 has outdated signatures (version 15577). I suspect they already know from the status of ClamAV® Database mirrors page

Re: [clamav-users] Trojan.SMSSend.3666 (Dr. Web)

On Thu, Dec 13, 2012 at 2:03 AM, Al Varnell alvarn...@mac.com wrote: Looks like Dr. Web finally got around to uploading Trojan.SMSSend.3666 to VirusTotal here https://www.virustotal.com/file/0e8269e425123e3b9a8c7adc94fa5ba5e60f934db3e b61f43eeebeb40ad21654/analysis/. Dr. Web's write-up is

Re: [clamav-users] clamfi_eom: FD send failed: Broken pipe

On Fri, Dec 28, 2012 at 9:50 AM, McGranahan, Jamen jamen.mcgrana...@vanderbilt.edu wrote: I'm not sure why we are getting this error, but on all four RedHat servers (RedHat 5 x86_64) we have Clamd/ClamAV running, we are seeing these errors in the clamav-milter.log - once every minute: Fri

Re: [clamav-users] Clam crashed sendmail

On Fri, Jan 4, 2013 at 10:46 AM, McGranahan, Jamen jamen.mcgrana...@vanderbilt.edu wrote: OK, a couple of weeks ago, I send out an email to the group about the various errors clamd/clamav-milter were displaying. Well, today clam crashed sendmail on all of our servers running it so I have had

Re: [clamav-users] Question on clamAV signatures

On Wed, Jan 23, 2013 at 9:56 PM, Al Varnell alvarn...@mac.com wrote: On 1/23/13 5:52 PM, Kaushik Vaidyanathan wrote: I had a couple of basic questions: a) Of the different signature formats in the cvd file(like mdb, ldb, ndb) which format does clamav use? Does it pick a format(ldb, mdb,

Re: [clamav-users] AC/BM signatures in debug mode

On Mon, Feb 25, 2013 at 4:47 PM, Kaushik Vaidyanathan kvaid...@andrew.cmu.edu wrote: Hi I have a basic question. When I run clamscan with --debug option I see that #AC sigs and #BM sigs reported for the different engines clamscan spawns. If I add the AC and BM for all engines its somewhere

Re: [clamav-users] ClamAV 0.97.7 has been released!

Small typo, but you are right. We can correct it so it's fixed going forward. Dave R. On Fri, Mar 15, 2013 at 2:25 PM, Mark E. Mallett m...@mv.mv.com wrote: The year in the date on the most recent ChangeLog entry seems to be wrong. -mm- (yes, that's my entire contribution)

Re: [clamav-users] duplicate clamd processes

On Sun, Mar 17, 2013 at 3:21 AM, Christian Salway ccsal...@itmanx.comwrote: Thanks for getting back to me, Jim. Its just one core. The server is an Amazon EC2 micro instance server. Christian -Original Message- From: Jim Preston jimli...@commspeed.net Sender:

Re: [clamav-users] Client disconnected while scanjob was active

On Fri, Mar 22, 2013 at 1:11 PM, Ben Stuyts b...@altesco.nl wrote: Hi, I was using clamscan for daily scanning of our user's home directories, but it was getting too slow with scan times of up to 6 hours. Therefor I'm testing clamdscan and using multiple threads to scan. (cmd line is

Re: [clamav-users] http://blog.clamav.net/2013/02/resolving-issues-with-freshclam.html

On Sun, Mar 24, 2013 at 10:22 AM, Benny Pedersen m...@junc.eu wrote: daily.cvd is still here on 63 after doing this fix note that the url says 73, so is it fixed now ? __**_ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net

Re: [clamav-users] Clamav gets Permission denied when scanning for Maia mailguard

On Thu, Apr 25, 2013 at 4:41 PM, Kim Johansen c...@weiser.dk wrote: Hey, I am setting up a Maia mailguard system with ClamAV for virus scanning. I'm getting these in my logfile: clamav.log Thu Apr 18 18:13:40 2013 - WARNING: lstat() failed on:

Re: [clamav-users] clamscan produces output to --log=FILE when --quiet, --no-summary and --infected are specified

On Thu, Jun 27, 2013 at 2:14 PM, Trevor Cooper tcoo...@ucsd.edu wrote: I'm writing an automated daily scan script and I can't seem to get NO output from clamscan if/when nothing of interest is found. For example, executing with... $CLAMSCAN_BIN --quiet --no-summary --infected --stdout

Re: [clamav-users] clamd taking too long to restart?

I've done some analysis of ClamAV with just this signature set, and the loading is simply slowing down as it runs through the list. This is mainly because of the significant amounts of overlap at the beginnings of these strings and the length thereafter. The slowdown is occurring even before the

Re: [clamav-users] clamd taking too long to restart?

On Wed, Aug 14, 2013 at 5:48 PM, Dennis Peterson denni...@inetnw.comwrote: On 8/14/13 2:23:28PM, David Raynor wrote: I'll look a bit more at how we are loading the interim signature state and see what else we could do with the sorting. Meanwhile, this is a change you could put

Re: [clamav-users] freshclam failed this morning

On Sun, Aug 18, 2013 at 4:04 AM, Gene Heskett ghesk...@wdtv.com wrote: With this single error line. ERROR: This tool requires libclamav with functionality level 69 or higher (current f-level: 68) Fix coming? I'm on 10.04.4 LTS Ubuntu. Cheers, Gene -- There are four boxes to be used in

Re: [clamav-users] freshclam failed this morning

On Mon, Aug 19, 2013 at 11:19 AM, Gene Heskett ghesk...@wdtv.com wrote: On Monday 19 August 2013 11:17:46 David Raynor did opine: On Sun, Aug 18, 2013 at 4:04 AM, Gene Heskett ghesk...@wdtv.com wrote: With this single error line. ERROR: This tool requires libclamav with functionality

Re: [clamav-users] regex to skip certain files

On Tue, Sep 3, 2013 at 5:57 PM, monte olvera olve...@gmail.com wrote: I'm running clamav 0.97.3 (I know it's old, working on that) on Linux. I want to exclude files (via clamd) based on a regex and can't seem to figure out how. I can ignore paths just fine (ExcludePath ^/tmp) but I want to

Re: [clamav-users] scanning RPMs with clamav

On Wed, Sep 25, 2013 at 10:57 AM, ScrumpyJack scrumpyj...@me.com wrote: I have been trying to scan RPM files with clamav without success. clamscan file.rpm shows nothing. If I unpack the cpio from the RPM and scan the extracted cpio, I get a hit on a virus (as expected). Is clamav capable

Re: [clamav-users] Fwd: Fanotify howto

On Thu, Sep 26, 2013 at 7:40 AM, Frans de Boer fr...@fransdb.nl wrote: So far no reaction, try again Original Message Hi, does anybody knows how to enable and configure interaction with the fanotify? The new clamd.conf files still has the long defunct clamuko

Re: [clamav-users] 0.98 / LibClamAV Warning Error

On Sun, Sep 29, 2013 at 6:16 AM, McGranahan, Jamen jamen.mcgrana...@vanderbilt.edu wrote: I'm using Clam 0.98 on RedHat 5 servers and since upgrading to 0.98, I am seeing the following when trying to run a clamscan: LibClamAV Warning: SWF: Invalid tag length LibClamAV Error: cli_scanswf:

Re: [clamav-users] libclamav could not verify database (SPARCv8 cpu)

It may be something platform-specific. Please open a bugzilla bug at bugzilla.clamav.net. If you can attach the config.log files from both 0.97.8 and 0.98 then we can take a closer look from there. Dave R. On Sun, Sep 29, 2013 at 10:00 AM, Ari Sovijärvi listat2...@apz.fi wrote: Note that

Re: [clamav-users] ClamAV on small memory computers

On Sun, Sep 29, 2013 at 5:01 AM, Boszormenyi Zoltan zbos...@pr.hu wrote: 2013-09-29 10:26 keltezéssel, Boszormenyi Zoltan írta: 2013-09-29 04:26 keltezéssel, Benny Pedersen írta: Is is possible to make ClamAV use less memory perhaps by repetitive scanning with a smaller subset of the

Re: [clamav-users] ClamAV on small memory computers

On Mon, Sep 30, 2013 at 2:02 PM, Boszormenyi Zoltan zbos...@pr.hu wrote: 2013-09-30 17:58 keltezéssel, David Raynor írta: Zoltán, Your idea of breaking the signature set into chunks to do repeated scans is a workable idea. It would require a few moving parts outside of ClamAV. I cannot

Re: [clamav-users] clamav-0.98 in AIX: make, libclamav/asn1.c failed to compile

On Tue, Oct 1, 2013 at 11:47 AM, Zvi Kave tz...@razlee.com wrote: I hope that someone can help. I got the following error on make of clamav-0.98 in AIX: CC libclamav_la-version.lo CC libclamav_la-asn1.lo asn1.c: In function `asn1_get_time': asn1.c:293: error: storage

Re: [clamav-users] clamav-0.98 in AIX: make, libclamav/asn1.c failed to compile

On Tue, Oct 1, 2013 at 2:31 PM, David Raynor dray...@sourcefire.com wrote: On Tue, Oct 1, 2013 at 11:47 AM, Zvi Kave tz...@razlee.com wrote: I hope that someone can help. I got the following error on make of clamav-0.98 in AIX: CC libclamav_la-version.lo CC libclamav_la

Re: [clamav-users] Fwd: Re: clamav-0.98 in AIX: make, libclamav/asn1.c failed to compile

it as case 9054 in ClamAV bugzilla, but now I do not know how to delete or close it there as solved. Best regards, Zvi On 01/10/13 21:37, David Raynor wrote: On Tue, Oct 1, 2013 at 2:31 PM, David Raynor dray...@sourcefire.com dray...@sourcefire.com wrote: On Tue, Oct 1, 2013 at 11:47 AM

Re: [clamav-users] 0.98 / LibClamAV Warning Error

McGranahan Systems Services Librarian Vanderbilt University Library -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto: clamav-users-boun...@lists.clamav.net] On Behalf Of David Raynor Sent: Monday, September 30, 2013 8:17 AM To: ClamAV users ML Subject: Re: [clamav

Re: [clamav-users] make install with no data files

On Mon, Sep 30, 2013 at 2:43 PM, Eric Shubert e...@shubes.net wrote: The data files were omitted from the source tarball beginning with version 0.97.5. I thought that made sense. Now with 0.98 they appear to be back. Is there any easy/preferred way to make install (or configure) without

Re: [clamav-users] heuristic

Sebastian, Al's answer is on the right track. The Heuristic.Broken.Executable alert is only appearing because your scan has the detect-broken flag enabled, and the scan is detecting what appears to be a broken executable inside that jar file. Scans of the file without that flag enabled must be

Re: [clamav-users] make install with no data files

On Tue, Oct 8, 2013 at 9:47 PM, Eric Shubert e...@shubes.net wrote: On 10/04/2013 05:30 PM, Al Varnell wrote: On Oct 3, 2013, at 12:49 PM, Eric Shubert e...@shubes.net wrote: On 09/30/2013 11:43 AM, Eric Shubert wrote: The data files were omitted from the source tarball beginning with

Re: [clamav-users] Error build clamav 0.98

On Fri, Nov 8, 2013 at 8:42 AM, Константин Белозеров codingu...@gmail.comwrote: *** *** clamd did not detect all testfiles correctly! *** SKIP: check5_clamd_vg.sh (exit: 77) === *** valgrind not found, skipping test SKIP: check6_clamd_vg.sh (exit: 77)

Re: [clamav-users] Errore aggiornamento clamav

On Fri, Nov 8, 2013 at 10:57 AM, xxdiskoxx2011 . diskorem...@gmail.comwrote: /etc/cron.daily/freshclam: ERROR: Parse error at line 17: Unknown option UpdateLogFile ERROR: NotifyClamd: Can't find or parse configuration file /etc/clamd.conf ___ Help

Re: [clamav-users] Errore aggiornamento clamav

On Fri, Nov 8, 2013 at 1:07 PM, xxdiskoxx2011 . diskorem...@gmail.comwrote: I had installed clamav from repo centos 6. I have not found the file clamav.conf. this file does not exist. I found freshclam.conf. explain to me how I have to make those changes Il 08/nov/2013 17:58 David Raynor dray

Re: [clamav-users] How is Worm.Bagle.H-zippwd-1 detected? (was: sigwhitelist.ign2 whitelist not working)

On Tue, Nov 12, 2013 at 7:14 AM, Andreas Schulze andreas.schu...@datev.dewrote: Am 12.11.2013 12:59 schrieb Andreas Schulze: I found a fantastic fact! +1 other samplemessage: $ clamdscan falsepositive falsepositive.ok /tmp/falsepositive: Worm.Bagle.H-zippwd-1 FOUND /tmp/falsepositive.ok:

Re: [clamav-users] LibClamAV Warning: fmap_unneed: unneed on a unlocked page LibClamAV Warning: fmap_unneed: unneed on a unlocked page

This warning is related to file map handling. This message will appear when ClamAV tried to unlock the wrong locked page of the file map. It is a temporary issue, since the page will be unlocked when the file is closed and map is unmapped anyway. There is one known issue that can lead to this

Re: [clamav-users] Hourly warning from autoclam-hourly script

On Wed, Dec 11, 2013 at 10:30 AM, Anthony Magrone anthonymagr...@hamlinandburton.com wrote: I am running the latest release of ClamAV on CentOS 6.4. The script /opt/server-config/nfs-server/scripts/autoclam-hourly is sending an email with the message LibClamAV Warning: cli_tnef: file

Re: [clamav-users] 0.98-exp / LibClamAV Warning

On Mon, Dec 23, 2013 at 9:08 AM, gin(e) g...@riseup.net wrote: Hi, i am new here. I refer my email to this thread: http://lurker.clamav.net/message/20130929.101600.e8530842.en.html I got a similar warning message of Jamen McGranahan on every scan that cron run. And i like to understand

Re: [clamav-users] 0.98-exp / LibClamAV Warning

On Mon, Dec 23, 2013 at 11:23 AM, gin(e) g...@riseup.net wrote: On 12/23/2013 04:55 PM, David Raynor wrote: ClamAV is scanning the Flash file and is finding a tag that has a length that is too long for the file. This would most commonly occur if file is truncated. yes, it's written here

Re: [clamav-users] the relationship between offset(signature in main.mdb) and time(signature be added to main.mdb)

On Mon, Dec 30, 2013 at 9:47 AM, 黄海涛 hht...@126.com wrote: Is it rigth that the signature whose offset is farther is newer in main.mdb (mian.cvd) or daily.mdb(daily.cvd)? ___ Help us build a comprehensive ClamAV guide:

Re: [clamav-users] Clamd ERROR: On-access scan is not available

On Thu, Jan 2, 2014 at 4:24 AM, lowcheek...@stee.stengg.com wrote: Actually, it is right inside the clamav-0.97.4.tar.gz source file, which I had downloaded from clamav.net. Path is: \clamav-0.97.4\clamd\dazukoio.c - Message from alvarn...@mac.com - Date: Thu, 02 Jan

Re: [clamav-users] File exclusion

On Mon, Jan 20, 2014 at 4:59 PM, Charles Swiger cswi...@mac.com wrote: Hi-- On Jan 20, 2014, at 1:14 PM, Anthony Magrone anthonymagr...@hamlinandburton.com wrote: ClamAV is tagging a legitimate email stored on a file server as containing a phishing address. Can this file be excluded from

Re: [clamav-users] Heuristics.Safebrowsing.Suspected false-positive help

On Wed, Jan 22, 2014 at 10:25 AM, Alex mysqlstud...@gmail.com wrote: Hi, On Tue, Jan 21, 2014 at 2:15 PM, Charles Swiger cswi...@mac.com wrote: On Jan 21, 2014, at 10:40 AM, Alex mysqlstud...@gmail.com wrote: I received a number of messages on the 17th that were tagged incorrectly with:

Re: [clamav-users] Is there any chance of the 97.8 version as shipped by ubuntu 10.04.4 LTS, working?

On Mon, Jan 27, 2014 at 10:14 AM, Gene Heskett ghesk...@wdtv.com wrote: On Monday 27 January 2014 09:54:13 Gene Heskett did opine: On Monday 27 January 2014 08:29:48 Greg Folkert did opine: On Mon, 2014-01-27 at 07:16 -0500, Gene Heskett wrote: Greetings all; Been on this list

Re: [clamav-users] One last Q (I hope)

On Tue, Jan 28, 2014 at 7:22 PM, Gene Heskett ghesk...@wdtv.com wrote: Greetings all; Can I use more than 1 --exclude= directive in the crontab entry that runs clamdscan? I am getting quite verbose emails that start out with identifying all the reference files it uses. Must be nearly 70

Re: [clamav-users] No filenames listed by clamscan.

On Sat, Mar 1, 2014 at 11:01 AM, J. W. Andersen j...@fasytek.dk wrote: After upgrading from 0.97.6 to 0.98.1 I get the following messages on the console: LibClamAV: Warning: SWF: Invalid tag length. LibClamAV: Warning: SWF: Invalid tag length. LibClamAV: Warning: SWF: Invalid tag length.

Re: [clamav-users] Finding infections in a tar-ball

On Thu, Apr 17, 2014 at 12:22 AM, Dennis Peterson denni...@inetnw.comwrote: On 4/15/14, 7:36 AM, Steven Morgan wrote: Good news, it works. We are considering a --warn-on-limit-exceeded option to cover messaging in these types of cases. Steve I've found an interesting inconsistency when

Re: [clamav-users] Compiling error: /usr/lib/libxml2.so: error adding symbols: File in wrong format

Alexander, For libxml2, the configure script is finding and running the xml2-config script that is part of a typical xml2 install to get the appropriate CFLAGS and LIBS values to get to libxml2. Your fallback option, if this gets too complicated, is to simply run configure with --disable-xml and

Re: [clamav-users] Mirrors access

Try using a higher value for MaxAttempts in your freshclam.conf. Dave R. On Wed, Sep 2, 2015 at 6:54 AM, VILLARD, Pierre < pierre.vill...@capgemini.com> wrote: > Hello, > > Because of some security requirements I am not authorized to use DNS for > resolving hostnames. Consequently, in my

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

If you run clamscan with "--debug" it will tell you which files it is loading, even the files inside a cvd or cld file. It will also remark about which signatures is skips when loading. You should see these lines within your debug output: ... LibClamAV debug: daily.ign2 loaded ... LibClamAV

Re: [clamav-users] LibClamAV Warning

Bump for visibility. I figure someone from your team should get in touch with him, since it is not exactly an FP report. Maybe he can still submit it as FP. Don't know. Dave R. On Tue, May 2, 2017 at 10:05 PM, Rudy Stebih wrote: > Hi Folks, > > I've been getting the

Re: [clamav-users] daily-23474 & daily-23475 updates are failing to load

Thanks for reporting it. That signature is marked with the wrong "Engine" limits, so that error message only affects some point releases of 0.98. We are dropping that signature in the next daily CVD and will add a replacement later. To work around the trouble, you can add the

Re: [clamav-users] FreshClam - DNS issues since October 31st

The DNS records are being updated at the source properly now. If you are still seeing an error, then the proper record is not reaching the server you are contacting for DNS or not propagating correctly to your area or something like that. If you are still seeing those errors, let us know what the

Re: [clamav-users] Malformed pattern daily.ldb version 25410

I can recreate that same issue with daily cvd 25410, using ClamAV 0.100.1. That was the first 0.100.X I had handy to do a quick test. The problem is something specific to sigtool and only the list-sigs feature. It does not affect clamscan or clamd, and does not affect the --find-sigs option of

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

Maarten, Thanks for reporting that. There is an ordering difference of the content in the latest GDB file which is affecting the load time, and we will be fixing that in the next safebrowsing CVD version. Dave R. On Wed, Mar 6, 2019 at 10:42 AM Maarten Broekman via clamav-users <

Re: [clamav-users] Problem with new safebrowsing file

That's strange, the 48474 I have should have the sorting changed and has the improved loading time we're talking about. $ sigtool --info safebrowsing.cvd File: safebrowsing.cvd Build time: 06 Mar 2019 13:24 -0500 Version: 48474 Signatures: 3232286 Functionality level: 63 Builder: google MD5:

Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff

r 6, 2019 at 12:19 PM David Raynor wrote: > Maarten, > > Thanks for reporting that. There is an ordering difference of the content > in the latest GDB file which is affecting the load time, and we will be > fixing that in the next safebrowsing CVD version. > > Dave R. > >

Re: [clamav-users] Scan very slow

The code for loading the data directories will give priority to loading the ignore list (from ign2 files and from the daily.ign2 inside daily.cvd) before loading signatures, which is just a list of signature names. The rest of the signatures are loaded after that. Then every signature name is

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that was published on the morning of the 28th. If you got that version or 25464 from this morning you should be fine. Dave R. On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users < clamav-users@lists.clamav.net> wrote: > Since

Re: [clamav-users] Failing eicarcom2.zip test after recent DB update

So the "testfile" is Sample ID 33522083, which is 44d88612fea8a8f36de82e1278abb02f and 68 bytes. Researching. Dave R. On Sat, Feb 8, 2020 at 1:57 AM Al Varnell via clamav-users < clamav-users@lists.clamav.net> wrote: > A bit of a guess on my part, but I since the hash values for both >

Re: [clamav-users] Segfaults with database version 26908

Based on these reports we've started a take-back of the signature, so it will be dropped in the next daily CVD publish. We'll also analyze to see why this signature is triggering that behavior on some platforms. Dave R. On Tue, May 16, 2023 at 2:53 PM Claudio Cuqui wrote: > Same here..same