Nathan,
The scanning functions inside libclamav run in a certain order, and once it
detects an infection inside a file it short-circuits further scanning. For
example, smaller offsets are checked before larger offsets. There is no way
to change the order by changing configuration.
Dave R.
--
The safebrowsing feature of ClamAV uses a separate domain list and
whitelist from the other signatures. The blacklisted domains are stored in
.pdb files, and the whitelist is stored in .wdb files. These process
domains from URLs instead of virus signatures, so that's why trying to use
your local
On Fri, Jun 15, 2012 at 2:42 PM, Daniel McDonald
dan.mcdon...@austinenergy.com wrote:
I just upgraded to clamav 0.97.5, and I am getting the following error:
$ grep amavis-20120615T112026-02578/parts/p002 /var/log/clamav/clamd.log
Fri Jun 15 11:22:06 2012 -
On Mon, Jun 18, 2012 at 1:08 PM, Bill Landry b...@inetmsg.com wrote:
On 6/18/2012 8:01 AM, David Raynor wrote:
On Fri, Jun 15, 2012 at 2:42 PM, Daniel McDonald
dan.mcdon...@austinenergy.com wrote:
I just upgraded to clamav 0.97.5, and I am getting the following error:
$ grep amavis
On Thu, Jul 5, 2012 at 2:24 PM, Tom Goerger t...@umn.edu wrote:
The error is coming from the client side. I've verified that the clamd
instance on the server is up and running on the TCP port for the server
address, rather than localhost, and running on the correct port. From the
log file
On Tue, Aug 7, 2012 at 3:49 PM, Stefano Tiberi
s.tib...@traitorrforwarding.com wrote:
I don't know where is the problem, I see there are a lot of sub-directories
like these:
clamav-52fdc32f7bca6eb1f11f81240d68e24a
clamav-a89967f4619ac472cd996c667d22cf7e
On Mon, Aug 13, 2012 at 5:53 AM, Ильяс Досхожаев teriyaki...@mail.ruwrote:
i updated clamav to last 0.97.5 on debian , nevertheless it show error
#freshclam
ClamAV update process started at Mon Aug 13 15:49:41 2012
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version:
On Mon, Aug 13, 2012 at 4:28 PM, Maarten Broekman mbroek...@maileig.comwrote:
All,
I've been struggling with this particular issue for some
time and I took a look at the recent git commits, but I'm not sure if
this issue is covered by the fix for BB#5409 (I don't have access
On Tue, Aug 14, 2012 at 10:25 AM, carlo.dico...@dfs.ny.gov wrote:
I don't want to list every file clamscan checks (because there are many).
When I use the -i option to only print infected files, my scan summary
results indicate there were errors. However, the errors are not reported
because
On Wed, Aug 15, 2012 at 1:11 PM, Chuck Swiger cswi...@mac.com wrote:
On Aug 15, 2012, at 7:55 AM, Gene Heskett wrote:
Greets all;
I got one of those emails from what looked like the IRS yesterday, but
the
.doc file it linked to was .htm and supposedly infected my machine with
either
On Thu, Aug 16, 2012 at 12:52 AM, Ильяс Досхожаев teriyaki...@mail.ruwrote:
1) i have updated client machine to
dpkg -l | grep clamav
ii clamav 0.97.5+dfsg-3~squeeze1 anti-virus utility for Unix -
command-line interface
ii clamav-base 0.97.5+dfsg-3~squeeze1 anti-virus utility for Unix - base
On Tue, Aug 21, 2012 at 6:25 AM, teres vir teres@gmail.com wrote:
Hi,
For me, OSSEC is continuously triggering the following alert message when
it is doing its daily rootkit checks :
OSSEC HIDS Notification.
2012 Aug 19 04:33:47
Received From: (web-agent) 192.168.0.115-rootcheck
On Wed, Aug 22, 2012 at 10:14 AM, Binole, Bill bbin...@medplus.com wrote:
We are seeing this error ERROR: ScanStream 31310: accept timeout. in our
clamd log when we test calmd with a load. The failures happen when we
have 10 simultaneous connections to clamd. We are stream scanning and are
On Wed, Aug 29, 2012 at 10:29 AM, Michael Orlitzky mich...@orlitzky.comwrote:
On 08/29/2012 09:46 AM, Maarten Broekman wrote:
-Original Message-
Despite the statement of your objective it isn't clear to me what you
think you're going to achieve. My expectation would be a very
On Fri, Sep 14, 2012 at 8:59 AM, Siranjeevi siranjee...@gmail.com wrote:
Hi All,
I changed the items in clamd.conf
MaxScanSize = 157286400
MaxFileSize = 104857600
But Still, the changes are not reflected in clamscan. I couldn't scan
large files which is of 75MB in size.
clamscan
On Fri, Sep 14, 2012 at 1:36 AM, gaurav singh
gaurav.the.iiit...@gmail.comwrote:
I have clamav with latest virus database on Ubuntu.
When i try to scan a .exe file which is basically a trojan(detected by
other anti-virus on Windows), it just passes as OK.
Message with clamscan --debug logs
On Mon, Sep 17, 2012 at 5:02 PM, Christopher X. Candreva
ch...@westnet.comwrote:
Solaris 10, gcc 4.6.3, Program.cc gives the folloing errors:
..
CXXProgram.lo
In file included from llvm/lib/System/Unix/Program.inc:34:0,
from llvm/lib/System/Program.cpp:52:
On Tue, Sep 18, 2012 at 4:07 PM, Peter Bonivart boniv...@opencsw.orgwrote:
On Tue, Sep 18, 2012 at 4:47 PM, David Raynor dray...@sourcefire.com
wrote:
This error message is because of a gcc bug, specific to gcc version 4.6
on
Solaris 10 (gcc bug 49347). That is fixed in gcc 4.7.
I can
On Tue, Sep 25, 2012 at 10:03 AM, Siranjeevi siranjee...@gmail.com wrote:
As i mentioned in my previous mail the same here. I have tried with both
clamscan and clamdscan. Both giving output as OK.
I have added the eicar_com zip file inside a rar file. When i scan it with
clamav it is passing
On Thu, Sep 27, 2012 at 1:59 AM, Siranjeevi siranjee...@gmail.com wrote:
@Paul Enlund : I have installed it thru yum( Reference link:
http://solutionsfox.com/2011/04/install-clamav-on-redhat-or-centos/).
I am using cent OS 5.5
@Dave R: Also, have you run the standard unit tests? - I
On Mon, Oct 22, 2012 at 4:35 AM, Christoph Mitasch
cmita...@thomas-krenn.com wrote:
Hello,
I have the same problem since a few days.
When I try to submit it as False Positive, it says it is not recognized by
ClamAV.
http://www.clamav.net/lang/en/sendvirus/submit-fp/
But on the
On Wed, Nov 7, 2012 at 3:20 AM, Philipp Schwaha phil...@schwaha.net wrote:
hi everybody!
I recently set up a combination of exim and clamav which was working
very nicely until clamav seemingly started to choke. Switching
debugging on I obtained the following:
Wed Nov 7 01:52:06 2012 -
On Mon, Nov 12, 2012 at 3:05 AM, zahra tabari free_kab_b...@yahoo.comwrote:
Dear Member List,
I have faced with an anti virus project which uses Clam signatures. It
uses Aho-Corasick algorithm for signature matching. I want to apply a
replacement for Aho-Corasick algorithm, which has a
On Thu, Nov 15, 2012 at 4:25 PM, McGranahan, Jamen
jamen.mcgrana...@vanderbilt.edu wrote:
OK, I'm stumped as to why clamav-milter did not catch this virus. It was
from this address, being masked as from UPS:
rowanhorst...@live.camailto:rowanhorst...@live.ca, masked as
On Tue, Nov 20, 2012 at 4:45 AM, Dave Willows spexa...@gmail.com wrote:
Hi Guys,
It seems that the safebrowsing.cvd has not been updated since Friday. is
this a known issue?
24172680 Nov 16 10:02 safebrowsing.cvd
ClamAV-VDB:15 Nov 2012 22-00 -0500:40001:1292217:63:X:X:google:1353034815
On Tue, Nov 20, 2012 at 3:07 PM, Greg Folkert g...@donor.com wrote:
Warning, this is longer than I intended. and updates.blah.com is a
replacement for my real machine name.
I am trying to use a local ClamAV-DB mirror, I've put in place the
clamdownloader.pl, which works a treat, once I added
On Tue, Nov 20, 2012 at 6:59 PM, Al Varnell alvarn...@mac.com wrote:
On 11/20/12 2:11 PM, Greg Folkert wrote:
how can i remove a bad mirror that is
actually a good mirror now. without obliterating the mirrors.dat file?
I've been advising users to trash mirrors.dat, but if you feel you
On Thu, Dec 6, 2012 at 10:04 AM, Bowie Bailey bowie_bai...@buc.com wrote:
On 12/6/2012 7:28 AM, franckm wrote:
With clamdscan, it still does not show timestamps (see below)
The default config (/etc/clamd.conf) is to no show LogTimes. I have
changed
that (LogTime yes). Is there anything I
It is not the CVD files. The versions you list are the same versions as we
have up to date [and the daily.cvd is 15708]. I'd wager there is some kind
of non-default scan option that is changing the results.
So let's try the easiest one first: how big is the file? If you have raised
it past the
On Wed, Dec 12, 2012 at 4:48 AM, Al Varnell alvarn...@mac.com wrote:
On 12/12/12 1:14 AM, Jake Bowl wrote:
We have detected that ClamAV mirror 217.173.238.34 has outdated
signatures
(version 15577).
I suspect they already know from the status of ClamAV® Database mirrors
page
On Thu, Dec 13, 2012 at 2:03 AM, Al Varnell alvarn...@mac.com wrote:
Looks like Dr. Web finally got around to uploading Trojan.SMSSend.3666 to
VirusTotal here
https://www.virustotal.com/file/0e8269e425123e3b9a8c7adc94fa5ba5e60f934db3e
b61f43eeebeb40ad21654/analysis/. Dr. Web's write-up is
On Fri, Dec 28, 2012 at 9:50 AM, McGranahan, Jamen
jamen.mcgrana...@vanderbilt.edu wrote:
I'm not sure why we are getting this error, but on all four RedHat servers
(RedHat 5 x86_64) we have Clamd/ClamAV running, we are seeing these errors
in the clamav-milter.log - once every minute:
Fri
On Fri, Jan 4, 2013 at 10:46 AM, McGranahan, Jamen
jamen.mcgrana...@vanderbilt.edu wrote:
OK, a couple of weeks ago, I send out an email to the group about the
various errors clamd/clamav-milter were displaying. Well, today clam
crashed sendmail on all of our servers running it so I have had
On Wed, Jan 23, 2013 at 9:56 PM, Al Varnell alvarn...@mac.com wrote:
On 1/23/13 5:52 PM, Kaushik Vaidyanathan wrote:
I had a couple of basic questions:
a) Of the different signature formats in the cvd file(like mdb, ldb, ndb)
which format does clamav use? Does it pick a format(ldb, mdb,
On Mon, Feb 25, 2013 at 4:47 PM, Kaushik Vaidyanathan
kvaid...@andrew.cmu.edu wrote:
Hi
I have a basic question. When I run clamscan with --debug option I see that
#AC sigs and #BM sigs reported for the different engines clamscan spawns.
If I add the AC and BM for all engines its somewhere
Small typo, but you are right. We can correct it so it's fixed going
forward.
Dave R.
On Fri, Mar 15, 2013 at 2:25 PM, Mark E. Mallett m...@mv.mv.com wrote:
The year in the date on the most recent ChangeLog entry seems to be wrong.
-mm- (yes, that's my entire contribution)
On Sun, Mar 17, 2013 at 3:21 AM, Christian Salway ccsal...@itmanx.comwrote:
Thanks for getting back to me, Jim.
Its just one core. The server is an Amazon EC2 micro instance server.
Christian
-Original Message-
From: Jim Preston jimli...@commspeed.net
Sender:
On Fri, Mar 22, 2013 at 1:11 PM, Ben Stuyts b...@altesco.nl wrote:
Hi,
I was using clamscan for daily scanning of our user's home directories,
but it was getting too slow with scan times of up to 6 hours. Therefor I'm
testing clamdscan and using multiple threads to scan. (cmd line is
On Sun, Mar 24, 2013 at 10:22 AM, Benny Pedersen m...@junc.eu wrote:
daily.cvd is still here on 63 after doing this fix
note that the url says 73, so is it fixed now ?
__**_
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
On Thu, Apr 25, 2013 at 4:41 PM, Kim Johansen c...@weiser.dk wrote:
Hey,
I am setting up a Maia mailguard system with ClamAV for virus scanning.
I'm getting these in my logfile:
clamav.log
Thu Apr 18 18:13:40 2013 - WARNING: lstat() failed on:
On Thu, Jun 27, 2013 at 2:14 PM, Trevor Cooper tcoo...@ucsd.edu wrote:
I'm writing an automated daily scan script and I can't seem to get NO
output
from clamscan if/when nothing of interest is found. For example, executing
with...
$CLAMSCAN_BIN --quiet --no-summary --infected --stdout
I've done some analysis of ClamAV with just this signature set, and the
loading is simply slowing down as it runs through the list. This is mainly
because of the significant amounts of overlap at the beginnings of these
strings and the length thereafter. The slowdown is occurring even before
the
On Wed, Aug 14, 2013 at 5:48 PM, Dennis Peterson denni...@inetnw.comwrote:
On 8/14/13 2:23:28PM, David Raynor wrote:
I'll look a bit more at how we are loading the interim signature state and
see what else we could do with the sorting. Meanwhile, this is a change
you
could put
On Sun, Aug 18, 2013 at 4:04 AM, Gene Heskett ghesk...@wdtv.com wrote:
With this single error line.
ERROR: This tool requires libclamav with functionality level 69 or higher
(current f-level: 68)
Fix coming? I'm on 10.04.4 LTS Ubuntu.
Cheers, Gene
--
There are four boxes to be used in
On Mon, Aug 19, 2013 at 11:19 AM, Gene Heskett ghesk...@wdtv.com wrote:
On Monday 19 August 2013 11:17:46 David Raynor did opine:
On Sun, Aug 18, 2013 at 4:04 AM, Gene Heskett ghesk...@wdtv.com wrote:
With this single error line.
ERROR: This tool requires libclamav with functionality
On Tue, Sep 3, 2013 at 5:57 PM, monte olvera olve...@gmail.com wrote:
I'm running clamav 0.97.3 (I know it's old, working on that) on Linux. I
want to exclude files (via clamd) based on a regex and can't seem to
figure out how. I can ignore paths just fine (ExcludePath ^/tmp) but I
want to
On Wed, Sep 25, 2013 at 10:57 AM, ScrumpyJack scrumpyj...@me.com wrote:
I have been trying to scan RPM files with clamav without success.
clamscan file.rpm shows nothing.
If I unpack the cpio from the RPM and scan the extracted cpio, I get a
hit on a virus (as expected).
Is clamav capable
On Thu, Sep 26, 2013 at 7:40 AM, Frans de Boer fr...@fransdb.nl wrote:
So far no reaction, try again
Original Message
Hi, does anybody knows how to enable and configure interaction with the
fanotify?
The new clamd.conf files still has the long defunct clamuko
On Sun, Sep 29, 2013 at 6:16 AM, McGranahan, Jamen
jamen.mcgrana...@vanderbilt.edu wrote:
I'm using Clam 0.98 on RedHat 5 servers and since upgrading to 0.98, I am
seeing the following when trying to run a clamscan:
LibClamAV Warning: SWF: Invalid tag length
LibClamAV Error: cli_scanswf:
It may be something platform-specific. Please open a bugzilla bug at
bugzilla.clamav.net. If you can attach the config.log files from both
0.97.8 and 0.98 then we can take a closer look from there.
Dave R.
On Sun, Sep 29, 2013 at 10:00 AM, Ari Sovijärvi listat2...@apz.fi wrote:
Note that
On Sun, Sep 29, 2013 at 5:01 AM, Boszormenyi Zoltan zbos...@pr.hu wrote:
2013-09-29 10:26 keltezéssel, Boszormenyi Zoltan írta:
2013-09-29 04:26 keltezéssel, Benny Pedersen írta:
Is is possible to make ClamAV use less memory perhaps by repetitive
scanning with a smaller subset of the
On Mon, Sep 30, 2013 at 2:02 PM, Boszormenyi Zoltan zbos...@pr.hu wrote:
2013-09-30 17:58 keltezéssel, David Raynor írta:
Zoltán,
Your idea of breaking the signature set into chunks to do repeated scans
is
a workable idea. It would require a few moving parts outside of ClamAV. I
cannot
On Tue, Oct 1, 2013 at 11:47 AM, Zvi Kave tz...@razlee.com wrote:
I hope that someone can help.
I got the following error on make of clamav-0.98 in AIX:
CC libclamav_la-version.lo
CC libclamav_la-asn1.lo
asn1.c: In function `asn1_get_time':
asn1.c:293: error: storage
On Tue, Oct 1, 2013 at 2:31 PM, David Raynor dray...@sourcefire.com wrote:
On Tue, Oct 1, 2013 at 11:47 AM, Zvi Kave tz...@razlee.com wrote:
I hope that someone can help.
I got the following error on make of clamav-0.98 in AIX:
CC libclamav_la-version.lo
CC libclamav_la
it as case 9054 in ClamAV bugzilla, but now I do not know
how to delete or close it there as solved.
Best regards,
Zvi
On 01/10/13 21:37, David Raynor wrote:
On Tue, Oct 1, 2013 at 2:31 PM, David Raynor dray...@sourcefire.com
dray...@sourcefire.com wrote:
On Tue, Oct 1, 2013 at 11:47 AM
McGranahan
Systems Services Librarian
Vanderbilt University Library
-Original Message-
From: clamav-users-boun...@lists.clamav.net [mailto:
clamav-users-boun...@lists.clamav.net] On Behalf Of David Raynor
Sent: Monday, September 30, 2013 8:17 AM
To: ClamAV users ML
Subject: Re: [clamav
On Mon, Sep 30, 2013 at 2:43 PM, Eric Shubert e...@shubes.net wrote:
The data files were omitted from the source tarball beginning with version
0.97.5. I thought that made sense. Now with 0.98 they appear to be back.
Is there any easy/preferred way to make install (or configure) without
Sebastian,
Al's answer is on the right track. The Heuristic.Broken.Executable alert is
only appearing because your scan has the detect-broken flag enabled, and
the scan is detecting what appears to be a broken executable inside that
jar file. Scans of the file without that flag enabled must be
On Tue, Oct 8, 2013 at 9:47 PM, Eric Shubert e...@shubes.net wrote:
On 10/04/2013 05:30 PM, Al Varnell wrote:
On Oct 3, 2013, at 12:49 PM, Eric Shubert e...@shubes.net wrote:
On 09/30/2013 11:43 AM, Eric Shubert wrote:
The data files were omitted from the source tarball beginning with
On Fri, Nov 8, 2013 at 8:42 AM, Константин Белозеров
codingu...@gmail.comwrote:
***
*** clamd did not detect all testfiles correctly!
***
SKIP: check5_clamd_vg.sh (exit: 77)
===
*** valgrind not found, skipping test
SKIP: check6_clamd_vg.sh (exit: 77)
On Fri, Nov 8, 2013 at 10:57 AM, xxdiskoxx2011 . diskorem...@gmail.comwrote:
/etc/cron.daily/freshclam:
ERROR: Parse error at line 17: Unknown option UpdateLogFile
ERROR: NotifyClamd: Can't find or parse configuration file /etc/clamd.conf
___
Help
On Fri, Nov 8, 2013 at 1:07 PM, xxdiskoxx2011 . diskorem...@gmail.comwrote:
I had installed clamav from repo centos 6. I have not found the file
clamav.conf. this file does not exist. I found freshclam.conf. explain to
me how I have to make those changes
Il 08/nov/2013 17:58 David Raynor dray
On Tue, Nov 12, 2013 at 7:14 AM, Andreas Schulze
andreas.schu...@datev.dewrote:
Am 12.11.2013 12:59 schrieb Andreas Schulze:
I found a fantastic fact!
+1
other samplemessage:
$ clamdscan falsepositive falsepositive.ok
/tmp/falsepositive: Worm.Bagle.H-zippwd-1 FOUND
/tmp/falsepositive.ok:
This warning is related to file map handling. This message will appear when
ClamAV tried to unlock the wrong locked page of the file map. It is a
temporary issue, since the page will be unlocked when the file is closed
and map is unmapped anyway. There is one known issue that can lead to this
On Wed, Dec 11, 2013 at 10:30 AM, Anthony Magrone
anthonymagr...@hamlinandburton.com wrote:
I am running the latest release of ClamAV on CentOS 6.4.
The script /opt/server-config/nfs-server/scripts/autoclam-hourly is
sending an email with the message LibClamAV Warning: cli_tnef: file
On Mon, Dec 23, 2013 at 9:08 AM, gin(e) g...@riseup.net wrote:
Hi, i am new here. I refer my email to this thread:
http://lurker.clamav.net/message/20130929.101600.e8530842.en.html
I got a similar warning message of Jamen McGranahan on every scan that
cron run. And i like to understand
On Mon, Dec 23, 2013 at 11:23 AM, gin(e) g...@riseup.net wrote:
On 12/23/2013 04:55 PM, David Raynor wrote:
ClamAV is scanning the Flash file and is finding a tag that has a length
that is too long for the file. This would most commonly occur if file is
truncated.
yes, it's written here
On Mon, Dec 30, 2013 at 9:47 AM, 黄海涛 hht...@126.com wrote:
Is it rigth that the signature whose offset is farther is newer in
main.mdb (mian.cvd) or daily.mdb(daily.cvd)?
___
Help us build a comprehensive ClamAV guide:
On Thu, Jan 2, 2014 at 4:24 AM, lowcheek...@stee.stengg.com wrote:
Actually, it is right inside the clamav-0.97.4.tar.gz source file, which I
had downloaded from clamav.net. Path is:
\clamav-0.97.4\clamd\dazukoio.c
- Message from alvarn...@mac.com -
Date: Thu, 02 Jan
On Mon, Jan 20, 2014 at 4:59 PM, Charles Swiger cswi...@mac.com wrote:
Hi--
On Jan 20, 2014, at 1:14 PM, Anthony Magrone
anthonymagr...@hamlinandburton.com wrote:
ClamAV is tagging a legitimate email stored on a file server as
containing a phishing address. Can this file be excluded from
On Wed, Jan 22, 2014 at 10:25 AM, Alex mysqlstud...@gmail.com wrote:
Hi,
On Tue, Jan 21, 2014 at 2:15 PM, Charles Swiger cswi...@mac.com wrote:
On Jan 21, 2014, at 10:40 AM, Alex mysqlstud...@gmail.com wrote:
I received a number of messages on the 17th that were tagged
incorrectly with:
On Mon, Jan 27, 2014 at 10:14 AM, Gene Heskett ghesk...@wdtv.com wrote:
On Monday 27 January 2014 09:54:13 Gene Heskett did opine:
On Monday 27 January 2014 08:29:48 Greg Folkert did opine:
On Mon, 2014-01-27 at 07:16 -0500, Gene Heskett wrote:
Greetings all;
Been on this list
On Tue, Jan 28, 2014 at 7:22 PM, Gene Heskett ghesk...@wdtv.com wrote:
Greetings all;
Can I use more than 1 --exclude= directive in the crontab entry that runs
clamdscan?
I am getting quite verbose emails that start out with identifying all the
reference files it uses. Must be nearly 70
On Sat, Mar 1, 2014 at 11:01 AM, J. W. Andersen j...@fasytek.dk wrote:
After upgrading from 0.97.6 to 0.98.1 I get the following messages on the
console:
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid tag length.
LibClamAV: Warning: SWF: Invalid tag length.
On Thu, Apr 17, 2014 at 12:22 AM, Dennis Peterson denni...@inetnw.comwrote:
On 4/15/14, 7:36 AM, Steven Morgan wrote:
Good news, it works. We are considering a --warn-on-limit-exceeded option
to cover messaging in these types of cases.
Steve
I've found an interesting inconsistency when
Alexander,
For libxml2, the configure script is finding and running the xml2-config
script that is part of a typical xml2 install to get the appropriate CFLAGS
and LIBS values to get to libxml2. Your fallback option, if this gets too
complicated, is to simply run configure with --disable-xml and
Try using a higher value for MaxAttempts in your freshclam.conf.
Dave R.
On Wed, Sep 2, 2015 at 6:54 AM, VILLARD, Pierre <
pierre.vill...@capgemini.com> wrote:
> Hello,
>
> Because of some security requirements I am not authorized to use DNS for
> resolving hostnames. Consequently, in my
If you run clamscan with "--debug" it will tell you which files it is
loading, even the files inside a cvd or cld file. It will also remark about
which signatures is skips when loading.
You should see these lines within your debug output:
...
LibClamAV debug: daily.ign2 loaded
...
LibClamAV
Bump for visibility. I figure someone from your team should get in touch
with him, since it is not exactly an FP report. Maybe he can still submit
it as FP. Don't know.
Dave R.
On Tue, May 2, 2017 at 10:05 PM, Rudy Stebih wrote:
> Hi Folks,
>
> I've been getting the
Thanks for reporting it. That signature is marked with the wrong "Engine"
limits, so that error message only affects some point releases of 0.98. We
are dropping that signature in the next daily CVD and will add a
replacement later.
To work around the trouble, you can add the
The DNS records are being updated at the source properly now. If you are
still seeing an error, then the proper record is not reaching the server
you are contacting for DNS or not propagating correctly to your area or
something like that.
If you are still seeing those errors, let us know what the
I can recreate that same issue with daily cvd 25410, using ClamAV 0.100.1.
That was the first 0.100.X I had handy to do a quick test.
The problem is something specific to sigtool and only the list-sigs
feature. It does not affect clamscan or clamd, and does not affect the
--find-sigs option of
Maarten,
Thanks for reporting that. There is an ordering difference of the content
in the latest GDB file which is affecting the load time, and we will be
fixing that in the next safebrowsing CVD version.
Dave R.
On Wed, Mar 6, 2019 at 10:42 AM Maarten Broekman via clamav-users <
That's strange, the 48474 I have should have the sorting changed and has
the improved loading time we're talking about.
$ sigtool --info safebrowsing.cvd
File: safebrowsing.cvd
Build time: 06 Mar 2019 13:24 -0500
Version: 48474
Signatures: 3232286
Functionality level: 63
Builder: google
MD5:
r 6, 2019 at 12:19 PM David Raynor wrote:
> Maarten,
>
> Thanks for reporting that. There is an ordering difference of the content
> in the latest GDB file which is affecting the load time, and we will be
> fixing that in the next safebrowsing CVD version.
>
> Dave R.
>
>
The code for loading the data directories will give priority to loading the
ignore list (from ign2 files and from the daily.ign2 inside daily.cvd)
before loading signatures, which is just a list of signature names.
The rest of the signatures are loaded after that. Then every signature name
is
Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that was
published on the morning of the 28th. If you got that version or 25464 from
this morning you should be fine.
Dave R.
On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users <
clamav-users@lists.clamav.net> wrote:
> Since
So the "testfile" is Sample ID 33522083, which is
44d88612fea8a8f36de82e1278abb02f and 68 bytes. Researching.
Dave R.
On Sat, Feb 8, 2020 at 1:57 AM Al Varnell via clamav-users <
clamav-users@lists.clamav.net> wrote:
> A bit of a guess on my part, but I since the hash values for both
>
Based on these reports we've started a take-back of the signature, so it
will be dropped in the next daily CVD publish. We'll also analyze to see
why this signature is triggering that behavior on some platforms.
Dave R.
On Tue, May 16, 2023 at 2:53 PM Claudio Cuqui
wrote:
> Same here..same
89 matches
Mail list logo