had any bad slowness.
Paul Kosinski
P.S. Clamav may be slower than commercial scanners, however, my
observation has been that clamav scans the *entire* file, rather
than only part of it, as commercial scanners tend to do. (In some
cases, they couldn't even *read* the entire file that fast.) I'm
There is another aspect to the acquisition of ClamAV that seems not
to have been discussed. What happens to the people who made monetary
donations to the ClamAV project? (I am not in this group, as I never
quite got around to it.)
I would imagine that many people who donated to ClamAV did so in
In December 2006, we were running ClamAV 0.88.7, and there were still
a fair number of real viruses being detected in inbound email. Now
running 0.91.2 and 0.92, there seem to be only phishing attempts, and
not even very many of them. In fact it seems that our log file shows
almost as many
email
server. (Previous to that, I'm not sure what version we were running.)
Perhaps Postfix is now doing a better job of rejecting bad SMTP,
although the overall spam rate is still quite high.
Paul Kosinski
___
Help us build a comprehensive ClamAV guide
There is an article on eWeek.com today concerning instability in AV
software due to the impossibility of adequately testing updates when
releasing them as quickly as they are needed
(www.eweek.com/article2/0,1895,2240656,00.asp?kc=EWKNLINF010208STR3).
As I understand it, ClamAV is perhaps unusual
the Windows version
(AFAIK) doesn't hook in to the kernel (like most Windows AV), making
it less likely to be a path to total compromise of the computer.
Paul Kosinski
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http
Fri 4 Jan 2008
According to today's SecurityFocus.com, there are as many as 500,000
different versions of malware. Most are not original code, but mass-
produced attempts to foil antivirus filters.
And here I thought that ClamAV's 186,092+ signatures was getting out
of hand!
In the interest of
When I go to the download page for ClamAV at SourceForge,
I observe that the signature file (clamav-0.*.*.tar.gz.sig)
is downloaded less than 10% of the time that the source code
(clamav-0.*.*.tar.gz) is downloaded. I find this strange,
especially for anti-malware software, whose users presumably
Today we got a spam email claiming to be From: clamav at our domain,
from IP address 201.80.225.194. We already get spam To: clamav.
Since we indeed have a virtual mailbox named clamav (to receive this
list), I am wondering if this is just a good guess by the spammer, or
if somehow the ClamAV
I am in the process of replacing my old Windows 98 SE (!) file server with a
Linux/Samba server. The Samba server is nicer and much faster than the Windows
one except for virus scanning.
On my old server (a 900 MHz Athlon with 768 MB RAM) I had an old version of
Norton AV (v5.0) which ran
Dennis Peterson wrote [reordered]:
You didn't say what your iowait rate was during your scan (from top, for
example). If you have multiple disks/arrays you can also fire off
multiple scanning sessions as I doubt you're pegging the cpu's. This
doesn't work well if you're on a set of mirrored
clamscan doesn't follow symbolic links.)
#
# Usage is: $0 working-directory directory-1 ...
# Copyright (C) 2006 Paul Kosinski pk[at]iment[dot]com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
The blog post concerning OpenSSL being required for ClamAV only has
one reason as to why it might *benefit* ClamAV, the other reasons are
why OpenSSL *itself* in good.
That single reason is:
We will be able to provide a better freshclam experience in a
future release.
What exactly does this
...@inetnw.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 2/27/14, 3:43:08PM, Paul Kosinski wrote:
The blog post concerning OpenSSL being required for ClamAV only
has one reason as to why it might *benefit* ClamAV, the other
reasons are why OpenSSL *itself* in good
users ML clamav-users@lists.clamav.net
Subject: Re: [clamav-users] Introducing OpenSSL as a dependency to
ClamAV
Message-ID: 53204248.3050...@datev.de
Content-Type: text/plain; charset=ISO-8859-1
Am 03.03.2014 08:38, schrieb Paul Kosinski:
There are only a few of reasons I can imagine
I run a special Bash-scripted CRON job to pull the 'daily.cvd' files
from a local ClamAV mirror, and don't have much trouble, although I
have to make sure the action is retried a couple of times, in case
the mirror is being updated while the script is being run.
Instead of using a full-blown
in such an environment? If so,
how?
Paul Kosinski
P.S. I also get a *lot* of compiler warnings of the form:
discards 'const' qualifier from pointer target type
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http
by
having both 64 and 32 stuff to deal with.
I didn't try 0.98.4rc1, as I was building for production use.
Paul Kosinski
On Tue, 20 May 2014 15:37:34 -0400
Paul Kosinski cla...@iment.com wrote:
It isn't just libxml2. I'm getting the equivalent errors for libbz2
and libz as well
I'm using HAVP (0.92) on Linux (openSuSE 13.1) as a virus scanning
filter for HTTP traffic. It worked perfectly with ClamAV 0.98.3 (and
many previous versions), but now it won't start at all with 0.98.4.
HAVP uses libclamav.so to do the actual scanning (more efficient
than even the socket
Shawn,
Yes indeed, HAVP calls into libclamav directly. But then why does this
only fail in 0.98.4 but *not* in 0.98.3? Wasn't OpenSSL already being
used in 0.98.3?
An additional problem is that the HAVP developer seems to have stopped
working on it, according to the HAVP forum
Kare,
Thanks for the suggestion. I also had thought of using the clamd
socket interface, but won't do that unless there is no other way.
HAVP is running here on a minimal 2-core Athlon II (3.1 GHz) and HAVP
by itself comprises over 10 processes. Given this configuration, I
fear that using the
A few days ago, I looked at the ClamAV stuff on GitHub and found the
patch that moved the declarations of cl_initialize_crypto() etc. from
crypto.h to clamav.h.
I then added a call to cl_initialize_crypto() to clamlibscanner.cpp
(see diff below), recompiled and now HAVP starts up properly, and
We use 'HTTPi' as the basis of a very simple Perl-powered mechanism to
proxy the ClamAV CVD files on our small LAN. We have it listening on a
dedicated TCP port via xinetd (a very handy 'server' for simple
services one wants to make network accessible).
HTTPi (http://www.floodgap.com/httpi/) is
Date: 8 Aug 2014 12:44:39 -
From: Chinmay Mahata chinmay_mah...@rediffmail.com
Subject: [clamav-users] Libclamav :: Issue with version 0.98.4 on FC20
Can't load /usr/local/share/clamav/daily.cvd: Can't allocate memory
Hi,
I need to use clamav library in one of my
modules. I
improve the Website and the servers, consider reducing the
total bandwidth used in some way. It will help everybody.
Paul Kosinski
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html
to the
daily.cvd file downloaded in one 24 hour period this week.
Paul Kosinski
P.S. Maybe it's time for an 'rsync' or 'drpm' approach for daliy.cvd?
++ From our records of CLAMAV files backed up
0.93
-rw-r--r-- 1 clamav clamav 13050207 Apr 15 2008 main.cvd
0.93.1
-rw-r--r-- 1 clamav
freshclam runs on a schedule so
that the other NTP-synced machines on our LAN can run their cron-driven
freshclams a few minutes later to pull the latest daily.cvd from our
local mirror.
Hope this clarifies what we are doing.
Paul Kosinski
P.S. I could provide our getfreshclam script if anyone
.
(That reporter suggested that the verification process was treating
cld files as if they were cvd files, and therefore failed.)
Thus I'll have to go back to the old way of having the Internet-facing
freshclam retrieve the whole cvd files, instead of the much shorter
cdiff files.
Paul Kosinski
to be
viewed as if it were a giant signature.
Paul Kosinski
P.S. In my opinion, there are no *good* email clients, only tolerable
ones. (And Claws-Mail, with the Fancy HTML Viewer plugin, is on a
level with the old Eudora, which was the most tolerable back
Not completely sure what you mean by real-time scanner: file scanning
or scanning HTTP responses (Web browsing)?
For file scanning, there is (or used to be) Clamuko, which hooked in
to the Linux kernel. I never used it, so can't say anything about it.
For Web browsing, I use HAVP, which in turn
I'm still using HAVP for HTTP scanning, and it seems to still work OK
with the latest ClamAV (i.e., libclamav etc.).
I hope that ClamAV doesn't become incompatible in a way that can't be
accommodated. (I had to change HAVP's init temporarily during to the
openssl hiccup).
Paul Kosinski
On Tue
Just a wild thought, but could the Linux version of ClamAV somehow be
doing a "DOS to UNIX" processing on signatures as if they were ASCII,
thus converting "0d0a" to "0a"?
On Mon, 14 Dec 2015 12:00:01 -0500
clamav-users-requ...@lists.clamav.net wrote:
> Send clamav-users mailing list
;
and don't have any unrar-related '.so' files in any of the usual 'lib'
directories.
Paul Kosinski
P.S. Actually, I compile ClamAV for "/opt/clamav.d/clamav.x.y.z" using
the "--prefix" option on 'configure', copy over the latest CVD files,
and then make "/opt/clamav
Whenever I compile ClamAV with 'unrar' support, it seems to be the
case that "libclamunrar_iface.so.6.1.26" is automatically included
along with "libclamunrar.so.6.1.26" and the associated symbolic links
and '.la' files.
Since my use of ClamAV never detected any '.rar' files containing
malware, I
Hi,
I haven't received any Digest email since Feb 3, is the list still in
operation?
Paul Kosinski
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
I lost trust in Symantec (and maybe others) when they didn't flag the
infamous Sony rootkit (on music CDs) as malware. Even the US DHS took
Sony to task for compromising Windows computers with their buggy DRM
software, which, even if it weren't buggy, was an uninvited install.
(Corporate
I just downloaded samba-4.4.0.tar.gz (the latest) from samba.org, and,
after downloading via HTTPS, ClamAV (0.99.1/21479) reports that the gz
file contains Win.Trojan.Qhost-106. In particular, the single file
wintest.py in the subdirectory wintest is reported.
s, I think
ClamAV is much more than just an email scanner.
Paul Kosinski
P.S. I compile Samba myself because I make a slight change to the way
the VFS-Recycle component names versions: I name the backup of "X" to
be "X.1" rather than "Copy-of-X". (That may be
l have to let those familiar with how advisable it is to disabling
> the firewall on a Windows machine would be under these circumstances.
>
> -Al-
>
> On Wed, Mar 30, 2016 at 05:46 PM, Paul Kosinski wrote:
> >
> > The only file that was flagged as containing a virus (trojan) w
e advantages of
Windows Server.
Paul Kosinski
On Thu, 31 Mar 2016 10:51:55 +1100
Andrew McGlashan <andrew.mcglas...@affinityvision.com.au> wrote:
>
>
> On 31/03/2016 5:32 AM, Alain Zidouemba wrote:
> > Paul:
> >
> > Thanks for reporting this FP. Thi
Am I right that there have been no new signatures available in the past
5 days (60 hours)?
Paul Kosinski
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
l postings
in that period I didn't get.)
So I turned off digest mode, and again I get lots of email from the
ClamAV Users list.
What's going on?
Paul Kosinski
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.
I disable Javascript in our PDF viewer. PostScript (which underlies
PDF) is a Turing-complete executable language, and even has a mechanism
to read and write files, so it could cause some trouble on its own.
On Thu, 31 Mar 2016 10:36:18 -0500
Noel Jones wrote:
> Known
Ours is looking for updates every 1.5 hours, just as the cron job says.
But there have been no new sigs from current.cvd.clamav.net since
Friday, which is somewhat worrisome.
On Mon, 21 Mar 2016 21:21:17 +
Andy Keller wrote:
> This is new behavior, as far as I
Today (6 May), I received a single 1.22 MB Digest email with an
astounding *586* items, dated from Feb 7 through yesterday, May 5.
The Digest had mysteriously stopped in early February, and couldn't be
restarted even when I signed up with a *new* email address. I then gave
up on the Digest and
I couldn't find anything in some quick Google searches about this, and I
don't remember seeing anything relevant on this list, so I will ask:
Currently I avoid clamscan startup delay on ad-hoc scans by using a
small Perl script to expand the name(s) of the file(s) or directory(s)
to be scanned
is set for the Container(s), or on the FD itself. Even clamd(scan) might
have a problem, I suppose, if the FD mechanism wasn't designed with
Containers in mind.
On Sat, 23 Jul 2016 18:20:15 +0100 (BST)
"G.W. Haywood" <cla...@jubileegroup.co.uk> wrote:
> Hi there,
>
>
After posting a while ago about scanning (extremely) large disk images,
I realized that files need not be contiguous in a disk image. It all
depends on the block allocation algorithm of the file system and, in
many cases, to fragmentation that occurs as the disk is used.
So, even if you could
Is there an easy way to get freshclam do multiple "attempts" at a lower
rate than it does?
I use an LAN-local server (a tiny Perl program) to redistribute
signatures, and occasionally ClamAV's DNS shows that the official
current version is beyond what the redistribution server has, so it
I too would like the option. (One of the reasons I use ClamAV is
because of its lack of bloat.)
So how about having "extra" databases in freshclam.conf that are
enabled by default? Or perhaps a minimal ClamAV-origin-only database
as an alternative to the default "full" data
Really large files like this would likely either be video files or
disk images (incl. DVD and Blu-Ray). Both kinds could, in principle,
have malware embedded.
Disk images often contain whole file systems and thus many, many files.
The alternative is to scan the entire FS after it is "mounted".
On Thu, 30 Jun 2016 11:26:07 -0400
Steven Morgan wrote:
> On Thu, Jun 30, 2016 at 10:06 AM, Axb wrote:
>
> >
> > When trying to use filesize conidtion in a Yara sig
> >
> > rule FileSize_200KB
> > {
> > condition:
> >filesize < 200KB
> >
vices and so
> the uncondtional whitelisting in the milter at last stage is only for
> dumb unconditional fasle positives leading to rejects
>
> Am 19.01.2017 um 20:54 schrieb Reindl Harald:
> > Am 19.01.2017 um 20:50 schrieb Paul Kosinski:
> >> What if a white-listed sender later
What if a white-listed sender later becomes part of a botnet? However
trustworthy the person is, their email isn't necessarily trustworthy.
(The "From:" address could easily be a faked, for example.)
On Thu, 19 Jan 2017 08:02:39 +0100
z...@aian.de wrote:
> Hey there,
>
> I bet it's an easy one
I just looked at my logs, and I agree it's bad. I haven't seen an
update since the one to 22199, which was 72 hours ago (see below).
Paul
-- Tuesday 06 September 2016 at 21:06:02
--
Current working dir is
Is the reason you don't want people downloading the CVDs directly
because that approach doesn't distribute the load, or do you have
some changes in mind for Freshclam that are incompatible with simple
direct downloading?
I'd hate to see ClamAV going the way of smartphones and tablets, with
Some years ago, before ClamAv had an option to follow symlinks when
recursing, I modified the source code to add an option to do that. It
was not too much work to do it once, but it got tedious to roll the
modifications forward and recompile with every new version, as I like
to keep up, even ahead
Does systemd have any ALLOW/DENY option (like Apache) for directories?
The "InaccessibleDirectories" option seems tedious and error prone,
especially since *all* x.service files would have to be checked every
time a new service, with perhaps new directories, is added.
On Sat, 27 Aug 2016
(contemporaneous with Unix, but totally independent), and IBM
Research 1970-1971 ("Future Systems", leading to System 38 and AS/400).
On Sat, 27 Aug 2016 20:52:58 +0200
Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 27.08.2016 um 20:45 schrieb Paul K
Of course, if anybody is able to find out what the magic filename is,
they could mount a targeted attack.
How are the PDFs generated? Would it be possible to attach a
cryptographic signature to asset to their validity? (That would
probably require an additional step on receipt as well as
To make back-out easier, I rarely purge daily.cvd and main.cvd, but just
rename the old ones with a date suffix, e.g., "daily.cvd.150416-0235".
I could easily provide a few from the past 1.5 years, and might be
able to find even older ones (with the associated main.cvd).
On Thu, 5 Jan 2017
I build Linux ClamAV from source, mainly due to distro maintainers
being (quite) behind the latest official ClamAV. Also, I build ClamAV
into /opt, so I can keep previous versions just in case.
On Sun, 5 Mar 2017 12:51:04 +
"Joel Esler (jesler)" wrote:
> The question here
I use a very simple logging setup (not syslog):
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
You didn't say how your MTA is passing the emails to be scanned to
ClamAV. Perhaps that interface program, such as Amavis, a Milter,
etc., is logging something useful. Or it may even not be
Are MP3 files ignored because it is impossible that MP3 software ever
has buffer overflows or other security flaws???
Or is it because MP3 files are compressed (i.e., random-looking) and
thus may cause false positives? What about all the other compressed or
encrypted file types which might do the
"...the worst thing that might happen would involve crashing the
player..."
No, the worst thing that might happen is that a buffer overflow results
in code execution in the player's security context. With deliberate
malicious code added to the MP3 data stream, this could even lead to
encrypting
I just got a security notice from SuSE talking about updating ClamAV.
The CVE looks quite old: is SuSE so far behind, or is there something
recent to worry about?
SUSE Security Update: Security update for clamav
IP addresses which PTR-resolve to ".edu", but I
don't do that a lot (and I certainly don't log every dropped SYN).
On Sun, 18 Jun 2017 18:23:32 +0100 (BST)
"G.W. Haywood" <cla...@jubileegroup.co.uk> wrote:
> Hi there,
>
> On Sun, 18 Jun 2017, Paul Kosins
0
"Walter H." <walte...@mathemainzel.info> wrote:
> On Sat, June 17, 2017 18:23, Paul Kosinski wrote:
> > Why do you reject *all* email from ".edu". Doesn't that cut you off
> > from lots of useful technological info? (I don't think I *ever* see
> > spam from &q
I, too, get very annoyed by companies that use more than one domain at
the first level: it seems that relatively few companies do it the "way
it was intended", via a subdomain. Even Google (who ought to know
better) has several extra first level domains, like gstatic.com,
1e100.net (ha, ha) etc.,
My new "main.cvd" is 117,892,267 bytes.
Paul
On Wed, 07 Jun 2017 15:36:13 -0700
Al Varnell wrote:
> Joel,
>
> It might help some to know the sizes for both main.cvd and
> the .cdiff. You had previously promised to provide us with that
> information.
>
> -Al-
>
> On Wed,
Why do you reject *all* email from ".edu". Doesn't that cut you off
from lots of useful technological info? (I don't think I *ever* see
spam from ".edu".)
On Fri, 16 Jun 2017 17:22:53 +0100 (BST)
"G.W. Haywood" wrote:
> Hi there,
>
> On Jun 15, 2017, Joel Esler
As well as mail scanning, we use CLAMAV with HAVP for HTTP scanning.
Although HAVP is not currently being developed, it seems to work OK.
P.S. HAVP uses the CLAMAV library directly to do the scanning, rather
than CLAMD or (worse) CLAMSCAN.
On Tue, 13 Jun 2017 09:37:36 +
Paul Moreno
I was mistaken: it turns out that ClamAV 0.99.2 *will* scan CD-size ISO
files. I just had to set --max-filesize and --max-scansize big enough.
And with the -v and -a options added, it *did* indicate it was scanning
files within the ISO.
I haven't had a chance to try 0.99.3 yet.
On Thu, 14 Sep
To continue...
Since this is the year 2017, and 64-bit computing has been around for
years, I decided to see how a Windows AV package would handle my ISO
which is "too big" for ClamAV.
I copied it over to a 64-bit Win7 machine with lots of RAM (32 GB), and
scanned it with Microsoft "Security
the
problem that DVD ISOs are "too big".
Paul Kosinski
On Thu, 14 Sep 2017 12:51:38 -0400
Steven Morgan <smor...@sourcefire.com> wrote:
> ClamAV contains an iso9660 parser.
>
> The clamscan --debug option may give a clue as to why it is not being
>
Thanks, but it doesn't help (still scans 0 data bytes).
On Wed, 13 Sep 2017 10:33:35 -0400
Steven Morgan wrote:
> Paul,
>
> in addition to max-filesize, try max-scansize.
>
> Steve
>
___
clamav-users mailing list
On Tue, 12 Sep 2017 21:49:17 -0800
kristen R wrote:
>
> The file is an image. Open the image up and then scan. Does clamscan
> open images itself and then preform a scan?
>
>
YES! It scans *inside* ZIP, TAR, RAR etc.
(Maybe these have a 4 GB limit too?)
If ClamAV
MD5 has been discredited (found insecure) a long time ago. Putting out
*new* signatures with SHA256 shouldn't be all that hard. And just like
some new sigs needing a recent version of ClamAV because of their
content, SHA-signed sigs could demand a new ClamAV version.
As far as a being a security
Clamscan read the entire ISO, but didn't scan any of it!
I thought 21st century software was finally in the 64-bit era.
---
~/Downloads/Linux/Knoppix> ls -l KNOPPIX_V7.7.1DVD-2016-10-22-EN.iso
-rw-r--r-- 1 ime users 4660914176
We were getting a lot of failed attempts to download from various
mirrors, but I don't think it ever completely blocked updates.
In any case, early Friday morning I deleted mirrors.dat to see if it
would help. Since then I have seen several "bad" mirrors, but have
still been able to download
My experience is that ClamAV is limited by to 4 GB for the size of a
file. Apparently it still uses 32-bit numbers (as opposed to addresses)
even on 64-bit machines.
On Mon, 20 Nov 2017 18:42:22 -0800
Al Varnell wrote:
> On Mon, Nov 20, 2017 at 03:48 PM, Micah Snyder
If you mean a way to scan live HTTP traffic, then take a look at HAVP.
I use HAVP on Linux. It's a proxy-ish process: it scans data passing
through. It isn't actively being developed, but it still works OK.
Since it uses libclamav directly, it doesn't add the extra overhead
that involving clamd
Here's our latest actual download (subsequent queries showed nothing new).
Note that 204.130.133.50 worked for us (from 66.31.152.192).
Paul
-- Monday 06 November 2017 at 09:06:03 EST
--
Current working dir is
I killed our "mirrors.dat" at 2017-11-06 19:35:35 (EST). It was last
modified at 2017-11-06 18:06:29 (EST). We'll see what happens.
Paul Kosinski
On Mon, 6 Nov 2017 21:21:58 +
"Joel Esler (jesler)" <jes...@cisco.com> wrote:
> It would be helpful, if, start
ation lookup. Helps us see what
> versions people are running out there and what version of ClamAV
> people are using. It’s failure shouldn’t stop the update process.
> Please give us a debug.
>
> Sent from my iPhone
>
> > On Jun 30, 2018, at 19:28, Paul Kosinski
> &g
Looking into it.
> >>
> >> Sent from my iPhone
> >>
> >>
> >> > On Jun 24, 2018, at 23:12, Al Varnell wrote:
> >> >
> >> > Yes, but all but one was empty.
> >> >
> >> > Sent from my iPad
> >> >
Assuming my map reading is correct, it looks like the San Francisco area
saw the biggest improvement. Why wouldn't they have had really good
service to begin with?
On Wed, 27 Jun 2018 14:25:47 +
"Joel Esler (jesler)" wrote:
> I generally wouldn’t copy a Tweet over to the mailing list, but
o it, is because for some reason, there are
> a bunch of people in Italy attempting to fetch from the Ireland
> mirror. Maybe because of unreliability in that region at some point,
> and they left it that way... In any case, everyone is being served
> out of their closest POP now
This reminds me of one of the reasons I dropped commercial AV software
in favor of Open Source ClamAV: I decided that I would prefer somewhat
less comprehensive AV rather than "full featured" AV that does things
you can't control (or sometimes even know about).
P.S. We also have internal email
I've gotten several daily.cvd updates in that period. They came from
several IP addresses associated with http://db.us.clamav.net/.
On Sun, 24 Jun 2018 18:08:59 -0700
Al Varnell wrote:
> Just wanted to point out that there has only been one signature added
> to the VirusDB by daily updates in
Esler (jesler)" wrote:
> I just purged db.us’s cache. Can you try?
>
> Sent from my iPhone
>
> > On Jun 26, 2018, at 20:24, Paul Kosinski
> > wrote:
> >
> > Joel,
> >
> > Sorry to have been somewhat cryptic: I assumed the context of the
> &
enever]?
On Tue, 26 Jun 2018 20:01:09 +
"Joel Esler (jesler)" wrote:
> Define broken in your context? Doesn't have the file? (Humor me, so
> I understand from your parlance)
>
>
>
> > On Jun 26, 2018, at 2:59 PM, Pa
> mirrors are synched (push) quickly from the repository and the next
> tier of mirrors can now update from this block of mirrors rather than
> the repository alone, and this will distribute the load and minimize
> bandwidth induced lag. NIS works in this fashion.
>
> Another o
Currently, when a daily.cvd is downloaded, its version and other such
info is in the first N bytes of the whole file, which is quite big.
How about repeating that information in the HTTP response header, so it
could be retrieved by an HTTP HEAD command, rather than having to do a
massive GET,
We are *still* failing to get ClamAV cvd files updates reliably -- even
after deleting mirrors.dat before each attempt!
The basic problem seems to be that the query to (e.g.):
daily.24710.85.1.0.6810BB8A.ping.clamav.net
fails as often as not (e.g.):
Querying
a result of
> > the move from ClamAV mirrors to the ClamAV CDN.
> >
> > Sent from my iPad
> >
> > -Al-
> >
> >> On Jul 1, 2018, at 20:38, Dennis Peterson
> >> wrote:
> >>
> >>> On 7/1/18 8:24 PM, Paul Kosinski wrote:
> &
Determining what version a *mirror* has is a bit tricky. Looking at the
capture of the entire HTTP session with the new mirrors, they seem to
require some header magic to be acceptable:
Host: db.us.clamav.net
User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Simply trying
I observed this running out of file descriptors yesterday when running
0.99.2 to scan the download of 0.99.3. I had never seen this behavior
before, but ascribed it to using clamscan with its memory limit set to
4095M to ensure that absolutely everything was scanned.
One of our clamd process died
I have been keeping various old versions of the "daily" files for years,
and felt like that was silly -- until now!
I have now replaced my daily.cvd with version 24253, and clamd doesn't
seem to be eating file descriptors.
If anyone wants 24253, I have made it available at
Oh yes, and I disabled freshclam on all our machines (including those
using our central mirror).
On Fri, 26 Jan 2018 11:56:37 -0500
Paul Kosinski <clamav-us...@iment.com> wrote:
> I have been keeping various old versions of the "daily" files for
> years, and felt like t
1 - 100 of 318 matches
Mail list logo