Re: [clamav-users] Announcing Fangfrisch release 1.9.0
Fangfrisch release 1.9.0 is now available via https://pypi.org/project/fangfrisch/ requirements.txt: requests >= 2.22.0 SQLAlchemy >= 1.4.0 Are those requirements sharp? I wonder if Fangfrisch could run on older Debian systems with Debian-shipped python packages. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] [ext] Clamav 1.0.1 and email scan failed
Then I configured amavis on another VM so that it has to contact CLamav through TCP connection to the VM where Clamav is installed. But the error is the same. I am not aware that an Amavis-to-ClamAV content stream includes file paths. So if the error message of the remote ClamAV contains an amavis spool path, your debug-setup is probably not what you intended. Try an "strace -f -e trace=file --failed-only -p $local_clamav_pid" instead. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Is there a better explanation of the Anti-Virus options
Here is a sample. The term "Blocked" is used. Does ClamAV scan the files looking for viruses or just it just wholescale block them? Amavisd, using clamAV has a series of decoders. Hence my question. ### BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary # qr'^\.(exe|lha|cab|dll)$', # banned file(1) types ### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: # [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives This is completely unrelated to ClamAV or virus scanning in general. There is a amavis-users mailing list you might check out.___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Is there a better explanation of the Anti-Virus options
In Amavisd.conf? This is the clamav-users mailing list. People here are not expected to know what Amavis uses. Please write down the options you want to know more about.___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Amavis + ClamAV can't connect to socket
which service should be running Clam-Freshclam or Clamav-Freshclam? I only see a clamav-freshclam.service___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Amavis + ClamAV can't connect to socket
@av_scanners_backup = ( ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], # ### http://www.clamav.net/ - using remote clamd scanner as a backup # ['ClamAV-clamdscan', 'clamdscan', # "--stdout --no-summary --config-file=/etc/clamd-client.conf {}", # [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], Do I remove the quote marks (“) out of the first group? No, the backup scanner is fine. The Fedora-shipped primary scanner config begins with @av_scanners = ( # ClamAV (clamdscan) # # http://www.clamav.net/ # # This is recommended way to use clamav: # # * The use of clamd eliminates the startup time associated with loading # the databases into clamscan (without the 'd'). # # * The use of clamdscan eliminates the need for you to know the path to # the clamd communication socket or its low-level protocol details. # # * The --fdpass option opens the files to be scanned as the amavis user, # but then scans them as the clamav user. This avoids the permission # problems that result when you ask clamd to scan the files itself. # # * By dropping the --fdpass option, this command is easily adapted for # use with a network socket (clamd running elsewhere). # ['ClamAV-clamdscan', 'clamdscan', "--config-file=/etc/clamd.d/amavisd.conf --fdpass --stdout --no-summary {}", [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Amavis + ClamAV can't connect to socket
Out of the box, I got this error and haven't been able to change the behavior: Apr 22 10:35:42 mcq amavis[22581]: (22581-01) (!)connect to /run/clamd.scan/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /run/clamd.scan/clamd.sock: Permission denied Apr 22 10:35:42 mcq amavis[22581]: (22581-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /run/clamd.scan/clamd.sock, retrying (2) A Fedora 38 Amavis+ClamAV setup does not use "ClamAV-clamd" but "ClamAV-clamdscan" inside [1], which works out-of-the-box with the clamd@amavisd service in my local test. [1] /etc/amavisd/amavisd.conf ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Memory allocation issue
However this .wdb will not play with 1.0.1 Can we have it?___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] clamdscan: show clean files?
Le 13/03/2023 à 15:39, Damian via clamav-users a écrit : Faster with parallel command : find /tmp/files -type f |parallel clamdscan --no-summary {} Cannot confirm: bench@sigil:/$ time find /usr/share/doc/texinfo -type f | parallel clamdscan --fdpass --no-summary {} | tail -n 2 /usr/share/doc/texinfo/AUTHORS: OK /usr/share/doc/texinfo/NEWS.Debian.gz: OK real 0m4,241s user 0m3,101s sys 0m3,324s bench@sigil:/$ time find /usr/share/doc/texinfo -type f -exec clamdscan --fdpass --no-summary {} + | tail -n 2 /usr/share/doc/texinfo/AUTHORS: OK /usr/share/doc/texinfo/NEWS.Debian.gz: OK real 0m0,299s user 0m0,015s sys 0m0,033s bench@sigil:/$ time find /usr/share/doc/texinfo -type f | parallel clamdscan --fdpass --no-summary {} | tail -n 2 /usr/share/doc/texinfo/AUTHORS: OK /usr/share/doc/texinfo/NEWS.Debian.gz: OK real 0m4,273s user 0m3,222s sys 0m3,513s bench@sigil:/$ time find /usr/share/doc/texinfo -type f -exec clamdscan --fdpass --no-summary {} + | tail -n 2 /usr/share/doc/texinfo/AUTHORS: OK /usr/share/doc/texinfo/NEWS.Debian.gz: OK real 0m0,343s user 0m0,004s sys 0m0,047s Disk cache hits. No, that's why I interleaved two runs each. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] clamdscan: show clean files?
Faster with parallel command : find /tmp/files -type f |parallel clamdscan --no-summary {} Cannot confirm: bench@sigil:/$ time find /usr/share/doc/texinfo -type f | parallel clamdscan --fdpass --no-summary {} | tail -n 2 /usr/share/doc/texinfo/AUTHORS: OK /usr/share/doc/texinfo/NEWS.Debian.gz: OK real 0m4,241s user 0m3,101s sys 0m3,324s bench@sigil:/$ time find /usr/share/doc/texinfo -type f -exec clamdscan --fdpass --no-summary {} + | tail -n 2 /usr/share/doc/texinfo/AUTHORS: OK /usr/share/doc/texinfo/NEWS.Debian.gz: OK real 0m0,299s user 0m0,015s sys 0m0,033s bench@sigil:/$ time find /usr/share/doc/texinfo -type f | parallel clamdscan --fdpass --no-summary {} | tail -n 2 /usr/share/doc/texinfo/AUTHORS: OK /usr/share/doc/texinfo/NEWS.Debian.gz: OK real 0m4,273s user 0m3,222s sys 0m3,513s bench@sigil:/$ time find /usr/share/doc/texinfo -type f -exec clamdscan --fdpass --no-summary {} + | tail -n 2 /usr/share/doc/texinfo/AUTHORS: OK /usr/share/doc/texinfo/NEWS.Debian.gz: OK real 0m0,343s user 0m0,004s sys 0m0,047s ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] clamdscan: show clean files?
I prefer here on my system clamscan, this has much more additional parameters as clamdscan clamscan is slow, as it has to load its database first. Any hints are appreciated … If I read the code correctly, this is not possible with clamdscan alone. However, this might work for you: find /tmp/files -type f -exec clamdscan --no-summary {} + ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Long Term Support (LTS) program proposal
The current "stable" Debian is 10/Buster. It has ClamAV 0.103.2, patched by Debian to "deb10u1" (whatever that implies) https://security-tracker.debian.org/tracker/source-package/clamav ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Please clarify ClamAV 0.103.2 security patch release
Hi, the blog [1] is inconsistent with the CVEs descriptions for CVE-2021-1404 and -1405. This makes it unclear which versions are affected by which CVE. Can you fix the blog please? I see the blog has been corrected, thank you. Furthermore, can you please confirm that the "buffer overread in PDF parser" issue (CVE-2021-1405 according to mitre) really is limited to 0.103.x? The surrounding code of [2] is two years old, so from my naive point of view 0.102 could be affected as well. My bad, relevant code parts have been committed after 0.102.4 release. Regards Damian ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Please clarify ClamAV 0.103.2 security patch release
Hi, the blog [1] is inconsistent with the CVEs descriptions for CVE-2021-1404 and -1405. This makes it unclear which versions are affected by which CVE. Can you fix the blog please? Furthermore, can you please confirm that the "buffer overread in PDF parser" issue (CVE-2021-1405 according to mitre) really is limited to 0.103.x? The surrounding code of [2] is two years old, so from my naive point of view 0.102 could be affected as well. Regards Damian [1] https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html [2] https://github.com/Cisco-Talos/clamav-devel/commit/7a70a03ba01d657296be61f0ec98ca6990f51578 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml