Re: [clamav-users] on-access scan /media folder

Hi there, Sorry again for the delay. I've attached a small patch which provides a bit deeper (and possibly excessive) error reporting for clamonacc. Please give it a try and let us know what errors pop up so we can better figure out the problem. Thanks, Mickey On 2020-08-17 18:41:49-04:00

Re: [clamav-users] ERROR: VirusEvent: fork failed.

Wanted to add a bit of insight to this convo from the dev side of things: VirusEvent currently works by forking the existing clamd process into a new, short-lived process that handles execution of the user's script. This is a legacy design choice and is problematic for a number of reasons--most

Re: [clamav-users] Using OnAccess scanning with Selinux

://bugzilla.redhat.com/show_bug.cgi?id=1464269 Hope that helps, - Mickey On Tue, Feb 19, 2019 at 11:49 AM Dave Lahn wrote: > Mickey, > > Do you know what needs to be updated in the policies? > > Best regards, > Dave > > On Thu, 14 Feb 2019 at 15:59, Mickey Sola wrote: > >

Re: [clamav-users] Using OnAccess scanning with Selinux

> > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > From 20ccc17c46a82cf5cdf42e26b0c25ff901ec2bb7 Mon Sep 17 00:00:00 2001 From: Mickey Sola Date: Thu, 14 Feb 2019 15:36:25 -0500 Subject: [PATCH] on

Re: [clamav-users] ScanOnAccess: ... (null) FOUND

Hi Jens, Do you have the OnAccessExtraScanning option on by chance? There's a known issue with that option which can cause memory consumption problems. Though I'm still not certain why that would lead to printing "(null)" virnames. - Mickey On Thu, Aug 2, 2018 at 8:45 AM, Kretschmer, Jens <

Re: [clamav-users] [Heuristics.Encrypted.PDF(e555f48bc6539cac03976b450b3a33e0:114630)]

), just so we have this issue tracked. But know that without a sample it will be difficult to test/resolve. - Mickey Sola On Wed, Apr 4, 2018 at 12:38 PM, Reindl Harald <h.rei...@thelounge.net> wrote: > [Heuristics.Encrypted.PDF(e555f48bc6539cac03976b450b3a33e0:114630)] > > hits als

Re: [clamav-users] ScanOnAccess, OnAccessPrevention and move to quarantine

Unfortunately, the ExcludeUID option in 0.99.2 is broken due to an oversight in how clam's optparser handles numbered lists which include 0. You can follow along with the resolution of that issue here: https://bugzilla.clamav.net/show_bug.cgi?id=11978 An important takeaway for you in that thread,

Re: [clamav-users] Injection Vulnerability in 0.99.2

That's because you've gotten to the heart of the matter. There's no real bug or code related vulnerability here; it's a user-side network hardening issuing combined with a misunderstanding of clamd configuration options that allows for this attack surface to exist. As Steve has already pointed

Re: [clamav-users] ClamAV can't scan DVD-size ISO files

I might be remembering wrong, but I believe there was work done to address Clam's large filesize handling issues in the year between 0.99.2 and 0.99.3. Have you tested out the beta yet to see if your needs have been addressed? On Thu, Sep 14, 2017 at 2:45 PM, Paul Kosinski

Re: [clamav-users] Another bug with ClamAV 0.99.3 beta 1

gt; Referenced from: /usr/local/clamav/sbin/clamd > Expected in: /usr/lib/libSystem.B.dylib > > Note that this *not* being built on 10.6. It's being built on 10.12 with > support for running the compiled binaries on 10.6 by way of the > -mmacosx-version-min=10.6 compiler flag. > &

Re: [clamav-users] Another bug with ClamAV 0.99.3 beta 1

Hi Mark, The strnlen and strndup reworks have made it up to master if you wanted to take a look and make sure everything builds OK on 10.6 You'll need commits 47a544dc07b75c284e0fc475164bcdc5e9d5b18b thru 8cb271e25cf43bd5d6296827d2c0f25a33420fd9 (4 in total) -Mickey On Mon, Aug 14, 2017 at

Re: [clamav-users] ScanOnAcess

Hi Roelof, The on-access scanner is configured through clamd.conf. This is a freshclam.conf file. As such, it makes sense that freshclam would complain about that configuration option, since freshclam and clamd are separate applications. Remove the erroneous option and freshclam should pull

Re: [clamav-users] ClamAV ScanOnAccess not scanning RHEL7

lete filesystem. > > > Best Regards, > > Remi > > > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Mickey Sola > Sent: Thursday, March 30, 2017 6:52 PM > To: ClamAV users ML > Subject: Re: [clamav-users

Re: [clamav-users] ClamAV ScanOnAccess not scanning RHEL7

Hi Remi, Your configuration looks fine, and it seems like you're getting expected behavior given what the log shows. I'll explain a bit more what's happening, and why you can freely move around the eicar testfile. The important line is here: Thu Mar 30 09:58:54 2017 -> ScanOnAccess: notifying

Re: [clamav-users] can't demonstrate that On-Access scanning is working (fedora 24)

e the config file's example of /home - it refused to > start. I was able to specify my download directory though, > > Best Regards, > Hugo > > On Tue, 30 Aug 2016 at 16:02 Mickey Sola <ms...@sourcefire.com> wrote: > > > H, when running clamd manually coul

Re: [clamav-users] can't demonstrate that On-Access scanning is working (fedora 24)

ee > Aug 30 13:20:17 localhost.localdomain clamd[13472]: > /home//Documents/minuscule.pdf: OK > > When I open the same file with evince, I get nothing from clamd. Note that > I've been sticking to small files to avoid hitting the default file max > (5m). > > Best,

Re: [clamav-users] can't demonstrate that On-Access scanning is working (fedora 24)

Hi Hugo, Could you try setting the max filesize option to a non-zero value and let me know if that changes anything? -Mickey On Aug 30, 2016 7:51 AM, "Hugo Bernier" wrote: > We have a new requirement at work that we have virus scanners installed on > our workstations. > >

Re: [clamav-users] ScanOnAccess issue when clamd launched from systemd

Mikko, I know you didn't find anything in audit.log, but is your primary issue resolved when you set SELinux to Permissive? Looking at the code, and the debug output, so far everything points to this being an issue with permissions. Regarding your secondary problems: As documented, OnAccess

Re: [clamav-users] can I check for CreditCards but NOT check for SSNs?

Hi Rob, Just tested this, and it seems setting both "StructuredSSNFormatNormal" and "StructuredSSNFormatStripped" to "no" in clamd.conf should give you the behaviour you want. Let me know if that works for you. Cheers, Mickey On Wed, May 4, 2016 at 5:41 PM, Rob McKennon

Re: [clamav-users] Odp: Re: scan on access block when found.

kapturkiewicz <hor...@wp.pl> wrote: > Dnia Czwartek, 25 Lutego 2016 16:53 Mickey Sola <ms...@sourcefire.com> > napisał(a) > > Hi Kamil, > > > > A few things: what OS and kernel version are you using? what are the > > results of opening the eicar file with vi

Re: [clamav-users] scan on access block when found.

Hi Kamil, A few things: what OS and kernel version are you using? what are the results of opening the eicar file with vi (or your editor of choice)? are /home/ and or /var/ftp/ mount points? if so, are there symlinks within those directory hierarchies? is your kernel configured with

Re: [clamav-users] Stream scanning

Hi Istvan, While clamd does provide on-access scanning capabilities, that feature is only available on Linux systems. On Windows, you will need to periodically run a scan on the target directory. Cheers, Mickey On Tue, Jan 12, 2016 at 9:52 AM, Istvan Szabo wrote: > If

Re: [clamav-users] Stream scanning

and up). On Tue, Jan 12, 2016 at 10:43 AM, Yuri Voinov <yvoi...@gmail.com> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > // Corrected. You are welcome ;) > > 12.01.16 21:42, Mickey Sola ?: > > Hi Istvan, > > > > While clamd

Re: [clamav-users] Stream scanning

To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] Stream scanning > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Sadly. Linux is not single OS in the world for servers. > > 12.01.16 22:20, Mickey Sola ?: > > More specifically, only Linux is

Re: [clamav-users] block access to file using scan on access option

Hi Kamil, Unfortunately, the current version of on-access scanning is limited to non-recursive detection during access attempts--not prevention. This is due to particularities in how clamd leverages fanotify (and partially due to limitations from fanotify itself). Work is being done to flesh out