> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Paul Kosinski
> Sent: Tuesday, July 31, 2018 2:42 PM
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] After 0.100.1 Update, clamd crashes
<...>
I must say that I agree. To have ClamAV crash on a badly formed
signature is as bad (or worse) as having it crash while scanning.
Since ClamAV tends to be run with automatic updates to its DB, having a
bad signature cause it to crash can result in email blockage or a total
lack of AV service
Hi there,
On Tue, 31 Jul 2018, Steve Basford wrote:
My little issue is with this statement:
"It wasn't quite clear at the offset of this bug, but ClamAV cannot
support unofficial signatures from a development standpoint. For numerous
reasons, we do not regress against those signatures, and in
users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of
Micah Snyder (micasnyd)
Sent: Tuesday, July 31, 2018 8:51 AM
To: steveb_cla...@sanesecurity.com; ClamAV users ML
Subject: Re: [clamav-users] After 0.100.1 Update, clamd crashes
Thanks for the analysis, Steve. That is a step towar
Thanks for the analysis, Steve. That is a step towards understanding how to
fix it.
I don't believe it's a new bug in 0.100, but was merely revealed due to
legitimate improvements in the yara sig loading behavior.
Copypaste'd from my comments in the ticket you linked:
> In 0.99.x some of the
Just posting a little regarding the Yara issue with 0.100.x:
After a little bit of testing last week... here's what was found:
It seems that in ClamAV 0.100.x if the yara file uses pe.imports *and* has
*multiple* rules inside the single Yara file, it seems to crash linux
versions of ClamAV.
If
: [clamav-users] After 0.100.1 Update, clamd crashes
On 07/31/18 11:10, Fraenzl, Martin wrote:
> Hi all,
>
>
>
> I'm using clamav as scanner for my Exim MTA.
>
> Since I updated from 0.99.4 to 0.100.1, Exim is not able to connect to
> clamd.
If you are using unofficial rules, di
On 07/31/18 11:10, Fraenzl, Martin wrote:
> Hi all,
>
>
>
> I’m using clamav as scanner for my Exim MTA.
>
> Since I updated from 0.99.4 to 0.100.1, Exim is not able to connect to
> clamd.
If you are using unofficial rules, disable yara rules.
Hi all,
I'm using clamav as scanner for my Exim MTA.
Since I updated from 0.99.4 to 0.100.1, Exim is not able to connect to clamd.
ps -afe | grep clam
clamav 19586 1 0 10:32 ?00:00:00 /usr/sbin/clamd
clamav 19596 1 0 10:32 ?00:00:00 /usr/bin/freshclam -d
After the
