Hi all
This email is two-part: an FP report and a bug report - both only concerning
0.99.3
I just uploaded an FP which is only being detected by 0.99.3 beta 1. The
checksum for the submitted file (PDFSigQFormalRep.pdf) is
1a29b1f3d6df9f1e47c8a77dde142238
It's part of Adobe Acrobat and is showing up as Heuristic.PDF.TooManyFilters.
Now the bug-report part.
I added the relevant line to a local FP file exclude.fp in the clamav database
directory, and it correctly prevents the file from reporting as being infected,
however the summary still shows "1 infected file".
$ clamscan ~/Desktop/temp/PDFSigQFormalRep.pdf
----------- SCAN SUMMARY -----------
Known viruses: 7305825
Engine version: 0.99.3-beta1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.22 MB
Data read: 0.45 MB (ratio 0.49:1)
Time: 21.459 sec (0 m 21 s)
Cheers
Mark
> On 4 Aug 2017, at 12:04 am, Joel Esler (jesler) <jes...@cisco.com> wrote:
>
> http://blog.clamav.net/2017/08/clamav-0993-beta-has-been-released.html
>
> ClamAV 0.99.3 beta has been released!
> Join us as we welcome ClamAV 0.99.3 beta for testing! Be sure and grab the
> beta release on our official ClamAV download
> site<http://www.clamav.net/downloads>.
>
> Welcome to ClamAV 0.99.3. In this release, we have included many code
> submissions from the ClamAV community:
>
>
> * Interfaces to the Prelude SIEM open source package for collecting ClamAV
> virus events.
> * Visual Studio 2015 for building Microsoft Windows binaries.
> * Support libmspack internal code or as a shared object library. The
> internal library is the default and contains additional integrity checks.
> * Linking with openssl 1.1.0.
> * Numerous code patches, typos, and compiler warning fixes.
>
>
> Additionally, we have introduced important changes and new features in
> ClamAV 0.99.3, including:
>
>
> * Deprecating internal LLVM code support. The configure script has changed
> to search the system for an installed instance of the LLVM development
> libraries, and to otherwise use the bytecode interpreter for ClamAV bytecode
> signatures. To use the LLVM Just-In-Time compiler for executing bytecode
> signatures, please ensure that the LLVM development package at version 3.6 or
> lower is installed. Using the deprecated LLVM code is possible with the
> command: './configure --with-system-llvm=3Dno', but it no longer compile on
> all platforms.
> * Compute and check PE import table hash (a.k.a. "imphash") signatures.
> * Support file property collection and analysis for MHTML files.
> * Raw scanning of PostScript files.
> * Fix clamsubmit to use the new virus and false positive submission web
> interface.
> * Optionally, flag files with the virus "Heuristic.Limits.Exceeded" when
> size limitations are exceeded.
> * Improve decoders for PDF files.
>
>
> The ClamAV community thanks the following individuals for their ClamAV 0.99.3
> code submissions:
>
> Sebastian Andrzej Siewior
> Keith Jones
> Bill Parker
> Chris Miserva
> Daniel J. Luke
> Matthew Boedicker
> Ningirsu
> Michael Pelletier
> Anthony Chan
> Stephen Welker
>
> Following are issues discovered during release testing. For additional
> information, please review the corresponding tickets on
> bugzilla.clamav.net<http://bugzilla.clamav.net>:
>
> 11879 - cli_scanmscan() Failed to extract 4 in Windows beta when scanning cab
> files
> 11882 - ./configure does not automatically detect libxml2 on FreeBSD 10.3 and
> 11.0
> 11884 - 'sudo make install' on FreeBSD 10.3 and 11.0 leaves files owned by
> root, subsequent make command fails
> 11885 - clamsubmit not building on FreeBSD 10.3 and 11.0
> 11887 - Failures of 'make check VG=1' on FreeBSD 10.3 and 11.0
>
> We ask that feedback be provided via the ClamAV mailing
> lists<http://www.clamav.net/contact#ml>.
>
>
> --
> Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>
>
>
>
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
