Re: [clamav-users] reduce memory footprint by removing some virus definitions on a low memory server

Am 26.01.2018 um 09:41 schrieb Sophie Loewenthal: Hi everybody, Would removing some of the virus definitions on a memory sparse server still leave a semi-usable clamav scanner? e.g if I just left main.cvd bytecode.cvd and dropped daily.cvd? Or some other config. e.g just kept the

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

yes all our servers are stuck disabled official signatures we have sanesecurity foxhole foxhole_all.cdb -- customized for our use which blocks all bad attachments it seems to work now. rajesh - Original Message - From: Reindl Harald [mailto:h.rei...@thelounge.net] To:

[clamav-users] reduce memory footprint by removing some virus definitions on a low memory server

Hi everybody, Would removing some of the virus definitions on a memory sparse server still leave a semi-usable clamav scanner? e.g if I just left main.cvd bytecode.cvd and dropped daily.cvd? Or some other config. e.g just kept the unoffical sigs and the bytecode. I realize this is

Re: [clamav-users] reduce memory footprint by removing some virusdefinitions on a low memory server

The problem is clearly with daily.cld which was the only thing updated today, so disabling it should work for now. mirrors.dat has nothing to do with signatures. It just keeps track of the mirrors used and any failures associated with them to prevent their use if necessary. -Al- On Fri, Jan

Re: [clamav-users] Anyone notice any issues with clamav 0.99.2 and recent patterns?

* Karl Pielorz : > This ends up with a lot of wedged mail processes (and we slowly run out of > fd's as the process table fills up). Same here on Ubuntu 16.04 with official patterns. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin

Re: [clamav-users] open file descriptors

besides that such signatures are braindead on a public list please look at the other threads - the daily sigs are fucked up currently Am 26.01.2018 um 11:13 schrieb Johan Loubser: The integrity and confidentiality of this email is governed by these terms / Die integriteit en vertroulikheid

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am 26.01.2018 um 11:36 schrieb Reindl Harald: > Am 26.01.2018 um 11:28 schrieb Andreas Schulze: >> >> just updated to 0.99.3 ( which is a 0.99.2 + Security fixes ) bit >> still clamav don't work as expected. >> >> Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: >> Fri Jan 26 11:23:10 2018 ->

Re: [clamav-users] reduce memory footprint by removing some virus definitions on a low memory server

On 26.01.18 09:41, Sophie Loewenthal wrote: Would removing some of the virus definitions on a memory sparse server still leave a semi-usable clamav scanner? e.g if I just left main.cvd bytecode.cvd and dropped daily.cvd? I think it would be more logical to drop main.cvd and leave daily.cvd

Re: [clamav-users] reduce memory footprint by removing some virusdefinitions on a low memory server

hi this is what i did on my mail server cd /var/lib/clamav mv daily.cld daily.cld.BAK mv main.cld main.cld.BAK mv bytecode.cld bytecode.cld.BAK mv mirrors.dat mirrors.dat.BAK kept foxhole_all and badmacro.ndb unoffical which handles all kinds of bad attachments / macros. also have

Re: [clamav-users] Anyone notice any issues with clamav 0.99.2 and recent patterns?

On Friday 26 January 2018 04:04:53 Gene Heskett wrote: > On Friday 26 January 2018 03:19:52 maxal wrote: > > On Fri, 2018-01-26 at 08:11 +0100, lukn wrote: > > > Same on a machine with clamav-milter: > > > > > > clamav-milter[8241]: Failed to initiate streaming/fdpassing > > >

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am 26.01.2018 um 10:01 schrieb Ralf Hildebrandt: > * Reindl Harald : > >> sounds like an issue with the official signatures given that you are not the >> first reporter and that we don't use them and have no problems > > Thought so. Must be a recent signature in

Re: [clamav-users] open file descriptors

On 26/01/2018 12:15, Reindl Harald wrote: besides that such signatures are braindead on a public list please look at the other threads - the daily sigs are fucked up currently Am 26.01.2018 um 11:13 schrieb Johan Loubser: The integrity and confidentiality of this email is governed by these

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am 26.01.2018 um 11:48 schrieb Ralf Hildebrandt: >> Arguably if a bug in the signatures can lead to such massive problems >> then that is in itself a bug in the software, which might be (but >> apparently so far isn't) fixed in a later version. > > Amen to that. the former 0.99.3beta2 don't

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

* Reindl Harald : > sounds like an issue with the official signatures given that you are not the > first reporter and that we don't use them and have no problems Thought so. Must be a recent signature in daily.cvd. -- Ralf Hildebrandt Charite

Re: [clamav-users] reduce memory footprint by removing some virusdefinitions on a low memory server

Thanks for the suggestions h.rei...@thelounge.net and 24x7ser...@24x7server.net and alvarn...@mac.com Daily removed for the timebeing anyway. > On 26 Jan 2018, at 09:55, Rajesh M

Re: [clamav-users] Anyone notice any issues with clamav 0.99.2 and recent patterns?

On Friday 26 January 2018 03:19:52 maxal wrote: > On Fri, 2018-01-26 at 08:11 +0100, lukn wrote: > > Same on a machine with clamav-milter: > > > > clamav-milter[8241]: Failed to initiate streaming/fdpassing > > clamav-milter[8241]: Unknown reply from clamd > > clamd[11895]:

[clamav-users] open file descriptors

The integrity and confidentiality of this email is governed by these terms / Die integriteit en vertroulikheid van hierdie e-pos word deur die volgende bepalings gereël. http://www.sun.ac.za/emaildisclaimer ___ clamav-users mailing list

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am 26.01.2018 um 11:28 schrieb Andreas Schulze: Am 26.01.2018 um 10:01 schrieb Ralf Hildebrandt: * Reindl Harald : sounds like an issue with the official signatures given that you are not the first reporter and that we don't use them and have no problems Thought

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

If you can't revert to daily 24255 then disable daily.cld until you know it's fixed. Has anybody updated to daily 24257 to see if that helps? I doubt that it does as no sigs are shown as dropped. Sent from my iPad -Al- > On Jan 26, 2018, at 2:28 AM, Andreas Schulze

Re: [clamav-users] reduce memory footprint by removing some virus definitions on a low memory server

Daily contains the corrupted signature that is causing all the grief. Sent from my iPad -Al- > On Jan 26, 2018, at 2:46 AM, Matus UHLAR - fantomas wrote: > > I think it would be more logical to drop main.cvd and leave daily.cvd > - daily.cvd contains more actual signatures.

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

> Arguably if a bug in the signatures can lead to such massive problems > then that is in itself a bug in the software, which might be (but > apparently so far isn't) fixed in a later version. Amen to that. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Il 26/01/2018 10:39, Ralf Hildebrandt ha scritto: clamd is leaking filedescriptors for temporary files - ls /proc/`pidof clamd`/fd shows a lot of: lrwx-- 1 root root 64 Jan 26 10:38 993 -> /tmp/clamav-736a3d0d2a944a0a79d465671fb754d5.tmp (deleted) lrwx-- 1 root root 64 Jan 26 10:38

Re: [clamav-users] reduce memory footprint by removing some virus definitions on a low memory server

Actually, Main is shown to have 4,566,249 signatures whereas daily only has 1,835,139 with my setup. But those in Main are older and probably less likely to identify a current threat. -Al- On Fri, Jan 26, 2018 at 02:46 AM, Matus UHLAR - fantomas wrote: > I think it would be more logical to

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

* Dianne Skoll : > Hi, > > Something went badly wrong with clamd recently; it's stuck with > hundreds/thousands of open files per process and interrupting mail flow. > > When a scanning thread finishes, I see this in the strace output. > (I ran clamdscan /etc/hosts as a

Re: [clamav-users] reduce memory footprint by removing somevirusdefinitions on a low memory server

hi all even though i removed daily.cld main.cld bytecode.cld mirrors.dat all of these has been recreated automatically i am not running freshclam via a cron job help required in disabling clam updates rajesh - Original Message - From: Sophie Loewenthal

Re: [clamav-users] reduce memory footprint by removing somevirusdefinitions on a low memory server

stop freshclam daemon On 26.01.2018 11:54, Rajesh M wrote: > hi all > > even though i removed > > daily.cld > main.cld > bytecode.cld > mirrors.dat > > all of these has been recreated automatically > > i am not running freshclam via a cron job > > help required in disabling clam updates >

Re: [clamav-users] reduce memory footprint by removing some virus definitions on a low memory server

Try # service clamav-freshclam stop The exact command may vary depending on your OS and distribution which you didn't mention. Am 26.01.2018 um 11:54 schrieb Rajesh M: > hi all > > even though i removed > > daily.cld > main.cld > bytecode.cld > mirrors.dat > > all of these has been

Re: [clamav-users] reduce memory footprint by removing some virus definitions on a low memory server

On Jan 26, 2018, at 2:46 AM, Matus UHLAR - fantomas wrote: I think it would be more logical to drop main.cvd and leave daily.cvd - daily.cvd contains more actual signatures. On 26.01.18 02:48, Al Varnell wrote: Daily contains the corrupted signature that is causing all the

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am 26.01.2018 um 08:32 schrieb Dianne Skoll: Something went badly wrong with clamd recently; it's stuck with hundreds/thousands of open files per process and interrupting mail flow. When a scanning thread finishes, I see this in the strace output. (I ran clamdscan /etc/hosts as a test): [pid

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Il 26/01/2018 09:00, Reindl Harald ha scritto: freshclam and a custom script downloads anything to /var/lib/clamav-download and then for the two "/var/lib/clamav" and "/var/lib/clamav-sa" basend on file-lists hardlinks are set - from the official only "safebrowsing" is active We have the

Re: [clamav-users] Anyone notice any issues with clamav 0.99.2 and recent patterns?

On Fri, 2018-01-26 at 08:11 +0100, lukn wrote: > Same on a machine with clamav-milter: > > clamav-milter[8241]: Failed to initiate streaming/fdpassing > clamav-milter[8241]: Unknown reply from clamd > clamd[11895]: instream(127.0.0.1@49958): Can't open file or directory > ERROR >

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am 26.01.2018 um 09:19 schrieb Marco: Il 26/01/2018 09:00, Reindl Harald ha scritto: freshclam and a custom script downloads anything to /var/lib/clamav-download and then for the two "/var/lib/clamav" and "/var/lib/clamav-sa" basend on file-lists hardlinks are set - from the official only

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

On Fri, 26 Jan 2018, Al Varnell wrote: >If you can't revert to daily 24255 then disable daily.cld until you know it's >fixed. > >Has anybody updated to daily 24257 to see if that helps? I doubt that it does >as no sigs are shown as dropped. I'm running ClamAv 0.99.2 on two mail servers (debian

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

nobody of clamav/cisco reading this list? as the impact is heavy and probably worldwide - anyone with personal contacts or any other channel to reach someone there? contact info on clamav.net is only referring to mailing lists and not very useful On Fri, 2018-01-26 at 12:07 +0100, Marco wrote: >

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

As ClamAV/Thalos is owned by Cisco I assume all ClamAV employees are located in Silicon Valley area and therefore still enjoying a good Californian night's sleep. On 26.01.2018 13:17, maxal wrote: > nobody of clamav/cisco reading this list? as the impact is heavy and > probably worldwide - anyone

[clamav-users] Problem with Max Open desciptor Files limit

Hi, We have a problem with ClamAV due to Max Open desciptor Files limit It’s seems like delete temp files are not freeded When the soft is reached the clamav proccess responses with an ERROR THe problem has begined Today with 0.99.2 clamav version We have updated to the last release 0.99.3 but

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am 26.01.2018 um 13:17 schrieb maxal: nobody of clamav/cisco reading this list? as the impact is heavy and probably worldwide - anyone with personal contacts or any other channel to reach someone there? contact info on clamav.net is only referring to mailing lists and not very useful the

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am 26.01.2018 um 13:50 schrieb Ralf Hildebrandt: > If I had to guess: they used the beta for testing, but the release > versions (both 0.99.2 and 0.99.3!) fail to operate properly... yes, it's the explanation the matches best to the observed fallout :-/ usually there is a "official" announcement

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

* lukn : > As ClamAV/Thalos is owned by Cisco I assume all ClamAV employees are > located in Silicon Valley area and therefore still enjoying a good > Californian night's sleep. Or maybe in Philadelphia. -- Ralf Hildebrandt Charite Universitätsmedizin

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

* maxal : > nobody of clamav/cisco reading this list? It's 7:45AM on the east coast. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

On 2018-01-26 5:36 AM, Al Varnell wrote: If you can't revert to daily 24255 then disable daily.cld until you know it's fixed. Has anybody updated to daily 24257 to see if that helps? I doubt that it does as no sigs are shown as dropped. [mailfw@mailfw clamav]# sigtool --info=daily.cld File:

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am Freitag, den 26.01.2018, 09:22 +0100 schrieb Reindl Harald: > > Am 26.01.2018 um 09:19 schrieb Marco: > > Il 26/01/2018 09:00, Reindl Harald ha scritto: > > > freshclam and a custom script downloads anything to > > > /var/lib/clamav-download and then for the two "/var/lib/clamav" > > > and >

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am 26.01.2018 um 13:50 schrieb Ralf Hildebrandt: * Reindl Harald : Am 26.01.2018 um 13:40 schrieb Ralf Hildebrandt: * maxal : nobody of clamav/cisco reading this list? It's 7:45AM on the east coast so what - i don't get how such updates slip

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

On Friday 26 January 2018 08:10:51 Manuel Mausz wrote: > Hello list, > > the attached patch should fix the fd leak in cli_scanscript. > > cheers, > manuel What patch? This list apparently does NOT pass attachments. So please insert them in your text plz. >

[clamav-users] Fwd: Undelivered Mail Returned to Sender

which f**g idiot is responsible for that? This is the mail system at host lists.clamav.net. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please

Re: [clamav-users] Anyone notice any issues with clamav 0.99.2 and recent patterns?

## Karl Pielorz (kpielorz_...@tdx.co.uk): > We're currently running clamav 0.99.2 (technically shown as 0.99.2_8) under > FreeBSD 10.3 amd64 - since then we've seen an issue where clamd "kind of > dies" - it's still running, there are no errors logged anywhere (we log to > syslog) - but whilst

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Am 26.01.2018 um 13:40 schrieb Ralf Hildebrandt: * maxal : nobody of clamav/cisco reading this list? It's 7:45AM on the east coast so what - i don't get how such updates slip through at all - it's not rocket science load them on a test-machine and fire up a script that pies

[clamav-users] Announcement missing

Am 26.01.2018 um 14:09 schrieb Tobi: > Do you mean this one ? > http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html @Cisco: is it so hard to use http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce -- A. Schulze DATEV eG

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

On 26.01.2018 14:10, Manuel Mausz wrote: > Hello list, > > the attached patch should fix the fd leak in cli_scanscript. The list stripped my attachment. 2nd try: https://gist.github.com/manuelm/dbc94001c77c07363cdcb5b390c2cb04 manuel ___ clamav-users

[clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

On Fri, 26 Jan 2018 13:50:27 +0100 Ralf Hildebrandt wrote: > If I had to guess: they used the beta for testing, but the release > versions (both 0.99.2 and 0.99.3!) fail to operate properly... No, I bet that's not what happened. A file descriptor leak doesn't show

Re: [clamav-users] 99.3 for Ubuntu

On Thu, 2018-01-25 at 19:18 -0800, Al Varnell wrote: > Are you sure you have the correct 0.99.3 download released late today > from ? > Hi Al, when trying to get the release source via "pull-lp-source clamav" I instead get the beta1 source: pull-lp-source clamav

Re: [clamav-users] Announcement missing

You're right. That's my fault. I'll correct that here in a second after I read through all the emails in my ClamAV folder. -- Joel Esler | Talos: Manager | jes...@cisco.com On Jan 26, 2018, at 8:22 AM, Andreas Schulze

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.3 has been released!

On Jan 26, 2018, at 9:49 AM, Reindl Harald > wrote: Am 26.01.2018 um 15:40 schrieb Joel Esler (jesler): As previously mentioned, if you downloaded the beta version of ClamAV 0.99.3, you will need to completely uninstall it and do a fresh

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.3 has been released!

Tobi, Yup this is correct. We are planning to get an 0.100.0 beta out next week to replace the old 0.99.3-beta2. Going forwards, the last number in our version string will be reserved for urgent fixes so we don’t find ourselves in this position again. The 2nd number will be used when there

Re: [clamav-users] 99.3 for Ubuntu

On Fri, 2018-01-26 at 08:41 +0100, Matus UHLAR - fantomas wrote: > > > > > > > > On January 25, 2018 11:18:41 PM UTC, Chris > > om> > > > wrote: > > > > > > > > I'm trying to build 99.3 for Ubuntu 16.04LTS. I had no problems > > > > building 99.2 with pbuilder. When

[clamav-users] ClamAV® blog: ClamAV 0.99.3 has been released!

http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html ClamAV 0.99.3 has been released! Join us as we welcome ClamAV 0.99.3 to the family! As previously mentioned, if you downloaded the beta version of ClamAV 0.99.3, you will need to completely uninstall it and do a fresh install

Re: [clamav-users] Announcement missing

* Joel Esler (jesler) : > You're right. That's my fault. I'll correct that here in a second after I > read through all the emails in my ClamAV folder. OK, tomorrow then :) -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.de

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

On 26/01/2018 14:56, Marcus Schopen wrote: Am Freitag, den 26.01.2018, 07:48 -0700 schrieb Rafael Ferreira: Nope, latest is still File: daily.cvd Build time: 26 Jan 2018 04:24 -0500 Version: 24257 Signatures: 1835982 Functionality level: 63 Builder: neo MD5: 3b3092994fdf9aa39aae480c38fb31ab

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.3 has been released!

As far as I understand the release notes of 99.3 its a security fix which has nothing to do with former 99.3 beta. The former beta now is 0.100 (http://blog.clamav.net/2018/01/clamav-version-number-adjustment.html). So at least for me it makes sense that you have to remove the beta first to

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

HI Marcus, Any chance you'd be willing to share your copy of 24255? -J On Fri, Jan 26, 2018 at 7:07 AM, Marcus Schopen wrote: > Am Freitag, den 26.01.2018, 07:02 -0800 schrieb Jason J. W. Williams: > > How does one manually download an old daily.cld? > > Good question.

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.3 has been released!

Hello, We are looking into the signature issue and will post soon with more details. Thank you, Tom M On 1/26/18, 10:18 AM, "clamav-users on behalf of Jason J. W. Williams" wrote: >Hi Joel & Micah, > >Is

Re: [clamav-users] Problem with Max Open desciptor Files limit

On Fri, 26 Jan 2018 15:18:10 + David Shrimpton wrote: > I found adding Vbs.Downloader.Generic-6431223-0 to local.ign2 and > restarting clamd fixed the problem. Thank you! That was immensely helpful. Regards, Dianne.

Re: [clamav-users] 99.3 for Ubuntu

Ubuntu doesn't have 0.99.3 release yet. You need to go to http://www.clamav.net/downloads Am 26.01.2018 um 15:31 schrieb Chris: > On Thu, 2018-01-25 at 19:18 -0800, Al Varnell wrote: >> Are you sure you have the correct 0.99.3 download released late today >> from

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.3 has been released!

Am 26.01.2018 um 15:40 schrieb Joel Esler (jesler): As previously mentioned, if you downloaded the beta version of ClamAV 0.99.3, you will need to completely uninstall it and do a fresh install with the production version of 0.99.3 as there are significant code differences when i read

Re: [clamav-users] Problem with Max Open desciptor Files limit

Good find David. Thank you very much. -J On Fri, Jan 26, 2018 at 7:18 AM, David Shrimpton wrote: > I found adding Vbs.Downloader.Generic-6431223-0 to local.ign2 and > restarting clamd fixed the problem. > > This sig turned up in an update at 11:51AM GMT+10 26/1/2018

Re: [clamav-users] Problem with Max Open descriptor Files limit

I observed this running out of file descriptors yesterday when running 0.99.2 to scan the download of 0.99.3. I had never seen this behavior before, but ascribed it to using clamscan with its memory limit set to 4095M to ensure that absolutely everything was scanned. One of our clamd process died

Re: [clamav-users] Max Open File Descriptors issue found this morning

On Fri, Jan 26, 2018 at 07:41:05AM -0800, Jason J. W. Williams wrote: Hi Joel, Appreciate you chiming in. For what its worth, I can confirm David Shrimpton's suggestion of adding Vbs.Downloader.Generic-6431223-0 to local.ign2 stops the problem. Yes. We've dropped that sig from our side and

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

We started seeing this problem last night as well. Reading through the thread, it doesn't appear that ClamAV has fixed the signatures yet (as of 24257), or am I wrong? -J On Fri, Jan 26, 2018 at 6:24 AM, Dianne Skoll wrote: > On Fri, 26 Jan 2018 13:50:27 +0100 > Ralf

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

Nope, latest is still File: daily.cvd Build time: 26 Jan 2018 04:24 -0500 Version: 24257 Signatures: 1835982 Functionality level: 63 Builder: neo MD5: 3b3092994fdf9aa39aae480c38fb31ab Digital signature:

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

Am Freitag, den 26.01.2018, 07:48 -0700 schrieb Rafael Ferreira: > Nope, latest is still > > File: daily.cvd > Build time: 26 Jan 2018 04:24 -0500 > Version: 24257 > Signatures: 1835982 > Functionality level: 63 > Builder: neo > MD5: 3b3092994fdf9aa39aae480c38fb31ab > Digital signature: >

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

How does one manually download an old daily.cld? -J On Fri, Jan 26, 2018 at 7:00 AM, Paul wrote: > On 26/01/2018 14:56, Marcus Schopen wrote: > > Am Freitag, den 26.01.2018, 07:48 -0700 schrieb Rafael Ferreira: >> >>> Nope, latest is still >>> >>> File: daily.cvd >>>

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

On Fri, 26 Jan 2018 06:44:30 -0800 "Jason J. W. Williams" wrote: > We started seeing this problem last night as well. Reading through the > thread, it doesn't appear that ClamAV has fixed the signatures yet > (as of 24257), or am I wrong? Not only has it not been

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

Am Freitag, den 26.01.2018, 07:02 -0800 schrieb Jason J. W. Williams: > How does one manually download an old daily.cld? Good question. workaround: got the old version from my backup. Ciao! ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] 99.3 for Ubuntu

On Fri, 2018-01-26 at 15:37 +0100, Tilman Schmidt wrote: > Ubuntu doesn't have 0.99.3 release yet. > You need to go to http://www.clamav.net/downloads That will get me the newest source however I need this as I don't really want to install from source: clamav_0.99.3~beta1+dfsg-2ubuntu1.dsc Not

Re: [clamav-users] Problem with Max Open desciptor Files limit

I found adding Vbs.Downloader.Generic-6431223-0 to local.ign2 and restarting clamd fixed the problem. This sig turned up in an update at 11:51AM GMT+10 26/1/2018 and problem began a few minutes later clamd run out of file descriptors. I also had to clean out TemporaryDirectory before

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.3 has been released!

Hi Joel & Micah, Is anyone from Cisco going to be commenting on the signatures issue everyone is seeing with daily.cld 24256+? -J On Fri, Jan 26, 2018 at 7:13 AM, Micah Snyder (micasnyd) wrote: > Tobi, > > Yup this is correct. We are planning to get an 0.100.0 beta out

Re: [clamav-users] 99.3 for Ubuntu

Am 26.01.2018 um 16:15 schrieb Chris: On Fri, 2018-01-26 at 15:37 +0100, Tilman Schmidt wrote: Ubuntu doesn't have 0.99.3 release yet. You need to go to http://www.clamav.net/downloads That will get me the newest source however I need this as I don't really want to install from source:

[clamav-users] Max Open File Descriptors issue found this morning

There are a bunch of threads going on, so I am going to try and address most of them with this email, sorry if I leave anything out. There are reports of exploits against 0.99.2 in the wild. Heise reports on that (in german, can't find an english source right now): https://heise.de/-3951801 No

Re: [clamav-users] Max Open File Descriptors issue found this morning

Hi Joel, Appreciate you chiming in. For what its worth, I can confirm David Shrimpton's suggestion of adding Vbs.Downloader.Generic-6431223-0 to local.ign2 stops the problem. -J On Fri, Jan 26, 2018 at 7:38 AM, Joel Esler (jesler) wrote: > There are a bunch of threads going

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

* Reindl Harald : > > > Am 26.01.2018 um 13:40 schrieb Ralf Hildebrandt: > > * maxal : > > > nobody of clamav/cisco reading this list? > > > > It's 7:45AM on the east coast > > so what - i don't get how such updates slip through at all - it's not rocket >

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Hello list, the attached patch should fix the fd leak in cli_scanscript. cheers, manuel ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

Do you mean this one ? http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html Am 26. Januar 2018 14:03:14 MEZ schrieb Andreas Schulze : > ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Announcement without access to linked information

Am 26.01.2018 um 14:22 schrieb Andreas Schulze: > Am 26.01.2018 um 14:09 schrieb Tobi: >> Do you mean this one ? >> http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html > > @Cisco: is it so hard to use > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce > what is

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

26.01.2018 16:22, Manuel Mausz пишет: On 26.01.2018 14:10, Manuel Mausz wrote: Hello list, the attached patch should fix the fd leak in cli_scanscript. The list stripped my attachment. 2nd try: https://gist.github.com/manuelm/dbc94001c77c07363cdcb5b390c2cb04 Thanks! Works fine.

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

Steve Morgan, a developer here at Cisco that worked on ClamAV for about the past five years or so, decided to retire. Monday was his last day. On top of that, one our other developers (Micah) was out of the office today for a holiday, and so that only left, essentially myself and a couple

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

Thanks! fd's holding steady now. Maybe I should go clean some logs now before nightly Logwatch kicks in. Good luck! Reio On 26.01.2018 19:38, Joel Esler (jesler) wrote: Reio, Thanks, I was just about to send this out. A new daily.cvd is now shipping. -- Joel Esler | Talos: Manager |

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

Hello! News from the front: daily.cld updated (version: 24258, sigs: 1836466, f-level: 63, builder: neo) Good luck! Reio On 26.01.2018 19:29, Joel Esler (jesler) wrote: Steve Morgan, a developer here at Cisco that worked on ClamAV for about the past five years or so, decided to retire.

Re: [clamav-users] How the bad signature happened - conjecture (was

Am 26.01.2018 um 17:13 schrieb Martin Gagne: > > Hi Paul, > > =20 > > Can you please help me getting a copy of 24255 ? > =20 > Thanks ! > > =20 > > =20 > > Best regards, Martin Gagne Don't go that way. It's much better to add the signature Vbs.Downloader.Generic-6431223-0 which is causing

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.3 has been released!

Am 26.01.2018 um 15:40 schrieb Joel Esler (jesler): As previously mentioned, if you downloaded the beta version of ClamAV 0.99.3, you will need to completely uninstall it and do a fresh install with the production version of 0.99.3 as there are significant code differences On 26.01.18 15:49,

Re: [clamav-users] Problem with Max Open desciptor Files limit

On Fri, January 26, 2018 3:35 pm, Dianne Skoll wrote: > On Fri, 26 Jan 2018 15:18:10 + > David Shrimpton wrote: > > >> I found adding Vbs.Downloader.Generic-6431223-0 to local.ign2 and >> restarting clamd fixed the problem. > > Thank you! That was immensely

[clamav-users] mirrors, again

While working the problems this morning I note that freshclam --list-mirrors shows 7 mirrors for db.us.clamav.net and 6 of them are being ignored. And that is after I removed mirrors.dat. In your spare time... dp ___ clamav-users mailing list

Re: [clamav-users] 99.3 for Ubuntu

On Fri, 2018-01-26 at 16:25 +0100, Reindl Harald wrote: > > Am 26.01.2018 um 16:15 schrieb Chris: > > > > On Fri, 2018-01-26 at 15:37 +0100, Tilman Schmidt wrote: > > > > > > Ubuntu doesn't have 0.99.3 release yet. > > > You need to go to http://www.clamav.net/downloads > > That will get me the

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

On 26.01.18 13:09, Kees Theunissen wrote: On Fri, 26 Jan 2018, Al Varnell wrote: If you can't revert to daily 24255 then disable daily.cld until you know it's fixed. Has anybody updated to daily 24257 to see if that helps? I doubt that it does as no sigs are shown as dropped. I'm running

[clamav-users] I have older daily.cvd files if anyone is interested

I have been keeping various old versions of the "daily" files for years, and felt like that was silly -- until now! I have now replaced my daily.cvd with version 24253, and clamd doesn't seem to be eating file descriptors. If anyone wants 24253, I have made it available at

Re: [clamav-users] I have older daily.cvd files if anyone is interested

Oh yes, and I disabled freshclam on all our machines (including those using our central mirror). On Fri, 26 Jan 2018 11:56:37 -0500 Paul Kosinski wrote: > I have been keeping various old versions of the "daily" files for > years, and felt like that was silly -- until

Re: [clamav-users] Problem with Max Open descriptor Files limit

I’m sorry to say that 0.99.3 does not eliminate the 32-bit scan size limit. This, and variable type consistency (particularly for file sizes) between our various libraries, is definitely on my radar. Micah Snyder Software Engineer Talos Cisco Systems, Inc. On Jan 26, 2018, at 10:34 AM,

Re: [clamav-users] How the bad signature happened - conjecture (was

Re: URGENT: Clamd is wedged on multiple installations) X-Priority: 3 X-Mailer: Oracle Beehive Extensions for Outlook 2.0.1.9.1 (1003210) [OL 16.0.4639.0 (x86)] Content-Type: multipart/mixed; boundary="__151698318884622454abhmp0010.oracle.com" --__151698318884622454abhmp0010.oracle.com

Re: [clamav-users] Fwd: Undelivered Mail Returned to Sender

On 26.01.18 15:04, Reindl Harald wrote: which f**g idiot is responsible for that? guess... Received: from mucha.arges.net.pl (mucha.arges.net.pl [87.98.235.141]) by fantomas.fantomas.sk (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id w0QE6FG8026629 (version=TLSv1/SSLv3

Re: [clamav-users] Fwd: Undelivered Mail Returned to Sender

Am 26.01.2018 um 17:35 schrieb Matus UHLAR - fantomas: On 26.01.18 15:04, Reindl Harald wrote: which f**g idiot is responsible for that? guess... Received: from mucha.arges.net.pl (mucha.arges.net.pl [87.98.235.141]) by fantomas.fantomas.sk (8.14.4/8.14.4/Debian-4+deb7u1) with

[clamav-users] deleted files eating up file descriptors

Hi, Today, all of a sudden, in 5 of our email servers (to be more precise, mx processing servers), we started to get qmail-scanner errors (the feared "qq temporary error" message). After some digging, we found out the reason was clamav (0-99.2) was dead. Erros like:

  1   2   >