--- Begin Message ---
Hi there,
On Tue, 15 May 2018, Stefan Schumacher wrote:
I would like to use clamdscan to scan an entire server but exclude
sys, proc and dev.
mail6:~$ >>> cat testfile
/etc/perl/
mail6:~$ >>> clamdscan -f testfile
/etc/perl: OK
--- SCAN SUMMARY ---
Hi there,
Trawling the logs (sad, I know, but I do it), I noticed this:
8<--
Received: from clammail.vrt.sourcefire.com (localhost [127.0.0.1])
by lists.clamav.net (Postfix) with ESMTP id B166D18D633;
Wed, 20 Feb 2019
Hi there,
On Fri, 29 Mar 2019, Micah Snyder wrote:
This won't help you right now, but our team has been discussing
publishing ClamAV on Linux using Snapcraft at the time of each
release. Snapcraft sounds like it may be a good option to make
ClamAV accessible faster. Would you, and others
Hi there,
On Wed, 3 Apr 2019, Kretschmer, Jens wrote:
I would like to redirect the output of clamscan to the journal ...
man logger
Do you have any idea what could be causing the issue?
It's not clear to me which system you're using, but try
man cron
--
73,
Ged.
Hi there,
On Thu, 4 Apr 2019, Annette (impersonating Tom Brady) wrote:
I have tried using the tcpsocket parameter on the clamd.conf. I
have [two] different clamd instances running on different servers.
While I can get the clamdscan to talk to the local (on the same
server) clamd instance, I
Hello,
On Thu, 28 Mar 2019, MOHAMED OMAR MAKRAM wrote:
I've had this for few months. The only thing i was able to do is to
pay for virus protection but it is so expensive. Is there a way to
find those hidden files? Do you think they are in the db or in the
files? I am moving out to another
Hi there,
On Sun, 7 Apr 2019, Maarten Broekman wrote:
Given that the PhishTank signatures, specifically, have been causing the
performance issues, no. It's not unreasonable to want to pull them, and
only them, out. Having them in a separate db file would be highly
beneficial to those of us
Hi there,
On Sat, 6 Apr 2019, Robert F. Poe wrote:
I need clarification for the proper action to take after finding
viruses and malware.
I'll try not to be misled by your questions.
I use ClamAv Virus Scanner (or Clamscan) to scan my server on a
weekly basis. I have the Virus Scanner via
Hello again,
On Mon, 8 Apr 2019, Arnaud Jacques wrote:
Le 07/04/2019 ? 18:18, G.W. Haywood via clamav-users a ?crit?:
> > grep -a '^Phishtank.Phishing' daily.cld | cut -d':' -f1 >
> ~/phishtank.ign2
This is not optimized :
Phishtank.Phishing are loaded in memory.
Then ph
Hi there,
On Mon, 25 Mar 2019, J.R. wrote:
... I've seen an increasing amount of people posting about their
non-windows platforms that are scanning their *entire* system ...
People have been doing that kind of thing for years, I'm not sure how
much it's increasing. Most of the time it seems
Hi there,
On Mon, 25 Feb 2019, Al Varnell wrote:
... the strings you provided appear to contain an extra digit. I
thought hex strings always contain an even number of digits?
Just as decimal strings are strings composed of decimal digits and can
be any length, hexadecimal strings are strings
Hi there,
On Fri, 15 Mar 2019, Franky Van Liedekerkewrote:
Certifcates cost nothing ...
CPU cycles don't.
--
73,
Ged.
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us
Hi there,
On Thu, 21 Mar 2019, J.R. wrote:
> The simplest way to achieve this right now would probably be to use
> two servers for scanning ...
Or just have the mail server send a 'tempfail' and the remote mail
server will retry sending usually within 10 minutes...
The OP specifically
Hi there,
On Wed, 20 Mar 2019, Micah Snyder wrote:
On 3/20/19, 10:04 AM, "clamav-users on behalf of Bowie Bailey"
wrote:
On 3/20/2019 8:42 AM, Alessandro Vesely via clamav-users wrote:
On Tue 19/Mar/2019 15:35:39 +0100 Bowie Bailey wrote:
ClamAV is taking about 2 1/2 minutes to reload its
Hi there,
On Thu, 30 May 2019, WagdeZ wrote
Using clamav...
Is there any way to find out what is the risk level (score/priority/...) of
the detected virus/malware?
The question is rather vague.
In many cases the signature name gives some sort of clue to what the
signature is about, so if
Hi there,
On Mon, 13 May 2019, Avinash Sonawane wrote:
e.g. I am expecting an email at 6 PM. I don't mind clamd taking
that much of a memory *at* 6 PM and then release it. I find it
absolutely inconvenient to having to forgo ~1GB memory since the
morning. As I said, a poor bargain.
The
Hi there,
On Tue, 21 May 2019, Clark Dunson wrote:
...
/usr/bin/clamscan -o -i -r --quiet /
...
Don't do that. Search the list archives for explanations.
--
73,
Ged.
___
clamav-users mailing list
clamav-users@lists.clamav.net
Hi there,
On Fri, 28 Jun 2019, Al Varnell wrote:
On Thu, Jun 27, 2019 at 07:51 AM, Joel Esler (jesler) via clamav-users wrote:
On Jun 26, 2019, at 7:25 PM, Epicon Elysium via clamav-users
mailto:clamav-users@lists.clamav.net>> wrote:
We're building a PaaS where everything runs on Linux. As
Hi there,
On Sat, 24 Aug 2019, Joel Esler (jesler) wrote:
I mean, it's possible not to download the official definitions and
just point at a custom file right?
No idea. Haven't tried it. If you can, it seems like it would be a
security hole. The code seems to be saying that it wants to
Hi there,
On Sat, 24 Aug 2019, azu...@pobox.sk wrote:
is it possible to disable official virus database? I would like to use only
custom database. Thanks for info.
A quick look at the code in libclamav/readdb.c suggests to me that
this won't be very straightforward. The name of the 'daily'
Hi there,
On Sun, 25 Aug 2019, Kees Theunissen wrote:
On Sat, 24 Aug 2019, azu...@pobox.sk wrote:
is it possible to disable official virus database? I would like to use only
custom database. Thanks for info.
... I didn't need virus databases at all ... (I didn't even test if
I could start
Good morning,
Alpesh Thakare via clamav-users wrote:
Date: Tue, 27 Aug 2019 10:53:30 +0530
What is the port number used by ClamAV.
Date: Tue, 27 Aug 2019 11:58:34 +0530
3310 port what is this ?
Date: Tue, 27 Aug 2019 12:48:09 +0530
What is the clamd service port in centos.
Could you
Hi there,
On Thu, 29 Aug 2019, Frans de Boer wrote:
OnAccessExludePath STRING, where string denotes a directory. Does this also
imply "that directory and anything below that", or just the directory only?
.../docs/html/UserManual/OnAccess.html
--
73,
Ged.
Hi there,
On Fri, 30 Aug 2019, Michael Newman via clamav-users wrote:
I’m still baffled trying to figure out what is causing this error.
It's not an error. As it says, it's a warning. You're probably
worrying about nothing but it's usually as well to find out exactly
what's happening.
Hi there,
On Fri, 30 Aug 2019, Frans de Boer wrote:
On 30-08-19 10:26, G.W. Haywood via clamav-users wrote:
On Thu, 29 Aug 2019, Frans de Boer wrote:
OnAccessExludePath STRING, where string denotes a directory. Does this
also imply "that directory and anything below that"
Hi there,
On Sat, 31 Aug 2019, Henrik K wrote:
The reload bug has been known for years, even has a ready patch.
https://bugzilla.clamav.net/show_bug.cgi?id=10979
But nothing you can do about it...
Well not quite nothing, since you can download the source, apply the
patch, and rebuild
Hi there,
On Fri, 30 Aug 2019, Manna, Mohammed via clamav-users wrote:
What I can see that ClamAV cannot always successfully detect reverse
shell type of files (built using Metasploit msfvenom). And also, if
the file is covered using a pseudo extension e.g. test.exe.txt
When I was comparing
Hi there,
On Sat, 31 Aug 2019, Henrik K wrote:
...
If I encountered a bug like that on some project that I'm maintaining, I
would be shamed not to rapidly fix it.
If you called it a limitation I could agree, but I guess it's working
as designed. I'd call it an issue rather than a fault in
Hi there,
On Sat, 31 Aug 2019, J.R. via clamav-users wrote:
...
I wouldn't call the current design a "bug"... It works as intended.
+1
However it would be nice if a fresh DB could be parsed & loaded, then
swapped, to prevent service interruption.
That's exactly what the patch in #10979
Hi there,
On Sat, 31 Aug 2019, Birger Birger via clamav-users wrote:
have tried that but download of daily.cvd with freshclam still stops at 99%
and never completes
downloading daily and icremental with wget works fine
If others don't have the same issue, and you can download the files OK
Hi there,
On Sat, 31 Aug 2019, J.R. via clamav-users wrote:
If the virus pattern is in one of the database files, then you are
alerted... If it's not, then no alert... That's how every antivirus
works...
There's a bit more to it than that. Some detection is based on other
characteristics,
Hi there,
On Sat, 31 Aug 2019, Henrik K wrote:
On Sat, Aug 31, 2019, G.W. Haywood via clamav-users wrote:
Well not quite nothing, since you can download the source, apply the
patch, and rebuild ClamAV.
Sure but it's not reality for majority of users..
While it's good that people try it out
Hi there,
On Sat, 31 Aug 2019, Henrik K wrote:
On Sat, Aug 31, 2019 at 04:48:54PM +0100, G.W. Haywood via clamav-users wrote:
The final responsibility of implementing and testing the issue is still that
of the ClamAV team.
Agreed.
You are really making this much more complex and "
Hi there,
On Sun, 1 Sep 2019, Thomas Barth via clamav-users wrote:
Am 2019-08-31 20:35, schrieb G.W. Haywood via clamav-users:
That's exactly what the patch in #10979 does. ...
And where can I find this patch?
If you navigate to
https://bugzilla.clamav.net/show_bug.cgi?id=10979
Hello again,
On Sun, 1 Sep 2019, Birger Birger via clamav-users wrote:
Deleted the mirrors.dat file and tried a new freshclam with result:
getpatch: can't download daily-25559.cdiff from db.se.clamav.net
Incrental update failed, trying to update daily.cvd
Can see that in /var/lib/clamav/
Hi there,
On Tue, 3 Sep 2019, Birger Birger via clamav-users wrote:
Sep 3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64
ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057 RES=0x00 ACK FIN
Hi there,
On Tue, 3 Sep 2019, Henrik K wrote:
General comment:
Using any third party rules with ClamAV is a gamble, but
Agreed. In fact I'd go further than that. Relying on something like
ClamAV is a gamble. If there's a new 0-day just out, there may be no
chance of spotting it at all.
Hi there,
On Tue, 3 Sep 2019, Arnaud Jacques via clamav-users wrote:
On Sep 2, 2019, at 05:11, G.W. Haywood via clamav-users wrote:
> ... I'm flagging up quite a few messages which are guaranteed spam,
> but which aren't in any of the third-party databases that I'm using
> ... My m
Hi Joel,
On Tue, 3 Sep 2019, Joel Esler (jesler) wrote:
On Mon, 2 Sep 2019, Joel Esler (jesler) wrote:
>> On Sep 2, 2019, at 05:11, G.W. Haywood via clamav-users ... wrote:
>>
>> ... I'm flagging up quite a few messages which are guaranteed spam,
>>
Hi there,
On Mon, 2 Sep 2019, Thomas Barth via clamav-users wrote:
today I got informed that I should not use the yara rules. They have major
issues with clamav 1.0.1, ie memory leaks and complete failure of clamav.
I see nothing in which refers to such an issue in the ClamAV Bugzilla.
My
Hi Joel,
On Mon, 2 Sep 2019, Joel Esler (jesler) wrote:
On Sep 2, 2019, at 05:11, G.W. Haywood via clamav-users ... wrote:
... I'm flagging up quite a few messages which are guaranteed spam,
but which aren't in any of the third-party databases that I'm using
... My milter can very easily
Hi there,
On Fri, 23 Aug 2019, Dexter Rivera via clamav-users wrote:
On 8/22/19, 9:19 AM, "Eric Tykwinski" wrote:
...
Something like ansible?
Use ansible's homebrew module to install ClamAV, run a scan, than use the
module again to uninstall.
That's exactly the scenario I'd like to have.
Hi there,
On Mon, 26 Aug 2019, Kris Deugau wrote:
The only constant is that there must be at least one signature
database, even if it's a trivial hash database with one signature
that matches on an empty file.
AFAICT the signature database file doesn't even need to have any
signatures in it;
Hi there,
On Mon, 26 Aug 2019, Kris Deugau wrote:
G.W. Haywood via clamav-users wrote:
6. The same, using a database directory containing just an empty file:
mail6:~/src/net/mail/clamav-0.101.4/test$ >>> ls -l /etc/mail/clamav/empty/
total 0
-rw-r--r-- 1 root root 0 Aug 25 10:25 e
Hi there,
If you've been paying even scant attention to the list mail you'll
know that I've been doing some testing, particularly of clamd, when
it's used for scanning mail.
This is something of side issue, but I'll throw it into the pot to see
if anything comes of it.
The testing that I'm
Hi Joel,
On Sun, 1 Sep 2019, Joel Esler (jesler) wrote:
Alright. I think we’ve beat the proverbial dead horse here. ...
I don't think anybody's beating anything here Joel. Just we users,
discussing, on the users' list, ways of dealing with an issue.
On Sat, 31 Aug 2019, G.W. Haywood
Hi there,
On Mon, 2 Sep 2019, Birger Birger via clamav-users wrote:
I have a Vigor 2926 router between computer and internet.
https://www.switchnetservices.co.uk/draytek-zero-day/
--
73,
Ged.
___
clamav-users mailing list
Hello again,
On Mon, 2 Sep 2019, Birger Birger via clamav-users wrote:
Mon Sep 2 11:05:27 2019 -> nonblock_recv: recv timing out (30 secs)
Mon Sep 2 11:05:27 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Looks like a network issue at your
Hi there,
On Sat, 31 Aug 2019, Birger Birger via clamav-users wrote:
Den lör 31 aug. 2019 20:35 G.W. Haywood skrev:
On Sat, 31 Aug 2019, Birger Birger via clamav-users wrote:
... download of daily.cvd with freshclam still stops at 99%
In the last few days I've seen freshclam remove a few
Hi there,
Anyone interested in a pure Perl ClamAV milter?
Over on clamav-devel I've posted about a milter that I'm working on
and which I'd be pleased to see getting some more exercise:
https://lists.gt.net/clamav/devel/76575
I'd be happy to help with installation if you're not very familiar
Hi there,
On Wed, 28 Aug 2019, Scott A. Wozny via clamav-users wrote:
I’m looking at installing Clam on my CentOS 7 servers ...
Sorry, but I have to ask :)
Why?
sites offering install tutorials recommend installing
H. Sites with tutorials. I guess I avoid them.
clamav-server
Hi there,
On Tue, 27 Aug 2019, Brian Cole via clamav-users wrote:
... we are seeing ClamAV think that CoinMiner virus exists in
... /var/log/sid_changes.log ...
Would it not make more sense to exclude such files from your scans?
--
73,
Ged.
___
Hi Joel,
On Wed, 4 Sep 2019, G.W. Haywood wrote:
... some junk mails aren't being detected by clamd, even though
there are valid signatures in the database that are supposed to
match them.
I guess you have the two files which I attached. You can see below
what happens when I scan them using
Hi there,
On 9/4/19, 1:40 PM, Thomas Barth via wrote:
> Why not using half of the cores to also reduce the loading time? Many
> years ago when I used eMule for downloading big files, I was so
> fascinated by the download mechanism: one big file, many download
> sources to get the file
Hi there,
On Fri, 6 Sep 2019, Reio Remma via clamav-users wrote:
I guess many of us are just running too old hardware. :)
Here's a comparison between my mail server and identical config
running in a VM.
Sep 6 09:41:06 mail clamd[31441]: Reading databases from /var/lib/clamav
Sep 6 09:44:05
Hi there,
On Fri, 6 Sep 2019, Brent Clark via clamav-users wrote:
We have project to have a to have freshclam *only* pull / update
safebrowsing.cvd
what I find is, when I run my custom freshclam.conf file it still pulls
daily.cvd, main.cvd, bytecode.cvd
Anyone know how I can switch this
Hi there,
On Thu, 12 Sep 2019, Micah Snyder (micasnyd) via clamav-users wrote:
https://bugzilla.clamav.net/show_bug.cgi?id=10979#c19
This patch applies to the current head of dev/0.102 ...
If the development version is a step too far, the two files which I
posted on September 10th implement
Hi there,
On Fri, 13 Sep 2019, Micah Snyder (micasnyd) via clamav-users wrote:
One thing we could do is have clamd "start" before loading the
database. That is to say that it would immediately begin listening
on the unix/tcp socket for requests and fork into the background so
as not to block
Hi there,
On Mon, 9 Sep 2019, Hal MacLean via clamav-users wrote:
... been using ClamAV to help secure a few Moodle systems and this
has been working fine for years. It seems this year to have been
causing a problem.
Whatever the reason, it's fixable. There have been a few issues long
past,
Hello again,
On Mon, 9 Sep 2019, G.W. Haywood via clamav-users wrote:
telnet localhost 3311
That should of course have been
telnet localhost 3313
to connect to the port given in the configuration.
--
73,
Ged.
___
clamav-users mailing list
Hi there,
On Wed, 11 Sep 2019, Birger Birger via clamav-users wrote:
Now it seems the firewall is stopping freshclam to download updates.
That's what I told you in my Sept 3rd reply to you.
Any ideas?
Stop the firewall from dropping the packets?
--
73,
Ged.
Hi Micah,
On Fri, 13 Sep 2019, Micah Snyder (micasnyd) wrote:
I'm sorry, Ged...
Apology accepted. :)
I'm now running the development (0.102) version of clamd, patched with
Mr. Wu's patch, alongside two version 101.4 clamd daemons (an unpatched
one, and one with the patch that I posted on
Hi there,
On Mon, 9 Sep 2019, cla...@script-test.de wrote:
... is it possible to run clamAV without using the official virus
databases? i tried it but my clamd wont start because the daily-DB
is missing. ...
Short answer is yes, a longer answer is this has been discussed very
recently on
Hi there,
On Thu, 5 Sep 2019, Thomas Barth via clamav-users wrote:
freshclam just downloads the standard databases to keep them fresh.
In /etc/clamav/freshclam.conf you can set the check interval. That s ok.
# Check for new database 24 times a day
Checks 24
Good so far.
But it s
Hi there,
On Thu, 5 Sep 2019, Birger Birger via clamav-users wrote:
This might provide additional information.
/usr/bin/freshclam
*Trying to retrieve CVD header of http://%s/%s
%cremote_cvdhead: write failed
%cremote_cvdhead: Error while reading CVD header from %s
The '%c' and '%s'
Hi there,
On Wed, 11 Sep 2019, Birger Birger via clamav-users wrote:
Den ons 11 sep. 2019 11:35G.W. Haywood via clamav-users skrev:
On Wed, 11 Sep 2019, Birger Birger via clamav-users wrote:
Now it seems the firewall is stopping freshclam to download updates.
Stop the firewall from dropping
Hi there,
On Thu, 19 Sep 2019, Jorge Martins wrote:
I have ClamAV Daemon installed, and if clamdscan detects something I get an
entry log on the /var/log/clamav/clamav.log file, but that entry does not
identify the infected file, it only shows something like this:
Thu Sep 19 16:42:24 2019 ->
Hi there,
On Thu, 26 Sep 2019, CROFT Ian wrote:
But when I put an EICAR test txt file in /var/log/test.txt it is getting picked
up by the OnAccess scanner.
I have tried ^/var/log/ and ^/var/log/* - same issue the test.txt is still
picked up by the OnAccess scanner when it should in my mind
Hello again,
On Thu, 26 Sep 2019, CROFT Ian via clamav-users wrote:
... making sure they are all strings looks better now in most cases.
So I now have these :-
OnAccessIncludePath /var/log
( Only added to include to get around the bug previously mentioned )
OnAccessIncludePath /var
Hi there,
I don't think this needs to go to clamav-devel.
On Fri, 27 Sep 2019, Franky Van Liedekerke via clamav-users wrote:
... why would clamonacc during compilation need libcurl? And ...
https://blog.clamav.net/2019/08/clamav-01013-security-patch-release-and.html
I can't justify newer
Hi there,
On Fri, 27 Sep 2019, Matus UHLAR - fantomas wrote:
On 27.09.19 15:21, G.W. Haywood via clamav-users wrote:
...
But it could seem a little strange that your manager might insist that
you use out of date utilities for your security systems... :)
redhat version of libcurl
Hi there,
On Tue, 24 Sep 2019, CROFT Ian wrote:
We have a need to have OnAccessScanning on our RHEL servers but with
some path exclusions.
May I ask why?
So as I read the manuals etc it seems I have to use the
OnAccessIncludePath rather than the OnAccessMountPath.
I guess that's right
Hi there,
On Tue, 24 Sep 2019, Tim Stubbs wrote:
I am running clamd with OnAccess enabled, however its causing the load
on the systems to make them almost unusable within about 24hours.
This may be true, but I'd want to know that the suspicion is justified
(and front and centre I personally
Hi there,
On Tue, 24 Sep 2019, Lars Åhman wrote:
Im running clamav as a daemon on a fedora and basically keep it running
24/7 except for an occasional update every now and then.
It isn't clear to me from what you've written that you know what the
ClamAV daemon (clamd) actually does. Do you?
Hello again,
On Tue, 24 Sep 2019, Tim Stubbs wrote:
What kinds of threats do you care about? If for example you're not
expecting your Linux boxes to be attacked by Windows malware you
could reduce the size of the ClamAV databases very significantly
which might improve scanning performance.
Hi there,
On Thu, 3 Oct 2019, alex mc via clamav-users wrote:
... lately I've been looking for the clamav antivirus code but I don't know
why I can't find it, could you send it to me or tell me where to find it?
...
http://catb.org/~esr/faqs/smart-questions.html
--
73,
Ged.
Hi there,
On Mon, 4 Nov 2019, Scott Shannon via clamav-users wrote:
I’m attempting to determine if a specific ransomware, Friedex.d, a
variant of Iencrypt, is being scanned for ...
It isn't clear to me if you have a ClamAV installation or not. If you
do, you can presumably get a copy of the
Hi there,
On Mon, 11 Nov 2019, Michael Newman via clamav-users wrote:
On Nov 11, 2019, at 00:00,G.W. Haywood wrote:
Exactly what do you do in order to obtain
this message? Does it appear in a terminal session, in a log file,…?
I run clamscan from a bash script with this command:
Hi there,
On Sun, 10 Nov 2019, Philippe Lefèvre wrote:
Since some time (less than a month I think) I now get this message when I
launch a directory scan.
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 8955 undefined
identifier
Hi there,
On Mon, 11 Nov 2019, Philippe Lefèvre wrote:
# grep -n is__elf /var/lib/clamav/rfxn.yara
9112: is__elf and all of ($s*)
Maybe this will help:
https://www.rfxn.com/downloads/maldetect-current.tar.gz
8<--
Hi there,
On Mon, 11 Nov 2019, Mark Parker via clamav-users wrote:
On 11/11/2019 12:05 PM, G.W. Haywood via clamav-users wrote:
On Mon, 11 Nov 2019, Mark Parker via clamav-users wrote:
... need onaccess scanning but .. clamd .. doesn't have permissions
to view a user's home directory
Hi there,
On Mon, 11 Nov 2019, Mark Parker via clamav-users wrote:
... need onaccess scanning but .. clamd .. doesn't have permissions
to view a user's home directory contents. Am I missing something?
Group read?
--
73,
Ged.
___
clamav-users
Hi there,
On Fri, 8 Nov 2019, Markus Kolb via clamav-users wrote:
Am 08.11.2019 11:58, schrieb G.W. Haywood via clamav-users:
> On Fri, 8 Nov 2019, Arnaud Jacques wrote:
> ...Brent wrote:
[...]
> > clamscan --alert-exceeds-max=yes --max-recursion=5 --max-ziptypercg=5M
> > /va
Hi there,
Many people use aliases for mailing list correspondence, so that the
bots which scrape list archives for email addresses and then send spam
to those addresses get the aliases and not the real addresses. It's a
simple matter to permit mail to the aliases from only the list servers,
and
Hi there,
On Thu, 7 Nov 2019, J.R. via clamav-users wrote:
Which brought clamd back to life and the system load returned to
normal. no idea is this is a OS bug, a ClamAV bug or some kind of user
error, any help here will be appreciated.
What version of ClamAV? What OS? What customization /
Hi there,
On Wed, 6 Nov 2019, Joel Esler (jesler) via clamav-users wrote:
On Nov 6, 2019, at 9:04 AM, MAYER Hans via clamav-users
wrote:
I uploaded a file for testing at VirusTotal just now. I am
wondering that ClamAV is not listed ... hours earlier it was.
I just uploaded a file, and I
Hi there,
On Thu, 31 Oct 2019, J.R. via clamav-users wrote:
Is ClamAV scanning the archive as-is, then additionally (hopefully)
decompressing it and scanning individual files?
man clamd.conf (search for 'ScanArchive')
Is there a way to debug with more info to see exactly what is going
on
Hi there,
On Wed, 30 Oct 2019, Steffen Sledz wrote:
On 29.10.19 15:10, Alan Stern wrote:
Try bisection...
That makes things even more confusing.
I don't see what's confusing about this.
The match is just an expression. It isn't magic. You could do just
the same thing from the command
Hi Reio,
On Mon, 28 Oct 2019, Reio Remma via clamav-users wrote:
...
I've been running a patched 101.4 for a few weeks now and unfortunately
I'm observing a memory leak from the multithreaded database reloads.
I'm observing clamd memory usage going up when the new database loads
...
The
Hi there,
On Wed, 30 Oct 2019, Robert Kudyba wrote:
This might be off topic to the list. We have Clam AV running on Fedora 30
with clamav-milter, clamav-0.101.4-1.fc30.x86_64, and sendmail. On one
server the logwatch emails do send a daily recap as desired ...
...
On the other server, logwatch
Hi there,
On Wed, 13 Nov 2019, Andrew Watkins via clamav-users wrote:
I get the following error a few times a day for a while, so I thought I
would look into it.
I am using mimedefang to send mail to clamd and it works fine, but at
random point of the day I get the error:
Hi there,
On Wed, 13 Nov 2019, Andrew Watkins via clamav-users wrote:
On 11/13/19 10:33 AM, G.W. Haywood via clamav-users wrote:
Perhaps clamd is reloading its databases when you see this. Depending
on configuration and the host performance it can take anywhere between
a few tens of seconds
Hi there,
On Wed, 13 Nov 2019, Christina Qian wrote:
Thank you very much for your reply. I just realized that I was on the wrong
thread though. I meant to ask the reason for the alarms below, or at least
to confirm it's a false alarm, so I can just exclude the files. Do you or
anybody on the
Hi there,
On Thu, 14 Nov 2019, ALMOKBEL, RAWAN wrote:
Good Day!
Well it's been raining here for weeks, but good day to you too! :)
Does clamav scan embedded virus and malicious inside files ?
If you mean archive files the question has already been answered well,
but I would add that it
Hi there,
On Thu, 14 Nov 2019, Paul Kosinski via clamav-users wrote:
ClamAV also can't deal with files bigger than 4 GB. This prevents it
from scanning some videos, DVD-size ISOs, etc.
The usefulness of scanning such files is debatable, but you can split
large files into pieces and scan the
Hi there,
On Sun, 17 Nov 2019, Jim Ward via clamav-users wrote:
I poked around based on the 'Disable Official Database' thread previously
mentioned. Clam wanted nothing to do with either missing or zero length main
and daily files.
However digging in to syslogs, I found this interesting
Hi there,
On Mon, 18 Nov 2019, Jim Ward via clamav-users wrote:
I've taken a trip to the swap shop. Added 2G and we seem to be
working at this point. ...
Like I said, logic, not magic.
Good luck. :)
--
73,
Ged.
___
clamav-users mailing list
Hello again,
On Mon, 11 Nov 2019, Philippe Lefèvre wrote:
thanks for your post Ged.
You're very welcome. :)
... it seems that neither Clamav nor Maldet installed on my Debian box
have the right rfxn.* files
I'm not familiar with these programs but I would like to understand if
clamav is
be useful to see md5sums for
each file.
Third: Check back in the mailing archives of this list for this post:
Date: Mon, 26 Aug 2019 16:38:16 +0100 (BST)
From: G.W. Haywood via clamav-users
To: ClamAV users ML
Subject: Re: [clamav-users] Disable official database
Try starting clamd
Hi there,
On Fri, 15 Nov 2019, Paul Kosinski via clamav-users wrote:
On Thu, 14 Nov 2019 G.W. Haywood via clamav-users wrote:
On Thu, 14 Nov 2019, Paul Kosinski via clamav-users wrote:
ClamAV also can't deal with files bigger than 4 GB. This prevents it
from scanning some videos, DVD-size
1 - 100 of 889 matches
Mail list logo