[clamav-users] question about clamd configurations

a question about MaxZipTypeRcg. MaxZipTypeRcg is for reanalysis the type of ZIP files, in what case does reanalysis is performed? best regards, Tsutomu Oyamada ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http

[clamav-users] about MaxQueue

Hi, We like to know when a MaxQueue value of configuration file gives any influence while clamd is scanning. We are investigating matters of sessions with the following setteings. Can we confirm MaxThreads by ptree command? Could you teach us how to confirm behavior of configured value of

Re: [clamav-users] about MaxQueue

Hi, Steve, Thanks your advice. We’ll try clamdtop command. BTW how it affects MaxQueue in clamd? Best regards, Tsutomu Oyamada On Tue, 18 Feb 2014 16:13:15 -0500 Steven Morgan smor...@sourcefire.com wrote: Tsutomu, Take a look at the clamdtop command. There are also some unix commands

Re: [clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive

There are still positives "Zip.Suspect.MacroDoubleExtension-zippwd". (see attached file) To resolve this false positive when it does? On Wed, 17 Feb 2016 20:16:02 -0800 Dennis Peterson wrote: > My experience with these kind of failures is that the pattern is not properly

[clamav-users] False positive

Hi, A false positive which detects normal file as a malware "win.Trojan.Bancos-2115" was occurred last week. It was started CVD version 21359 and was fixed by 21362. Could you tell us what was the cause of this false positive? And also, could you tell us what steps do you take to prevent false

[clamav-users] about countermeasure for false positive

level of tests you make ? Tsutomu Oyamada ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

[clamav-users] freshclam error

. Could you tell us the cause of this error and how to solve it? Best regards, Tsutomu Oyamada Promark Inc. Japan ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml

Re: [clamav-users] freshclam error

: 53, f-level: 63, builder: neo) Database updated (4860919 signatures) from m82pxl1g (IP: 192.168.16.80) Best regards, Tsutomu Oyamada Promark inc. Japan On Thu, 29 Sep 2016 17:15:01 +0200 Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 29.09.2016 um 17:05 schri

Re: [clamav-users] freshclam error

Sorry, We were confused. Version 0.97.8 and is older. We upgraded the 0.98.1 version of ClamAV. Once you do so without any problems now. T.O On Fri, 30 Sep 2016 12:11:49 +0200 Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > On 30.09.16 00:01, Tsutomu Oyamada wrote: > >

[clamav-users] FP

Hi, all. We are in a problem of detection error (false positive) against a file. We are receiving complaint for this issue from one of our customers every day. We put the sample file on http://www.clamav.net/reports/fp 2weeks and more days ago at some times. However, we have not gotten any new

[clamav-users] TTL of DNS recode

Hi, All. We know CVD version information is published in DNS TXT record, this record's TTL values, 1800 seconds is currently is. This value is the same from the previous? Also in freshclam download old versions of CVD(one day ago) in local mirror environment, we will succeed. I thought I was

Re: [clamav-users] TTL of DNS recode

Varnell <alvarn...@mac.com> wrote: > I'm having difficulty following some of your questions and have no answers > yet, but what exactly is your mirror environment (IPs)? > > Sent from Janet's iPad > > -Al- > > On Nov 23, 2016, at 7:10 PM, Tsutomu Oyamada wrote: >

Re: [clamav-users] TTL of DNS recode

In the present situation fail. However, it did not fail one month ago. I do not have log had been successful. Want to know why should I fail to have succeeded in that. On Thu, 24 Nov 2016 01:19:20 -0800 Al Varnell wrote: > What is no longer working fine now? > > Do you have

Re: [clamav-users] TTL of DNS recode

is is probably very > difficult for you to explain in what is to you a foreign language, but I > don't think we are able to figure out just what is not working ... > > Tsutomu Oyamada <oyam...@promark-inc.com> wrote: > > > In the present situation fail. > >

Re: [clamav-users] TTL of DNS recode

t up-to-date at the > time you ran freshclam from a client computer on your local network. > > -Al- > > On Fri, Nov 25, 2016 at 01:57 AM, Tsutomu Oyamada wrote: > > > > Sorry, > > > > The part of freshclam log is as follows; > > > > ClamAV update p

Re: [clamav-users] FP

in daily - 22512. > > -Al- > > On Tue, Nov 08, 2016 at 10:52 PM, Tsutomu Oyamada wrote: > > > > Hi, all. > > > > We are in a problem of detection error (false positive) against a file. > > We are receiving complaint for this issue from one of our custom

[clamav-users] the problem of endless loop

Hi, all. I have a question about the error which is caused by the shotage of the size acquired by mpool_malloc function on clamd version 0.97.8. the message: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net This error does not exist in version 0.98

[clamav-users] Question about Scanning speed of clamd 0.99.2 with PCRE

Hi, all. We are using clamd 0.99.2 with PCRE. The required time for scan varies significantly by the CVD version. Does the the required time for scan depend on the number of signatures for PCRE which are inside the CVD? When we use clamd without PCRE, the required time for scan are not so

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

y ClamXAV, but I've not seen > either listed as dropped by ClamAV yet. > > Different versions of Firefox on different platforms. > > -Al- > > On Thu, Oct 19, 2017 at 10:24 PM, Gene Heskett wrote: > On Friday 20 October 2017 00:24:20 Tsutomu Oyamada wrote: > Hi, &

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

ase reply > with a hash value for the file you submitted. > > Sent from my iPhone > > -Al- > -- > Al Varnell > Mountain View, CA > > > On Oct 23, 2017, at 9:50 PM, Tsutomu Oyamada <oyam...@promark-inc.com> > > wrote: > > >

[clamav-users] update mirror trouble?

Hi, It looks like that Updating of CVD in database.clamav.net is not working (stopping). Do you have any trouble problem happened? We are in Japan, and it set CNAME for database.clamav.net as db.jp.clamav.net. db.jp.clamav.net has 4 IP addresses and those are working in roundrobin. Every sites

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

Hi, The false positive for omni.ja is still ocurring. I have been reported this many times, but it has not fixed yet. I have been troubled with this issue. What am I supposed to do? On Sat, 23 Sep 2017 09:53:30 -0400 Gene Heskett wrote: > On Saturday 23 September 2017

Re: [clamav-users] /home/gene/firefox/browser/omni.ja: Html.Exploit.CVE_2017_8750-6336209-0 FOUND

Thank you Joel. On Wed, 25 Oct 2017 13:05:42 + "Joel Esler (jesler)" <jes...@cisco.com> wrote: > This has been dropped as well. > > -- > Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> > > > > > > >

[clamav-users] Question about the clamdscan

Hi, all. I have two question about the clamdscan; 1) Does the clamd skip scanning the files which are scanned before? I want to know if the clamd remember which files are scanned, and skip them when the scan is performed again. 2) Is there any case that a file is locked by the clamd (user

Re: [clamav-users] Question about the clamdscan

ve noticed > it being locked. > > Sent from my iPad > > -Al- > > > On Mar 15, 2018, at 1:12 AM, Tsutomu Oyamada <oyam...@promark-inc.com> > > wrote: > > > > I have two question about the clamdscan; > > > > 1) Does the clamd skip scan

Re: [clamav-users] Scan very slow

Hi Micah It seems that the scanning slow down issue of this time has been solved at some level with CVD Update of the other day. However, there is still big discrepancy in between the current condition and the last condition in one month ago. DateFiles Scan time

[clamav-users] About ClamAV 0.101.3 builds on AIX6.1

Hi, all I am trying to build ClamAV 0.101.3 on AIX6.1. I did the following procedure, but it fails to make. What can I do? Excuse me in a long sentence below. 1. Download clamav-0.101.3.tar.gz package. 2. Extract package. 3. Execute configure AR="/usr/bin/ar -X64" LDFLAGS="-maix64 -Wl,-bbigtoc

Re: [clamav-users] About ClamAV 0.101.3 builds on AIX6.1

Hi Micah, I'm sorry for the slow response. It was another issue on AIX6.1, but your advice was helpful in AIX7.1. I was able to build correctly in my environment. Thank you so much. Regards, Tsutomu Oyamada On Tue, 13 Aug 2019 16:14:48 + "Micah Snyder \(micasnyd\) via clamav-users&quo

[clamav-users] about clamd boot sequence on Linux system.

Hi, all. Let me know about the clamd process boot sequence on Linux. There are two processes temporarily at clamd startup, is this a specification? Is this going to be three or more? On my system, after booting, it is in a state of following a few seconds. ps -aux root 75687 100 44.2

Re: [clamav-users] about clamd boot sequence on Linux system.

on the system. If the clamd process is using an official CVD file, it will require 2GB or more of the system's memory. Thank you so much. Betregard, T.O. On Mon, 20 Apr 2020 14:21:00 +0100 (BST) "G.W. Haywood via clamav-users" wrote: > Hi there, > > On Mon, 20 Apr 2020, Ts

Re: [clamav-users] clamd scan problem

Hi, Mark Thank you for your reply. The RAM size of my system is 4GB. I think it's not a system spec issue, it's a CVD issue. This is because an event occurred in the CVD update. Regards T.Oyamada On Sat, 31 Oct 2020 14:10:29 + Mark Fortescue via clamav-users wrote: > How much memory is

Re: [clamav-users] clamav error

Hi all, It's also talked about in this thread CVD version 26199 causes the following error in ClamAV version 0.99.2: Can't open file or directory ERROR We have identified the signature of the problem in CVD version 26199. Win.Loader.Boxter-9870959-0 If you ignore this signature, you can scan

[clamav-users] About PDF files detected as encrypted files

Hi, all We received following report from one of our users. The user is uisng Clamd0.103 on AIX7,2. When clamd with the option "ArchiveBlockEncrypted" ON scans a specifc PDF which is locked for editing, it is detected as "Heuristics.Encrypted.PDF FOUND". The PDF is locked for editing, but not

Re: [clamav-users] About PDF files detected as encrypted files

Hi, Thank you for your reply. I understood very well. It was useful to me. Regards, T.O On Wed, 11 Oct 2023 15:40:37 +0300 Maxim Britov via clamav-users wrote: > On 10.10.2023 13:32, Tsutomu Oyamada wrote: > > Hi, all > > > > We received following report from one of ou

[clamav-users] PDF scan

Hi, all. I hava a question about ClamAV 0.104.2 on IBM AIX7.3 system. It takes time to scan PDF files by clamdscan. it takes about 8 seconds to scan PDF file(total 645 page). (sample file is here: https://www.uinet.or.jp/LPBB0010-10.pdf) # /opt/freeware/sbin/clamd -V ClamAV

Re: [clamav-users] About scanning files larger than 2 GB in size

(micasnyd\) via clamav-users" wrote: > > Tsutomu Oyamada asked what actually happens when a large file is > > scanned, not why the limit is there. > > The default behavior is to treat the file as clean if any of the scan limits > are exceeded (scan time, scan size, f

[clamav-users] About scanning files larger than 2 GB in size

How do I set up clamd? Setting MaxFileSize to "0" is unlimited, but internally files larger than 2GB in size cannot be scanned. In this case, do you treat the file as clean without scanning it at all? ___ Manage your clamav-users mailing list

Re: [clamav-users] about ”Can't allocate memory ERROR”

End Date: 2023:02:16 07:35:55 # freshclam -V ClamAV 0.104.2/26814/Thu Feb 16 03:40:04 2023 After all, isn't something wrong? On Thu, 9 Feb 2023 15:06:16 + (GMT) Andrew C Aitchison via clamav-users wrote: > > On Thu, 9 Feb 2023, Tsutomu Oyamada wrote: > > > Hi, Andy. >

Re: [clamav-users] about ”Can't allocate memory ERROR”

.eclipse.core.filesystem.win32.x86_1.1.0.v20070510.jar > > Thanks, > Andy > > ________ > From: clamav-users on behalf of > Tsutomu Oyamada > Sent: Wednesday, February 1, 2023 8:36 AM > To: ClamAV users ML > Subject: [clamav-users] about ”Can't

[clamav-users] about ”Can't allocate memory ERROR”

Hi all, We use the services of clamd to scan files. The version of clamd is 0.103.4. After scanning some files, it will be "Can't allocate memory ERROR". However, with 24GB of memory on the system, there is no possibility of running out of memory. I have tried it on several systems, but I