Re: [clamav-users] Bytecode 86 failed to run

2018-08-13 Thread Alain Zidouemba
Win.Malware.Agent-6641126-0 is set to be removed from the next CVD. - Alain On Mon, Aug 13, 2018 at 5:28 AM, Tilman Schmidt wrote: > Am 08.08.2018 um 10:40 schrieb Tilman Schmidt: > > Am 07.08.2018 um 22:24 schrieb Alain Zidouemba: > >> We do not have the sample. Please submit here, even though

Re: [clamav-users] Bytecode 86 failed to run

2018-08-13 Thread Al Varnell
That signature was just added on Friday morning (California time) and is an MD-5 hash signature, but nothing found about it on VirusTotal. Looks like perhaps they did mistake it for a malware submission. -Al- On Mon, Aug 13, 2018 at 02:28 AM, Tilman Schmidt wrote: > Am 08.08.2018 um 10:40 schri

Re: [clamav-users] Bytecode 86 failed to run

2018-08-13 Thread Tilman Schmidt
Am 08.08.2018 um 10:40 schrieb Tilman Schmidt: > Am 07.08.2018 um 22:24 schrieb Alain Zidouemba: >> We do not have the sample. Please submit here, even though it's not >> malicious: http://www.clamav.net/reports/malware > > Done. Starting Saturday the file is now reported as /home/tschmidt/.java

Re: [clamav-users] Bytecode 86 failed to run

2018-08-09 Thread Al Varnell
If by pulled you mean updated to, then yes that happened and it only included these two changes: > Dropped Detection Signatures: >* BC.Img.Exploit.CVE_2018_3839-6614872-0 >* BC.Img.Exploit.CVE_2018_3839-6614873-0 Which were previously added on 26 July by bytecode - 326. So I'd have to gu

Re: [clamav-users] Bytecode 86 failed to run

2018-08-09 Thread Tilman Schmidt
The machine pulled bytecode.cld version 327 last night: Thu Aug 9 03:35:33 2018 -> Downloading bytecode-327.cdiff [100%] Thu Aug 9 03:35:33 2018 -> bytecode.cld updated (version: 327, sigs: 91, f-level: 63, builder: neo) Now the bytecode error messages are gone: $ clamscan .java/deployment/cac

Re: [clamav-users] Bytecode 86 failed to run

2018-08-08 Thread Steve Basford
That suggests that the actual default value of --bytecode-timeout might be 5000. Yep... https://github.com/Cisco-Talos/clamav-devel/blob/76d0d93d4f11a43f237cce495765b0f95d4352d1/shared/optparser.c Ie... { "BytecodeTimeout", "bytecode-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 5

Re: [clamav-users] Bytecode 86 failed to run

2018-08-08 Thread Tilman Schmidt
Am 08.08.2018 um 10:40 schrieb Tilman Schmidt: > JFTR it did. Total runtime was > >> Time: 34574.821 sec (576 m 14 s) > > which is pretty much exactly 144*24ms > > Seems the default --bytecode-timeout is really much smaller than the > 6ms mentioned in the manpage. Curiosity got the bet

Re: [clamav-users] Bytecode 86 failed to run

2018-08-08 Thread Tilman Schmidt
Am 07.08.2018 um 22:24 schrieb Alain Zidouemba: > We do not have the sample. Please submit here, even though it's not > malicious: http://www.clamav.net/reports/malware Done. > On Tue, Aug 7, 2018 at 2:00 PM, Tilman Schmidt > wrote: > > $ sha256sum .java/deploym

Re: [clamav-users] Bytecode 86 failed to run

2018-08-07 Thread Alain Zidouemba
Tilman: What's the MD5 or SHA256 of the file, so I can see if we already have it? Thanks, - Alain On Tue, Aug 7, 2018 at 9:50 AM, Tilman Schmidt wrote: > The problem is back, this time with two bytecodes: 2 and 90. > ClamAV version is 0.100.1. > The last clamscan run without the error was on

Re: [clamav-users] Bytecode 86 failed to run

2018-08-07 Thread Tilman Schmidt
The problem is back, this time with two bytecodes: 2 and 90. ClamAV version is 0.100.1. The last clamscan run without the error was on 2018-07-26 06:00. The preceding freshclam run said: Thu Jul 26 05:49:13 2018 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) T

Re: [clamav-users] Bytecode 86 failed to run

2018-07-10 Thread Alain Zidouemba
This issue should be resolved now. If the issue persists for you, let us know. - Alain On Mon, Jul 9, 2018 at 12:14 AM, wrote: > On my debian 9, clamav 0.100.0+dfsg-0+deb8u1) I got following error: > > clamscan /media/6b300944-6e7c-493e-b9c9-faeebb70a415/nastenka > /srv/dev-disk-by-label-white/

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Tilman Schmidt
According to the manpage, the default value of --bytecode-timeout is sixty seconds. Shouldn't that be ample for scanning a 6 MB file on a current processor? But I'll keep in mind to retry with a higher value should the problem reappear. Thanks, Tilman Am 09.07.2018 um 16:22 schrieb Micah Snyder

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Micah Snyder (micasnyd)
It's a pretty common error if you lower the --bytecode-timeout value. By contrast, you can also raise --bytecode-timeout higher than the default until the errors go away if you want to scan those files, and don't wish to delete the one triggering the timeout. It isn't entirely surprising that

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Tilman Schmidt
Am 09.07.2018 um 11:45 schrieb Pavel Kosina: > No, its not working this way. -i prints out infected files. These files > (bytecode jit error) are probably  considered as not infected. That's why I said "drop the -i option". "Drop" means "remove", "omit", "erase", "do not use". Just change "-ri

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Matus UHLAR - fantomas
Am 09.07.2018 um 10:37 schrieb pee...@email.cz: Is it possile to let print out with the error messages what file is it? Tilman Schmidt napsal(a) dne 9.7.2018 v 10:58: If you drop the -i option it will print each file as it scans it. On 09.07.18 11:45, Pavel Kosina wrote: No, its not working

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Pavel Kosina
No, its not working this way. -i prints out infected files. These files (bytecode jit error) are probably considered as not infected. Tilman Schmidt napsal(a) dne 9.7.2018 v 10:58: If you drop the -i option it will print each file as it scans it. Am 09.07.2018 um 10:37 schrieb pee...@e

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Tilman Schmidt
If you drop the -i option it will print each file as it scans it. Am 09.07.2018 um 10:37 schrieb pee...@email.cz: > I see. > > Is it possile to let print out with the error messages what file is it? > As you can see, I excluded all movies and so on > (mp4|MP4|mkv|MKV|avi|AVI|wmv|WMV|ts|TS|flv|FLV

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Tilman Schmidt
Would have gladly done so, had anyone hinted at that possibility. Now it's too late, the file is gone. Am 09.07.2018 um 10:37 schrieb Al Varnell: > Agree that apparently nobody knows, but a lot of us care. > > I only wish you had submitted that file to the ClamAV signature team as > I suspect the

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Al Varnell
Agree that apparently nobody knows, but a lot of us care. I only wish you had submitted that file to the ClamAV signature team as I suspect they would have figured it out by now. -Al- ClamXAV User On Mon, Jul 09, 2018 at 01:27 AM, Tilman Schmidt wrote: > I've been trying in vain to get an answe

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread peekaa
I see. Is it possile to let print out with the error messages what file is it? As you can see, I excluded all movies and so on (mp4|MP4|mkv|MKV|avi|AVI|wmv|WMV|ts|TS|flv|FLV|mov|MOV|JPG|jpg|mp3|MP3|tc) that are very big, that may cause this, but I might forget something other big too. Thank

Re: [clamav-users] Bytecode 86 failed to run

2018-07-09 Thread Tilman Schmidt
I've been trying in vain to get an answer on that one since 2018-06-20. For me it's bytecode 73, otherwise the same. Looks like no-one knows or cares. I ended up bisecting the scan and removing the file whose scan triggered the message. Luckily it wasn't needed for the operation of the affected sy