Re: [clamav-users] Daily 23161 broke Clam
All is ok now thanks a lot Stan Le 08/03/2017 à 22:19, Al Varnell a écrit : The problem was fixed by the very next signature update (daily - 23162), seven hours after 23161 was released. -Al- On Wed, Mar 08, 2017 at 12:35 PM, Stanislas LEVEAU wrote: Hi, You known when this build is ok for pcre libraries older than 7.0? Thanks for your help. Regards. Stan Le 03/03/2017 à 22:00, Alain Zidouemba a écrit : We are coming to the same conclusions. The issue seem to isolated to using pcre libraries older than 7.0. I does not affect users of newer versions of pcre or users of pcre2. A new build with the fix is in progress now. Apologies for the impact this has caused. Alain On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: We're pulling the signature causing the issue now, while we investigate the cause. - Alain Hi Alain, I think the fix is... Replace ? with ?P when the PCRE library is old ie. ?< to ?P< On... Doc.Macro.GenericHeuristic-5901772-0 Doc.Macro.GenericHeuristic-5931846-1 -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -Al- ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
The problem was fixed by the very next signature update (daily - 23162), seven hours after 23161 was released. -Al- On Wed, Mar 08, 2017 at 12:35 PM, Stanislas LEVEAU wrote: > > Hi, > > You known when this build is ok for pcre libraries older than 7.0? > > Thanks for your help. > > Regards. > > Stan > > > Le 03/03/2017 à 22:00, Alain Zidouemba a écrit : >> We are coming to the same conclusions. >> >> The issue seem to isolated to using pcre libraries older than 7.0. I does >> not affect users of newer versions of pcre or users of pcre2. >> >> A new build with the fix is in progress now. >> >> Apologies for the impact this has caused. >> >> Alain >> >> On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < >> steveb_cla...@sanesecurity.com> wrote: >> >>> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: We're pulling the signature causing the issue now, while we investigate the cause. - Alain >>> Hi Alain, >>> >>> I think the fix is... Replace ? with ?P when the PCRE library is old >>> >>> ie. ?< to ?P< >>> >>> On... >>> >>> Doc.Macro.GenericHeuristic-5901772-0 >>> Doc.Macro.GenericHeuristic-5931846-1 >>> >>> >>> -- >>> Cheers, >>> >>> Steve >>> Twitter: @sanesecurity >>> >>> ___ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >>> >> ___ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -Al- -- Al Varnell Mountain View, CA smime.p7s Description: S/MIME cryptographic signature ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Hi, You known when this build is ok for pcre libraries older than 7.0? Thanks for your help. Regards. Stan Le 03/03/2017 à 22:00, Alain Zidouemba a écrit : We are coming to the same conclusions. The issue seem to isolated to using pcre libraries older than 7.0. I does not affect users of newer versions of pcre or users of pcre2. A new build with the fix is in progress now. Apologies for the impact this has caused. Alain On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: We're pulling the signature causing the issue now, while we investigate the cause. - Alain Hi Alain, I think the fix is... Replace ? with ?P when the PCRE library is old ie. ?< to ?P< On... Doc.Macro.GenericHeuristic-5901772-0 Doc.Macro.GenericHeuristic-5931846-1 -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
On 3/3/17, 2:14 PM, "clamav-users on behalf of Steven Morgan"wrote: Hi Aaron and Leonardo, What are the versions of libpcre on your systems? Thanks, Steve ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml I am running CentOS 5.11, PCRE version 6.6-9. An OS upgrade is in the future. --Aaron ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
This is why user base feedback is important. Regarding lack of detection, this is something I'm having a hard time agreeing with. We are producing more detection now than we ever have and faster. That's a tricky think about detection. Detection is only as good as the last thing missed. -- Sent from my iPhone > On Mar 5, 2017, at 22:29, Noel Joneswrote: > >> On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote: >> The question here is, do we strive to make a package that is installable on >> more machines, (even ones that are going EOL?), or do we strive to make a >> package that is the best for security? >> > > It's my understanding that the new features in pcre7 are mostly > about shortcuts and convenience for the programmer, not about pcre6 > inability to match particular content. > > So this isn't really about security, it's about writing the same > signatures so they work with older pcre. > > This is about not alienating that portion of your user base that for > whatever reason is unable to upgrade to a new incompatible > requirement. Once you lose such a customer, you're probably lost > them for a long time -- not just until they upgrade, but maybe forever. > > I see clamav slowly sliding towards irrelevance. Progressively less > effective, slower to respond to new threats, and now considering a > decision to reduce their user base. This makes me sad. > > My systems all meet the proposed requirements, so this doesn't > affect me directly. But I feel this reflects a deeper problem > within the project -- a lack of consideration for the end user. > > > > -- Noel Jones > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam (workaround)
I didn't see any problems on CentOS 7 or CentOS 6 on my systems using clamav with the 23161 daily update. Are you saying you had a problem with them? The only problem was with CentOS 5 on my systems. The workaround would apply to any distribution though that was affected by the regexp not working on pcre libraries older than 7.0. If the whitelist.ign2 file is put in the database directory where daily.cvd was updated, it would work around the problem for those 2 signatures. The point of my post is that this can be a quick workaround to get clamd working again if a regexp problem like this pops up. I was going in all different directions myself trying to get clamd working (recompiling, daily.cvd manipulations, etc) until I stumbled onto the much simpler whitelist.ign2 feature which I was not aware of until a few days ago. I really wanted to stick with pre-built rpm packages on the installs. I am just trying to spread the info in case others were not aware of the whitelist feature in clamav/clamd. On Sun, Mar 5, 2017 at 8:45 PM, Benny Pedersenwrote: > Adam Gibson skrev den 2017-03-05 16:29: > > This whitelists those patterns so they do not even get processed to cause >> the crash in the regexp engine that clamd uses. Clamd started up fine for >> me with CentOS 5 after doing that. >> > > did you test that this is same problem in centos 7 ? > > come on :=) > > you have more problems then just clamav with centos 5 > > i dont care really, but now i sayed it > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote: > The question here is, do we strive to make a package that is installable on > more machines, (even ones that are going EOL?), or do we strive to make a > package that is the best for security? > It's my understanding that the new features in pcre7 are mostly about shortcuts and convenience for the programmer, not about pcre6 inability to match particular content. So this isn't really about security, it's about writing the same signatures so they work with older pcre. This is about not alienating that portion of your user base that for whatever reason is unable to upgrade to a new incompatible requirement. Once you lose such a customer, you're probably lost them for a long time -- not just until they upgrade, but maybe forever. I see clamav slowly sliding towards irrelevance. Progressively less effective, slower to respond to new threats, and now considering a decision to reduce their user base. This makes me sad. My systems all meet the proposed requirements, so this doesn't affect me directly. But I feel this reflects a deeper problem within the project -- a lack of consideration for the end user. -- Noel Jones ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam (workaround)
Adam Gibson skrev den 2017-03-05 16:29: This whitelists those patterns so they do not even get processed to cause the crash in the regexp engine that clamd uses. Clamd started up fine for me with CentOS 5 after doing that. did you test that this is same problem in centos 7 ? come on :=) you have more problems then just clamav with centos 5 i dont care really, but now i sayed it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
I build Linux ClamAV from source, mainly due to distro maintainers being (quite) behind the latest official ClamAV. Also, I build ClamAV into /opt, so I can keep previous versions just in case. On Sun, 5 Mar 2017 12:51:04 + "Joel Esler (jesler)"wrote: > The question here is, do we strive to make a package that is > installable on more machines, (even ones that are going EOL?), or do > we strive to make a package that is the best for security? > > If the package maintainers are doing a good job, ClamAV with a higher > dependency would install the higher pcre. The user would be fine. > > The problem with my grand theory is, package maintainers are > incredibly slow, largely, and most people would have to install from > source. > > We have tens of thousands of new users every month, so it's > definitely something we'll have to think about. > > I am still interested in people's feedback, as right now, this thread > seems to be about 50/50 (in requiring pcre 7) > > -- > Sent from my iPhone > > > On Mar 5, 2017, at 06:39, Ned Slider wrote: > > > >> On 04/03/17 22:54, Joel Esler (jesler) wrote: > >> We cannot be tied to distribution support problems. > >> > > > > That's fine Joel. You obviously know your own target audience. If > > it's not me I can look elsewhere for solutions :-) > > > > > >>> On Mar 4, 2017, at 17:44, Benny Pedersen wrote: > >>> > >>> Leonardo Rodrigues skrev den 2017-03-04 23:12: > is clamav a redhat product ?!?! I don't think so. That being > said, i see absolutely no point at all on saying clamav should > do this because redhat does that. > >>> > >>> good point > >>> > Anyone wishing to be updated with a 10+ years rhel install, > should call redhat for that :) > >>> > >>> any rpm builded systems are buggy > >>> > my 0.02 cents ... > >>> > >>> anymore left ? > >>> > >>> i just wish 0.99.3 have clamav-milter supporting > >>> OnUnOfficiaLsignature accept|quarantine|reject > >>> > >>> that will save me to have need for 2 clamd and 2 clamav-milters > >>> > >>> just my one bitcoin :) > >>> > >>> clamav-owner please stop breaking dkim > >>> ___ > >>> clamav-users mailing list > >>> clamav-users@lists.clamav.net > >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >>> > >>> > >>> Help us build a comprehensive ClamAV guide: > >>> https://github.com/vrtadmin/clamav-faq > >>> > >>> http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Am 05.03.2017 um 14:07 schrieb Carlos Velasco: Another option would be to include a "static" internal version of pcre in ClamAV. Although this option I like much less... this is not a good option because you have easily multiple versions of the pcre library in the same process when somethink links to libclamav and any other library which itself links to the distributions prce libs ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
El 05/03/2017 a las 13:51, Joel Esler (jesler) escribió: > The question here is, do we strive to make a package that is installable on > more machines, (even ones that are going EOL?), or do we strive to make a > package that is the best for security? > > If the package maintainers are doing a good job, ClamAV with a higher > dependency would install the higher pcre. The user would be fine. > > The problem with my grand theory is, package maintainers are incredibly slow, > largely, and most people would have to install from source. > > We have tens of thousands of new users every month, so it's definitely > something we'll have to think about. > > I am still interested in people's feedback, as right now, this thread seems > to be about 50/50 (in requiring pcre 7) IMHO, There is no reason to choose radically between one option or another. I think you could, for example, separate the signatures requiring specific versions (pcre in this case) in different file/s of signatures, and that only load if you have that version or greater (make a test in libclamav before loading), otherwise, show warning in log that you are using less signatures cause older pcre. Another option would be to include a "static" internal version of pcre in ClamAV. Although this option I like much less... Regards, Carlos Velasco ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Em 04/03/17 22:03, Reindl Harald escreveu: Am 04.03.2017 um 23:54 schrieb Joel Esler (jesler): We cannot be tied to distribution support problems. but when you think as long as every other software works on RHEL/CentOS and only ClamAV decides to make hard requirements breaking that from one day to another i fear ClamAV (as apckage not directly maintained by Redhat alt all) won#t win anything While I still think that clamav should not be tied to any specific distribution support, i definitely agree that simply breaking running instances was a TERRIBLE idea. Raising up lib version requirements on a next version, allowing signatures to be identified as incompatible and disabled as already discussed, would have been the only smart way of doing that. The way it was done, and quickly corrected it's important to say, wasn't intelligent at all !! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
The question here is, do we strive to make a package that is installable on more machines, (even ones that are going EOL?), or do we strive to make a package that is the best for security? If the package maintainers are doing a good job, ClamAV with a higher dependency would install the higher pcre. The user would be fine. The problem with my grand theory is, package maintainers are incredibly slow, largely, and most people would have to install from source. We have tens of thousands of new users every month, so it's definitely something we'll have to think about. I am still interested in people's feedback, as right now, this thread seems to be about 50/50 (in requiring pcre 7) -- Sent from my iPhone > On Mar 5, 2017, at 06:39, Ned Sliderwrote: > >> On 04/03/17 22:54, Joel Esler (jesler) wrote: >> We cannot be tied to distribution support problems. >> > > That's fine Joel. You obviously know your own target audience. If it's not me > I can look elsewhere for solutions :-) > > >>> On Mar 4, 2017, at 17:44, Benny Pedersen wrote: >>> >>> Leonardo Rodrigues skrev den 2017-03-04 23:12: is clamav a redhat product ?!?! I don't think so. That being said, i see absolutely no point at all on saying clamav should do this because redhat does that. >>> >>> good point >>> Anyone wishing to be updated with a 10+ years rhel install, should call redhat for that :) >>> >>> any rpm builded systems are buggy >>> my 0.02 cents ... >>> >>> anymore left ? >>> >>> i just wish 0.99.3 have clamav-milter supporting OnUnOfficiaLsignature >>> accept|quarantine|reject >>> >>> that will save me to have need for 2 clamd and 2 clamav-milters >>> >>> just my one bitcoin :) >>> >>> clamav-owner please stop breaking dkim >>> ___ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> ___ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
On 04/03/17 22:54, Joel Esler (jesler) wrote: We cannot be tied to distribution support problems. That's fine Joel. You obviously know your own target audience. If it's not me I can look elsewhere for solutions :-) On Mar 4, 2017, at 17:44, Benny Pedersenwrote: Leonardo Rodrigues skrev den 2017-03-04 23:12: is clamav a redhat product ?!?! I don't think so. That being said, i see absolutely no point at all on saying clamav should do this because redhat does that. good point Anyone wishing to be updated with a 10+ years rhel install, should call redhat for that :) any rpm builded systems are buggy my 0.02 cents ... anymore left ? i just wish 0.99.3 have clamav-milter supporting OnUnOfficiaLsignature accept|quarantine|reject that will save me to have need for 2 clamd and 2 clamav-milters just my one bitcoin :) clamav-owner please stop breaking dkim ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Am 04.03.2017 um 23:54 schrieb Joel Esler (jesler): We cannot be tied to distribution support problems. but when you think as long as every other software works on RHEL/CentOS and only ClamAV decides to make hard requirements breaking that from one day to another i fear ClamAV (as apckage not directly maintained by Redhat alt all) won#t win anything the ressource usage (memory footprint), signature update frequency and hitquote is way too worse for such games :-) ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Am 04.03.2017 um 23:43 schrieb Benny Pedersen: Leonardo Rodrigues skrev den 2017-03-04 23:12: is clamav a redhat product ?!?! I don't think so. That being said, i see absolutely no point at all on saying clamav should do this because redhat does that. good point Anyone wishing to be updated with a 10+ years rhel install, should call redhat for that :) any rpm builded systems are buggy a typical Benny post - please take your "binary problems" somewhere where only dilettantes are your audience, everywhere else you will get no job if you think you get money for maintaining your Gentoo installations ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Am 04.03.2017 um 23:12 schrieb Leonardo Rodrigues: is clamav a redhat product ?!?! I don't think so. That being said, i see absolutely no point at all on saying clamav should do this because redhat does that. Anyone wishing to be updated with a 10+ years rhel install, should call redhat for that :) my 0.02 cents ... the question is "does clamav want to stay relevant or not" aka be in in the most of relevant repo (EPEL) and since it's not in the RH/CentOS main repo it's for sure nothing Redhat itself bothers with Em 04/03/17 12:32, Ned Slider escreveu: Red Hat typically now supports each release of RHEL for at least a decade, and that's not including any additional extended support periods one may purchase from Red Hat in addition to the standard production lifespan, so in a Red Hat world, I would say a decade is the *minimum* period one should support dependent libs if you want your software used on that platform. RHEL5 may reach end of production on 31 March 2017 but extended life-cycle support continues until 30 Nov 2020, so preferably support for pcre-6 should continue until then. https://access.redhat.com/support/policy/updates/errata#Life_Cycle_Dates A huge number of mail admins want to install a RH mail server and forget about it for 10+ years knowing it is supported and will just work, and that things aren't going to continually break with each and every update. I'm currently in the process of installing a new mail server to replace a RHEL5 server, initially set up in 2007, and only because RHEL5 is EOL. The same hardware (touch wood) is still going strong and hasn't missed a beat in 10 years. If I could afford the extended support from RH I'd probably let it run for another 3 years. So your opinion on this will be influenced by your perspective. I would argue that RHEL has a large enough installed userbase to warrant supporting it for at least it's 10 year production life-cycle. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Joel Esler (jesler) skrev den 2017-03-04 23:54: We cannot be tied to distribution support problems. where did i ask for that ? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
We cannot be tied to distribution support problems. -- Sent from my iPhone > On Mar 4, 2017, at 17:44, Benny Pedersenwrote: > > Leonardo Rodrigues skrev den 2017-03-04 23:12: >> is clamav a redhat product ?!?! I don't think so. That being said, i >> see absolutely no point at all on saying clamav should do this because >> redhat does that. > > good point > >> Anyone wishing to be updated with a 10+ years rhel install, should >> call redhat for that :) > > any rpm builded systems are buggy > >> my 0.02 cents ... > > anymore left ? > > i just wish 0.99.3 have clamav-milter supporting OnUnOfficiaLsignature > accept|quarantine|reject > > that will save me to have need for 2 clamd and 2 clamav-milters > > just my one bitcoin :) > > clamav-owner please stop breaking dkim > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Leonardo Rodrigues skrev den 2017-03-04 23:12: is clamav a redhat product ?!?! I don't think so. That being said, i see absolutely no point at all on saying clamav should do this because redhat does that. good point Anyone wishing to be updated with a 10+ years rhel install, should call redhat for that :) any rpm builded systems are buggy my 0.02 cents ... anymore left ? i just wish 0.99.3 have clamav-milter supporting OnUnOfficiaLsignature accept|quarantine|reject that will save me to have need for 2 clamd and 2 clamav-milters just my one bitcoin :) clamav-owner please stop breaking dkim ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
is clamav a redhat product ?!?! I don't think so. That being said, i see absolutely no point at all on saying clamav should do this because redhat does that. Anyone wishing to be updated with a 10+ years rhel install, should call redhat for that :) my 0.02 cents ... Em 04/03/17 12:32, Ned Slider escreveu: Red Hat typically now supports each release of RHEL for at least a decade, and that's not including any additional extended support periods one may purchase from Red Hat in addition to the standard production lifespan, so in a Red Hat world, I would say a decade is the *minimum* period one should support dependent libs if you want your software used on that platform. RHEL5 may reach end of production on 31 March 2017 but extended life-cycle support continues until 30 Nov 2020, so preferably support for pcre-6 should continue until then. https://access.redhat.com/support/policy/updates/errata#Life_Cycle_Dates A huge number of mail admins want to install a RH mail server and forget about it for 10+ years knowing it is supported and will just work, and that things aren't going to continually break with each and every update. I'm currently in the process of installing a new mail server to replace a RHEL5 server, initially set up in 2007, and only because RHEL5 is EOL. The same hardware (touch wood) is still going strong and hasn't missed a beat in 10 years. If I could afford the extended support from RH I'd probably let it run for another 3 years. So your opinion on this will be influenced by your perspective. I would argue that RHEL has a large enough installed userbase to warrant supporting it for at least it's 10 year production life-cycle. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
On 03/03/17 23:53, Scott Kitterman wrote: As far as I can tell, pcre 7 came out before 2008. I think a decade is enough time to insist people upgrade. Scott K Red Hat typically now supports each release of RHEL for at least a decade, and that's not including any additional extended support periods one may purchase from Red Hat in addition to the standard production lifespan, so in a Red Hat world, I would say a decade is the *minimum* period one should support dependent libs if you want your software used on that platform. RHEL5 may reach end of production on 31 March 2017 but extended life-cycle support continues until 30 Nov 2020, so preferably support for pcre-6 should continue until then. https://access.redhat.com/support/policy/updates/errata#Life_Cycle_Dates A huge number of mail admins want to install a RH mail server and forget about it for 10+ years knowing it is supported and will just work, and that things aren't going to continually break with each and every update. I'm currently in the process of installing a new mail server to replace a RHEL5 server, initially set up in 2007, and only because RHEL5 is EOL. The same hardware (touch wood) is still going strong and hasn't missed a beat in 10 years. If I could afford the extended support from RH I'd probably let it run for another 3 years. So your opinion on this will be influenced by your perspective. I would argue that RHEL has a large enough installed userbase to warrant supporting it for at least it's 10 year production life-cycle. On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote: If we required pcre 7, it would allow us to publish this kind of sig in the future of 99.3 and high versions by requiring a certain "flevel". -- Sent from my iPhone On Mar 3, 2017, at 18:18, Chris Connwrote: Hello, Looks like my off-list email went on the list LOL. So much for not making noise. Woops. If the 0.99.3 or whatever later version where this would be implemented requires PCRE 7, would that break database updates for versions that have not upgraded if this pcre format is re-used in the future, or would it simply disable pcre support in previous version of clamd that have not been upgraded? Thanks, Chris On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote: A new daily with the Sig dropped. Probably what we will do to prevent this from happening again, is to have 0.99.3 (the upcoming version) require pcre 7. How does that sound? -- Sent from my iPhone On Mar 3, 2017, at 18:08, Chris Conn wrote: Hello, I hope you don't mind my contact off-list, I don't want to make noise on it for all. Apologies. This new build, are we talking about a daily.cvd (23162?) or a new build of clam/pcre? Thanks again in advance for your help, Chris On 3/3/2017 4:00 PM, Alain Zidouemba wrote: We are coming to the same conclusions. The issue seem to isolated to using pcre libraries older than 7.0. I does not affect users of newer versions of pcre or users of pcre2. A new build with the fix is in progress now. Apologies for the impact this has caused. Alain On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: We're pulling the signature causing the issue now, while we investigate the cause. - Alain Hi Alain, I think the fix is... Replace ? with ?P when the PCRE library is old ie. ?< to ?P< On... Doc.Macro.GenericHeuristic-5901772-0 Doc.Macro.GenericHeuristic-5931846-1 -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
In Debian we back port security fixes the same way, but libraries with different SO names are co-installable, so there's generally ways to deal with these things. Clamav itself is an exception since not keeping up in functionality means you lose the arms race. Scott K On March 3, 2017 7:04:03 PM EST, Chris Connwrote: >Hello, > >Insist :) Well, its considered bad practice to upgrade packages >independently on a RH-based system where dependancies break. Security >fixes are back-ported to older versions to preserve versioning an >compatibility. Thats a Redhat feature I agree, and RHEL5 will be EOL >in >28 days, so perhaps that point will be moot on April 1 2017. > >So insisting on upgrading libraries on a .rpm system in a scenario >where >the distro is not EOL'ed is probably not what the general userbase of >those distros will be able/willing to perform. This particular case >has less weight since the distro is about to go out of support from the > >vendor, however that doesn't mean there won't be anyone still using it. > >I guess once its out of support its not all that hard to start breaking > >package dependancies since there will be no upgrades (although, there >is >an additional "extended life phase" that RHEL5 systems can obtain, so >the April 1st date is not necessarily accurate). > >Your favorite distro probably handles this versioning better than RH >does. > >Chris > >On 3/3/2017 6:53 PM, Scott Kitterman wrote: >> As far as I can tell, pcre 7 came out before 2008. I think a decade >is enough >> time to insist people upgrade. >> >> Scott K >> >> On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote: >>> If we required pcre 7, it would allow us to publish this kind of sig >in the >>> future of 99.3 and high versions by requiring a certain "flevel". >>> >>> -- >>> Sent from my iPhone >>> On Mar 3, 2017, at 18:18, Chris Conn wrote: Hello, Looks like my off-list email went on the list LOL. So much for not >making noise. Woops. If the 0.99.3 or whatever later version where this would be >implemented requires PCRE 7, would that break database updates for versions >that have not upgraded if this pcre format is re-used in the future, or would >it simply disable pcre support in previous version of clamd that have >not been upgraded? Thanks, Chris > On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote: > A new daily with the Sig dropped. > > Probably what we will do to prevent this from happening again, is >to have > 0.99.3 (the upcoming version) require pcre 7. > > How does that sound? > > -- > Sent from my iPhone > >> On Mar 3, 2017, at 18:08, Chris Conn wrote: >> >> Hello, >> >> I hope you don't mind my contact off-list, I don't want to make >noise on >> it for all. Apologies. >> >> This new build, are we talking about a daily.cvd (23162?) or a >new build >> of clam/pcre? >> >> Thanks again in advance for your help, >> >> Chris >> >>> On 3/3/2017 4:00 PM, Alain Zidouemba wrote: >>> We are coming to the same conclusions. >>> >>> The issue seem to isolated to using pcre libraries older than >7.0. I >>> does >>> not affect users of newer versions of pcre or users of pcre2. >>> >>> A new build with the fix is in progress now. >>> >>> Apologies for the impact this has caused. >>> >>> Alain >>> >>> On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < >>> >>> steveb_cla...@sanesecurity.com> wrote: > On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: > We're pulling the signature causing the issue now, while we > investigate > the cause. > > - Alain Hi Alain, I think the fix is... Replace ? with ?P when the PCRE library >is old ie. ?< to ?P< On... Doc.Macro.GenericHeuristic-5901772-0 Doc.Macro.GenericHeuristic-5931846-1 -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml >>> ___ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Hello, Insist :) Well, its considered bad practice to upgrade packages independently on a RH-based system where dependancies break. Security fixes are back-ported to older versions to preserve versioning an compatibility. Thats a Redhat feature I agree, and RHEL5 will be EOL in 28 days, so perhaps that point will be moot on April 1 2017. So insisting on upgrading libraries on a .rpm system in a scenario where the distro is not EOL'ed is probably not what the general userbase of those distros will be able/willing to perform. This particular case has less weight since the distro is about to go out of support from the vendor, however that doesn't mean there won't be anyone still using it. I guess once its out of support its not all that hard to start breaking package dependancies since there will be no upgrades (although, there is an additional "extended life phase" that RHEL5 systems can obtain, so the April 1st date is not necessarily accurate). Your favorite distro probably handles this versioning better than RH does. Chris On 3/3/2017 6:53 PM, Scott Kitterman wrote: As far as I can tell, pcre 7 came out before 2008. I think a decade is enough time to insist people upgrade. Scott K On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote: If we required pcre 7, it would allow us to publish this kind of sig in the future of 99.3 and high versions by requiring a certain "flevel". -- Sent from my iPhone On Mar 3, 2017, at 18:18, Chris Connwrote: Hello, Looks like my off-list email went on the list LOL. So much for not making noise. Woops. If the 0.99.3 or whatever later version where this would be implemented requires PCRE 7, would that break database updates for versions that have not upgraded if this pcre format is re-used in the future, or would it simply disable pcre support in previous version of clamd that have not been upgraded? Thanks, Chris On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote: A new daily with the Sig dropped. Probably what we will do to prevent this from happening again, is to have 0.99.3 (the upcoming version) require pcre 7. How does that sound? -- Sent from my iPhone On Mar 3, 2017, at 18:08, Chris Conn wrote: Hello, I hope you don't mind my contact off-list, I don't want to make noise on it for all. Apologies. This new build, are we talking about a daily.cvd (23162?) or a new build of clam/pcre? Thanks again in advance for your help, Chris On 3/3/2017 4:00 PM, Alain Zidouemba wrote: We are coming to the same conclusions. The issue seem to isolated to using pcre libraries older than 7.0. I does not affect users of newer versions of pcre or users of pcre2. A new build with the fix is in progress now. Apologies for the impact this has caused. Alain On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: We're pulling the signature causing the issue now, while we investigate the cause. - Alain Hi Alain, I think the fix is... Replace ? with ?P when the PCRE library is old ie. ?< to ?P< On... Doc.Macro.GenericHeuristic-5901772-0 Doc.Macro.GenericHeuristic-5931846-1 -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq
Re: [clamav-users] Daily 23161 broke Clam
As far as I can tell, pcre 7 came out before 2008. I think a decade is enough time to insist people upgrade. Scott K On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote: > If we required pcre 7, it would allow us to publish this kind of sig in the > future of 99.3 and high versions by requiring a certain "flevel". > > -- > Sent from my iPhone > > > On Mar 3, 2017, at 18:18, Chris Connwrote: > > > > Hello, > > > > Looks like my off-list email went on the list LOL. So much for not making > > noise. Woops. > > > > If the 0.99.3 or whatever later version where this would be implemented > > requires PCRE 7, would that break database updates for versions that have > > not upgraded if this pcre format is re-used in the future, or would it > > simply disable pcre support in previous version of clamd that have not > > been upgraded? > > > > Thanks, > > > > Chris > > > >> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote: > >> A new daily with the Sig dropped. > >> > >> Probably what we will do to prevent this from happening again, is to have > >> 0.99.3 (the upcoming version) require pcre 7. > >> > >> How does that sound? > >> > >> -- > >> Sent from my iPhone > >> > >>> On Mar 3, 2017, at 18:08, Chris Conn wrote: > >>> > >>> Hello, > >>> > >>> I hope you don't mind my contact off-list, I don't want to make noise on > >>> it for all. Apologies. > >>> > >>> This new build, are we talking about a daily.cvd (23162?) or a new build > >>> of clam/pcre? > >>> > >>> Thanks again in advance for your help, > >>> > >>> Chris > >>> > On 3/3/2017 4:00 PM, Alain Zidouemba wrote: > We are coming to the same conclusions. > > The issue seem to isolated to using pcre libraries older than 7.0. I > does > not affect users of newer versions of pcre or users of pcre2. > > A new build with the fix is in progress now. > > Apologies for the impact this has caused. > > Alain > > On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < > > steveb_cla...@sanesecurity.com> wrote: > >> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: > >> We're pulling the signature causing the issue now, while we > >> investigate > >> the cause. > >> > >> - Alain > > > > Hi Alain, > > > > I think the fix is... Replace ? with ?P when the PCRE library is old > > > > ie. ?< to ?P< > > > > On... > > > > Doc.Macro.GenericHeuristic-5901772-0 > > Doc.Macro.GenericHeuristic-5931846-1 > > > > > > -- > > Cheers, > > > > Steve > > Twitter: @sanesecurity > > > > ___ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > >>> > >>> ___ > >>> clamav-users mailing list > >>> clamav-users@lists.clamav.net > >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >>> > >>> > >>> Help us build a comprehensive ClamAV guide: > >>> https://github.com/vrtadmin/clamav-faq > >>> > >>> http://www.clamav.net/contact.html#ml > >> > >> ___ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > > > > ___ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
Re: [clamav-users] Daily 23161 broke Clam
If we required pcre 7, it would allow us to publish this kind of sig in the future of 99.3 and high versions by requiring a certain "flevel". -- Sent from my iPhone > On Mar 3, 2017, at 18:18, Chris Connwrote: > > Hello, > > Looks like my off-list email went on the list LOL. So much for not making > noise. Woops. > > If the 0.99.3 or whatever later version where this would be implemented > requires PCRE 7, would that break database updates for versions that have not > upgraded if this pcre format is re-used in the future, or would it simply > disable pcre support in previous version of clamd that have not been upgraded? > > Thanks, > > Chris > >> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote: >> A new daily with the Sig dropped. >> >> Probably what we will do to prevent this from happening again, is to have >> 0.99.3 (the upcoming version) require pcre 7. >> >> How does that sound? >> >> -- >> Sent from my iPhone >> >>> On Mar 3, 2017, at 18:08, Chris Conn wrote: >>> >>> Hello, >>> >>> I hope you don't mind my contact off-list, I don't want to make noise on it >>> for all. Apologies. >>> >>> This new build, are we talking about a daily.cvd (23162?) or a new build of >>> clam/pcre? >>> >>> Thanks again in advance for your help, >>> >>> Chris >>> >>> On 3/3/2017 4:00 PM, Alain Zidouemba wrote: We are coming to the same conclusions. The issue seem to isolated to using pcre libraries older than 7.0. I does not affect users of newer versions of pcre or users of pcre2. A new build with the fix is in progress now. Apologies for the impact this has caused. Alain On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: >> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: >> We're pulling the signature causing the issue now, while we investigate >> the cause. >> >> - Alain > Hi Alain, > > I think the fix is... Replace ? with ?P when the PCRE library is old > > ie. ?< to ?P< > > On... > > Doc.Macro.GenericHeuristic-5901772-0 > Doc.Macro.GenericHeuristic-5931846-1 > > > -- > Cheers, > > Steve > Twitter: @sanesecurity > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml >>> ___ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> ___ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Hello, Looks like my off-list email went on the list LOL. So much for not making noise. Woops. If the 0.99.3 or whatever later version where this would be implemented requires PCRE 7, would that break database updates for versions that have not upgraded if this pcre format is re-used in the future, or would it simply disable pcre support in previous version of clamd that have not been upgraded? Thanks, Chris On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote: A new daily with the Sig dropped. Probably what we will do to prevent this from happening again, is to have 0.99.3 (the upcoming version) require pcre 7. How does that sound? -- Sent from my iPhone On Mar 3, 2017, at 18:08, Chris Connwrote: Hello, I hope you don't mind my contact off-list, I don't want to make noise on it for all. Apologies. This new build, are we talking about a daily.cvd (23162?) or a new build of clam/pcre? Thanks again in advance for your help, Chris On 3/3/2017 4:00 PM, Alain Zidouemba wrote: We are coming to the same conclusions. The issue seem to isolated to using pcre libraries older than 7.0. I does not affect users of newer versions of pcre or users of pcre2. A new build with the fix is in progress now. Apologies for the impact this has caused. Alain On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: We're pulling the signature causing the issue now, while we investigate the cause. - Alain Hi Alain, I think the fix is... Replace ? with ?P when the PCRE library is old ie. ?< to ?P< On... Doc.Macro.GenericHeuristic-5901772-0 Doc.Macro.GenericHeuristic-5931846-1 -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
A new daily with the Sig dropped. Probably what we will do to prevent this from happening again, is to have 0.99.3 (the upcoming version) require pcre 7. How does that sound? -- Sent from my iPhone > On Mar 3, 2017, at 18:08, Chris Connwrote: > > Hello, > > I hope you don't mind my contact off-list, I don't want to make noise on it > for all. Apologies. > > This new build, are we talking about a daily.cvd (23162?) or a new build of > clam/pcre? > > Thanks again in advance for your help, > > Chris > > >> On 3/3/2017 4:00 PM, Alain Zidouemba wrote: >> We are coming to the same conclusions. >> >> The issue seem to isolated to using pcre libraries older than 7.0. I does >> not affect users of newer versions of pcre or users of pcre2. >> >> A new build with the fix is in progress now. >> >> Apologies for the impact this has caused. >> >> Alain >> >> On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < >> steveb_cla...@sanesecurity.com> wrote: >> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: We're pulling the signature causing the issue now, while we investigate the cause. - Alain >>> Hi Alain, >>> >>> I think the fix is... Replace ? with ?P when the PCRE library is old >>> >>> ie. ?< to ?P< >>> >>> On... >>> >>> Doc.Macro.GenericHeuristic-5901772-0 >>> Doc.Macro.GenericHeuristic-5931846-1 >>> >>> >>> -- >>> Cheers, >>> >>> Steve >>> Twitter: @sanesecurity >>> >>> ___ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >>> >> ___ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Hello, I hope you don't mind my contact off-list, I don't want to make noise on it for all. Apologies. This new build, are we talking about a daily.cvd (23162?) or a new build of clam/pcre? Thanks again in advance for your help, Chris On 3/3/2017 4:00 PM, Alain Zidouemba wrote: We are coming to the same conclusions. The issue seem to isolated to using pcre libraries older than 7.0. I does not affect users of newer versions of pcre or users of pcre2. A new build with the fix is in progress now. Apologies for the impact this has caused. Alain On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: We're pulling the signature causing the issue now, while we investigate the cause. - Alain Hi Alain, I think the fix is... Replace ? with ?P when the PCRE library is old ie. ?< to ?P< On... Doc.Macro.GenericHeuristic-5901772-0 Doc.Macro.GenericHeuristic-5931846-1 -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
thanks for this build because i have the same problem with pcre in rel5 Now, I think it will be necessary to quickly update the servers ;-) regards Le 03/03/2017 à 22:00, Alain Zidouemba a écrit : We are coming to the same conclusions. The issue seem to isolated to using pcre libraries older than 7.0. I does not affect users of newer versions of pcre or users of pcre2. A new build with the fix is in progress now. Apologies for the impact this has caused. Alain On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: We're pulling the signature causing the issue now, while we investigate the cause. - Alain Hi Alain, I think the fix is... Replace ? with ?P when the PCRE library is old ie. ?< to ?P< On... Doc.Macro.GenericHeuristic-5901772-0 Doc.Macro.GenericHeuristic-5931846-1 -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
We are coming to the same conclusions. The issue seem to isolated to using pcre libraries older than 7.0. I does not affect users of newer versions of pcre or users of pcre2. A new build with the fix is in progress now. Apologies for the impact this has caused. Alain On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: > > On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: > > We're pulling the signature causing the issue now, while we investigate > > the cause. > > > > - Alain > Hi Alain, > > I think the fix is... Replace ? with ?P when the PCRE library is old > > ie. ?< to ?P< > > On... > > Doc.Macro.GenericHeuristic-5901772-0 > Doc.Macro.GenericHeuristic-5931846-1 > > > -- > Cheers, > > Steve > Twitter: @sanesecurity > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Hello, That may be true, but you also have to maintain a self-compiled version of clamav now, and future updates you will need to re-do this. This may be satisfactory to you as I don't of course know or understand your particular situation, but for the clamav userbase that is using RHEL5 (or CentOS5...) their clamd is now broken due to a package from the base repository being older than what that particular signature requires. RHEL5 is not EOL for another 30 days :) Chris On 3/3/2017 3:33 PM, Leonardo Rodrigues wrote: Em 03/03/17 17:31, Chris Conn escreveu: Updating the PCRE manually doesn't seem like an option as it will break dependancies for important packages, grep, php and httpd among others. I had success installing new PCRE libs on /usr/local (thus keeping system libraries untouched) and recompiling clamav linking to the new libs, something like: ./configure [..] --with-pcre=/usr/local It's working just fine here on some CentOS 5 boxes. Did that with PCRE 8.40. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Em 03/03/17 17:31, Chris Conn escreveu: Updating the PCRE manually doesn't seem like an option as it will break dependancies for important packages, grep, php and httpd among others. I had success installing new PCRE libs on /usr/local (thus keeping system libraries untouched) and recompiling clamav linking to the new libs, something like: ./configure [..] --with-pcre=/usr/local It's working just fine here on some CentOS 5 boxes. Did that with PCRE 8.40. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Hello, If I can add to this discussion; since daily 23161 some RHEL5 systems (pcre-6.6-9) are failing with that same error. A number of them have down clamd at the moment. Updating the PCRE manually doesn't seem like an option as it will break dependancies for important packages, grep, php and httpd among others. Hope this helps, Chris On 3/3/2017 3:14 PM, Steven Morgan wrote: Hi Aaron and Leonardo, What are the versions of libpcre on your systems? Thanks, Steve ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
I said in a previous mail, that i had the problem on CentOS 6 boxes, and that's not true, sorry for that. All my CentOS 6 boxes are OK, and they have latest pcre from CentOS: [root@correio ~]# rpm -qa | grep pcre pcre-devel-7.8-7.el6.x86_64 pcre-7.8-7.el6.x86_64 The boxes on CentOS 5, however, these are the ones that broked with the new signatures. And they also have latest PCRE libs from CentOS: [root@correio ~]# rpm -qa | grep pcre pcre-6.6-9.el5 pcre-devel-6.6-9.el5 On my very few CentOS 5 boxes still running (just 2 actually), i manually compiled PCRE 8.40 with the same parameters used by CentOS compilation: ./configure --enable-utf8 --enable-unicode-properties recompiled clamav linking pcre to /usr/local, and things are working again !!! Em 03/03/17 17:14, Steven Morgan escreveu: Hi Aaron and Leonardo, What are the versions of libpcre on your systems? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Hi Aaron and Leonardo, What are the versions of libpcre on your systems? Thanks, Steve ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote: > We're pulling the signature causing the issue now, while we investigate > the cause. > > - Alain Hi Alain, I think the fix is... Replace ? with ?P when the PCRE library is old ie. ?< to ?P< On... Doc.Macro.GenericHeuristic-5901772-0 Doc.Macro.GenericHeuristic-5931846-1 -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
We're pulling the signature causing the issue now, while we investigate the cause. - Alain On Fri, Mar 3, 2017 at 12:38 PM, Aaron C. Bolchwrote: > Greetings, > > After Daily Update 23161 was applied, the following error happened: > > Database initialization error: can’t compile engine: Malformed Database > > When starting Clamd: > > LibCLamAV Error: cli_pcre_compile: PCRE compilation failed at offset 52: > unrecognized character after (?< > LibClamAV Error: cli_pcre_build: failed to build pcre regex > > Would this be a problem with the update, or something on my end? > > --Aaron > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
OK, so it's PCRE related. Compiling new PCRE libs and linking clamav to it should solve the problem, that's right ? Em 03/03/17 15:11, Steve Basford escreveu: It's a macro detecting ldb Sig that fails due to an old pcre engine being used. The Sig can be rewritten to work on older pcre versions .. or you need to update. Sorry I can't help more. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
It's a macro detecting ldb Sig that fails due to an old pcre engine being used. The Sig can be rewritten to work on older pcre versions .. or you need to update. Sorry I can't help more. Cheers, Steve Twitter: @sanesecurity On 3 March 2017 17:39:48 "Aaron C. Bolch"wrote: Greetings, After Daily Update 23161 was applied, the following error happened: Database initialization error: can’t compile engine: Malformed Database When starting Clamd: LibCLamAV Error: cli_pcre_compile: PCRE compilation failed at offset 52: unrecognized character after (?< LibClamAV Error: cli_pcre_build: failed to build pcre regex Would this be a problem with the update, or something on my end? --Aaron ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Daily 23161 broke Clam
Same problem here with 0.99.2 on CentOS 6 machine: [root@correio clamav]# service clamd start Starting Clam AV daemon: LibClamAV Error: cli_pcre_compile: PCRE compilation failed at offset 52: unrecognized character after (?< LibClamAV Error: cli_pcre_build: failed to build pcre regex ERROR: Database initialization error: Malformed database [FAILED] [root@correio clamav]# Em 03/03/17 14:38, Aaron C. Bolch escreveu: Greetings, After Daily Update 23161 was applied, the following error happened: Database initialization error: can’t compile engine: Malformed Database When starting Clamd: LibCLamAV Error: cli_pcre_compile: PCRE compilation failed at offset 52: unrecognized character after (?< LibClamAV Error: cli_pcre_build: failed to build pcre regex Would this be a problem with the update, or something on my end? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml