At 10:20 PM 6/1/2007, Christopher X. Candreva wrote: >On Fri, 1 Jun 2007, Noel Jones wrote: > > > fatfinger error on the name, I am referring to daily.wdb as the > > pasted session shows. > >Ah, sorry. Bleary-eyed error not catching it in the sesion. :-) > > > Are you using 91rc1? It's very repeatable here. I have > >Yes, so far it has been running fine. My monitoring scripts haven't >restarted it once.
Ok, I've narrowed it down to the following TWO lines in daily.wdb: X:http.//www\.ebay\.co\.uk.+:.+emailpics.\.ebay\.com:14- X:http.//info.citibank.com.+:https.//offer.citibank.com:14- (I believe daily.wdb is a whitelist for the experimental antiphishing code. I'm not sure this file is used if you don't compile with --enable-experimental.) If *BOTH* these lines are present, clamscan coredumps when scanning an email with an html part. The email need not have URLs that reference the sites in the two rules. This is very repeatable with multiple email messages. clamscan still works properly on text files or email with no html. -- Noel Jones _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
