It just seems odd to me that this is only happening on the servers we upgraded to 0.98. The servers till running 0.97 do not have this error. Here is the output of clamconf. If you can assist, I would greatly appreciate it. Thank you!
Checking configuration files in /etc Config file: clamd.conf ----------------------- LogFile = "/var/log/clamav/clamd.log" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog = "yes" LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate disabled ExtendedDetectionInfo disabled PidFile = "/var/run/clamav/clamd.pid" TemporaryDirectory = "/var/tmp" DatabaseDirectory = "/var/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.sock" LocalSocketGroup disabled LocalSocketMode disabled FixStaleSocket = "yes" TCPSocket = "3310" TCPAddr = "127.0.0.1" MaxConnectionQueueLength = "30" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "50" ReadTimeout = "300" CommandReadTimeout = "5" SendBufTimeout = "500" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "600" VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" AllowSupplementaryGroups = "yes" Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "5000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables = "yes" ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "10000" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" ScanOnAccess disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --------------------------- LogFileMaxSize = "1048576" LogTime disabled LogSyslog = "yes" LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate disabled PidFile disabled DatabaseDirectory = "/var/clamav" Foreground disabled Debug disabled AllowSupplementaryGroups disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "12" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.us.clamav.net", "db.us.clamav.net", "db.local.clamav.net" PrivateMirror disabled MaxAttempts = "3" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SubmitDetectionStats disabled DetectionStatsCountry disabled DetectionStatsHostID disabled SafeBrowsing disabled Bytecode = "yes" Config file: clamav-milter.conf ------------------------------- LogFile = "/var/log/clamav/clamav-milter.log" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog = "yes" LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate disabled PidFile disabled TemporaryDirectory disabled FixStaleSocket = "yes" MaxThreads = "10" ReadTimeout = "120" Foreground disabled User = "clamav" AllowSupplementaryGroups = "yes" MaxFileSize = "26214400" ClamdSocket = "unix:/var/run/clamav/clamd.sock" MilterSocket = "unix:/var/clamav/clmilter.socket" MilterSocketGroup disabled MilterSocketMode disabled LocalNet disabled OnClean = "Accept" OnInfected = "Quarantine" OnFail = "Defer" RejectMsg disabled AddHeader = "no" ReportHostname disabled VirusAction disabled Chroot disabled Whitelist disabled SkipAuthenticated disabled LogInfected disabled LogClean disabled SupportMultipleRecipients disabled Software settings ----------------- Version: 0.98 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 RAR Database information -------------------- Database directory: /var/clamav daily.cld: version 17927, sigs: 389870, built on Wed Oct 2 08:53:07 2013 main.cld: version 55, sigs: 2424225, built on Tue Sep 17 09:57:28 2013 bytecode.cld: version 226, sigs: 43, built on Thu Sep 19 08:12:03 2013 Total number of signatures: 2814138 Platform information -------------------- uname: Linux 2.6.18-194.11.4.el5 #1 SMP Fri Sep 17 04:57:05 EDT 2010 x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 Full OS version: "Red Hat Enterprise Linux Server release 5.10 (Tikanga)" zlib version: 1.2.3 (1.2.3), compile flags: a9 platform id: 0x0a214a4a0800000000040102 Build information ----------------- GNU C: 4.1.2 20080704 (Red Hat 4.1.2-54) (4.1.2) CPPFLAGS: CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic LDFLAGS: Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--program-prefix=' '--disable-clamav' '--disable-llvm' '--disable-static' '--disable-zlib-vcheck' '--enable-check' '--enable-clamdtop' '--enable-dns' '--enable-id-check' '--enable-milter' '--with-dbdir=/var/clamav' '--with-group=clamav' '--with-libcurl' '--with-user=clamav' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --enable-ltdl-convenience sizeof(void*) = 8 Engine flevel: 74, dconf: 74 Jamen McGranahan Systems Services Librarian Vanderbilt University Library -----Original Message----- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of David Raynor Sent: Monday, September 30, 2013 8:17 AM To: ClamAV users ML Subject: Re: [clamav-users] 0.98 / LibClamAV Warning & Error On Sun, Sep 29, 2013 at 6:16 AM, McGranahan, Jamen < jamen.mcgrana...@vanderbilt.edu> wrote: > I'm using Clam 0.98 on RedHat 5 servers and since upgrading to 0.98, I > am seeing the following when trying to run a clamscan: > > LibClamAV Warning: SWF: Invalid tag length LibClamAV Error: > cli_scanswf: > GETBITS: Can't read file > > I've never seen this error before and am not sure how to correct it. I > couldn't find anything that remotely relates to this when trying to > search for it, so any advice and/or suggestions are greatly > appreciated. Since this is happening on one of our primary servers, it > makes me nervous, so I really need to get this fixed ASAP. Thank you! > > Jamen McGranahan > Systems Services Librarian > Vanderbilt University LIbrary > Central Library > Room 811 > 419 21st Avenue South > Nashville, TN 37214 > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > This error message comes from reading bits out of a SWF file. It has two potential causes: 1) Invalid offset inside file (less serious, problem with the file) 2) File read failed (more serious, problem accessing the file or the fmap) If you are not seeing other issues and warnings, it is most likely due to problem files and not a more serious issue. If you find a file that re-creates the issue, we can take a look. Any more assessment than this will require a file and/or your configuration as reported by clamconf. Hope this helps, Dave R. -- --- Dave Raynor Sourcefire Vulnerability Research Team dray...@sourcefire.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
