Hi Steve, When I remove all my local database files problem goes away. So problem appears to be in a local database.
I narrowed it down to one .ldb file. But the problem doesn't seem to be as simple as one particular signature in that file. I can remove signatures until the problem goes away, but then adding any signature to that file that is matched causes problem to come back. eg adding sig below causes the problem. BAD_SIGNATURE.ldb.macro.19;Target:2;1;41747472;0:(0)/./ri The debug file with scan-ole2=yes is showing LibClamAV debug: FP SIGNATURE: 924d8e14ccb2604effc455e1a584cb80:93184:BAD_SIGNATURE.ldb.macro.19.UNOFFICIAL just before exit. This being md5sum:size of the doc being scanned. FP reads like false positive but I don't think it means this. "FP SIGNATURE" seems to be always logged with the last signature matched whether the problem is present or not. I note the same md5sum:size in winnow_malware.hdb 924d8e14ccb2604effc455e1a584cb80:93184:winnow.malware.135963 Seems like some sort of weird bug exercised by the signature set in my local databases when scan-ole2=yes . I'll keep trying to narrow it down. -- David Shrimpton Information Technology Services | The University of Queensland _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
