Hello ClamAV Users,
I have an issue with clamav 0.99 on Debian 7 and onDebian 8
When scanning many Webhosting files like Wordpress, Joomla and similar.
clamscan throws errors like this:
LibClamAV Error: cli_gentempfd: Can't create temporary file
/tmp/clamav-bf5e1c8fb78e0c76336b17f146e786f7.tmp: Too many open files
And many clamav folders like this are left in the /tmp/ directory:
/tmp/clamav-ecf2715ac17367a5ec8b52227ccccaf2.tmp/rfc2397
The errors do not happen when I deactivate scriptnormalization.
clamscan -ir --max-scriptnormalize=1 ./wp-content
But with this option I miss many infected files.
The errors started with clamav 0.99
Best Regards, Bernhard
________________________________________
Von: clamav-users <clamav-users-boun...@lists.clamav.net> im Auftrag von
clamav-users-requ...@lists.clamav.net <clamav-users-requ...@lists.clamav.net>
Gesendet: Mittwoch, 3. Februar 2016 18:00
An: clamav-users@lists.clamav.net
Betreff: clamav-users Digest, Vol 137, Issue 3
Send clamav-users mailing list submissions to
clamav-users@lists.clamav.net
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
or, via email, send a message with subject or body 'help' to
clamav-users-requ...@lists.clamav.net
You can reach the person managing the list at
clamav-users-ow...@lists.clamav.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of clamav-users digest..."
Today's Topics:
1. Re: undefined signature ? Win.Trojan.Win64-166
(Joel Esler (jesler))
2. Re: undefined signature ? Win.Trojan.Win64-166 (Gaetan Trivino)
----------------------------------------------------------------------
Message: 1
Date: Tue, 2 Feb 2016 18:32:12 +0000
From: "Joel Esler (jesler)" <jes...@cisco.com>
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] undefined signature ? Win.Trojan.Win64-166
Message-ID: <6fb52f35-9ddb-4009-85a8-ceeb0badc...@cisco.com>
Content-Type: text/plain; charset="utf-8"
Unfortunately, the system that presently publishes the ruleset (which we are
building a replacement for (more details to come)), and sends the email, does
not perform this function as a single step. Someone may have published without
clicking the ?send email? button.
--
Joel Esler
Manager, Talos Group
On Feb 2, 2016, at 11:26 AM, Al Varnell
<alvarn...@mac.com<mailto:alvarn...@mac.com>> wrote:
I?ve noticed that not all updates seem to be sent to the list. For example,
did you get Updates (daily:21307) or (daily:21304)?
-Al-
On Tue, Feb 02, 2016 at 05:02 AM, Gaetan Trivino wrote:
Hello everyone,
I'm using clamav since a year now, and we are really happy with the service.
i've done a full search on my mail and archives,
i never see the signature comming in clamav-virusdb mailling list.
my definitions are up to date and signature seems to be a false
positive. How is it possible to have a signature available in my
daily.cvd but not announced in clamav-virusdb ?
I have this case 10 time a year with signatures defined in my daily.cvd
but not announced in clamav-virusdb.
Bests regards,
Ga?tan Trivino
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
------------------------------
Message: 2
Date: Wed, 3 Feb 2016 10:44:54 +0100
From: Gaetan Trivino <gaetan.triv...@corp.ovh.com>
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] undefined signature ? Win.Trojan.Win64-166
Message-ID: <56b1cc16.6020...@corp.ovh.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
@Al True, i didn't receive thoses mails, and i didn't find it into
mailling list archive.
@Joel sad news. It explain everything. I was worried someone "inject"
ghosts signatures.
Is there a place where we could track updates changelogs ? Some
signatures sounds false positive for me, i want to track who send it and
why it was created. I use actually the maillingList as a changelog.
Bests,
Ga?tan
On 02/02/2016 07:32 PM, Joel Esler (jesler) wrote:
> Unfortunately, the system that presently publishes the ruleset (which we are
> building a replacement for (more details to come)), and sends the email, does
> not perform this function as a single step. Someone may have published
> without clicking the ?send email? button.
>
>
>
> --
> Joel Esler
> Manager, Talos Group
>
>
>
>
> On Feb 2, 2016, at 11:26 AM, Al Varnell
> <alvarn...@mac.com<mailto:alvarn...@mac.com>> wrote:
>
> I?ve noticed that not all updates seem to be sent to the list. For example,
> did you get Updates (daily:21307) or (daily:21304)?
>
> -Al-
>
> On Tue, Feb 02, 2016 at 05:02 AM, Gaetan Trivino wrote:
>
> Hello everyone,
>
> I'm using clamav since a year now, and we are really happy with the service.
>
> i've done a full search on my mail and archives,
> i never see the signature comming in clamav-virusdb mailling list.
>
> my definitions are up to date and signature seems to be a false
> positive. How is it possible to have a signature available in my
> daily.cvd but not announced in clamav-virusdb ?
>
> I have this case 10 time a year with signatures defined in my daily.cvd
> but not announced in clamav-virusdb.
>
> Bests regards,
> Ga?tan Trivino
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
Cordialement,
--
Ga?tan Trivino
OVH
------------------------------
Subject: Digest Footer
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
------------------------------
End of clamav-users Digest, Vol 137, Issue 3
********************************************
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
