The machine pulled bytecode.cld version 327 last night: Thu Aug 9 03:35:33 2018 -> Downloading bytecode-327.cdiff [100%] Thu Aug 9 03:35:33 2018 -> bytecode.cld updated (version: 327, sigs: 91, f-level: 63, builder: neo)
Now the bytecode error messages are gone: $ clamscan .java/deployment/cache/6.0/6/41d72bc6-799a1944 .java/deployment/cache/6.0/6/41d72bc6-799a1944: OK ----------- SCAN SUMMARY ----------- Known viruses: 6603127 Engine version: 0.100.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 13.36 MB Data read: 4.67 MB (ratio 2.86:1) Time: 15.219 sec (0 m 15 s) Thanks, Tilman Am 07.08.2018 um 20:02 schrieb Tilman Schmidt: > > $ sha256sum .java/deployment/cache/6.0/6/41d72bc6-799a1944 > 97432da2d77d78872ececf4de2eef1c759e7846db85d4fb14eb02764b6bd02ad > .java/deployment/cache/6.0/6/41d72bc6-799a1944 > [...] >> >> The problem is back, this time with two bytecodes: 2 and 90. >> ClamAV version is 0.100.1. >> The last clamscan run without the error was on 2018-07-26 06:00. >> The preceding freshclam run said: >> >> Thu Jul 26 05:49:13 2018 -> main.cld is up to date (version: 58, sigs: >> 4566249, f-level: 60, builder: sigmgr) >> Thu Jul 26 05:49:13 2018 -> daily.cld is up to date (version: 24783, >> sigs: 2025533, f-level: 63, builder: neo) >> Thu Jul 26 05:49:13 2018 -> bytecode.cld is up to date (version: 325, >> sigs: 90, f-level: 63, builder: neo) >> >> The first clamscan run exhibiting the problem was on 2018-07-27 06:00. >> The freshclam run preceding that said: >> >> Fri Jul 27 05:49:24 2018 -> main.cld is up to date (version: 58, sigs: >> 4566249, f-level: 60, builder: sigmgr) >> Fri Jul 27 05:49:24 2018 -> daily.cld is up to date (version: 24786, >> sigs: 2027088, f-level: 63, builder: neo) >> Fri Jul 27 05:49:24 2018 -> bytecode.cld is up to date (version: 326, >> sigs: 93, f-level: 63, builder: neo) >> >> So it would seem that bytecode.cld version 326 is the culprit. >> >> The error message is again triggered only by a single file: >> >> -rw-rw-r-- 1 tschmidt tschmidt 4896567 Jul 11 11:15 >> .java/deployment/cache/6.0/6/41d72bc6-799a1944 >> >> As you can see the file has been there for about four weeks, but the >> messages started only two weeks ago, so it seems their reappearance was >> triggered by the signature update, not by the appearance of the file. -- Tilman Schmidt cardtech Card & POS Service GmbH Cologne, Germany _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
