If by pulled you mean updated to, then yes that happened and it only included these two changes: > Dropped Detection Signatures: > * BC.Img.Exploit.CVE_2018_3839-6614872-0 > * BC.Img.Exploit.CVE_2018_3839-6614873-0
Which were previously added on 26 July by bytecode - 326. So I'd have to guess that was all that was needed to fix the issues some have been observing. -Al- On Thu, Aug 09, 2018 at 01:12 AM, Tilman Schmidt wrote: > The machine pulled bytecode.cld version 327 last night: > > Thu Aug 9 03:35:33 2018 -> Downloading bytecode-327.cdiff [100%] > Thu Aug 9 03:35:33 2018 -> bytecode.cld updated (version: 327, sigs: > 91, f-level: 63, builder: neo) > > Now the bytecode error messages are gone: > > $ clamscan .java/deployment/cache/6.0/6/41d72bc6-799a1944 > .java/deployment/cache/6.0/6/41d72bc6-799a1944: OK > > ----------- SCAN SUMMARY ----------- > Known viruses: 6603127 > Engine version: 0.100.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 13.36 MB > Data read: 4.67 MB (ratio 2.86:1) > Time: 15.219 sec (0 m 15 s) > > Thanks, > Tilman > > Am 07.08.2018 um 20:02 schrieb Tilman Schmidt: >> >> $ sha256sum .java/deployment/cache/6.0/6/41d72bc6-799a1944 >> 97432da2d77d78872ececf4de2eef1c759e7846db85d4fb14eb02764b6bd02ad >> .java/deployment/cache/6.0/6/41d72bc6-799a1944 >> > [...] >>> >>> The problem is back, this time with two bytecodes: 2 and 90. >>> ClamAV version is 0.100.1. >>> The last clamscan run without the error was on 2018-07-26 06:00. >>> The preceding freshclam run said: >>> >>> Thu Jul 26 05:49:13 2018 -> main.cld is up to date (version: 58, sigs: >>> 4566249, f-level: 60, builder: sigmgr) >>> Thu Jul 26 05:49:13 2018 -> daily.cld is up to date (version: 24783, >>> sigs: 2025533, f-level: 63, builder: neo) >>> Thu Jul 26 05:49:13 2018 -> bytecode.cld is up to date (version: 325, >>> sigs: 90, f-level: 63, builder: neo) >>> >>> The first clamscan run exhibiting the problem was on 2018-07-27 06:00. >>> The freshclam run preceding that said: >>> >>> Fri Jul 27 05:49:24 2018 -> main.cld is up to date (version: 58, sigs: >>> 4566249, f-level: 60, builder: sigmgr) >>> Fri Jul 27 05:49:24 2018 -> daily.cld is up to date (version: 24786, >>> sigs: 2027088, f-level: 63, builder: neo) >>> Fri Jul 27 05:49:24 2018 -> bytecode.cld is up to date (version: 326, >>> sigs: 93, f-level: 63, builder: neo) >>> >>> So it would seem that bytecode.cld version 326 is the culprit. >>> >>> The error message is again triggered only by a single file: >>> >>> -rw-rw-r-- 1 tschmidt tschmidt 4896567 Jul 11 11:15 >>> .java/deployment/cache/6.0/6/41d72bc6-799a1944 >>> >>> As you can see the file has been there for about four weeks, but the >>> messages started only two weeks ago, so it seems their reappearance was >>> triggered by the signature update, not by the appearance of the file. -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
