Hi,
thanks for your quick answer.
Obtained running:
> clamscan -r ~/.cache --detect-pua=yes -o
Attached required report.
Thanks a lot.
M.
On 08/10/20 10:07, G.W. Haywood via clamav-users wrote:
Hi there,
On Thu, 8 Oct 2020, Olivier via clamav-users wrote:
Is there a way for clamscan and clamdscan to show the cofiguration they
are using?
You haven't said what your system is nor how you installed ClamAV so I
can't tell you what to look for on your own system but there is plenty
of documentation for example at
https://www.clamav.net/documents/configuration
I am having a different result if a scan the same file with clamscan and
clamdscan.
That's not unlikely and it isn't a fault. They are different tools.
The error with clamdscan comes down to Heuristics.Limits.Exceeded FOUND
bit not really saying what size is exceedded nor what size clamscan is
using that is OK.
It's explained in the documentation. You'll need to set aside some time
to spend with it because there's quite a lot of it. It's also worth your
while to look through the archives of this mailing list. For example you
could click on a few links at
https://marc.info/?l=clamav-users&r=1&w=2
then browse the subject lines to see what looks interesting.
I want a way to make sure both clamscan and clamdscan are using the same
values.
No, you want to understand what you're doing. The tools are different.
They are configured, and they do things, in very different ways. The
common, er, thread is that in the end they both use the same signature
database, but clamscan is a stand-alone tool which does everything on
its own, and clamdscan hands the bulk of the work to a daemon called
clamd. There is another tool called clamav-milter which does that too.
Checking configuration files in /etc
Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName disabled
LogFile disabled
LogFileUnlock disabled
LogFileMaxSize = "1048576"
LogTime disabled
LogClean disabled
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose disabled
LogRotate disabled
ExtendedDetectionInfo disabled
PidFile = "/run/clamav/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/run/clamav/clamd-socket"
LocalSocketGroup disabled
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket = "3310"
TCPAddr = "127.0.0.1"
MaxConnectionQueueLength = "200"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "10"
ReadTimeout = "120"
CommandReadTimeout = "30"
SendBufTimeout = "500"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "vscan"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "5000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "100000"
PCRERecMatchLimit = "2000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled
freshclam.conf not found
Config file: clamav-milter.conf
-------------------------------
LogFile disabled
LogFileUnlock disabled
LogFileMaxSize = "1048576"
LogTime disabled
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose disabled
LogRotate disabled
PidFile = "/run/clamav/clamav-milter.pid"
TemporaryDirectory disabled
FixStaleSocket = "yes"
MaxThreads = "10"
ReadTimeout = "120"
Foreground disabled
User = "vscan"
MaxFileSize = "26214400"
ClamdSocket = "unix:/run/clamav/clamd-socket"
MilterSocket = "/run/clamav/clamav-milter-socket"
MilterSocketGroup disabled
MilterSocketMode disabled
LocalNet disabled
OnClean = "Accept"
OnInfected = "Quarantine"
OnFail = "Defer"
RejectMsg disabled
AddHeader = "no"
ReportHostname disabled
VirusAction disabled
Chroot disabled
Whitelist disabled
SkipAuthenticated disabled
LogInfected disabled
LogClean disabled
SupportMultipleRecipients disabled
Software settings
-----------------
Version: 0.103.0
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV
JSON RAR
Database information
--------------------
Database directory: /var/lib/clamav
daily.cld: version 25950, sigs: 4328320, built on Wed Oct 7 15:55:10 2020
bytecode.cld: version 331, sigs: 94, built on Thu Sep 19 18:12:33 2019
main.cld: version 59, sigs: 4564902, built on Mon Nov 25 14:56:15 2019
Total number of signatures: 8893316
Platform information
--------------------
uname: Linux 5.3.18-lp152.44-default #1 SMP Wed Sep 30 18:51:43 UTC 2020
(914f31e) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: "openSUSE Leap 15.2"
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a2179790800000000070500
Build information
-----------------
GNU C: 7.5.0 (7.5.0)
CPPFLAGS:
CFLAGS: -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2
-fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables
-fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing
-DFP_64BIT -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -fmessage-length=0 -grecord-gcc-switches -O2 -Wall
-D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables
-fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector
-fPIE -fno-strict-aliasing -std=gnu++98
LDFLAGS: -pie
Configure: '--host=x86_64-suse-linux-gnu' '--build=x86_64-suse-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/lib'
'--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--disable-dependency-tracking' '--disable-clamav'
'--disable-static' '--with-dbdir=/var/lib/clamav' '--with-user=vscan'
'--with-group=vscan' '--enable-milter' '--enable-check' '--enable-clamdtop'
'--disable-zlib-vcheck' '--disable-timestamps' '--disable-yara'
'--with-system-libmspack' 'build_alias=x86_64-suse-linux-gnu'
'host_alias=x86_64-suse-linux-gnu' 'CXXFLAGS=-fmessage-length=0
-grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong
-funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g
-fstack-protector -fPIE -fno-strict-aliasing -std=gnu++98' 'LDFLAGS=-pie'
'CFLAGS=-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2
-fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables
-fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing
-DFP_64BIT' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 121, dconf: 121
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
