On Wed, Nov 24, 2021 at 10:14 AM Ralf Hildebrandt via clamav-users < clamav-users@lists.clamav.net> wrote:
> * Arnaud Jacques via clamav-users <clamav-users@lists.clamav.net>: > > Is it just me, or? > > Same here: > > # clamdscan -V > ClamAV 0.103.4/26363/Wed Nov 24 10:19:30 2021 > > # sigtool -l|tail > Doc.Malware.Valyria-6923115-0 > Xls.Malware.Generic-6923116-0 > Doc.Malware.00536d-6923117-0 > Doc.Malware.Valyria-6923118-0 > Xls.Malware.Sload-6923119-0 > Xls.Downloader.Powload-6923120-0 > ERROR: listdb: Malformed pattern line 32300 (file > /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb) > ERROR: listdb: Error listing database > /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb > ERROR: listdb: Can't list directory /var/lib/clamav/main.cld > ERROR: listdb: Error listing database /var/lib/clamav/main.cld > I get the same errors, yet clamscan loads things just fine and sigtool is able to decode the signature on line 32300 (Doc.Trojan.Agent-6923124-0) without a problem. It definitely seems like an issue with the list-sigs functionality though, given the disparity in counts between a count of the lines output by sigtool -l and the number of known viruses reported by clamscan (version 0.103.3). $ sigtool -l | wc -l 6640592 $ clamscan test.txt /Users/mbroekman/Security/test/test.txt: OK ----------- SCAN SUMMARY ----------- Known viruses: 8579605 One curious thing is that the Powload signature is *exactly* 8192 characters in length. From past experience with older versions of ClamAV, I thought 8k was the size limit for signatures, including the EOL for the database line. I wonder if there's still an issue in the list-sigs functionality around that, since clamscan doesn't report database errors. --Maarten Ralf Hildebrandt > Charité - Universitätsmedizin Berlin > Geschäftsbereich IT | Abteilung Netzwerk > > Campus Benjamin Franklin (CBF) > Haus I | 1. OG | Raum 105 > Hindenburgdamm 30 | D-12203 Berlin > > Tel. +49 30 450 570 155 > ralf.hildebra...@charite.de > https://www.charite.de > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
