On Wed, 24 Nov 2021, Micah Snyder (micasnyd) via clamav-users wrote: > Date: Wed, 24 Nov 2021 19:42:29 +0000 > From: "Micah Snyder (micasnyd) via clamav-users" > <clamav-users@lists.clamav.net> > To: ClamAV users ML <clamav-users@lists.clamav.net> > Cc: "Micah Snyder (micasnyd)" <micas...@cisco.com> > Subject: Re: [clamav-users] [ext] ERROR: listdb: Error listing database > /var/lib/clamav/daily.cvd > > This issue was fixed 0.104.0 with this commit: > https://github.com/Cisco-Talos/clamav/commit/13af789f4ed > [https://opengraph.githubassets.com/832a364ece5b84d063f57a0a4f1aec496fb43823732d1d7dfc4c77a76c91ddd2/Cisco-Talos/clamav/commit/13af789f4eda8b7b65d4ddacc2c0b3cd91e4e152]<https://github.com/Cisco-Talos/clamav/commit/13af789f4ed> > SigTool: fix insufficient buffer size for --list-sigs · > Cisco-Talos/clamav@13af789<https://github.com/Cisco-Talos/clamav/commit/13af789f4ed> > SigTool's --list-sigs feature can't handle long LDB signatures because the > buffer size was wrong. > github.com > > Ex: > > ⯠./0.103.3/bin/sigtool -l|tail > Doc.Malware.Valyria-6923115-0 > Xls.Malware.Generic-6923116-0 > Doc.Malware.00536d-6923117-0 > Doc.Malware.Valyria-6923118-0 > Xls.Malware.Sload-6923119-0 > Xls.Downloader.Powload-6923120-0 > ERROR: listdb: Malformed pattern line 32300 (file > /tmp/clamav-eb5a59fe3b37724270fffea9a6c9e791.tmp/main.ldb) > ERROR: listdb: Error listing database > /tmp/clamav-eb5a59fe3b37724270fffea9a6c9e791.tmp/main.ldb > ERROR: listdb: Can't list directory > /home/micasnyd/clams/0.103.3/share/clamav/main.cld > ERROR: listdb: Error listing database > /home/micasnyd/clams/0.103.3/share/clamav/main.cld > > ⯠./0.104.1/bin/sigtool -l|tail > PUA.Win.Adware.Opencandy-6872345-0 > PUA.Win.Adware.Gamevance-6872347-0 > PUA.Win.Adware.Opencandy-6872348-0 > PUA.Win.Adware.Opencandy-6872350-0 > PUA.Win.Adware.Cerbu-6872355-0 > PUA.Win.Adware.Ursu-6873464-0 > PUA.Win.Trojan.Scriptkd-6876283-0 > PUA.Win.Downloader.Firseria-6877068-0 > PUA.Win.Adware.Softpulse-6877069-0 > PUA.Win.Packed.0040eff-6877419-0 > > Arnaud, if you have a strong need for this fix in 0.103, we can easily > backport it in the next patch version. Else you can use 0.104+'s sigtool. > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > ________________________________
I applied the following patch to ClamAV 0.103.4 : https://crashrecovery.org/amavis/clamav/RPMS/mdk101/clamav-0.103.4-sigtool.patch wich seems to fix the sigtool problem : [hubble:root]:(~)# sigtool -l | tail Win.Malware.Generic-9911955-0 Win.Trojan.Kasidet-9911956-0 Win.Dropper.Behav-9911957-0 Win.Tool.Proxycrack-9911958-0 Win.Trojan.Generic-9911959-0 Win.Tool.Proxycrack-9911960-0 Win.Trojan.Pwcrack-9911961-0 Win.Malware.Shellini-9911962-0 Eicar-Test-Signature Win.Packer.Agent-6412293-0 [hubble:root]:(~)# sigtool -l | wc -l 8593628 [hubble:root]:(~)# clamdscan -V ClamAV 0.103.4/26363/Wed Nov 24 10:19:30 2021 [hubble:root]:(~)# [hubble:root]:(~)# cd /var/lib/clamav/ [hubble:root]:(/var/lib/clamav)# ll total 222144 -rw-r--r-- 1 clamav clamav 293670 Nov 25 04:58 bytecode.cvd -rw-r--r-- 1 clamav clamav 56687807 Nov 25 04:58 daily.cvd -rw-r--r-- 1 clamav clamav 69 Nov 25 04:58 freshclam.dat -rw-r--r-- 1 clamav clamav 170479789 Nov 25 04:58 main.cvd [hubble:root]:(/var/lib/clamav)# -- Robert M. Stockmann - RHCE Network Engineer - UNIX/Linux Specialist crashrecovery.org st...@stokkie.net _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
