date:20190529

[clamav-users] Regarding ClamAV performance

2019-05-29 Thread Narashimman Srinivasan

Hi

In  custom target, testing of clamAV (0.101.2) scanning set of
files/folders when RFS is from SD-MMC appears
same time taken (~13 mins) with(~1.8GB)/without swap memory under 1 GB RAM.
On comparison clamAV (0.101.2) with Ubuntu host (6 GB, 64 bits), time taken
is always quicker (~42 secs).

Following is log where time taken is almost same for scanning single file
or set of files on custom target (1 GB RAM)
running with Linux kernel 4.9, where root file system is from  SD-MMC card.

Please let me know your valuable feedback.

clamscan ./
./.viminfo: OK

--- SCAN SUMMARY ---
Known viruses: 6123265
Engine version: 0.101.2
Scanned directories: 1
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 774.923 sec (12 m 54 s)
---


 clamscan ./*
./101/clamav-freshclam-0.101.2-r0.2.2.cortexa9hf_neon.rpm: OK
./101/clamav-0.101.2-r0.2.2.cortexa9hf_neon.rpm: OK
./101/clamav-libclamav-0.101.2-r0.2.2.cortexa9hf_neon.rpm: OK
./101-old/clamav-0.101-r0.2.cortexa9hf_neon.rpm: OK
./101-old/clamav-lic-0.101-r0.2.cortexa9hf_neon.rpm: OK
./101-old/clamav-libclamav-0.101-r0.2.cortexa9hf_neon.rpm: OK
./101-old/clamav-freshclam-0.101-r0.2.cortexa9hf_neon.rpm: OK
./101-old1/clamav-0.101-r0.2.cortexa9hf_neon.rpm: OK
./101-old1/clamav-libclamav-0.101-r0.2.cortexa9hf_neon.rpm: OK
./101-old1/clamav-freshclam-0.101-r0.2.cortexa9hf_neon.rpm: OK
./99/clamav-lic-0.99.2-r0.1.cortexa9hf_neon.rpm: OK
./99/clamav-libclamav-0.99.2-r0.1.cortexa9hf_neon.rpm: OK
./99/clamav-freshclam-0.99.2-r0.1.cortexa9hf_neon.rpm: OK
./99/clamav-0.99.2-r0.1.cortexa9hf_neon.rpm: OK

--- SCAN SUMMARY ---
Known viruses: 6123265
Engine version: 0.101.2
Scanned directories: 4
Scanned files: 14
Infected files: 0
Data scanned: 7.56 MB
Data read: 3.74 MB (ratio 2.02:1)
Time: 791.395 sec (13 m 11 s)
-
Thank & Regards
Manjunatha Srinivasan N

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-05-29 Thread Groach via clamav-users

Since 25th May, my email system (according to this new signature) is 
rife with a virus that didnt (and still doesnt) exist in these historic 
emails.  These emails (an extract of the scan results is shown below) 
have PDF's in them but are without risk.  Can we drop this signature please?


Thanks


D:\Datastore\hMailData\mydomain.net\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND


and several hundred more

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-05-29 Thread David Raynor

 Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that was
published on the morning of the 28th. If you got that version or 25464 from
this morning you should be fine.

Dave R.

On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Since 25th May, my email system (according to this new signature) is rife
> with a virus that didnt (and still doesnt) exist in these historic
> emails.?? These emails (an extract of the scan results is shown below) have
> PDF's in them but are without risk.?? Can we drop this signature please?
>
> Thanks
>
>
> D:\Datastore\hMailData\mydomain.net\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>
> and several hundred more
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 
---
Dave Raynor
Talos Security Intelligence and Research Group
dray...@sourcefire.com

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] UNSUBSCRIBE

2019-05-29 Thread Tony Rothkirch



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] UNSUBSCRIBE

2019-05-29 Thread Al Varnell via clamav-users

You have to do that yourself at the bottom of 


Sent from my iPad

-Al-
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Regarding ClamAV performance

[clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

[clamav-users] UNSUBSCRIBE

Re: [clamav-users] UNSUBSCRIBE

5 matches

Site Navigation

Mail list logo

Footer information