Re: [clamav-users] Clamscan taking a very long time

2020-01-06 Thread G.W. Haywood via clamav-users 

Hi there,

On Mon, 6 Jan 2020, Michael Newman via clamav-users wrote:



G.W. Haywood wrote:
...
You might want to look into some of the text processing tools available, such 
as 'grep'.

...
No need for debug or grep. ... I haven't been able to find a way to log only 
errors and not warnings.


It's easier to parse logs with 'grep' than it is to tweak the syslog
rule, but aren't we straying from the subject a little?  Your logs
should have timestamps, which will tell you what's taking the time.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamscan taking a very long time

2020-01-06 Thread Michael Newman via clamav-users 
G.W. Haywood wrote:

> It's easier to parse logs with 'grep' than it is to tweak the syslog
> rule, but aren't we straying from the subject a little?  Your logs
> should have timestamps, which will tell you what's taking the time.

Nope. I give up. No more clamAV for me. Clearly, I'm not smart enough to figure 
out how to use it.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Manual downloaded virus db file doesn't work

2020-01-06 Thread kaifeng zeng via clamav-users 
Hi, 

I have to run clamav in machines that don’t have access to internet, but they 
have access to intranet. I downloaded the virus db files manually from 
https://www.clamav.net/downloads  and then 
distribute them to /var/lib/clamav folder in the target machines. It fails with 
"LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Can't verify database 
integrity”.

However, if I use the db files generated from freshclam and distribute them to 
/var/lib/clamav folder in the target machines, it works. 

Anything that I am missing before I could use the manually downloaded file? 

Kevin
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Manual downloaded virus db file doesn't work

2020-01-06 Thread kaifeng zeng via clamav-users 
Sorry for the email. I just found that the file that I manually downloaded was 
incomplete and hence clamscan is reporting the file being invalid. Please 
ignore my previous email. 

> On Jan 6, 2020, at 4:24 PM, kaifeng zeng via clamav-users 
>  wrote:
> 
> rnet, but they have access to intranet. I downloaded the virus db files 
> manually from https://www.clamav.net/downloads 
> 
>  and then distribute them to /var/


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Freshclam 0.102.1 ignores "--disable-ipv6"

2020-01-06 Thread Paul Kosinski via clamav-users 
Even though I built the latest ClamAV (0.102.1) with the 'configure'
option "--disable-ipv6", freshclam tried using IPv6 addresses when it
failed to connect via IPv4 due to a firewall rule (which I now changed
to allow port 443 as well as port 80). 

This rule was part of hardening our mail server a bit by blocking most
outbound connections, so I had added explicit pass-thru for the
clamav.net IPv4 addresses -- previously only port 80, now also 443.
(And I had to allow these outbound connections because my previous
attempts at local mirroring collapsed with the switch to Cloudflare:
the CVD files on the BOS Cloudflare mirror seemed to be out of date a
lot, as discussed in my previous postings).


P.S. As far as I can tell, disallowing IPv6 everywhere within, in to
and out of our small LAN, does not block anything of importance. Does
anyone know of  anything on the Internet that is IPv6 *only*, and is
important enough to justify spending weeks of work rebuilding our
firewall (not to mention reconfiguring everything else)?

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam 0.102.1 ignores "--disable-ipv6"

2020-01-06 Thread Al Varnell via clamav-users 
I’m fairly certain this was previously discussed. Might want to check the 
archives.

I have not run across any site yet that is IPv6 only,  but I suspect users in 
Asia have. 

Sent from my iPad

-Al-

> On Jan 6, 2020, at 18:12, Paul Kosinski via clamav-users 
>  wrote:
> 
> Even though I built the latest ClamAV (0.102.1) with the 'configure'
> option "--disable-ipv6", freshclam tried using IPv6 addresses when it
> failed to connect via IPv4 due to a firewall rule (which I now changed
> to allow port 443 as well as port 80). 
> 
> This rule was part of hardening our mail server a bit by blocking most
> outbound connections, so I had added explicit pass-thru for the
> clamav.net IPv4 addresses -- previously only port 80, now also 443.
> (And I had to allow these outbound connections because my previous
> attempts at local mirroring collapsed with the switch to Cloudflare:
> the CVD files on the BOS Cloudflare mirror seemed to be out of date a
> lot, as discussed in my previous postings).
> 
> 
> P.S. As far as I can tell, disallowing IPv6 everywhere within, in to
> and out of our small LAN, does not block anything of importance. Does
> anyone know of  anything on the Internet that is IPv6 *only*, and is
> important enough to justify spending weeks of work rebuilding our
> firewall (not to mention reconfiguring everything else)?
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam 0.102.1 ignores "--disable-ipv6"

2020-01-06 Thread Paul Kosinski via clamav-users 
I looked back in the list a bit, and found some mentions of freshclam
and IPv6, but not this issue specifically.

The fact that freshclam ignores the "--disable-ipv6" option probably
won't be a problem in practice -- as long as the IPv4 connections to
ClamAV.net work -- but it is annoying, and clearly a (minor) bug. 

There are some other services, like NTP, X, VNC and RSYNCD, that insist
on binding to IPv6, even though *none* of our interfaces have it, but
they only *listen*, and thus yield no error msgs.




On Mon, 6 Jan 2020 20:48:20 -0800
Al Varnell via clamav-users  wrote:

> I’m fairly certain this was previously discussed. Might want to check
> the archives.
> 
> I have not run across any site yet that is IPv6 only,  but I suspect
> users in Asia have. 
> 
> Sent from my iPad
> 
> -Al-
> 
> > On Jan 6, 2020, at 18:12, Paul Kosinski via clamav-users
> >  wrote:
> > 
> > Even though I built the latest ClamAV (0.102.1) with the
> > 'configure' option "--disable-ipv6", freshclam tried using IPv6
> > addresses when it failed to connect via IPv4 due to a firewall rule
> > (which I now changed to allow port 443 as well as port 80). 
> > 
> > This rule was part of hardening our mail server a bit by blocking
> > most outbound connections, so I had added explicit pass-thru for the
> > clamav.net IPv4 addresses -- previously only port 80, now also 443.
> > (And I had to allow these outbound connections because my previous
> > attempts at local mirroring collapsed with the switch to Cloudflare:
> > the CVD files on the BOS Cloudflare mirror seemed to be out of date
> > a lot, as discussed in my previous postings).
> > 
> > 
> > P.S. As far as I can tell, disallowing IPv6 everywhere within, in to
> > and out of our small LAN, does not block anything of importance.
> > Does anyone know of  anything on the Internet that is IPv6 *only*,
> > and is important enough to justify spending weeks of work
> > rebuilding our firewall (not to mention reconfiguring everything
> > else)?


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Some mysterious output from freshclam 0.102.1

2020-01-06 Thread Paul Kosinski via clamav-users 
Since we still do the quick DNS TXT check (which I described last
summer) to determine when to actually run freshclam, we also use the
"-v" option on freshclam to get a more detailed log (in case there are
still DB sync problems with the BOS mirror).

Now, with version 0.102.1, one log (see below) showed something I don't
understand. All the logs seem to echo the SSL/TLS stuff, including the
certificate info, but this one also said, just before the end, "Server
cloudflare is not blacklisted". What is that about? 

P.S. All the blank lines below were actually in the log.


== Begin excerpt from Monday 06 January 2020 at 15:43:01 ==
Retrieving https://database.clamav.net/daily-25686.cdiff
downloadFile: Download source:  
https://database.clamav.net/daily-25686.cdiff
downloadFile: Download destination: 
./clamav-c71f86a449359adc26ab5e7accfa724e.tmp
* Hostname was NOT found in DNS cache
*   Trying 104.16.219.84...
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* Server certificate:
*subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; 
CN=ssl392509.cloudflaressl.com
*start date: 2019-08-24 00:00:00 GMT
*expire date: 2020-03-01 23:59:59 GMT
*subjectAltName: database.clamav.net matched
*issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; 
CN=COMODO ECC Domain Validation Secure Server CA 2
*SSL certificate verify ok.






















* Server cloudflare is not blacklisted



* Closing connection 0
== End excerpt from Monday 06 January 2020 from 15:43:01 ==



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml