Re: [clamav-users] Streaming support in ClamD

2015-07-09 Thread P K
Hi jason, Its nice of you reviewing other commercial products. I have doubt on below mentioned things. As you said c-icap is able to stream. Did you verified same with packet capture? I did a packet capture and observed when all packets are received by C-icap then it connect to Clamd and sends al

Re: [clamav-users] Worrying clamscan timing trend

2015-07-09 Thread Al Varnell
Not sure why you feel a need to use brew for this as installing it from source is not that difficult. All you need is XCode. There are instructions available on the ClamXav site: -Al- On Jul 9, 2015, at 8:02 AM, Chris St John wrote: > I've installed Clam

Re: [clamav-users] - False Positive

2015-07-09 Thread Shaun Hurley
Ingo, It looks like this sig was originally published on June 11th, 2015. We dropped the signature this afternoon to review why it triggered a false positives. Thank you for making us aware of this issue. Please let us know if there are any other issue. Thanks again, Shaun Hurley ClamAV Malwar

Re: [clamav-users] - False Positive

2015-07-09 Thread Al Varnell
I used to be able to scan the database to determine when each signature was added, but that list has been eliminated so I can’t verify, but when an older file is suddenly identified as infected, my first thought is that this must be a new signature. Just because the vulnerability has been known

Re: [clamav-users] - False Positive

2015-07-09 Thread Ingo Bente
The file has been subject to daily scanning since Mar 2015. According to the mtime, the file has not been changed since. However, the positive finding from ClamAV occurred just yesterday. That's why it seems to me that this might be a false positive. Please let me know what you think. Cheers Ingo

Re: [clamav-users] - False Positive

2015-07-09 Thread Al Varnell
I’m not sure why you would consider a 2012 CVE to be an indicator of a false positive. Have you read the vulnerability description? If that document contains an EMF image it could cause a heap-based buffer overflow in those older,

Re: [clamav-users] Worrying clamscan timing trend

2015-07-09 Thread Dennis Peterson
Check your logs and see if it was scanning any network/USB devices. The number of files scanned jumped quite a bit. Other than the number of scanned files growing has there been any other changes made on the system that might compete with disk IO, CPU, and memory? dp On 7/9/15 8:02 AM, Chris

[clamav-users] Worrying clamscan timing trend

2015-07-09 Thread Chris St John
I've installed ClamAV 0.98.5 using "brew" on OSX (Yosemite) and I schedule a daily freshclam followed by clamscan using Jenkins-CI. I've noticed a worrying trend in the scan times over the past couple of weeks: June 20 --- SCAN SUMMARY --- Known viruses: 3849353 Engine version: 0

Re: [clamav-users] - False Positive

2015-07-09 Thread Ingo Bente
Yes. /path/to/file: BC.Win.Exploit.CVE_2012_0167 FOUND The file was last changed in Mar 2015. This, in addition to the fact that the CVE dates back to the year 2012, seems to indicate a false positive to me. Cheers Ingo On 9 July 2015 at 15:37, Alain Zidouemba wrote: > Can you provide the dete

Re: [clamav-users] - False Positive

2015-07-09 Thread Alain Zidouemba
Can you provide the detection name that ClamAV displayed? Thanks, - Alain On Thu, Jul 9, 2015 at 7:43 AM, Ingo Bente wrote: > I am seeing the same finding. Since yesterday's daily update. > > I cross checked the respective file with Gmail, Avast, Avira and > Windows Defender. None of them repo

[clamav-users] - False Positive

2015-07-09 Thread Ingo Bente
I am seeing the same finding. Since yesterday's daily update. I cross checked the respective file with Gmail, Avast, Avira and Windows Defender. None of them reported a virus. I am not able to share the document, though. Hope you can figure out the root cause. Cheers Ingo > If one of the docume

Re: [clamav-users] problem reading socket while updating database

2015-07-09 Thread Steve Basford
On Thu, July 9, 2015 11:11 am, Arnaud Jacques / SecuriteInfo.com wrote: > Thank you for the benchmarks Steve. > We are aware of this problem. With more than 1 million signatures, it > takes too much ram/cpu on lower hardware systems. ATM, we mainly focus on > javascript.ndb and securiteinfohtml.h

Re: [clamav-users] problem reading socket while updating database

2015-07-09 Thread Arnaud Jacques / SecuriteInfo.com
Hello, > SecuriteInfo db Speed... > > javascript.ndb: 9079 ms > securiteinfo.hdb: 2969 ms > securiteinfoascii.hdb: 1250 ms > securiteinfohtml.hdb: 2500 ms > spam_marketing.ndb: 1172 ms > > SecuriteInfo db memory use: > > javascript.ndb loaded > LibClamAV debug: pool memory used: 20.206 MB > >

Re: [clamav-users] problem reading socket while updating database

2015-07-09 Thread Steve Basford
On Wed, July 8, 2015 9:30 pm, Jingo Administrator wrote: > I am planning to drop the SecuriteInfo.com signature libraries first, > because these were the last I added and after that the issue began to pop > up. > I am planning to drop the SecuriteInfo.com signature libraries first, > because thes

Re: [clamav-users] Query

2015-07-09 Thread Al Varnell
> On Jul 8, 2015, at 10:49 PM, Iranna Appayya Mathapati wrote: > 1)How frequently will antivirus get updated? If you are referring to definitions, several times a day. > 2) Frequency of antivirus license updating. Never. ClamAV is open source. > 3)What needs to be done if we need every day AV