Re: [clamav-users] CVE_2013_3860-1

Yup. Understood. *may* bring the key word in my email. I'll ping Alain tomorrow if he can light the subject. -- Joel Esler iPhone On Jul 26, 2016, at 11:14 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: I hate having to point this out, but... When Alain notified the list that the signatur

Re: [clamav-users] CVE_2013_3860-1

I hate having to point this out, but... When Alain notified the list that the signature had been dropped on July 25, 2016 at 8:12:21 AM PDT, daily:21968 had just be published. It wasn’t until daily:21975 that the following appeared with the first dropped entry: > ClamAV Signature Publishing Not

Re: [clamav-users] CVE_2013_3860-1

It may take more than one publish cycle to drop a sig. Publish cycles are at least every four hours. -- Joel Esler iPhone On Jul 26, 2016, at 10:16 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: Appears to be finally gone at this time.

Re: [clamav-users] CVE_2013_3860-1

Appears to be finally gone at this time.

Re: [clamav-users] Connection Refused error

If you are storing your files on a NAS, SAN or de-dupe storage device it can be done easily by attaching your central server to those NAS/SAN/de-dupe devices. That puts the traffic on the storage backbone rather than your network, and you have additional tools available such as snapshots, mirror

Re: [clamav-users] Connection Refused error

We are trying to avoid installing clamd in developers workstations and instead let the integration server scan email attachments for this web application we are building. Is there any configuration change that lets my integration server scan file(s)? We can enable ports if needed within the organ

Re: [clamav-users] Connection Refused error

Your previous post showed your clamd instance is bound to the loopback interface and as such other systems cannot connect. But even if they could what would they do? You surely don't want to ship whole file systems across your network for scanning, do you? That would also be required if you wish

Re: [clamav-users] ClamWin finds malware, ClamAV doesn't.

ClamAV is both an email/attachment scanner and a file system scanner. It is pointless to set the email scanner to scan files larger than your MTA is configured to accept. Secondarily, the interface between the MTA and ClamAV frequently has a max filesize parameter, too. This is to prevent DOS'in

Re: [clamav-users] ClamWin finds malware, ClamAV doesn't.

The filesize limit can be dynamically set for clamscan with the "--max-filesize=xxM" option. clamd.conf can be used to change the clamd filesize limit with "MaxFileSize". Excerpt from clamscan help: --max-filesize=#nFiles larger than this will be skipped and assumed cl

Re: [clamav-users] CVE_2013_3860-1

I know, that’s what I said. It has not been dropped. -Al- On Tue, Jul 26, 2016 at 01:32 AM, Junuzovic Vahid wrote: > > But I'm already running 21972 and the exploit FP is still present! > --- cut here --- > sigtool -i /var/lib/clamav/daily.cld > File: /var/lib/clamav/daily.cld > Build time: 26

Re: [clamav-users] CVE_2013_3860-1

But I'm already running 21972 and the exploit FP is still present! --- cut here --- sigtool -i /var/lib/clamav/daily.cld File: /var/lib/clamav/daily.cld Build time: 26 Jul 2016 02:57 -0400 Version: 21972 Signatures: 454200 Functionality level: 63 Builder: neo Verification OK. --- cut here --- Vah

Re: [clamav-users] CVE_2013_3860-1

There seems to be some problem with the system that drops signatures over the last three days. daily - 21954 thru 21971 appeared to be identical attempts to ignore 33 signatures and 21972 was the first to also include any new signatures. The ClamAV Virus Database Search site confirms what you f

Re: [clamav-users] CVE_2013_3860-1

I checked few minutes ago but it is still present also with the new definitions updated! --- cut here --- # freshclam ClamAV update process started at Tue Jul 26 09:42:49 2016 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.99 Recommended version: 0.99.2 DON'T PANIC! Read