Re: [clamav-users] TTL of DNS recode

2016-11-23 Thread Dennis Peterson
I should add something you probably know but others may not - your nslookup report states at the bottom that it is an non-authorative result which is why you see the time remaining in your NS cache. If you include the IP of an authorative NS server you will get the configured TTL. Example: nsl

Re: [clamav-users] error message in freshclam's cron job ...

2016-11-23 Thread Al Varnell
Sounds like not enough memory to load the database, which has been discussed a couple of times here this month. Here's one: If you are using javascript.ndb, remove it and try again. We were told today that this will be f

Re: [clamav-users] TTL of DNS recode

2016-11-23 Thread Dennis Peterson
You are seeing the time remaining in the cached lookup on your system. Subsequent queries will show the TTL falling with time. dp On 11/23/16 8:57 PM, Al Varnell wrote: Thanks Dennis, for straightening me out on that. Strangely I get a different answer using nslookup: $ nslookup -type=txt -

Re: [clamav-users] TTL of DNS recode

2016-11-23 Thread Al Varnell
Thanks Dennis, for straightening me out on that. Strangely I get a different answer using nslookup: > $ nslookup -type=txt -debug current.cvd.clamav.net > Server: 10.0.1.1 > Address: 10.0.1.1#53 > > > QUESTIONS: > current.cvd.clamav.net, type = TXT, cla

[clamav-users] error message in freshclam's cron job ...

2016-11-23 Thread Walter H.
What does this ERROR: During database load : LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied mean? Thanks, Walter smime.p7s Description: S/MIME Cryptographic Signature ___ clamav-users mailing list clamav-users

Re: [clamav-users] TTL of DNS recode

2016-11-23 Thread Dennis Peterson
The TTL for the TXT record at current.cvd.clamav.net is 1800 seconds. You can retrieve with curl or wget older versions of the signature by specifying the full file name, for example daily-22590.cdiff dp On 11/23/16 8:03 PM, Al Varnell wrote: On Nov 23, 2016, at 7:10 PM, Tsutomu Oyamada wrote

Re: [clamav-users] TTL of DNS recode

2016-11-23 Thread Al Varnell
On Nov 23, 2016, at 7:10 PM, Tsutomu Oyamada wrote: > > We know CVD version information is published in DNS TXT record, this > record's TTL values, 1800 seconds is currently is. This value is the > same from the previous? So I think I have the answer for this one. From my research it would seem t

Re: [clamav-users] TTL of DNS recode

2016-11-23 Thread Al Varnell
I'm having difficulty following some of your questions and have no answers yet, but what exactly is your mirror environment (IPs)? Sent from Janet's iPad -Al- On Nov 23, 2016, at 7:10 PM, Tsutomu Oyamada wrote: > Hi, All. > > We know CVD version information is published in DNS TXT record, this

[clamav-users] TTL of DNS recode

2016-11-23 Thread Tsutomu Oyamada
Hi, All. We know CVD version information is published in DNS TXT record, this record's TTL values, 1800 seconds is currently is. This value is the same from the previous? Also in freshclam download old versions of CVD(one day ago) in local mirror environment, we will succeed. I thought I was bou

Re: [clamav-users] Many Empty Updates

2016-11-23 Thread Joel Esler (jesler)
This has been fixed! -- Sent from my iPhone > On Nov 17, 2016, at 6:54 AM, Joel Esler (jesler) wrote: > > Thank you Al. > > -- > Sent from my iPhone > >> On Nov 17, 2016, at 6:31 AM, Al Varnell wrote: >> >> The last significant update was daily - 22543 posted 36 hours ago. >> >> Since t

Re: [clamav-users] FP Pdf.Exploit.CVE_2016_1091-2

2016-11-23 Thread Jeff Dyke
I also submitted an FP a few days ago. I'm not as much of a fan of whitelisting what could be a fairly serious exploit that i'd be allowing people to download if it were valid. Hopefully it will be fixed up soon. The documents i found it in are public, so if there is way to expedite the process,

Re: [clamav-users] FP Pdf.Exploit.CVE_2016_1091-2

2016-11-23 Thread Hajo Locke
Hello, Am 23.11.2016 um 16:10 schrieb Ralf Hildebrandt: * Hajo Locke : Hello, unfortunately we have some problems with FP Pdf.Exploit.CVE_2016_1091-2 Customer was testing at virustotal and only clamav is finding a virus. Unfortunately i can not do a FP-Report. All PDFs are property of costume

Re: [clamav-users] FP Pdf.Exploit.CVE_2016_1091-2

2016-11-23 Thread Ralf Hildebrandt
* Hajo Locke : > Hello, > > unfortunately we have some problems with FP Pdf.Exploit.CVE_2016_1091-2 > Customer was testing at virustotal and only clamav is finding a virus. > Unfortunately i can not do a FP-Report. All PDFs are property of costumers > and not public. I already did a FP report. I

[clamav-users] FP Pdf.Exploit.CVE_2016_1091-2

2016-11-23 Thread Hajo Locke
Hello, unfortunately we have some problems with FP Pdf.Exploit.CVE_2016_1091-2 Customer was testing at virustotal and only clamav is finding a virus. Unfortunately i can not do a FP-Report. All PDFs are property of costumers and not public. I hope there are some additional FP-Reports from other

[clamav-users] another outdated link on freshclams ExtraDatabase option

2016-11-23 Thread Andreas Schulze
man 5 freshclam.conf: ExtraDatabase STRING Download an additional 3rd party signature database distributed through the ClamAV mirrors. This option can be used multiple times. Here you can find a list of available databases:

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-23 Thread Mark Allan
> On 23 Nov 2016, at 11:23 am, Al Varnell wrote: > > Sorry, I didn't realize that Html.Malware.Agent-1834906 was part of the > problem. It too was dropped in daily - 22584. Oops, you're right. I must have copied any pasted that from the wrong list. Sorry. > Also, Joel mentioned something abo

Re: [clamav-users] Bytecode Update [was:Many Empty Updates]

2016-11-23 Thread Al Varnell
Although I didn't receive any feedback on this one, I did note that the 10/27 update is now included in bytecode.cvd/.cld and DNS, but the three signatures from the 11/16 update to bytecode 285 still don't seem to have been added. $ dig -t txt current.cvd.clamav.net +short "0.99.2:57:22587:1479

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-23 Thread Al Varnell
Sorry, I didn't realize that Html.Malware.Agent-1834906 was part of the problem. It too was dropped in daily - 22584. Also, Joel mentioned something about disabling an engine, but I don't really know how that is accomplished and whether it's reported to us as part of a daily.cdiff. -Al- On We

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

2016-11-23 Thread Mark Allan
Thanks for dropping those 3, Joel, however there are still at least 24 signatures causing problems: Html.Malware.Agent-1835906 Txt.Malware.Agent-1835883 Txt.Malware.Agent-1835884 Txt.Malware.Agent-1835885 Txt.Malware.Agent-1835886 Txt.Malware.Agent-1835887 Txt.Malware.Agent-1835888 Txt.Malware.Ag

Re: [clamav-users] Slow database loading

2016-11-23 Thread Arnaud Jacques / SecuriteInfo.com
Hello Ferdinand, > After I put it back, reloading took over one minute again: > While reloading with the javascript.ndb in place the CPU usage of the clamd > process really goes up: javascript.ndb will soon be smaller in Basic subsciption. Keep an eye on it. Pro subscription has this problem reso