I'm not entirely familiar with yara, but based on
https://yara.readthedocs.io/en/latest/modules/elf.html , there is no
such function as "is__elf".
Based on a whole search in the yara doc, there's only is_dll, is_32bit
and is_64bit.
Further googling shows this:
https://github.com/Yara-Rules/rules/co
Your bug was already reported by me. See this
bug: https://bugzilla.clamav.net/show_bug.cgi?id=12306 (and it
contains a workaround too)
Franky
Op Woensdag, 09-10-2019 om 17:32 schreef Arthur Ramsey via
clamav-users:
Hello,
I’m trying to implement on access scanning for docker containers
using
cah Snyder (micasnyd):
Perhaps there is something we can do to make it easier to statically
link libcurl, specifically, with freshclam, clamsubmit, and clamonacc.
Regards,
Micah
On 10/7/19, 9:22 AM, "clamav-users on behalf of Franky Van
Liedekerke via clamav-users" wrote:
Op Maandag,
Op Maandag, 07-10-2019 om 14:18 schreef J.R. via clamav-users:
> > This particular hard requirement (libcurl) affects the communication channel
> > which is different than causing the code to fail to run at all. So the
> > question
> > is do the new libcurl requirements immediately break existing
Op Maandag, 30-09-2019 om 15:27 schreef Franky Van Liedekerke via clamav-users:
> Op Maandag, 30-09-2019 om 15:14 schreef J.R. via clamav-users:
> > > While I applaud the re-use of existing components, requiring this
> > > (minimum) version of libcurl will be a proble
Op Maandag, 30-09-2019 om 15:14 schreef J.R. via clamav-users:
> > While I applaud the re-use of existing components, requiring this
> > (minimum) version of libcurl will be a problem for redhat/centOS 7
> > users: everybody is still on RHEL7 (RHEL8 is "just" released and still
> > lacks support fr
0)
libhx509.so.5 => /usr/lib/x86_64-linux-gnu/libhx509.so.5
(0x7f1123f76000)
libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0
(0x7f1123c6d000)
libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1
(0x7f1123a35000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x
Op Donderdag, 26-09-2019 om 20:14 schreef Franky Van Liedekerke:
> Op Donderdag, 26-09-2019 om 19:17 schreef G.W. Haywood via clamav-users:
> > Hello again,
> >
> > On Thu, 26 Sep 2019, CROFT Ian via clamav-users wrote:
> >
> > > ... making sure they are
I'm replying to this because of the blog entry concerning the new
version:
CURL (VERSION >= 7.45) REQUIRED FOR INSTALLATION:
This is only relevant if you are installing from source, but it is
worth noting.
It seems a new curl is needed, even on fully patched rhel7 servers.
While this is not un
Op Donderdag, 26-09-2019 om 19:17 schreef G.W. Haywood via clamav-users:
> Hello again,
>
> On Thu, 26 Sep 2019, CROFT Ian via clamav-users wrote:
>
> > ... making sure they are all strings looks better now in most cases.
> >
> > So I now have these :-
> >
> > OnAccessIncludePath /var/log
> > ( O
Indeed, I'm having this problem too. Probably the include wins
over the exclude, even with this in the logs:
clamd[4940]: ScanOnAccess: Protecting directory '/var/log' (and all
sub-directories)
clamd[4940]: ScanOnAccess: Protecting directory '/var' (and all
sub-directories)
clamd[4940]: ScanOnA
Op Donderdag, 26-09-2019 om 11:22 schreef G.W. Haywood via clamav-users:
> Hi there,
>
> On Thu, 26 Sep 2019, CROFT Ian wrote:
>
> > But when I put an EICAR test txt file in /var/log/test.txt it is getting
> > picked up by the OnAccess scanner.
> >
> > I have tried ^/var/log/ and ^/var/log/* - s
While it is not recommended to scan everything under /var (or /var
at all), the reason it fails is because you have /var submounts
(/var/log, /var/tmp).
This is currently a known bug in clamav (I reported
it: https://bugzilla.clamav.net/show_bug.cgi?id=12306 ), and the
workaround in your case is:
To be complete: I'm running clamav 0.101.4 on RHEL7 (fully
patched)
Franky
Op Dinsdag, 24-09-2019 om 13:22 schreef Al Varnell via clamav-users:
I suspect it will depend on what platform you are running it on.
-Al-
On Sep 24, 2019, at 04:20, Franky Van Liedekerke via clamav-users
Hi all,
currently I have onaccess scanning up and running just fine in clamav.
However, some people claim this can be bypassed (so access a file and
not force it to be scanned), so I have some questions:
- is this true? Can onaccess be bypassed?
- if so: can I force a scan of all files that shoul
Do you want the info in journald or just in syslog? Because
rsyslog can monitor logfiles directly too.
Your call to clamscan from cron might refuse to output info (because
no tty perhaps), maybe first try to get logs from clamscan via cron
directly?
Franky
Op Donderdag, 04-04-2019 om 09:46 schr
If you want the version to appear in EL7 stable, go to
https://apps.fedoraproject.org/packages/clamav/ and add karma.
Franky
Op Vrijdag, 29-03-2019 om 19:01 schreef G.W. Haywood via clamav-users:
Hi there,
On Fri, 29 Mar 2019, Micah Snyder wrote:
> This won't help you right now, but our tea
I'm sorry if I lead you to believe that I don't know development costs time.
I'm a developer myself and contributed to lots of open source projects in the
past (openldap, mail, squid, nroe, zabbix, ooenmoko and others).
I just can't contribute to every project and currently I am happy with the
p
Op Vrijdag, 15-03-2019 om 16:04 schreef instaham--- via clamav-users:
> Leonardo Rodrigues wrote:
> > the databases are digitally signed, and any modification, such in
> > a man-in-the-middle attack, would break the signature and freshclam
> > would refuse to run the files.
>
> Sounds good. Ca
When using onaccess scanning together with selinux, it seems these
2 are not sufficient:
setsebool -P antivirus_can_scan_system 1
setsebool -P clamd_use_jit 1
Onaccess scanning will still fail to initialize (at least when
launched via systemd). Currently I added this:
semanage permissive -a a
Hi,
I seem to be encountering the same issue someone described here:
https://www.mail-archive.com/clamav-users@lists.clamav.net/msg46022.html
For me the null-message arrived when switching to root:
ScanOnAccess: /root/.bash_history: (null) FOUND
I'm running on RHEL7 server, latest updates with v
Hi,
at http://www.gfi.com/emailsecuritytest/ you can submit your mailserver
to some testing to see if it catches all viruses/exploits being sent to
it. Now there seem to be 2 exploits that are not catched by clamav:
"ActiveX vulnerability test" and "Iframe remote vumnerability test".
Both use an i
Hi,
If you want to do mailfile checking, with mime attachments and such,
it's best to let another tool (like amavisd-new) do the unpacking and
breaking up of the mail first, and let clamav scan the resulting files.
Franky
On Fri, 11 Jul 2003 11:25:26 +0200
Jordi Escolá (Desarrollo) <[EMAIL PROTE
On Mon, 30 Jun 2003 17:36:20 +0200
Stephan von Krawczynski <[EMAIL PROTECTED]> wrote:
> On Mon, 30 Jun 2003 17:16:28 +0200
> Franky Van Liedekerke <[EMAIL PROTECTED]> wrote:
>
> > Hi all,
> >
> > I just downloaded the new viruses.db file (June 30th) on t
Hi all,
I just downloaded the new viruses.db file (June 30th) on the site and I
saw that it contained one line less then the older viruses.db file (from
June 25th), namely the following entry is no longer present:
Trojan.Orcamento
(Clam)=a2666f6edafff7ff7420636f6c6f723d2223613000223e3c623e25
733c
25 matches
Mail list logo
