On 2011/1/20 Török Edwin wrote:
>
> So you still got the FP with v122?
>
Yes still with v122.
>
> Yes please send it to me (edwin at clamav dot net).
>
Scan log sent, hope this helps.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.cla
On 2011-01-20 16:37, Alessio Cassibba (X-Drum) wrote:
> 2011/1/20 Ian Eiloart wrote:
>> I've seen the bug with three different producers, I think: Word 2007, Adobe
>> PDF Library 9.9 (Adobe InDesign CS5 (7.0)) and something from Oracle. I
>> don't know who or what JSHIP is.
>>
>> However, I've now
2011/1/20 Ian Eiloart wrote:
> I've seen the bug with three different producers, I think: Word 2007, Adobe
> PDF Library 9.9 (Adobe InDesign CS5 (7.0)) and something from Oracle. I
> don't know who or what JSHIP is.
>
> However, I've now switched PDF scanning back on, with bytecode version 122,
> a
On 2011-01-20 13:49, Ian Eiloart wrote:
>
>
> --On 19 January 2011 17:26:40 +0200 Török Edwin
> wrote:
>
>>
>>> Given that I got dozens of FPs in
>>> few minutes,
>>
>> The bug depends on /Producer, so if one of your PDF triggers the bug,
>> all PDFs created by same app will probably trigger sa
--On 19 January 2011 17:26:40 +0200 Török Edwin
wrote:
Given that I got dozens of FPs in
few minutes,
The bug depends on /Producer, so if one of your PDF triggers the bug,
all PDFs created by same app will probably trigger same bug.
it hardly seems you need a "special" test case.
W
--On 19 January 2011 14:56:54 +0200 Török Edwin
wrote:
On 2011-01-19 14:28, Ian Eiloart wrote:
Hi,
I'm getting a lot of reports of "BC.PDF.Producer.JSHIP FOUND" in the
logs for my outbound mail stream today. This signature seems to be
matching every email sent with a PDF file attached.
S
Yes, bytecode version 122 does work. Thanks.
David
--On Thursday, January 20, 2011 12:31 AM +0200 Török Edwin
wrote:
On 2011-01-19 23:36, Török Edwin wrote:
For now I got samples via private mail, and I think I figured out what
is wrong, bytecode 122 should have a workaround for the bug.
On 1/19/11 5:31 PM, Török Edwin wrote:
122 is published, and got 1 confirmation that it works as it should
(i.e. no FP, no long scan time).
Thanks to all who submitted --debug outputs and samples.
Could you confirm that bytecode version 122 works for you?
Thanks very much for your help with th
On 2011-01-19 23:36, Török Edwin wrote:
> For now I got samples via private mail, and I think I figured out what
> is wrong, bytecode 122 should have a workaround for the bug.
122 is published, and got 1 confirmation that it works as it should
(i.e. no FP, no long scan time).
Thanks to all who su
It looks like 121 did fix the problem. We've successfully sent through
several test emails with pdf files since 121 was installed.
Thanks
David
--On Wednesday, January 19, 2011 11:29 PM +0200 Török Edwin
wrote:
On 2011-01-19 23:25, David Alix wrote:
I meant to ask if it is possible for
On 2011-01-19 22:00, Christopher X. Candreva wrote:
> On Wed, 19 Jan 2011, Christopher X. Candreva wrote:
>
>> On Wed, 19 Jan 2011, Roy McMorran wrote:
>>
>>> The virus submission page won't let me upload my sample though - "Result:
>>> This
>>> file is not detected by ClamAV". How can this be?
On 2011-01-19 23:25, David Alix wrote:
> I meant to ask if it is possible for me to drop back to a previous
> bytecode version on my system.
>
> Sorry I wasn't clearer.
Is 121 still causing problems? (It has a workaround for the bug, 122
will have a better fix).
I would attach version 117 here,
I meant to ask if it is possible for me to drop back to a previous bytecode
version on my system.
Sorry I wasn't clearer.
David
--On Wednesday, January 19, 2011 12:49 PM -0800 David Alix
wrote:
Would it be possible to drop back to bytecode version 117 until this is
resolved? Or would i
Would it be possible to drop back to bytecode version 117 until this is
resolved? Or would it be more prudent to stop PDF scanning and let
bytecode remain up to date?
___
David Alix
Information Systems and Computing
david.a...@isc.ucsb.edu
(805)893-4456
On Wed, 19 Jan 2011, Christopher X. Candreva wrote:
> On Wed, 19 Jan 2011, Roy McMorran wrote:
>
> > The virus submission page won't let me upload my sample though - "Result:
> > This
> > file is not detected by ClamAV". How can this be?
>
> I've just tried to submit a virus sample and am runn
On Wed, 19 Jan 2011, Roy McMorran wrote:
> The virus submission page won't let me upload my sample though - "Result: This
> file is not detected by ClamAV". How can this be?
I've just tried to submit a virus sample and am running into the same issue.
Some testing shows that neither clamscan not
On 2011-01-19 18:49, Roy McMorran wrote:
> On 1/19/11 9:35 AM, Török Edwin wrote:
>> Hi,
>>
>> I just published bytecode.cvd version 120.
>> This should fix the long scan times, and FP submission id 20879645 (
>> 87ac7d7a40d56e9678121ac5aa80c24e).
>>
>> If you still see long scan times or false pos
On 1/19/11 9:35 AM, Török Edwin wrote:
Hi,
I just published bytecode.cvd version 120.
This should fix the long scan times, and FP submission id 20879645 (
87ac7d7a40d56e9678121ac5aa80c24e).
If you still see long scan times or false positives after you updated to
version 120 please submit the fi
On 2011-01-19 17:19, Henrik K wrote:
> On Wed, Jan 19, 2011 at 04:35:25PM +0200, Török Edwin wrote:
>> Hi,
>>
>> I just published bytecode.cvd version 120.
>> This should fix the long scan times, and FP submission id 20879645 (
>> 87ac7d7a40d56e9678121ac5aa80c24e).
>>
>> If you still see long scan
On Wed, Jan 19, 2011 at 04:35:25PM +0200, Török Edwin wrote:
> Hi,
>
> I just published bytecode.cvd version 120.
> This should fix the long scan times, and FP submission id 20879645 (
> 87ac7d7a40d56e9678121ac5aa80c24e).
>
> If you still see long scan times or false positives after you updated t
On Wed, 19 Jan 2011, Török Edwin wrote:
>
> I just published bytecode.cvd version 120.
> This should fix the long scan times, and FP submission id 20879645 (
> 87ac7d7a40d56e9678121ac5aa80c24e).
Thank you.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH B
Hi,
I just published bytecode.cvd version 120.
This should fix the long scan times, and FP submission id 20879645 (
87ac7d7a40d56e9678121ac5aa80c24e).
If you still see long scan times or false positives after you updated to
version 120 please submit the files.
Thanks,
--Edwin
___
On 2011-01-19 14:56, Török Edwin wrote:
> On 2011-01-19 14:28, Ian Eiloart wrote:
>> Hi,
>>
>> I'm getting a lot of reports of "BC.PDF.Producer.JSHIP FOUND" in the
>> logs for my outbound mail stream today. This signature seems to be
>> matching every email sent with a PDF file attached.
>>
>> Swit
On 2011-01-19 14:28, Ian Eiloart wrote:
> Hi,
>
> I'm getting a lot of reports of "BC.PDF.Producer.JSHIP FOUND" in the
> logs for my outbound mail stream today. This signature seems to be
> matching every email sent with a PDF file attached.
>
> Switching off PDF scanning on outbound email seems
Since about an hour or so, all emails with pdf attachments are being
quarantined. This is seriously disruptive. I could not find any
reference on the web to
"BC.PDF.Producer.JSHIP".
clamd.log:
Wed Jan 19 11:02:12 2011 -> SelfCheck: Database status OK.
Wed Jan 19 11:13:20 2011 -> SelfCheck: Databa
Hi,
I'm getting a lot of reports of "BC.PDF.Producer.JSHIP FOUND" in the logs
for my outbound mail stream today. This signature seems to be matching
every email sent with a PDF file attached.
Switching off PDF scanning on outbound email seems to fix the problem, but
this clearly isn't a sust
26 matches
Mail list logo
