Since this morning startin at about 10:00 UTC I have been having problems
with some email messages taking a very long time to scan. Sample output
from clamscan below. The messages I have looked at have pdf or image
attachments. I have not yet found a message I can make public, though I
can try hard
Hi,
I'm getting a lot of reports of "BC.PDF.Producer.JSHIP FOUND" in the logs
for my outbound mail stream today. This signature seems to be matching
every email sent with a PDF file attached.
Switching off PDF scanning on outbound email seems to fix the problem, but
this clearly isn't a sust
Since about an hour or so, all emails with pdf attachments are being
quarantined. This is seriously disruptive. I could not find any
reference on the web to
"BC.PDF.Producer.JSHIP".
clamd.log:
Wed Jan 19 11:02:12 2011 -> SelfCheck: Database status OK.
Wed Jan 19 11:13:20 2011 -> SelfCheck: Databa
On 2011-01-19 14:28, Ian Eiloart wrote:
> Hi,
>
> I'm getting a lot of reports of "BC.PDF.Producer.JSHIP FOUND" in the
> logs for my outbound mail stream today. This signature seems to be
> matching every email sent with a PDF file attached.
>
> Switching off PDF scanning on outbound email seems
On 2011-01-19 14:56, Török Edwin wrote:
> On 2011-01-19 14:28, Ian Eiloart wrote:
>> Hi,
>>
>> I'm getting a lot of reports of "BC.PDF.Producer.JSHIP FOUND" in the
>> logs for my outbound mail stream today. This signature seems to be
>> matching every email sent with a PDF file attached.
>>
>> Swit
Today my freshclam updated the bytecode.cld to version 118.
The problem is that, after update, my servers has greatly increased the
load averages.
In http://www.clamav.net/, the release version is 117.
See below my log:
LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
On Wed, 19 Jan 2011, Daniel Gomes wrote:
> Today my freshclam updated the bytecode.cld to version 118. The problem
> is that, after update, my servers has greatly increased the load
> averages.
You can limit the consequences of bad bytecode by reducing the bytecode
timeout. The default is 60s but
Hi,
I just published bytecode.cvd version 120.
This should fix the long scan times, and FP submission id 20879645 (
87ac7d7a40d56e9678121ac5aa80c24e).
If you still see long scan times or false positives after you updated to
version 120 please submit the files.
Thanks,
--Edwin
___
On Wed, 19 Jan 2011, Török Edwin wrote:
>
> I just published bytecode.cvd version 120.
> This should fix the long scan times, and FP submission id 20879645 (
> 87ac7d7a40d56e9678121ac5aa80c24e).
Thank you.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH B
On Wed, Jan 19, 2011 at 04:35:25PM +0200, Török Edwin wrote:
> Hi,
>
> I just published bytecode.cvd version 120.
> This should fix the long scan times, and FP submission id 20879645 (
> 87ac7d7a40d56e9678121ac5aa80c24e).
>
> If you still see long scan times or false positives after you updated t
On 2011-01-19 17:19, Henrik K wrote:
> On Wed, Jan 19, 2011 at 04:35:25PM +0200, Török Edwin wrote:
>> Hi,
>>
>> I just published bytecode.cvd version 120.
>> This should fix the long scan times, and FP submission id 20879645 (
>> 87ac7d7a40d56e9678121ac5aa80c24e).
>>
>> If you still see long scan
On 1/19/11 9:35 AM, Török Edwin wrote:
Hi,
I just published bytecode.cvd version 120.
This should fix the long scan times, and FP submission id 20879645 (
87ac7d7a40d56e9678121ac5aa80c24e).
If you still see long scan times or false positives after you updated to
version 120 please submit the fi
On 2011-01-19 18:49, Roy McMorran wrote:
> On 1/19/11 9:35 AM, Török Edwin wrote:
>> Hi,
>>
>> I just published bytecode.cvd version 120.
>> This should fix the long scan times, and FP submission id 20879645 (
>> 87ac7d7a40d56e9678121ac5aa80c24e).
>>
>> If you still see long scan times or false pos
On Wed, 19 Jan 2011, Roy McMorran wrote:
> The virus submission page won't let me upload my sample though - "Result: This
> file is not detected by ClamAV". How can this be?
I've just tried to submit a virus sample and am running into the same issue.
Some testing shows that neither clamscan not
On Wed, 19 Jan 2011, Christopher X. Candreva wrote:
> On Wed, 19 Jan 2011, Roy McMorran wrote:
>
> > The virus submission page won't let me upload my sample though - "Result:
> > This
> > file is not detected by ClamAV". How can this be?
>
> I've just tried to submit a virus sample and am runn
Would it be possible to drop back to bytecode version 117 until this is
resolved? Or would it be more prudent to stop PDF scanning and let
bytecode remain up to date?
___
David Alix
Information Systems and Computing
david.a...@isc.ucsb.edu
(805)893-4456
I meant to ask if it is possible for me to drop back to a previous bytecode
version on my system.
Sorry I wasn't clearer.
David
--On Wednesday, January 19, 2011 12:49 PM -0800 David Alix
wrote:
Would it be possible to drop back to bytecode version 117 until this is
resolved? Or would i
On 2011-01-19 23:25, David Alix wrote:
> I meant to ask if it is possible for me to drop back to a previous
> bytecode version on my system.
>
> Sorry I wasn't clearer.
Is 121 still causing problems? (It has a workaround for the bug, 122
will have a better fix).
I would attach version 117 here,
On 2011-01-19 22:00, Christopher X. Candreva wrote:
> On Wed, 19 Jan 2011, Christopher X. Candreva wrote:
>
>> On Wed, 19 Jan 2011, Roy McMorran wrote:
>>
>>> The virus submission page won't let me upload my sample though - "Result:
>>> This
>>> file is not detected by ClamAV". How can this be?
It looks like 121 did fix the problem. We've successfully sent through
several test emails with pdf files since 121 was installed.
Thanks
David
--On Wednesday, January 19, 2011 11:29 PM +0200 Török Edwin
wrote:
On 2011-01-19 23:25, David Alix wrote:
I meant to ask if it is possible for
On 2011-01-19 23:36, Török Edwin wrote:
> For now I got samples via private mail, and I think I figured out what
> is wrong, bytecode 122 should have a workaround for the bug.
122 is published, and got 1 confirmation that it works as it should
(i.e. no FP, no long scan time).
Thanks to all who su
On 1/19/11 5:31 PM, Török Edwin wrote:
122 is published, and got 1 confirmation that it works as it should
(i.e. no FP, no long scan time).
Thanks to all who submitted --debug outputs and samples.
Could you confirm that bytecode version 122 works for you?
Thanks very much for your help with th
Yes, bytecode version 122 does work. Thanks.
David
--On Thursday, January 20, 2011 12:31 AM +0200 Török Edwin
wrote:
On 2011-01-19 23:36, Török Edwin wrote:
For now I got samples via private mail, and I think I figured out what
is wrong, bytecode 122 should have a workaround for the bug.
23 matches
Mail list logo
