Re: [clamav-users] Compiling error: /usr/lib/libxml2.so: error adding symbols: File in wrong format

On 08.05.14 22:52, Alexander Tampermeier wrote: So, I got into the same "error adding symbols"-trouble as before with libxml2, now with libltdl. First I thought, that this might be a general issue with my libraries. But then I tried to recompile several packages including php (which also uses l

Re: [clamav-users] Clamav is not finding any viruses

Hi, The virus I'm looking at in particular is Trojan.Win32.Yakes.elfb. That's how Kaspersky finds it and calls it. It was submitted at the 20th July 2011 so it's quite old. After applying SaneSecurity databases the virus still cannot be found. I tried to scan a ZIP file - no virus found. I tried

Re: [clamav-users] Clamav is not finding any viruses

Thorvald, Just another user here, but I don’t understand why you would be surprised by this. Are you under the impression that Kaspersky shares it’s samples with anybody else? As far as I know, the only way the ClamAV® team would have a sample is if one of us users submitted it to them or it wa

Re: [clamav-users] Clamav is not finding any viruses

On 09.05.14 09:28, Thorvald Hallvardsson wrote: The virus I'm looking at in particular is Trojan.Win32.Yakes.elfb. That's how Kaspersky finds it and calls it. It was submitted at the 20th July 2011 so it's quite old. After applying SaneSecurity databases the virus still cannot be found. I tried

Re: [clamav-users] Compiling error: /usr/lib/libxml2.so: error adding symbols: File in wrong format

Matus, thank you for your response and for pointing out the arch-independence of the includes. "uname -a" gives (I hope that answers your question; if not, please let me know): Linux myhost 3.13.0-rc8 #1 SMP Sun Jan 26 14:27:15 CET 2014 x86_64 Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz Genui

Re: [clamav-users] Clamav is not finding any viruses

We exchange samples with many groups, companies, and people. Bringing in over 650,000 unique samples a day. Which highlights the "understaffed" issue. -- Joel Esler Sent from my iPhone > On May 9, 2014, at 4:59, "Al Varnell" wrote: > > Thorvald, > > Just another user here, but I don’t und

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

On Thu, May 8, 2014 at 10:35 PM, Eric Shubert wrote: > Immediately after upgrading from 0.98 to 0.98.3, > when "clamdscan --stdout -V" is run (via simscanmk -g), > the clamdscan appears to go into a hard loop (eats a lot of cpu endlessly). > > Here are non-default config settings: > [root@qmt-cos

[clamav-users] Unable to submit false positive for bug54682.phpt PHP.Exploit.CVE_2011_4153-3

The clamav false positive submission system will not accept my entry and says that it is not detected by ClamAV. This is not a virus, not malware, this is a PHP test file for the PHP source. The released version for my dist is 0.98.1 but the submission system said to use the latest version, so I co

Re: [clamav-users] Unable to submit false positive for bug54682.phpt PHP.Exploit.CVE_2011_4153-3

We are looking into it and will get back to you shortly. - Alain On Fri, May 9, 2014 at 9:06 AM, Bill Bennert wrote: > The clamav false positive submission system will not accept my entry and > says that it is not detected by ClamAV. This is not a virus, not > malware, this is a PHP test file

Re: [clamav-users] Version 0.98.3 fails on Solaris

On May 8, 2014, at 12:00 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 5/8/14, 8:23 AM, Shawn Webb wrote: Hey Martin, Is there a way you can get to me main.cvd.broken? I'm wondering if the change to OpenSSL for hashing has somehow changed parsing CVDs and CLDs on big-endian machines

Re: [clamav-users] Version 0.98.3 fails on Solaris

On May 8, 2014, at 12:50 PM, Dennis Peterson mailto:denni...@inetnw.com>> wrote: On 5/8/14, 9:00 AM, Dennis Peterson wrote: On 5/8/14, 8:23 AM, Shawn Webb wrote: Hey Martin, Is there a way you can get to me main.cvd.broken? I'm wondering if the change to OpenSSL for hashing has somehow changed p

Re: [clamav-users] Version 0.98.3 fails on Solaris

Lars Hecking wrote: I've been building with static openssl for a while as well, and am still using gcc 3.4.6 as I couldn't get newer versions to compile - although it seems possible, and I'll try again; maybe using gcc 4.7 or 4.6. Well, 4.7.3 doesn't build for me. Trying 4.6.4 now. Us

Re: [clamav-users] Version 0.98.3 fails on Solaris

On 09/05/2014 14:56, Joel Esler (jesler) wrote: Hello, Don't get over excited about Sparc, freshclam has the same problem on i386 Solaris. ... May 8 07:41:13 mailhost freshclam[3924]: [ID 702911 mail.info] freshclam daemon 0.98.3 (OS: solaris2.10, ARCH: i386, CPU: i386) May 8 07:41:13 mai

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

On 5/8/2014 10:35 PM, Eric Shubert wrote: [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ Inefficiency bugs me... You can do multiple patterns with a single grep using the -e flag. grep -v -e ^# -e ^$ clamd.conf -- Bowie ___ Help us build

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

On Fri, 2014-05-09 at 10:33 -0400, Bowie Bailey wrote: > On 5/8/2014 10:35 PM, Eric Shubert wrote: > > [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ > > Inefficiency bugs me... You can do multiple patterns with a single grep > using the -e flag. > > grep -v -e ^# -e ^$ clamd.conf You

Re: [clamav-users] Unable to submit false positive for bug54682.phpt PHP.Exploit.CVE_2011_4153-3

Bill, The ClamAV alert for the test file you provided is not a false positive. It is actually a true positive. - Alain On Fri, May 9, 2014 at 9:25 AM, Alain Zidouemba wrote: > We are looking into it and will get back to you shortly. > > - Alain > > > On Fri, May 9, 2014 at 9:06 AM, Bill Benner

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

On 05/09/2014 07:45 AM, Greg Folkert wrote: On Fri, 2014-05-09 at 10:33 -0400, Bowie Bailey wrote: On 5/8/2014 10:35 PM, Eric Shubert wrote: [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ Inefficiency bugs me... You can do multiple patterns with a single grep using the -e flag. gre

Re: [clamav-users] Unable to submit false positive for bug54682.phpt PHP.Exploit.CVE_2011_4153-3

Hi Alain, I greatly appreciate your time in confirming this. In response, I did some additional research and understand that it is a true positive since the file runs a test for that exact condition. Would white-listing it using a file signature hash be valid measure, or would that a bad idea? Th

Re: [clamav-users] Unable to submit false positive for bug54682.phpt PHP.Exploit.CVE_2011_4153-3

On Fri, 2014-05-09 at 14:17 -0400, Bill Bennert wrote: > Hi Alain, > I greatly appreciate your time in confirming this. In response, I did > some additional research and understand that it is a true positive since > the file runs a test for that exact condition. Would white-listing it > using a f

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

On 05/09/2014 04:41 AM, Shawn Webb wrote: On Thu, May 8, 2014 at 10:35 PM, Eric Shubert wrote: Immediately after upgrading from 0.98 to 0.98.3, when "clamdscan --stdout -V" is run (via simscanmk -g), the clamdscan appears to go into a hard loop (eats a lot of cpu endlessly). Here are non-defa

Re: [clamav-users] Unable to submit false positive for bug54682.phpt PHP.Exploit.CVE_2011_4153-3

Hi Alain, That was exactly what I was looking for. The idea of doing that was not sitting right with me. I will find another way to handle this file that will keep coming back from git when I do pulls. Thank you, -Bill On 05/09/2014 02:48 PM, Greg Folkert wrote: > On Fri, 2014-05-09 at 14:17 -0

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

Hello, This may not be related; however I am also having some loop issues with 0.98.3 I'm using qmail-scanner, and everything works fine with 0.98.1 Now, using 0.98.3, I've got some clamdscan processes that are looping non-stop opening '/etc/services': # strace -p 13472 -s 5120 [...] open("/et

Re: [clamav-users] Unable to submit false positive for bug54682.phpt PHP.Exploit.CVE_2011_4153-3

Bill... I wrote the response to your query about whitelisting the TRUE-POSITIVE file. As a general rule you *NEVER* EVER whitelist a TRUE-POSITIVE... what would be the point of an Anti-(Virus/Malware/Trojab) system then. On Fri, 2014-05-09 at 14:58 -0400, Bill Bennert wrote: > Hi Alain, > That

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

Eric, I have confirmed this on ubuntu 12.04 on x64. Bugzilla bug for tracking is 10992. Thanks for your report, Steve On Fri, May 9, 2014 at 2:48 PM, Eric Shubert wrote: > On 05/09/2014 04:41 AM, Shawn Webb wrote: > >> On Thu, May 8, 2014 at 10:35 PM, Eric Shubert wrote: >> >> Immediately

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

On Fri, May 9, 2014 at 3:02 PM, Philippe Ratté wrote: > Hello, > > This may not be related; however I am also having some loop issues with > 0.98.3 > > I'm using qmail-scanner, and everything works fine with 0.98.1 > > Now, using 0.98.3, I've got some clamdscan processes that are looping > non-sto

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

Confirmed in gdb, it is looping in the same place in proto.c lines 97 and 98. On Fri, May 9, 2014 at 3:17 PM, Shawn Webb wrote: > On Fri, May 9, 2014 at 3:02 PM, Philippe Ratté > wrote: > > > Hello, > > > > This may not be related; however I am also having some loop issues with > > 0.98.3 > > >

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

Eric, I've confirmed this is fixed by the patch in https://bugzilla.clamav.net/show_bu g.cgi?id=10987 Steve On Fri, May 9, 2014 at 3:21 PM, Steven Morgan wrote: > Confirmed in gdb, it is loop

Re: [clamav-users] Unable to submit false positive for bug54682.phpt PHP.Exploit.CVE_2011_4153-3

Hi Greg, Sorry, noticed that you were you after I sent my response. You are absolutely right, and that is exactly why I asked the list first before blindly proceeding down that road. My first reaction was just 'delete the file'. But where it would return any time I pulled the master branch in git

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

Shawn, The patch seems to fix the problem :) So far so good; I'll keep on monitoring it Thanks a bunch for the quick fix! Phil > -Message d'origine- > De : clamav-users-boun...@lists.clamav.net [mailto:clamav-users- > boun...@lists.clamav.net] De la part de Shawn Webb > Envoyé : Friday,

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

Nice work guys. That indeed took care of it. As I'm packaging this for the qmail-toaster project, I'm wondering if I should release this version with the patch, or simply wait for 0.98.4 to be released. Any idea when 0.98.4 might roll out? Thanks. -- -Eric 'shubes' On 05/09/2014 12:28 PM, S

Re: [clamav-users] Version 0.98.3 compile failure on Solaris

On Thu, May 8, 2014 at 11:04 AM, Lars Hecking < lheck...@users.sourceforge.net> wrote: > > The configure code checking for the newly required openssl library is > broken. > > [...] > configure:16590: checking for OpenSSL installation > configure:16632: checking for SSL_library_init in -lssl > con

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

On 5/9/14, 7:33 AM, Bowie Bailey wrote: On 5/8/2014 10:35 PM, Eric Shubert wrote: [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ Inefficiency bugs me... You can do multiple patterns with a single grep using the -e flag. grep -v -e ^# -e ^$ clamd.conf Try (and there are surely o

Re: [clamav-users] Version 0.98.3 hard loops on "clamdscan -V"

On 05/09/2014 04:41 PM, Dennis Peterson wrote: On 5/9/14, 7:33 AM, Bowie Bailey wrote: On 5/8/2014 10:35 PM, Eric Shubert wrote: [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ Inefficiency bugs me... You can do multiple patterns with a single grep using the -e flag. grep -v -e ^# -

[clamav-users] configure flags -- and --disable-clamav

The clamav-toaster package has traditionally configured clamav with "./configure --". The new clamav package for QMT (qmail-toaster) that I created (many months ago) uses "./configure --disable-clamav". I noticed that the resulting binary packages were considerably different in size (15M vs 41

[clamav-users] Osx.Trojan.FkCodec-1 False Positives

I don’t have all the information on this yet, but I’ve had two ClamXav user complain today of commercial software being identified as infected by Osx.Trojan.FkCode-1. I can’t locate it on the clamav-virusdb list, but perhaps it was just added today. The first is "accordion.1.6.2(83).dmg", downl

Re: [clamav-users] configure flags -- and --disable-clamav

On Friday, May 09, 2014 19:42:14 Eric Shubert wrote: ... > Is jit really worth the overhead? (I suppose the answer to this is > subjective) ... One of my Debian Clamav co-maintainers recently submitted a patch for clamav to use the system llvm (as a configure option). Once this is incorporated

Re: [clamav-users] Osx.Trojan.FkCodec-1 False Positives

Here’s the VirusTotal analysis (1/52) for Rapport-5.dmg which apparently has an MD5 = efddf96af90be02bcc9e37cbc21c34a6 . I asked the OP to upload it to Send a false positive, but not sur