> Do you have the OnAccessExtraScanning option on by chance?
Yes, OnAccessExtraScanning is turned on.
I was able to reproduce this behavior on a different machine. It uses the same
configuration as the first machine (the clamconf output can be found in my
previous E-Mail).
I rebooted the machi
The machine pulled bytecode.cld version 327 last night:
Thu Aug 9 03:35:33 2018 -> Downloading bytecode-327.cdiff [100%]
Thu Aug 9 03:35:33 2018 -> bytecode.cld updated (version: 327, sigs:
91, f-level: 63, builder: neo)
Now the bytecode error messages are gone:
$ clamscan .java/deployment/cac
If by pulled you mean updated to, then yes that happened and it only included
these two changes:
> Dropped Detection Signatures:
>* BC.Img.Exploit.CVE_2018_3839-6614872-0
>* BC.Img.Exploit.CVE_2018_3839-6614873-0
Which were previously added on 26 July by bytecode - 326.
So I'd have to gu
I've been running clamd with OnAccess on a box using Firefox and just yesterday
saw the (null) FOUND as well. I haven't had a chance to take the file in
question and debug with clamscan to reproduce it and figure out what's causing
it but I will do so soon.
Regarding your second issue, I belie
Hajo,
Good call testing clamdscan with strace! That's an interesting issue. I'm
glad to hear that setting TCPAddr solved it for you.
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Aug 7, 2018, at 4:13 AM, Hajo Locke
mailto:hajo.lo...@gmx.de>> wrote:
Hello List,
have an odd
