[clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

Dear all, Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32 I was able to install and copy the ddbb files (manually) to /usr/local/share/clamav but when I run clamscan I got the next error message: * [redhat@redhat clamav]$ clamscan -ar /home * LibClamAV Error: cli_cvdl

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

Looks like you need to update your certificate store? -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com | https://www.snort.org On Apr 6, 2021, at 10:24 AM, Sorin Petrut Niculae via clamav-users mailto:clamav-users@lists.clamav.net>> wrot

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

Hi, https://www-archive.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html Your nss errorcode means following: SSL_ERROR_PROTOCOL_VERSION_ALERT -12190 "Peer reports incompatible or unsupported protocol version." is this command working openssl s_client -connect database.clamav.net:443

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

More accurately: openssl s_client -connect database.clamav.net:443 -servername database.clamav.net On Apr 6, 2021, at 10:33 AM, Eero Volotinen mailto:eero.voloti...@iki.fi>> wrote: Hi, https://www-archive.mozilla.org/projects/securi

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

At least the command works on centos 6.7 x32 (rhel clone) Is the clamav installed from packages or using sources? Eero On Tue, Apr 6, 2021 at 5:39 PM Joel Esler (jesler) via clamav-users < clamav-users@lists.clamav.net> wrote: > More accurately: > > openssl s_client -connect database.clamav.net

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

Hi there, On Tue, 6 Apr 2021, Sorin Petrut Niculae via clamav-users wrote: Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32 Yes, of course it is, but are you sure that you really want to? RHEL 6 is in its retirement phase. Perhaps should you consider an upgrade. It might mak

[clamav-users] clamscan suddenly taking 25 minutes for a single mail

A POP3 proxy program I have running on a Debian 10.8 system, uses clamscan to check incoming e-mails.  At some point in the very early morning (US West Coast time) it suddenly started taking a very long time to scan each mail,  So much that the controlling process would time out before clamscan

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

On Tue, 6 Apr 2021, Sorin Petrut Niculae via clamav-users wrote: Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32 I was able to install and copy the ddbb files (manually) to /usr/local/share/clamav but when I run clamscan I got the next error message: * [redhat@redhat clamav

Re: [clamav-users] clamscan suddenly taking 25 minutes for a single mail

On Tue, 6 Apr 2021, Eddie via clamav-users wrote: A POP3 proxy program I have running on a Debian 10.8 system, uses clamscan to check incoming e-mails.  At some point in the very early morning (US West Coast time) it suddenly started taking a very long time to scan each mail,  So much that the

Re: [clamav-users] clamscan suddenly taking 25 minutes for a single mail

On 06.04.21 08:43, Eddie via clamav-users wrote: A POP3 proxy program I have running on a Debian 10.8 system, uses clamscan to check incoming e-mails.  At some point in the very early morning (US West Coast time) it suddenly started taking a very long time to scan each mail,  So much that the c

[clamav-users] SSN question

Hello, I see that I can enable DLP by enabling StructuredDataDetection true which allows for scanning credit card numbers and social security numbers in US format. Is there any possibility to enhance this by adding other formats? in slovakia we have numbers in format XMDD/OPQR? ... i

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

Well. I think that it just works as RHEL 6.7 supports tls v1.2 Clamav is linked to too old openssl version? Eero On Tue, Apr 6, 2021 at 6:49 PM Andrew C Aitchison via clamav-users < clamav-users@lists.clamav.net> wrote: > On Tue, 6 Apr 2021, Sorin Petrut Niculae via clamav-users wrote: > > > Ca

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

Citeren Eero Volotinen : Well. I think that it just works as RHEL 6.7 supports tls v1.2 TLS 1.2 was first available in openSSL 1.0.1 and ClamAV requires at least 1.0.2 now, so there is no guarantee. As someone else already mentioned, RHEL 6.10 (which was EOL'd in Novemver 2020) comes with

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

Well redhat backports some fixes usually as you can see: https://access.redhat.com/blogs/766093/posts/1976123 Eero On Tue, Apr 6, 2021 at 7:36 PM Arjen de Korte via clamav-users < clamav-users@lists.clamav.net> wrote: > Citeren Eero Volotinen : > > > Well. I think that it just works as RHEL 6.7

Re: [clamav-users] clamscan suddenly taking 25 minutes for a single mail

Clamscan can spend a long time loading signatures, etc. If you run your command with strace (or monitor the process with lsof, etc.) you'll probably see clamscan is busy accessing signature files. On Tue, Apr 6, 2021 at 5:44 PM Eddie via clamav-users < clamav-users@lists.clamav.net> wrote: >

Re: [clamav-users] clamscan suddenly taking 25 minutes for a single mail

On 4/6/2021 8:56 AM, Matus UHLAR - fantomas wrote: On 06.04.21 08:43, Eddie via clamav-users wrote: A POP3 proxy program I have running on a Debian 10.8 system, uses clamscan to check incoming e-mails.  At some point in the very early morning (US West Coast time) it suddenly started taking a

Re: [clamav-users] clamscan suddenly taking 25 minutes for a single mail

Understood, which is why I'm looking to move to clamdscan. But I'd like to understand why, on Sunday morning, the scan time which had been under a minute per mail, for over 4 months, suddenly jumped to 25 minutes per mail and has remained at that. Cheers. On 4/6/2021 10:39 AM, Richard Graham

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

Citeren Eero Volotinen : Well redhat backports some fixes usually as you can see: https://access.redhat.com/blogs/766093/posts/1976123 Backporting fixes/features, doesn't make openssl-1.0.1 equivalent to openssl-1.0.2. If that was the case, it wouldn't make sense to backport the fixes/fea

Re: [clamav-users] clamscan suddenly taking 25 minutes for a single mail

> > But I'd like to understand why, on Sunday morning, the scan time which had > been under a minute per mail, for over 4 months, suddenly jumped to 25 > minutes per mail and has remained at that. It's a good question. Is there any way to reproduce what was happening on Sunday morning? ... and

Re: [clamav-users] clamscan suddenly taking 25 minutes for a single mail

I can go back to bed and sleep.  :-) The only thing that runs on this server is the POP3 proxy code, nothing else.  And freshclam didn't pull any new signatures until after the slowdown started.  And take this with the same grain of salt I used to, when I worked support:  No, nothing was chang

Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

Well, For some reasons they backported tls 1.2 support to openssl 1.0.1-e-something that is shipped with RHEL 6.5(+). Eero On Tue, Apr 6, 2021 at 9:34 PM Arjen de Korte via clamav-users < clamav-users@lists.clamav.net> wrote: > Citeren Eero Volotinen : > > > Well redhat backports some fixes usu

Re: [clamav-users] SSN question

Matus, I noticed no one emailed you back. I personally would just use a yara regex if needed, but I would definitely test first with just yara to make sure there isn't too many false positives. If you've never created a yara file, it's just really a regex. Searching on Google, as there may be som

Re: [clamav-users] SSN question

Hi there, On Tue, 6 Apr 2021, Matus UHLAR - fantomas wrote: I see that I can enable DLP by enabling StructuredDataDetection true which allows for scanning credit card numbers and social security numbers in US format. Is there any possibility to enhance this by adding other formats? in slov

Re: [clamav-users] clamscan suddenly taking 25 minutes for a single mail

After setting up clamav-daemon, I suspect it's having the same issue, based on the 11 minute "stall" part way through the initialisation. Tue Apr  6 16:26:14 2021 -> +++ Started at Tue Apr  6 16:26:14 2021 Tue Apr  6 16:26:14 2021 -> Received 0 file descriptor(s) from systemd. Tue Apr  6 16:26:1

Re: [clamav-users] clamscan suddenly taking 25 minutes for a single mail

Hi there, On Tue, 6 Apr 2021, Eddie via clamav-users wrote: After setting up clamav-daemon, I suspect it's having the same issue, based on the 11 minute "stall" part way through the initialisation. Tue Apr  6 16:26:14 2021 -> +++ Started at Tue Apr  6 16:26:14 2021 Tue Apr  6 16:26:14 2021 ->