On Wed, 9 Feb 2022, Marc wrote:
Is there a command that can make a running freshclam daemon do an update
request instantly?
sudo service clamav-freshclam restart
works on Ubuntu.
--
Andrew C. Aitchison Kendal, UK
and
he problem
machines
or even network share /var/lib/clamav/
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://list
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison
,
which sounds like a useful project.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/
de, for example).
However something which is executed is likely to have done its damage
before the EOF is processed.
Clamd should detect signatures whether or not they are at the end of the
"file". False positives are undesireble but still better than false
?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a
us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users ma
clamdscan still uses the old ones :-(
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listin
t have reported that
ClamAV with default definitions catches less than 10% of what they see !)
Thanks in advance
Best Regards,
Nuno Almeida
SAP Basis Senior Architect
Infrastructure & Operations, One ERP
--
Andrew C. Aitchison Kendal, UK
comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
^^
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
find out whether the master is supposed to request each scan,
or whether the VMs/agents start the scans on their own initiative ?
Which platforms are in use could help too - all of them, as we don't know
which machine broke.
--
Andrew C. Aitchison Kenda
n_report-2022-05-31
This is where we're at and I don't know what to check to see where it
stopped working.
Any guidance would be greatly appreciated.
Thanks
JP
On Tue, May 31, 2022 at 7:32 AM John Paul Guay
wrote:
Thanks for replying Andrew. I realize I didn’t provide much regard
Date: Thu, 10 Dec 2020 14:07:08 + (GMT)
From: Andrew C Aitchison
To: clamav-users@lists.clamav.net
Cc: "Joel Esler (jesler)"
Subject: Re: [clamav-users] local server takes time to update clamav db
On Thu, 10 Dec 2020, Joel Esler (jesler) via clamav-users wrote:
On Dec 10, 202
6013 is current
but the newest that freshclam can find on any configured mirror is 26012,
it might be better to update to 26012 than wait for 26013.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
__
is does seem to me to be a strange thing to want to do. If you can
> explain exactly what the problem is and why you think this is the
> solution we might be able to offer alternatives or other suggestions.
--
Andrew C. Aitchison Kendal, UK
https://lists.clamav.net/mailman/listinfo/clamav-users
which points to the archive at
https://lists.clamav.net/pipermail/clamav-users/
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
..
ClamAV is not like Norton, AVG or McAfee (or probably Kaspersky, I haven't
checked). It isn't a gui-based thing for novices to install and just turn
on. If you don't know why you are using ClamAV and what you want it to do,
don't us
defaults should be all you need.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav
ged version for Ubuntu.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
H
gured correctly and performing properly,
I expect each one of these programs to be easily understood by their
intended users.
I guess he dismissed ClamAV because it is command line.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.
he message when it detects the infection.
This leaves the problem with the sending system.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clama
de the owners to think about how and why
they are attempting to run clamav, or perhaps persuade the suppliers
of the container images not to include a local clam service.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
oc/mirrors-faq.html for possible reasons.
However, many of QNAP devices have obsolete clamav version:
[~] # freshclam -V
ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013
--
Andrew C. Aitchison Kendal, UK
was being reviewed
which sounds like a good idea
(except of course when there has been a large daily -> main migration).
Is it possible to configure freshclam to keep the (verified) cdiffs if the
update fails, so that they don't have to be downloaded on the next update
attempt ?
Tha
there has been ongoing work to remove old, ineffective sigs
to reduce the download size a bit.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-
scriminating between them?
If I remember correctly, I used to do this in my MTA - exim,
filtering in the ACL based on the text wjich you are logging.
--
Andrew C. Aitchison Kendal, UK
an
om an older, supported, OpenSuSE
which might be more like your SuSE 12.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
lamAV on rhel 6.7 x32
or to solve those errors?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/m
chine have ?
Is something else using much RAM ?
Ideally I wouldn't run clamd on a machine with less than 4GB RAM.
If you are running freshclam and clamd, there is a setting which
will stop them using double memory while updating.
--
Andrew C. Aitchison
ure about this as it is open source, but if I were paying for
the software I would expect them to liase with the AV companies.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
__
etter.
Please. Please upgrade.
https://packages.ubuntu.com/search?suite=hirsute&keywords=clamav
suggests that Ubuntu Hirsute, due out this month, will still have ClamAV
0.103.0.
Is it worth giving them a prod ?
--
Andrew C. Aitchison K
lam
or
https://github.com/micahsnyder/cvdupdate
to update.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://l
av-users" :
It seems the package is now signed with a different PGP key. Is there a
location from where I can directly download the public key, rather than copying
it from the webpage?
Best regards, Arjen
--
Andrew C. Aitchison Kendal, UK
arly scheduled
scans. However, that could make the machine feel sluggish, or actually perform
poorly.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users maili
r),
rather than each client running freshclam ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mai
2GB files).
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help
$THRMGR: queue (single) crossed low threshold
-> signaling
Mon Jun 21 16:50:30 2021 -> $THRMGR: queue (bulk) crossed low threshold ->
signaling
What does that mean?
Best regards, Roger
--
Andrew C. Aitchison Kendal, UK
and.
ml
which is the same message on the official clamav archive (which I find
easier to read), or the blog post
https://blog.clamav.net/2021/06/clamav-01033-patch-release.html
which Joel's email was repeating.
All three have rather longer lines than are convenient on a small screen.
--
Andrew C.
__
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
ent are you using ?
https://en.wikipedia.org/wiki/Signature_block#Standard_delimiter
says that the Standard delimiter is the *four* characters
dash dash space end-of-line
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.u
' flag unset, so the error report is
correct.
No. IIUC the *test* failed not because the command failed,
but because the error message reported the wrong filename.
--
Andrew C. Aitchison Kendal, UK
(kitware.com/cmake).
https://blog.kitware.com/cmake-3-21-1-available-for-download/
Which operating system are you building on ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav
Between requiring an uptodate CMake and an obsolete, 6 year old,
LLVM, I worry that the ClamAV team is spread too thin.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users
ed from daily 26232 or 26233
and added to main 60. There was a glitch and main 61 was created to flush
caches on some of the mirrors.
Not sure whether you sould do something, or wait patiently ...
--
Andrew C. Aitchison Kendal, UK
0 means no timeout.
# Default: 0
#ReceiveTimeout 1800
So, it should have no timeout, right?
I would add a line
ReceiveTimeout 0
to be sure. Sometimes the commented out line reflects that actual default.
--
Andrew C. Aitchison Kendal, UK
ve LTS
feature releases.
2. We will document the LTS policy and add an end-of-life version
table to https://docs.clamav.net/faq/faq-eol.html.
Thanks,
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
__
ce on fast-track Ubuntu (not specifically with clamav)
is that you need the package which matches the python you wish
to use to run the tests.
--
Andrew C. Aitchison Kendal, UK
and...@aitch
n an older stretch install isn't doing
one a bit of good unless perchance you are rebooting.
Now that we have the announcement of ClamAV 0.103 LTS, supported until
August?September 2023, I think Stretch users should stay with ClamAV 0.103
rather than shifting to 104 and CMake.
--
Andr
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison
comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
processes to access it.
But then, I know little about docker or any other container system.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users
/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
__
e is that it means that the robot failed to spot any issue,
but a human will read your message anyway and decide whether to
investigate further.
--
Andrew C. Aitchison Kendal, UK
and...@aitchi
rying about clamav.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
lamav ?
If not, you could build a clamav rpm.
Perhaps start with the epel clamav.spec file, or maybe clamav has one since
they now ship Red Hat and Fedora binaries.
That way the cmake "install" happens inside rpmbuild, under your id
so root is only needed for the yum/dnf install.
--
Andr
tps://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.co
On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
On 17/01/2022 14:33, Andrew C Aitchison wrote:
Not quite. I have taken over the packaging of this and the justification of
packaging the sigs is partly that the tool will work and scan out of the box,
partly for the offline
roject:
ENABLE_MOLTER_DEFAULT
So I would say that your issue is fixed by the switch to cmake.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.cla
clamav.net descriptive text
"0.103.7:62:26615:1659362400:1:90:49192:333"
# date -u -d "1970-01-01 UTC 1659362400 seconds"
Mon Aug 1 14:00:00 UTC 2022
... so the magic DNS timestamp is being updated,
but the daily version number has not changed since Thu
requirement). Would it make
sense to be able to load the cdiff and avoid reloading from sratch ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
clamav-users mailing list
clamav-users@lists.clamav.net
/clamav/issues/564
which it seems you have already found.
I guess that including an internal implementation of md5 would
enable ClamAV to run on FIPS enabled/compliant machines,
but that even so, this would not be the right thing to do ?
--
Andrew C. Aitchison Kendal, UK
an OS packager trying to upgrade from one LTS to the
next (0.103 to 1.0).
Thanks,
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
h
: sigmgr)
Sun Oct 30 09:23:10 2022 -> bytecode.cld database is up-to-date (version: 333,
sigs: 92, f-level: 63, builder: awillia2)
Sun Oct 30 09:23:10 2022 -> Clamd successfully notified about the update.
Sun Oct 30 09:28:04 2022 -> --
--
are looking good, but I managed to
fall foul of the rate limit so cannot confirm for 24 hours :-(
____
From: Andrew C Aitchison
Sent: Wednesday, November 2, 2022 8:40 AM
To: Micah Snyder (micasnyd)
Cc: ClamAV users ML ; Andrew C Aitchison
Subject: Re: [clamav
ve a VM of size >~500GB.
I really appreciate any kind of support here. It helps alot.
Thanks,
Vijay
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscri
analysis ? If so I wonder whether it is
attempting to access the same file, or worse same file-handle, for
each mpi thread, simultaneously.
If I remember correctly "fabric" can be a technical term to do with
message passing, parallelism and networking.
Is that how you are using it ?
-
-and-01051-patch.html
ClamAV build Ubuntu packages which are available at
https://www.clamav.net/downloads
- though the 0.103.7 Linux packages seem to be hiding (Micah ?).
I do not know of a PPA for these.
--
Andrew C. Aitchison Kendal, UK
and...@aitch
mon*.
clamd and clamdscan refer to it, but clamscan does not refer
this config file (although it *does* refer to freshclam.conf).
Which settings do you expect clamscan to read from this config ?
--
Andrew C. Aitchison Kendal, UK
and...@
lamscan to read from this config ?
Now it would be still super, if one would have the option --config-file=FILE
with the clamscan, as it is also the case with the clam*d*scan. If I want to
use the clamscan mutze and --config-file=URL, then this is of course not
possible and it breaks ever
nes from ClamAV ?
Reading about @system cron events, I would not use it to
update the clamav database. Instead I would rely on anacron
noticing that we missed running freshclam at the proper time,
so start it now if appropriate.
That or stick with the clamv-freshclam daemon/service.
Von / From: And
like to try it with the latest version.
From 0.104 onwards ClamAV uses Rust.
Rust on AIX appears to be a work in progress:
https://github.com/rust-lang/compiler-team/issues/553
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
Sorry thi is coming sd an attachment.
I sent this with the wrong from address
so it didn't reach the list the first time.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk--- Begin Message ---
On Mon, 13 Feb 2023, newcomer01 via clamav-users
something wrong.
Drop the '-f' - it says read the filenames from some-file.eml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
IIRC (I may not), EPEL rules say that packages cannot be built with
devtools, so I am not sure what EPEL will be doing when 0.103 reaches
EOL in September.
I will ask on the mailing list
epel-de...@lists.fedoraproject.org
--
Andrew C. Aitchison Kendal, UK
/files/
/tmp/files/EICAR.COM: Eicar-Signature FOUND
/tmp/files/clean.txt: OK
And this is exactly what we like to see using clamdscan.
Any hints are appreciated ...
Thanks
Andreas
- Intern -
clamdscan --verbose
--
Andrew C. Aitchison Kendal, UK
and
can
result proves little.
Thanks,
--
Tim McConnell
On Sun, 2023-03-19 at 21:40 +, Andrew C Aitchison wrote:
On Sun, 19 Mar 2023, Tim McConnell via clamav-users wrote:
Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away
(for
now).
The big problem is I wan
I think scanning inside large archives might solve many of the
reasons for scanning large files.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubsc
und in viruses/EICAR.COM
The echo is needed to show the name of the file inside the archive.
This appears not to write the unpacked files to disk.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
__
t;our" makes me think a private mirror
https://docs.clamav.net/appendix/CvdPrivateMirror.html
might be useful to you.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clama
https://docs.clamav.net/faq/faq-pua.html
might help.
clamd.conf does have option "ScanHTML" which doesn't do what you want
but may help if you are not using it already.
--
Andrew C. Aitchison Kendal, UK
an
able?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a c
there could be a macro virus in a large spreadsheet
but IIRC some virus checkers only look at the first so much of a file
since malware deeper into the file cannot (or could not) be executed.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.
ep 11 09:09:02 2023 -> !check_for_new_database_version: Failed to find daily
database using server https://database.clamav.net. Mon Sep 11 09:09:02 2023 ->
*updatedb: daily database update failed.
Mon Sep 11 09:09:02 2023 -> Trying again in 5secs...
--
Andrew C. Aitchison Kendal, UK
ate: 2023:10:11 08:27:34
* I'm still waiting for Ubuntu to upgrade to 0.103.10 or better.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscrip
gcc-7.3.1
I never used CentOS 7, RHEL7 or other clones, but newer versions of gcc
are available for that too.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list
useful in docker or a similar container,
but it would be a lot if work to do it on every platform
and unless you include the right optional features, a lot
of people will use logrotate anyway.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
clamav no desktop e remotamente fazer
um scan ao telemovel.
for example: clamscan -r -i remove=yes ipaddress root.of.cellphone
Rahim 00351 933 5959 74 is bugged
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_
rid of the 2GB limit
though I can see that it could require changes throughout the code
and break backward compatibility.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users maili
ons?
Where did you get this version ?
In my experience you can't simply replace a Ubuntu package of clamav
with a version built or packaged from the clamav site, or vice versa.
--
Andrew C. Aitchison Kendal, UK
and...@aitchis
he implications are for Ubuntu, but the next release
- 24.04 LTS, "Noble Numbat" - will have 15 years paid support, which
is beyond the y2038 bug.
I guess that the ClamAV and the Debian packages will need to be given
separate consideration.
--
Andrew C. Aitchison
Thanks Scott.
Glad to hear that this is under control.
On Thu, 29 Feb 2024, Scott Kitterman via clamav-users wrote:
On February 29, 2024 12:56:47 PM UTC, Andrew C Aitchison via clamav-users
wrote:
I haven't fully understood this yet, but Debian is planning a flag-day
on 29 March t
will get you blocked, since there has been a history
of misuse. Only freshclam and cvdupdate are exempt from this block.
Unless you allow sneaker-net - USB sticks and the like - you should
not actually need an anti-malware app on your air-gapped machines.
--
Andrew C. Aitc
o-date (version: 27229, sigs: 2057112, f-level: 90,
builder: raynman)
ClamAV update process started at Fri Mar 29 08:05:26 2024”
Which database server are you using ?
How are you updating ?
As far as I am aware, freshclam and cvdupdate don't use squid.
--
Andrew C. Aitchison
do it for a fee ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us bu
ed by
them.
-Original Message-
From: clamav-users On Behalf Of Andrew
C Aitchison via clamav-users
Sent: 05 April 2024 17:21
To: Nathan Millard via clamav-users
Cc: Andrew C Aitchison
Subject: Re: [clamav-users] Help with clamav
On Fri, 5 Apr 2024, Nathan Millard via clamav-users
uld it be timing out ? There are several timeouts in my freshclam.conf.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.
distlib/w32.exe:
Win.Virus.Expiro-10026576-0 FOUND
Richard
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/m
un 15 different clam scans on all my vms.
That is likely the price you pay for a scan that doesn't require that
you send the whole disk over the network.
-Original Message-
From: clamav-users On Behalf Of Andrew
C Aitchison via clamav-users
Sent: 05 April 2024 19:49
To: Nathan Mil
On Thu, 2 May 2024, Andrew C Aitchison wrote (but the list bounced):
On Thu, 2 May 2024, Brendan Walsh via clamav-users wrote:
Hi guys,
I have been trying to install the IBM version of ClamAV.0.103.11 which I
downloaded from IBMs open source page :
https://www.ibm.com/support/pages/node
ere
(since they didn't put it there) so still wont allow you to install clamav.
( I'm not used to .a libraries in rpms (except in -devel packages)
and guess that the installer confirms that a .a library has the
required object inside, and then installs the whole library.
1 - 100 of 131 matches
Mail list logo
