Hi,
the blog [1] is inconsistent with the CVEs descriptions for
CVE-2021-1404 and -1405. This makes it unclear which versions are
affected by which CVE. Can you fix the blog please?
Furthermore, can you please confirm that the "buffer overread in PDF
parser" issue (CVE-2021-1405 according to
Hi,
the blog [1] is inconsistent with the CVEs descriptions for
CVE-2021-1404 and -1405. This makes it unclear which versions are
affected by which CVE. Can you fix the blog please?
I see the blog has been corrected, thank you.
Furthermore, can you please confirm that the "buffer overread in PD
The current "stable" Debian is 10/Buster. It has ClamAV 0.103.2, patched by Debian to
"deb10u1" (whatever that implies)
https://security-tracker.debian.org/tracker/source-package/clamav
___
clamav-users mailing list
clamav-users@lists.clamav.net
htt
I prefer here on my system clamscan, this has much more additional
parameters as clamdscan
clamscan is slow, as it has to load its database first.
Any hints are appreciated …
If I read the code correctly, this is not possible with clamdscan alone.
However, this might work for you:
find
Faster with parallel command :
find /tmp/files -type f |parallel clamdscan --no-summary {}
Cannot confirm:
bench@sigil:/$ time find /usr/share/doc/texinfo -type f | parallel
clamdscan --fdpass --no-summary {} | tail -n 2
/usr/share/doc/texinfo/AUTHORS: OK
/usr/share/doc/texinfo/NEWS.Debian.
Le 13/03/2023 à 15:39, Damian via clamav-users a écrit :
Faster with parallel command :
find /tmp/files -type f |parallel clamdscan --no-summary {}
Cannot confirm:
bench@sigil:/$ time find /usr/share/doc/texinfo -type f | parallel
clamdscan --fdpass --no-summary {} | tail -n 2
/usr/share
However this .wdb will not play with 1.0.1
Can we have it?___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisc
Out of the box, I got this error and haven't been able to change the
behavior:
Apr 22 10:35:42 mcq amavis[22581]: (22581-01) (!)connect to
/run/clamd.scan/clamd.sock failed, attempt #1: Can't connect to a UNIX
socket /run/clamd.scan/clamd.sock: Permission denied
Apr 22 10:35:42 mcq amavis[22581]:
@av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
# ### http://www.clamav.net/ - using remote c
which service should be running Clam-Freshclam or Clamav-Freshclam?
I only see a clamav-freshclam.service___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comp
In Amavisd.conf?
This is the clamav-users mailing list. People here are not expected to
know what Amavis uses. Please write down the options you want to know
more about.___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lis
Here is a sample. The term "Blocked" is used. Does ClamAV scan the files
looking for viruses or just it just wholescale block them?
Amavisd, using clamAV has a series of decoders. Hence my question.
### BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
Then I configured amavis on another VM so that it has to contact
CLamav through TCP connection to the VM where Clamav is installed.
But the error is the same.
I am not aware that an Amavis-to-ClamAV content stream includes file
paths. So if the error message of the remote ClamAV contains an am
Fangfrisch release 1.9.0 is now available via
https://pypi.org/project/fangfrisch/
requirements.txt:
requests >= 2.22.0
SQLAlchemy >= 1.4.0
Are those requirements sharp? I wonder if Fangfrisch could run on older
Debian systems with Debian-shipped python packages.
__
We have a central clamav server that does all of the actual scanning
You mean a remote one from clamdscan's perspective, queried via "TCPAddr ..."?
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/
We have a central clamav server that does all of the actual scanning
You mean a remote one from clamdscan's perspective, queried via "TCPAddr ..."?
Correct.
TCPSocket 3310
TCPAddr clamav-central.company.com
man clamdscan:
--fdpass
... Only available if connected to clamd via local(
This is what I see from the strace:
sendto(3, "zCONTSCAN /etc/gshadow\0", 23, 0, NULL, 0) = 23
That's interesting. Does the client machine access clamav-central via a
local proxy? Or more precisely, does the exemplary TCPAddr
"clamav-central.company.com" resolve to an IP-address that the client
That's interesting. Does the client machine access clamav-central via a local proxy? Or
more precisely, does the exemplary TCPAddr "clamav-central.company.com" resolve
to an IP-address that the client machine uses on one of its interfaces?
No, it's a direct connection. In both straces I can see
bind(3, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("IP address")}, 16) = 0
From clamdscan's perspective this should not have been successful. It
means that the local machine successfully bound to "IP address", so "IP
address" (and therefore clamd running on it) has to be local,
19 matches
Mail list logo
