One way you can reduce the amount of memory that clamav uses is to specify
the "--disable-llvm" flag to clamav configuration line. This flag tells
clamav not to compile the packaged llvm project into libclamav library and
will use up less space with libclamav is loaded into memory. Note that this
m
The "--exclude-dir" option to clamscan takes a regex argument that tells
clamscan to exclude the directories that match the regex.
This means that specifying:
*--exclude-dir=BTC*
will exclude all directories whose absolute path that match BTC (e.g.
"/some/directory/BTC", "/BTC", "/some/directory
One of the scans that ClamAV does on PE files is icon scanning which is
used as part of a heuristic to identify possible impersonation programs.
These warning messages means that the PE file being scanned has declared
that it has icons in it but ClamAV cannot properly parse these icons
(either icon
Have you tried to query what process is locking the log file?
It is possible that multiple freshclam instances are running at the same
time, especially if an instance of freshclam is running as a daemon.
On Linux, you can use a command such as "lsof | grep freshclam.log" to
identify what process
'clamscan' is an on-demand scanner. In regards to the blog post, have you
tried running 'autoreconf' after your changes? I'm assuming the 'SUBDIRS'
changes were to an autotools file.
-Kevin
On Wed, Jan 21, 2015 at 5:48 PM, Ed Christiansen MS
wrote:
> I just compile it and then use clamscan when
The clamav-0.98.6-win32.msi simply installs the bare-bones for ClamAV on
Windows which comprises of a number of command line programs. This means
that there are no GUIs and it's generally for technical specialists.
If you're interested in acquiring a ClamAV variant that includes a GUI,
some progra
There are a number of reasons for the differences in the detection cases.
The first of which is how ClamAV identifies the file type of file being
scanned. ClamAV determines the file type of a scanned file using the 'ftm'
signature files. The important signatures follow:
type:offset:magic:rtype:ty
As a heuristic, the generation of this detection is a result of behavioral
detection by the ClamAV engine and not by any particular database
signature. Unfortunately, this effectively means that sigtool is unable to
decode the signature as there is no signature associated with this
detection.
Luck
It's not necessary to whitelist the heuristic. If you choose to, you can
whitelist the domain which can be done using a .wdb signature. There is
documentation on how to write an entry in the phishsigs_howto.pdf document.
-Kevin
On Tue, Aug 25, 2015 at 1:11 PM, Charles Swiger wrote:
> On Aug 25,
It appears that the "PCREMaxFileSize" options is currently set to accept
raw numbers and not sizes as indicated by the documentation. This is a
minor bug in the current release of ClamAV 0.99.
The work around would be to use "26214400" instead of "25M".
-Kevin
On Mon, Jan 11, 2016 at 7:19 AM, Be
It seems as if the xml parser ClamAV is has some parsing errors in regard
to this document variant. You could submit a bug report at
bugzilla.clamav.net; attaching a sample would also help.
-Kevin
On Fri, Apr 1, 2016 at 6:30 PM, David Shaw wrote:
> Hello,
>
> I am using ClamAV 0.99 on CentOS 7
ClamAV, in order to optimize the AC algorithm execution, runs the
filetype signatures alongside the malware detection signatures. ClamAV
is set to immediately return after AC execution if a filetype
signature detection occurs. This unfortunately causes the engine to
skip PCRE signature execution.
Please refer to the bug report at:
https://bugzilla.clamav.net/show_bug.cgi?id=11552
for the patch to resolve the issue.
On Wed, Apr 13, 2016 at 1:32 PM, Kevin Lin wrote:
> ClamAV, in order to optimize the AC algorithm execution, runs the filetype
> signatures alongside the malware det
In order to minimize the amount of regex execution in ClamAV, regex
signatures are usually run until the first match is detected. This means
that counting regex matches do not work in the general case.
The ClamAV ldb signatures have a custom flag 'g' which specifies to the
engine to find all match
This warning occurs in the new experimental pdf filter rework that is not
part of any existing ClamAV releases (as of 0.99.2). Thus as a disclaimer,
it must be stated that the version of ClamAV being used may be unstable or
incomplete especially with the experimental section that this warnings is
r
clamd.conf does not affect the behavior of clamscan which is why you needed
to run freshclam first to pull database to the default database location.
Thus, there is a possibility that the databases may be mismatched though
it's unlikely as the signature is still part of the current set. In order
to
The filesize limit can be dynamically set for clamscan with the
"--max-filesize=xxM" option. clamd.conf can be used to change the clamd
filesize limit with "MaxFileSize".
Excerpt from clamscan help:
--max-filesize=#nFiles larger than this will be
skipped and assumed cl
17 matches
Mail list logo
