Re: [clamav-users] Introducing OpenSSL as a dependency to ClamAV

As this is first time ClamAV has had an external dependency, would it be worth making it an opt-out configure option for people who can't get it to compile or who have to rely on an older/incompatible version of OpenSSL? Mark ___ Help us build a compr

Re: [clamav-users] ClamAV®: ClamXAv in the top ten free Apps in the Mac OSX App Store!

e Mac OSX App Store! > Congratulations to Mark Allan, developer of the > ClamXav<http://www.clamxav.com/> project (the OSX GUI front-end to ClamAV) > for making the top ten list in the free App section of the OSX App Store! > > It's great to see a free tool and great contributio

Re: [clamav-users] [Clamav-devel] ClamAV®: ClamAV 0.98.4rc1 is now available!

Sent this the other day to the clamav-devel mailing list but it doesn't look like it came through. Mark On 16 May 2014, at 03:03 pm, Mark Allan wrote: > All works fine for me on OS X 10.6 - 10.9. > > For info, compiled on 10.9.2 with support for 10.6 onwards. >

Re: [clamav-users] [Clamav-devel] ClamAV®: ClamAV 0.98.4rc1 is now available!

d + 56 12 clamd 0x0001918a thrmgr_worker + 938 13 libsystem_c.dylib 0x7fff8cb7b772 _pthread_start + 327 14 libsystem_c.dylib 0x7fff8cb681a1 thread_start + 13 I'm aware the offsets won't be too useful, but at least the method names ought to help I think. Mark On 16 May 2014, at 03

Re: [clamav-users] [Clamav-devel] ClamAV(R): ClamAV 0.98.4rc1 is now available!

it. Mark On 20 May 2014, at 02:14 pm, Shawn Webb wrote: > Hey Mark, > > Is there a way you could get me the sample? > > Thanks, > > Shawn > > > On Tue, May 20, 2014 at 6:49 AM, Mark Allan > wrote: > >> I may have been a bit hasty with this. It

Re: [clamav-users] [Clamav-devel] ClamAV(R): ClamAV 0.98.4rc1 is now available!

and as Mark said, has been asked to >> supply his crash log. >> >> My theory is that it’s the initial flood of messages at Thunderbird >> startup that’s initiating this and not my huge INBOX. >> >> >> -Al- >> -- >> Al Varnell >> Mountain View,

Re: [clamav-users] Why are the ClamAV team so slow at creating signatures ?

On 3 Oct 2014, at 03:39 pm, Gene Heskett wrote: > On Friday 03 October 2014 07:19:13 Tim Smith did opine >> Over the last 24-48 hours, I submitted a number of email attachments. >> RAR files that contained viruses. >> >> Running one or two of them through VirusTotal today, I see ClamAV have >>

Re: [clamav-users] Urgent: Php.Exploit.CVE_2015_2331-3 FP

Hi Alain, I've just submitted a small selection of the files being tagged as infected. Regards Mark > On 27 Aug 2015, at 11:09 am, Alain Zidouemba > wrote: > > Al, > > I will be pulling the signature shortly. Could you please submit a few of > the file that are alerting here: http://www.clam

Re: [clamav-users] Successfully processed

Hi, I've been getting this for a few days. The first time I received it, the rogue sig was removed from the DB shortly afterwards, so I assumed* it worked OK and that it was just a bug in the code that composes the email response. Mark * yes, yes I know what assuming does to U and me. > On 15

[clamav-users] Win.Trojan.Ramnit FPs

I'm still getting the email saying "your sample was empty", so I'm posting here too. The Ramnit series of sigs is hitting a bunch of files which have been resident on users' HDs and scanned as clean for many years. VT also reports ClamAV as the only vendor detecting an infection. To clear the i

Re: [clamav-users] ClamAV FP/Malware Submissions

Thanks Joel. Do we need to resubmit the FPs we submitted over the last week-or-so, or did you actually receive them OK? Mark > On 16 Feb 2016, at 11:48 pm, Joel Esler (jesler) wrote: > > It appears that we have resolved the issue with FP/Malware submissions on > ClamAV.net

[clamav-users] Recent rash of FPs

Hi all, I'm just wondering if there's an underlying reason for the recent rash of FP detections. From my own experience, with the exception of 3 signatures, all of the ones I've had to report and/or whitelist locally have a sig name ending in -xxx where xxx is a number. Are these numbered sigs

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

> On 17 Feb 2016, at 11:21 pm, Joel Esler (jesler) wrote: > > For my, I use Mail.app the majority of the time. Apparently if I delete > lines and inline reply like I do in Thunderbird, Mail.app just tells me to > eat dust and unthreads the whole thing. Guess I should file a bug with Apple.

Re: [clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

> On 18 Feb 2016, at 3:28 pm, Joel Esler (jesler) wrote: > > > Bottom posting with Mail.app now. > > Yeah, it’s how I did it that was the problem. I tried to make the email nice > and neat, and Mail.app (prior to… I’d say.. Yosemite?) dealt with how I did > it fine. But ever since they d

Re: [clamav-users] freshclam --show-progress

There was a change in 0.99 which meant if the freshclam tool was called from something other than a terminal (tty), the progress percentage wouldn't be shown. The intended usage with the new --show-progress flag is to force the progress percentage to be shown even if freshclam is not called from

Re: [clamav-users] ClamAV® blog: ClamAV will release a new main.cvd and daily.cvd this weekend.

Will the update to main.cvd be distributed as .cdiff files or will every user have to download the main.cvd file in its entirety? Mark > On 9 Mar 2016, at 10:45 pm, Joel Esler (jesler) wrote: > > Correct. > > -- > Joel Esler > Manager, Talos Group > > > On Mar 9, 2016, at 5:30 PM, Al Varnel

Re: [clamav-users] FYI clamdmon not working - due to change in Eicar name

Hopefully this is just a bug as the eicar test file isn't really a "win" test; it's just a text file. I imagine many people will have scripts and test routines set up which expect the name "Eicar-Test-Signature" - I know I do! Is there any way this can be changed back or does everyone have to u

Re: [clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

Just to confirm, I'm also seeing everything being flagged as Win.Trojan.Trojan-476 with the new main/daily.cvd files. Mark > On 17 Mar 2016, at 6:49 am, Al Varnell wrote: > > I just ran a scan against the ClamAV test files contained in the 0.99.1 > source file and I’m getting all Win.Trojan.T

[clamav-users] Manually applying cdiff files

3 WARNING: build: Signatures in daily db files: 202849, loaded by libclamav: 203452 Total sigs: 203452 New sigs: 5746 Builder name: Mark Allan Created daily.cld That all *appears* to work OK (i.e. no errors), but

Re: [clamav-users] clamscan not obeying the --exclude-dir directives

Hi Adam, Are you producing that clamscan invocation yourself? If not, and it's coming from something produced by ClamXav, then you should direct your question to the official support channel for ClamXav which can be found at https://www.clamxav.com/contactus Regards Mark > On 14 Jun 2016, at

Re: [clamav-users] Suggestion: Need option to "Block Skipped Files" and Scan Summary to indicate "Skipped files"

Hi Steve, Sorry to hijack the thread, but as you've brought it up - is there an ETA for 0.99.3? Mark > On 15 Sep 2016, at 4:02 pm, Steven Morgan wrote: > > Hi, > > There will be an option --block-max (clamd - BlockMax) in ClamAV 0.99.3. > > Steve > > On Thu, Sep 15, 2016 at 1:44 AM, Andy S

Re: [clamav-users] Java.Malware.Agent-1756221 false positive still detected

Hi Andy, As this is more closely related to ClamXav rather than ClamAV, this request should be directed to ClamXav's support team at https://www.clamxav.com/contactus rather than here. Regards Mark > On 12 Oct 2016, at 4:27 pm, Andy Keller wrote: > > We’ve got the netty-all.jar that is the s

[clamav-users] Win.Trojan.Agent-1771607 FP with sftp binary on macOS 10.12

Hi all, I've just reported this as an FP via the web form, but just so others are aware, ClamAV defs update 22376 detects a false positive for the 'sftp' binary that ships with macOS 10.12 Malware name: Win.Trojan.Agent-1771607 MD5 (/usr/bin/sftp) = 4eebcd77c25b8a5eb13de0ec6d8fb9d5 Best regard

[clamav-users] Issue with daily-22474

Hi folks, Was "daily-22474.cdiff" supposed to be ~20MB in size? The freshclam binary seems to hang whilst processing it, and if left long enough, you end up with a corrupt daily.cld database. I'm surprised no-one else has reported this here, so I'm wondering was it only the UK mirrors that wer

Re: [clamav-users] Issue with daily-22474

have already been raised and settled in the comment section. > > Bottom line is, if you are using a version of ClamAV prior to 0.98.0 (0.97, > 0.96, etc) you need to upgrade _now_. > > Please do not hesitate to ask me any questions concerning this. > > Sent from my iPad >

[clamav-users] FPs for Txt.Malware.Agent-XXXXX

Hi all, I've just submitted a zip file [MD5 ec585bf6626a5a3649726bde4e00a3f7] containing a number of files which ClamAV incorrectly detects as various strains of Txt.Malware.Agent My experience may be slightly skewed, but it seems that the rate of FPs has increased a lot lately, and they mostl

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

anks for the feedback, you are right, I am experiencing some high counts >>> in the Txt.Malware.Agent family. >>> >>> I’ve disabled this engine for now. >>> >>> -- >>> Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>

Re: [clamav-users] FPs for Txt.Malware.Agent-XXXXX

> On 23 Nov 2016, at 11:23 am, Al Varnell wrote: > > Sorry, I didn't realize that Html.Malware.Agent-1834906 was part of the > problem. It too was dropped in daily - 22584. Oops, you're right. I must have copied any pasted that from the wrong list. Sorry. > Also, Joel mentioned something abo

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

> On 29 Dec 2016, at 12:06 pm, Steve Basford > wrote: > > In clamscan there is: > > --official-db-only[=yes/no(*)] Only load official signatures > > in clamd.conf there is: > > OfficialDatabaseOnly#Only loading official signatures. > > I suppose there could be a: > > --3rd-party-

[clamav-users] FP with Java.Exploit.CVE_2012_1723-8

Hi, I've received a few reports of FPs with the signature Java.Exploit.CVE_2012_1723-8. I can't upload a sample because, of all places, it's being detected in the scan log which could contain sensitive information. Apart from the fact that it's very generic, looking only for a single short str

Re: [clamav-users] SpoofedDomain FOUND

> On 16 Feb 2017, at 12:48 pm, Reindl Harald wrote: > > Am 16.02.2017 um 13:39 schrieb ellanios82: >> On 02/16/17 02:59, Al Varnell wrote: >>> I'm afraid it's going to be more trouble than it's worth. You will >>> need to turn debugging on when you scan that mailbox which will >>> produce a huge

Re: [clamav-users] SpoofedDomain FOUND

> On 16 Feb 2017, at 1:03 pm, Reindl Harald wrote: > Am 16.02.2017 um 14:00 schrieb Mark Allan: >> >>> On 16 Feb 2017, at 12:48 pm, Reindl Harald wrote: >>> >>> Am 16.02.2017 um 13:39 schrieb ellanios82: >>>> >>>> - What please

Re: [clamav-users] SpoofedDomain FOUND

> On 16 Feb 2017, at 1:12 pm, Reindl Harald wrote: > Am 16.02.2017 um 14:09 schrieb Mark Allan: >>> On 16 Feb 2017, at 1:03 pm, Reindl Harald wrote: >>> Am 16.02.2017 um 14:00 schrieb Mark Allan: >>>> >>>>> On 16 Feb 2017, at 12:48 pm, Reindl

Re: [clamav-users] how to avoid false positive in clamAV

To whitelist specific files this way, you need to add the m5sum to a file with the .fp extension. So, in your example, it should be sigtool --md5 my_file_name.exe >> local.fp If you want to ignore the signature altogether, you add the signature name to a file with the extension ign2. For wha

Re: [clamav-users] Manual cdiff update procedure

Yes and no. You can use sigtool to unpack and then apply the individual cdiff scripts in turn (check the man page for details). This will give you a directory full of files which is the equivalent of the current cvd file, however you cannot then repackage and sign the resulting database directo

Re: [clamav-users] No Signature updates for 30 hours?

It looks like there's a problem with the DNS text record not updating properly. It still shows the "current" version as 23343 dig -t txt current.cvd.clamav.net +short "0.99.2:57:23343:1493638140:1:63:45876:296" Mark > On 1 May 2017, at 1:21 pm, Arnaud Jacques / SecuriteInfo.com > wrote: > >

[clamav-users] New Main.cvd coming

Hi all, I spotted this yesterday on the ClamAV blog and was waiting for Joel (or someone else) to mention it here, but that may or may not happen, so... http://blog.clamav.net/2017/05/clamav-will-be-publishing-new-maincvd.html The gist is that a new main.cvd will be getting pushed out n

Re: [clamav-users] Main CVD and Main Cdiff have been published

For some reason, applying the 4MB daily-23454.cdiff file took a really long time, even on a fast machine - 6 minutes on a 2.6 GHz intel core i7 Curiously, the main-58.cdiff took only a fraction of that time (less than 30 seconds) to apply, despite being twice the size. So I'm wondering, when po

Re: [clamav-users] ClamAV® blog: ClamAV 0.99.3 beta has been released!

Hi all This email is two-part: an FP report and a bug report - both only concerning 0.99.3 I just uploaded an FP which is only being detected by 0.99.3 beta 1. The checksum for the submitted file (PDFSigQFormalRep.pdf) is 1a29b1f3d6df9f1e47c8a77dde142238 It's part of Adobe Acrobat an

[clamav-users] Another bug with ClamAV 0.99.3 beta 1

Hi all, Another issue with 0.99.3 beta 1. The clamd process crashes on macOS 10.6.8 because it can't find the strndup symbol. There are a couple of references to strndup in the source for clamd and libclamav - should these be changed to cli_strndup or am I better to include a static replaceme

Re: [clamav-users] Another bug with ClamAV 0.99.3 beta 1

_X_VERSION_MIN_REQUIRED__) && (__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ <= 1068)) size_t strnlen(const char *s, size_t n) __attribute__((weak)); size_t strnlen(const char *s, size_t n) { Hope that's useful. Mark > On 13 Aug 2017, at 10:25 pm, Mark Allan wrote: > > Hi all, >

Re: [clamav-users] Another bug with ClamAV 0.99.3 beta 1

urrently in place for when to use the local implementations of >> strnlen and strndup will be going away. Thanks for writing a patch. It >> should suffice during beta. >> >> >> Steve >> >> >> On Mon, Aug 14, 2017 at 9:47 AM, Mark Allan wrote: >>

Re: [clamav-users] Signatures in md5sum not in sha256sum

> On 8 Sep 2017, at 5:32 pm, Joel Esler (jesler) wrote: > > We don’t have a slated date yet. We’ve had about 6000 downloads of the beta > package and no reported bugs so far. > > > So far, so good. That's not entirely true; I reported at least three bugs. Mark _

Re: [clamav-users] Signatures in md5sum not in sha256sum

> On 11 Sep 2017, at 1:01 pm, Joel Esler (jesler) wrote: > > Reported them to bugzilla? Nope - in your announcement email (copied & abbreviated below) you asked us to provide feedback via the list: > On 4 Aug 2017, at 12:04 am, Joel Esler (jesler) wrote: > > ClamAV 0.99.3 beta has been rele

Re: [Clamav-users] Latest daily file crashes ClamAV on PowerPC Macintosh

On 16 Jun 2010, at 10:26 pm, Larry Stone wrote: On Thu, 17 Jun 2010, Török Edwin wrote: On 06/16/2010 11:58 PM, Larry Stone wrote: This is on a PowerPC Macintosh runing OS X 10.5.8 and ClamAV 0.96.1. Are you sure it is 0.96.1? Did you restart clamd after the upgrade? Yes, it's 0.96.1. Even w

Re: [Clamav-users] Latest daily file crashes ClamAV on PowerPC Macintosh

On 16 Jun 2010, at 10:26 pm, Larry Stone wrote: On Thu, 17 Jun 2010, Török Edwin wrote: On 06/16/2010 11:58 PM, Larry Stone wrote: This is on a PowerPC Macintosh runing OS X 10.5.8 and ClamAV 0.96.1. Are you sure it is 0.96.1? Did you restart clamd after the upgrade? Yes, it's 0.96.1. Even w

Re: [Clamav-users] Latest daily file crashes ClamAV on PowerPC Macintosh

On 17 Jun 2010, at 5:24 pm, Larry Stone wrote: On Thu, 17 Jun 2010, Török Edwin wrote: Here is a new patch for Mac OS X/PPC: https://wwws.clamav.net/bugzilla/attachment.cgi?id=1333 It reverts my previous patch, and applies my patch from LLVM PR5201 (which isn't finished, but appears to work

Re: [Clamav-users] Latest daily file crashes ClamAV on PowerPC Macintosh

On 9 Sep 2010, at 8:11 pm, Török Edwin wrote: On Thu, 9 Sep 2010 19:01:28 +0100, Mark Allan wrote: On 17 Jun 2010, at 5:24 pm, Larry Stone wrote: On Thu, 17 Jun 2010, Török Edwin wrote: Here is a new patch for Mac OS X/PPC: https://wwws.clamav.net/bugzilla/attachment.cgi?id=1333 It reverts

Re: [Clamav-users] Latest daily file crashes ClamAV on PowerPC Macintosh

On 9 Sep 2010, at 9:53 pm, Mark Allan wrote: On 9 Sep 2010, at 8:11 pm, Török Edwin wrote: On Thu, 9 Sep 2010 19:01:28 +0100, Mark Allan wrote: On 17 Jun 2010, at 5:24 pm, Larry Stone wrote: On Thu, 17 Jun 2010, Török Edwin wrote: Here is a new patch for Mac OS X/PPC: https

Re: [Clamav-users] Latest daily file crashes ClamAV on PowerPC Macintosh

On 10 Sep 2010, at 7:50 am, Török Edwin wrote: On Thu, 9 Sep 2010 22:17:07 +0100 Mark Allan wrote: On 9 Sep 2010, at 9:53 pm, Mark Allan wrote: On 9 Sep 2010, at 8:11 pm, Török Edwin wrote: On Thu, 9 Sep 2010 19:01:28 +0100, Mark Allan wrote: On 17 Jun 2010, at 5:24 pm, Larry Stone wrote

Re: [Clamav-users] OSX configure command

On 14 Nov 2010, at 12:54 am, TR Shaw wrote: On Nov 13, 2010, at 7:46 PM, Larry Stone wrote: On 11/13/10 5:35 PM, TR Shaw at ts...@oitc.com wrote: I just got around to compiling 0.96.4 and no joy. My configure command no longer is working properly. I have xcode install and my search path is

[clamav-users] Downloading daily.cvd seems to be corrupt

Hi folks, The daily.cvd file appears to be corrupt. The diff files are ok, so scripted updates still work fine, but for people who have scripted updates turned off (or have no defs to begin with) running freshclam fails. Mark [colossus] mark% freshclam -v Current working dir is /usr/local/sha

[clamav-users] Downloading daily.cvd seems to be corrupt [ignore last]

...and of course, it's working again now - before my message even hits the mailing list. Sorry! Mark ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [clamav-users] My outdated Clam

On 6 Mar 2012, at 14:49, G.W. Haywood wrote: > On Tue, 6 Mar 2012, Steve Kirkby wrote: > >> I can't get through the tech. complexity of upgrading my ClamAV, >> version 2.2.2. I am not a computer engineer, just a user. ... >> ... >> What to do please? (Perhaps Clam is too unfriendly for ordinary >>

Re: [clamav-users] Android port for ClamAV

Is android development not done in Java? ClamAV is written in C; porting would not be a simple matter. M On 1 Aug 2012, at 19:33, james henrydoss wrote: > Has anyone attempted ClamAV porting to android using NDK. > > Please let me know. > > I am looking for a open source security scan app f

Re: [Clamav-users] Aborting clamdscan with ctrl-c

On 8 Mar 2007, at 01:29am, Tomasz Kojm wrote: On Thu, 8 Mar 2007 01:18:19 + Mark Allan <[EMAIL PROTECTED]> wrote: When I cancel clamdscan by using ctrl-c or killall clamdscan the clamdscan process dies but clamd continues to scan the file it's currently on. clamd will au

Re: [Clamav-users] Aborting clamdscan with ctrl-c

On 8 Mar 2007, at 16:57pm, Tomasz Kojm wrote: On Thu, 8 Mar 2007 16:46:04 + Mark Allan <[EMAIL PROTECTED]> wrote: On 8 Mar 2007, at 01:29am, Tomasz Kojm wrote: On Thu, 8 Mar 2007 01:18:19 +0000 Mark Allan <[EMAIL PROTECTED]> wrote: When I cancel clamdscan by using ctrl-

[clamav-users] Whither ClamAV 0.99.2.1 ?

Hi guys, I saw the following blog post about an interim release (ClamAV 0.99.2.1) in my newsreader last week http://blog.clamav.net/2018/01/heads-up-clamav-version-09921.html The article said you planned to release 0.99.2.1 today (24th January), however, the post is no longer appearing

Re: [clamav-users] Read the signature in cdiff file.

I agree with Al - I can't really see why anyone would need to do this, but I've been dealing a lot with cdiff and script files lately, so I know exactly how to do what you're asking! At the start of each cdiff file is a header which reads something like this: ClamAV-Diff:24263:17164: It'

[clamav-users] No updates since Monday 26th - daily 24352 ?

Hi there, I just noticed that there don't appear to have been any updates to daily.cvd since v24352 on Monday 26th, which seems unlikely. Is this correct or has something gone wrong with the update process? Could it be related to the update of the clamav.net backend that you blogged about...on

Re: [clamav-users] No updates since Monday 26th - daily 24352 ?

ocess?" Mark > On 28 Feb 2018, at 2:05 pm, Frank Elsner wrote: > > On Wed, 28 Feb 2018 12:52:42 + Mark Allan wrote: >> Hi there, >> >> I just noticed that there don't appear to have been any updates to daily.cvd >> since v24352 on Monday 26th, whi

Re: [clamav-users] clamAV Whitelist

Rather than whitelisting, you could add something like cmbx$ to your exclude settings. You would do this either by passing the appropriate command line argument to clamscan or by tweaking your clamd.conf file. Mark > On 1 Mar 2018, at 11:52 am, Emanuel wrote: > > Hello? > > > El 28/02/18 a

Re: [clamav-users] ClamAV(R) blog: ClamAV 0.99.4 has been released!

> On 8 Mar 2018, at 9:08 am, Tilman Schmidt wrote: > > What definitely isn't fine is this endless griping about how people > should phrase their questions differently, know more than they do, have > read this and that (blindly assuming that they hadn't) and so on which > contributes exactly not

Re: [clamav-users] Freshclam 0.100.0 returning 1 on up-to-date

Looks like the problem actually stems from a new #define in "freshclam/freshclamcodes.h". Change the value of FC_UPTODATE from 1 to 0 and you'll get the old/correct functionality. Patch below. Cheers Mark diff -Naurw freshclamOrig/freshclamcodes.h freshclam/freshclamcodes.h --- freshclamOrig/fr

[clamav-users] FP with Osx.Trojan.EmPyre-6852410-0

Hey folks, Signature "Osx.Trojan.EmPyre-6852410-0 " is generating an FP against a file signed and distributed by Apple. File hash is c81d0180cbfa858d6f3faf445514cbb53675d4f469beaa5638eb95a3a8d5d0f1 Mark _

[Clamav-users] Why no Include and Exclude options with clamd?

Hi all, I suspect cross-posting is not allowed so if this is the wrong list, let me know and I'll send it to clamav-devel instead. I write a GUI for ClamAV and am changing things so it uses clamd/ clamdscan rather than clamscan but can't get clamd to use the -- include and --exclude pattern

Re: [Clamav-users] [mac os x] compilation failed 0.9 on mac os x 10.3.9 server

The compile works if you remove the -arch i386 flags from the Makefiles. I think it appears more than once: in the root Makefile and twice in the libclamav subdirectory, but I can't remember exactly. Mark On 15 Feb 2007, at 12:36pm, Léonard Bouchet wrote: Hi all, I can't make clamav-

Re: [Clamav-users] Minor bug on the home page

On 16 Feb 2007, at 17:00pm, Robert Allerstorfer wrote: Hi, On Fri, 16 Feb 2007, 11:35 GMT-05 Rick Macdougall wrote: When I click on the Support link, the page displays in Italian instead of English as all the other pages do. I have these issues all the time when i click around through the

[Clamav-users] Aborting clamdscan with ctrl-c

Hi, When I cancel clamdscan by using ctrl-c or killall clamdscan the clamdscan process dies but clamd continues to scan the file it's currently on. Can someone please tell me if there is any way to tell clamd to abort the files it's currently scanning? Just now the only way I can see

Re: [clamav-users] How can we consume .ldb files in ClamAV Ubuntu?

Hi Sandeep, There's no need to convert them. Just put them straight into the clamav database directory and call them whatever_you_want.ldb eg /var/lib/clamav/fireeye.ldb As long as the name you choose doesn't conflict with ClamAV's naming (eg main/daily/bytecode etc), the only bits you

Re: [clamav-users] New Main & Daily CVD's are incoming

Hi Joel, Will you be posting scripted updates for main.cvd and daily.cvd or just the new cvd files in their entirety? I seem to remember processing the cdiff files caused a lot of problems for people the last time main.cvd was updated. Mark > On 13 Jul 2021, at 3:05 pm, Joel Esler (jesler) via

Re: [clamav-users] New Main & Daily CVD's are incoming

gards Mark > On 13 Jul 2021, at 3:55 pm, Joel Esler (jesler) wrote: > > I am not sure what you mean by “scripted updates”? If you are using > FreshClam or cvdupdate, your downloads should happen fine. > >> On Jul 13, 2021, at 10:29 AM, Mark Allan via clamav-users >>

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

I find myself asking the same question. Just from a personal point of view, I've invested a lot of time over the years creating scripts that pull down dependencies, build & install them in the right order, and then build package and deploy ClamAV. Looks like I'll now have to spend even more time

Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!

ok trust clamav > msl build --help > msl build clamav_deps -t host-static --dry-run > msl build clamav_deps -t host-static > > I have not yet modified the clamav recipe to build the PKG installer, since > the above PR hasn’t merged yet, but “msl build clamav -t host-static”

Re: [clamav-users] ClamAV 0.105 release candidate

> On 15 Mar 2022, at 11:15 am, Andrew C Aitchison > wrote: > > On Tue, 15 Mar 2022, Joel Esler via clamav-users wrote: > >> Can’t use wget. > > Understood. > Is there a way to get source and binaries via fetchclam or cvdupdate ? > Or any other scriptable command ? > > An interactive web brow

Re: [clamav-users] [Clamav-devel] Second ClamAV 1.0.0 release candidate AND updated packages for 0.105.1

I thought there was an issue with v1.0 rc2, as a comparison with a previous installation (0.104.1) on the same machine showed massively increased scan times. After about an hour of digging and laboriously comparing output from clamscan --debug, as well as the man pages and clamd.conf, I finally

Re: [clamav-users] Information about the signature database

Al will probably be along shortly to correct me (he's quite good at tracking down when items were added to the DB), but as far as I know, the only way is to search the archive of posts to the clamav-virusdb mailing list. https://lists.clamav.net/pipermail/clamav-virusdb/ Mark > On 9 De

Re: [clamav-users] Scan very slow

Hi all, We've been experiencing this slowdown too. We run every DB update through an extra FP test against a number of recent Mac OS installs (OS X 10.6 - 10.14, as well as some well-known 3rd party apps) just to weed out any potentially overzealous signatures. On the new Mac Minis this FP test u

Re: [clamav-users] Scan very slow

ord wrote: > On 2019-03-25 10:52, Mark Allan via clamav-users wrote: > > Hi all, > > > te. > > > > Hopefully this helps someone to narrow things down a bit. > > > > Mark > > > > 18/3/19 10m 49s TXT from DNS: > 0.101.1:58:2539

Re: [clamav-users] Scan very slow

) and in the last two updates > have been re-adding them with more specific scan target types. We’re now > investigating some other optimizations we can make for the next major > ClamAV release to improve scan times but at present we don’t have any other > leads for signatures that

Re: [clamav-users] Scan very slow

Already tried that. Mark On Fri, 5 Apr 2019 at 14:20, Joel Esler (jesler) wrote: > > On Apr 5, 2019, at 09:13, Mark Allan via clamav-users < > clamav-users@lists.clamav.net> wrote: > > Also CC'ing Micah directly as the mailing list would appear to be offline &g

Re: [clamav-users] [External] Re: Scan very slow

> categories to enable/disable. In this light, it ties in well with existing > plans. > > > > Of note the Phishtank sigs from Friday’s daily were removed yesterday and > scan times should be back to normal. > > > > Regards, > > Micah > > > > *From: *Tim H

Re: [clamav-users] [External] Re: Scan very slow

gt; Yes, the plan is still to remove the rest of the Phishtank signatures. We > wanted to get things back to relative normal and resolve the immediate > crisis. We’ll remove the rest of them soon. > > > > Best, > > Micah > > > > *From: *Mark Allan > *Date

Re: [clamav-users] [External] Re: Scan very slow

;> dropped by daily-25417 on 12 April, and I can't seem to locate any more. >> >> -Al- >> >> On Apr 17, 2019, at 02:01, Mark Allan via clamav-users < >> clamav-users@lists.clamav.net> wrote: >> >> Hi Micah, >> >> Sorry to pester you

Re: [clamav-users] Clamd crashes frequently - macOS Catalina

Try excluding Email.Exploit.Efail-6641027-1 from the main ClamAV set. You can do that by adding the signature name to a file called anything_you_like.ign2 and putting it in your database directory. We had an issue with something crashing clamd and we strongly suspect that signature is to blame.

Re: [clamav-users] Clamd crashes frequently - macOS Catalina

guring > out what signature that is won’t be easy. > > Sent from my iPad > > -Al- > >> On May 1, 2020, at 18:38, James Brown via clamav-users >> wrote: >> >> On 1 May 2020, at 8:31 pm, Mark Allan via clamav-users >> mailto:clamav-users@lists.

Re: [clamav-users] Clamd crashes frequently - macOS Catalina

gt;> >> Regards, >> Micah >> >> From: clamav-users > <mailto:clamav-users-boun...@lists.clamav.net>> >> Date: Saturday, May 2, 2020 at 5:50 PM >> To: ClamAV users ML > <mailto:clamav-users@lists.clamav.net>> >> Cc: Mark Allan mailto:

Re: [clamav-users] Clamd crashes frequently - macOS Catalina

0.32 for case-insensitive patterns. > > If you have a sample and signature that cause the issue, I’d love a copy so I > can investigate further. > > -Micah > > From: Mark Allan > Date: Tuesday, May 5, 2020 at 5:20 AM > To: ClamAV users ML , Micah Snyder (micasnyd)

Re: [clamav-users] Uninstalling clamAV on macOS

I've just inspected the installer pkg itself and can confirm that the only items installed are under /usr/local/clamav There are no postflight/preflight scripts that install any extras or do anything else. The receipt under /Library/Receipts is just so macOS knows what was installed and when,