Pascal | 3 Dec 10:57 2014

Offline updates


I found this on :
* Can I download the virusdb manually?
Yes, the virusdb can be downloaded from the Latest releases section on
our home page.
But I didn't the link on :-(
Where can I find virusdb ?

Thanks, lacsaP.
Help us build a comprehensive ClamAV guide:

Al Varnell | 3 Dec 08:29 2014


I believe this signature has been mislabeled as Windows only. The signature comes back as:

VIRUS NAME: Win.Trojan.Genieo
okup__ZL20dtor_genieo_06041979v___tcf_0 stub 

which tells me it’s an OS X executable.

Since it’s neither a false positive or false negative, I wasn’t sure how to report it.


Al Varnell
Mountain View, CA

Help us build a comprehensive ClamAV guide:

Benny Pedersen | 30 Nov 04:32 2014

Sigtool :(

I cant figure out how to build cud files yet with 0.98.5

Is there a guide somewhere for this ?

It fails with build name, and sigtool interactive ask for the build name, 
but fails to build with the type answer :(

Env variables is not explained anywhere
Help us build a comprehensive ClamAV guide:

Benny Pedersen | 30 Nov 04:26 2014

Clamsubmit option -p

Is the help text correct ?

Fase possitive ?

If running clamsubmit do i need to extract content first with eg ripmine if 
content is in email or does clamsubmit self do all this ?

What is a fp and fn ?
Help us build a comprehensive ClamAV guide:

Paul Kosinski | 28 Nov 19:47 2014

Re: Realtime scanner

Not completely sure what you mean by real-time scanner: file scanning
or scanning HTTP responses (Web browsing)?

For file scanning, there is (or used to be) Clamuko, which hooked in
to the Linux kernel. I never used it, so can't say anything about it.

For Web browsing, I use HAVP, which in turn uses the ClamAV library to
scan the HTML coming in over HTTP. It runs as a proxy, so doesn't
handle HTTPS (although I suppose one could modify Firefox or Chromium
to use pieces of HAVP, and hence libclamav, internally). 

HAVP seems to be no longer developed, but it still works. Look at -- Google HAVP for more info.

On Sun, 23 Nov 2014 12:00:00 -0500
clamav-users-request <at> wrote:

> Message: 5
> Date: Sun, 23 Nov 2014 10:48:20 +0530
> From: Deevakar PK <pkdeevakar <at>>
> To: clamav-users <at>
> Subject: [clamav-users] real-time scan
> Message-ID:
> 	<CAPWV5rGv8b39JpyUNbG0=Cyuv9xjrsf76DmLDwOgJGFAMd3ZEA <at>>
> Content-Type: text/plain; charset=UTF-8
> Hi Team,
> Is there any real-time monitoring available in clamAV with quarantine
> option ?
(Continue reading)

Heino Backhaus | 26 Nov 13:42 2014

cannot find clamav-devel-latest.tar.gz anymore...

Hello List,

i'm using as 
source for an automated daily upgrade-script since about 10 Years on 15 
+x MailScanner machines and it worked perfectly (thanks for that). My 
problem ist that this file just doesn't exist since version: ClamAV 
devel-20140826/19682/Wed Nov 26 06:40:34 2014. Haven't I searched hard 
enough ?

Mit freundlichen Gruessen

H. Backhaus

Fink-Computer Systeme
Heggrabenstr. 9, 35435 Wettenberg
Email: heino.backhaus <at>
Fax: +49-641-98444638
Fon: +49-641-98444640
UST-ID: DE151040770
HRB: 2143 Gießen
GF: Fredi Fink

“I was gratified to be able to answer promptly, and I did. I said I didn’t know.”

   -Mark Twain

Help us build a comprehensive ClamAV guide:
(Continue reading)

Matthias Egger | 24 Nov 14:07 2014

Mirroring Problems with and safebrowsing

Hello List

I just checked the logfiles back until october 2014 and saw, that we got
often "safebrowsing-<N>.cdiff not found on remote server" when we tried
downloading the file from

   2 times from
  15 times from
  41 times from

Are these mirrors just not aware that they should now mirror a
safebrowsing-<N>.cdiff File? Or should i use another URL
(db.?? to download (and which url in that case?).

Best regards


Matthias Egger
ETH Zurich
Department of Information Technology          maegger <at>
and Electrical Engineering
IT Support Group (ISG.EE), ETL/F/24.1         Phone +41 (0)44 632 03 90
Physikstrasse 3, CH-8092 Zurich               Fax   +41 (0)44 632 11 95

Attachment (smime.p7s): application/pkcs7-signature, 5543 bytes
Help us build a comprehensive ClamAV guide:
(Continue reading)

stephen.bone | 24 Nov 12:21 2014

Clamd: WARNING: lstat() failed on

Hi all,

I'm hoping someone can shed some light on an issue I'm experiencing...

I have been running Qmail, qpsmtpd, Qmail-Scanner, Spam Assassin, and 
Clamd on three mx's for some years.    Until recently I've been compiling 
my own ClamAV, and all has been well.  However in order to try to simplify 
the process  I've recently switched a test mx to using prebuilt rpms, and 
here I've been having an issue with clamd reporting WARNING: lstat() 
failed on ..., when scanning the contents of a directory.

I have tried to break the problem down.  So now I can re-create the same 
error by using clamdscan / clamd to scan the contents of a test directory. 
 I've tried running clamd as qscand (qmail-scanner user), clamav (clamav 
default), and root (only for testing).  It would appear that clamd scans a 
file in the root of the file system fine, however as soon as I point 
clamdscan to a/any directory I get 'lstat failed'.

Thinking it's a permissions issue, I've tested changing the owner of the 
directory to qscand, clamav, and root, to match the owner of the clamd 
process, as specified in clamd.conf.  I've also set permissions on the 
test directory to 755, however I'm still getting the same error.

I've spent some hours trying to diagnose the problem myself, since I get 
that your time is as valuable to you, and mine is to me!  But I'm at the 
point now where I guess I'm looking for a sanity check here...

I'm running CentOS 6.6, I've tried using ClamAV-0.98.4 from the epel repo. 
 This morning I've tried 0.98.5 from the epel-testing repo.  I have 
experience the same issue with both.
(Continue reading)

Deevakar PK | 23 Nov 06:18 2014

real-time scan

Hi Team,

Is there any real-time monitoring available in clamAV with quarantine
option ?

If yes, please let me know how to implement it?


Thanks & Regards,
Deevakar P K
Help us build a comprehensive ClamAV guide:

MarcelGiannelia | 23 Nov 03:42 2014

detection of really old viruses?

Most of the virus definitions in the cvd files don't seem to have dates
associated with them (at least that I could see with sigtool), so I
can't tell -- are older definitions ever dropped?

That is, will clamav always be able to detect viruses from, e.g., the
1990s, or are definitions for viruses that old eventually removed from
the database?

Help us build a comprehensive ClamAV guide:

Joel Esler (jesler | 19 Nov 21:48 2014

Bytecode Blog Posts

We have three blog posts concerning bytecode that will be posted to the ClamAV over the next week.  Today was
the first one:

Please take a minute to read the blog posts if bytecode is something you are interested in or use.

If you have any interest on future blog posts you’d like us to produce, please feel free to email me.

Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Help us build a comprehensive ClamAV guide: