bondo vine | 20 May 13:18 2016
Picon

checking for OpenSSL installation... /usr

Hello There,

First timer here so please excuse my novice-ness.

I am trying to configure ClamVA on OEL 6.7 but keep hitting the
aforementioned issue. Although openssl exists on the machine and in the
PATH, it still complains. Not sure if I am missing something obvious here.

Appreciate any feedback.
Cheers
VK
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Rick Valenzuela | 19 May 06:43 2016

LibClamAV warning, cli_pdf unimplemented filter DCTDECODE

Hi,

Where can I find info on this warning when running clamscan?:

LibClamAV Warning: cli_pdf: unimplemented filter type [10] => DCTDECODE

I've been searching, but I can't find much on LibClamAV and filters,
much less cli_pdf or DCTDECODE.

Best regards,
Rick

--

-- 
Rick Valenzuela
Videojournalist
Shanghai, China
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Michael D. L. | 17 May 14:02 2016
Picon

Signature update schedule, and requirements for adding Signatures

Hi,

Hope it's the right list I'm posting to :)

Why is the Signature Database only updated every 4 hours? Every 15 
minutes would make more sense, since Spammers move very fast pushing out 
new version of Trojans and alike.

I've reported several Signatures/Files (via. the website), but they 
never make it to the database. When reporting, I also included the 
result from www.virustotal.com

Best Regards
  Michael

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Zvi Kave | 16 May 11:33 2016

Re: ClamAV virus database not downloaded: No permission ?!


Yes. Usually I got a lot of messages like this:
ClamAV update process started at Sat Apr 30 03:00:50 2016
Reading CVD header (main.cvd): Trying again in 5 secs...
ClamAV update process started at Sat Apr 30 03:00:57 2016
Reading CVD header (main.cvd): Trying again in 5 secs...
ClamAV update process started at Sat Apr 30 03:01:02 2016
ClamAV update process started at Sat Apr 30 03:01:19 2016
Reading CVD header (main.cvd): Trying again in 5 secs...
ClamAV update process started at Sat Apr 30 03:01:25 2016

Zvi

On 16/05/2016 11:30, Al Varnell wrote:
> Is there some reason you are not using freshclam to do this initially and thereafter to download
incremental updates?
>
> Sent from Janet's iPad
>
> -Al-
>
> On May 16, 2016, at 1:29 AM, Zvi Kave<zvi.kave <at> razlee.com>  wrote:
>> Hi,
>>
>> I am trying to download daily.cvd and main.cvd by curl command as follows:
>>
>> curl  --data-binary -k"http://database.clamav.net/daily.cvd"  -G -o daily.cvd
>>
>> Most of the time, I get this text instead of the real *.cvd file:
>>
(Continue reading)

Zvi Kave | 16 May 10:29 2016

ClamAV virus database not downloaded: No permission ?!

Hi,

I am trying to download daily.cvd and main.cvd by curl command as follows:

curl  --data-binary -k "http://database.clamav.net/daily.cvd" -G -o 
daily.cvd

Most of the time, I get this text instead of the real *.cvd file:

<|DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /daily.cvd
on this server.<br />
</p>
<hr>
<address>Apache/2.4.20 (Unix) OpenSSL/1.0.2g Server at <a 
href="mailto:webmaster <at> omroep.nl">database.clamav.net</a> Port 80</addresss>
</body></html>

But randomly I get the real cvd file!?

Can someone help me in this weird issue?

Regards,

Zvi

(Continue reading)

Mich Rodz | 15 May 18:20 2016
Picon

Installing ClamAV in Amazon Linux with yum

When we install ClamAV in our Amazon Linux ElasticBeanstalk instance
with 'yum install clamav' it gets installed *without* PCRE support,
although the libraries are present in the instance.

Invoking clamscan on a file issues this warnings:

LibClamAV Warning: cli_loadldb: logical signature for Win.Trojan.ssid18332-1
uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for Win.Ransomware.Locky-4
uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for
Html.Exploit.CVE_2016_0184-1
uses PCREs but support is disabled, skipping

However PCRE is installed in the machine:

># yum install pcre
>...
>Package pcre-8.21-7.7.amzn1.x86_64 already installed and latest version
>Nothing to do

Scanning is also very slow.

How can I force ClamAV to use/recognize the installed PCRE libraries
in my Elastic Beanstalk machine?

Thanks!
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
(Continue reading)

Mich Rodz | 14 May 03:52 2016
Picon

yum-installing ClamAV in Amazon Linux

When we install ClamAV in our Amazon Linux ElasticBeanstalk instance with yum
install clamav it gets installed without PCRE support, although the
libraries are present in the instance.

LibClamAV Warning: cli_loadldb: logical signature for Win.Trojan.ssid18332-1
uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for Win.Ransomware.Locky-4
uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for
Html.Exploit.CVE_2016_0184-1
uses PCREs but support is disabled, skipping

However PCRE is installed in the machine:

# yum install pcre
...
Package pcre-8.21-7.7.amzn1.x86_64 already installed and latest version
Nothing to do

Scanning is also very slow.

How can I force ClamAV to use/recognize the installed PCRE libraries in my
Elastic Beanstalk machine?

Thanks!
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
(Continue reading)

Kristen R | 11 May 22:12 2016

Certificate error downloading clamav-0.99.2

List,

Knowing there is a new version of clamav out I have gone to download it.
But I run into an error I think should be made known. Below is the error:

# wget https://www.clamav.net/downloads/production/clamav-0.99.2.tar.gz
--2016-05-11 12:08:04--
https://www.clamav.net/downloads/production/clamav-0.99.2.tar.gz
Resolving www.clamav.net... 198.41.209.233, 198.41.208.233,
198.41.209.232, ...
Connecting to www.clamav.net|198.41.209.233|:443... connected.
ERROR: certificate common name `ssl392507.cloudflaressl.com' doesn't
match requested host name `www.clamav.net'.
To connect to www.clamav.net insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

Kristen

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
kamil_praca | 9 May 13:52 2016
Picon

How to scan applications in computer memory

Hi,
I`m new one, my name is Kamil and I have a question - how could I use ClamAV-x64 to scan programs currently
loaded in my Windows Computer Memory, just like ClamWin does (clamscan --memory)?
There is no parameter --memory in my clamscan.exe --help manual.

Best Regards,
Kamil

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Paul Kosinski | 6 May 18:17 2016

ClamAV Digest weirdness

Today (6 May), I received a single 1.22 MB Digest email with an
astounding *586* items, dated from Feb 7 through yesterday, May 5. 

The Digest had mysteriously stopped in early February, and couldn't be
restarted even when I signed up with a *new* email address. I then gave
up on the Digest and switched to individual email.

There is obviously something quite weird with the Digest mechanism if
it can suddenly send an enormous email with everything not sent for
months, mostly for one subscriber, to a nominally *different*
subscriber: the giant Digest was set to the *new* email address.

Unless, of course, this was done by hand in an attempt to remedy the
multi-month gap. (When I had reported the loss of Digest in early
March, it was claimed that the mailing lists hadn't been changed and
there was no glitch there.)
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Bernhard Vogel | 6 May 11:48 2016
Picon

Re: clamav-users Digest, Vol 137, Issue 3

Hello ClamAV Users,

I have an issue with clamav 0.99 on Debian 7 and  onDebian 8
When scanning many  Webhosting files like Wordpress, Joomla and similar.
clamscan throws errors like this:
  LibClamAV Error: cli_gentempfd: Can't create temporary file
/tmp/clamav-bf5e1c8fb78e0c76336b17f146e786f7.tmp: Too many open files

And many clamav folders like this are left in the   /tmp/   directory:
    /tmp/clamav-ecf2715ac17367a5ec8b52227ccccaf2.tmp/rfc2397

The errors do not happen when I deactivate scriptnormalization.
clamscan  -ir   --max-scriptnormalize=1  ./wp-content

But with this option I miss many infected files.
The errors started with clamav 0.99

Best Regards, Bernhard

________________________________________
Von: clamav-users <clamav-users-bounces <at> lists.clamav.net> im Auftrag von
clamav-users-request <at> lists.clamav.net <clamav-users-request <at> lists.clamav.net>
Gesendet: Mittwoch, 3. Februar 2016 18:00
An: clamav-users <at> lists.clamav.net
Betreff: clamav-users Digest, Vol 137, Issue 3

Send clamav-users mailing list submissions to
        clamav-users <at> lists.clamav.net

To subscribe or unsubscribe via the World Wide Web, visit
(Continue reading)


Gmane