Manoj Chitrala | 19 Aug 11:02 2014

Re: False Positive & File Decompression errors


We have 2 issues with Clamav.

1)      We've been receiving false positive alerts. I have also submitted false positives many a times but I
haven't received any response from clam av team. Please can you suggest a fix for this. I have upgraded the
AV to latest, updated the virus definitions but all in vain. Attaching the file for your reference. This
file show.html.erb is been reported with Html.Exploit.CVE_2014_0277, which is a false as we have
scanned it using Microsoft End Point Protection and found no threats.

2)      The other error we have is the clam av reports us it is unable decompress the file and scan. Please can you
suggest any solution for this. Error message appears as "scancws: Error decompressing SWF file
LibClamAV info"

Hoping to get a response on these 2 issues.

Manoj Chitrala

        [Research Now] <>
[Research Now]          Manoj Chitrala
Unix Administrator & Postmaster

                Tel: +44 207 084 3142  |  Fax: +44 207 084 3001  |  Mobile: +44 7971 312075

[] <>

        Follow us:  [Facebook] <>   [LinkedIn]
(Continue reading)

Tom | 9 Aug 20:45 2014

invalid icon entries?

When I run clamscan (clamav-0.98.4-1.el6.rf.x86_64), I get this output:

LibClamAV Warning: cli_scanicon: found 3 invalid icon entries of 3 total
LibClamAV Warning: cli_scanicon: found 3 invalid icon entries of 3 total
LibClamAV Warning: cli_scanicon: found 12 invalid icon entries of 12 total

Are these infected files? If so, how can I get rid of them? If not, how 
do I deal with these warnings? Thanks in advance...
Help us build a comprehensive ClamAV guide:

Chinmay Mahata | 8 Aug 14:44 2014

Libclamav :: Issue with version 0.98.4 on FC20 - Can't load /usr/local/share/clamav/daily.cvd: Can't allocate memory

&nbsp;&nbsp;&nbsp; I need to use clamav library in one of my modules. I downloaded latest version of clamav
(clamav-0.98.tar.gz) and installed on my system FC-20. Then I built the code in example directory and
tired to test my installation. 

But getting some error "LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Can't
allocate memory".

&nbsp; &nbsp; Please help me to resolve the issue. Below the problem in details.

SYSTEM :: Linux HOME 3.15.7-200.fc20.x86_64 #1 SMP Mon Jul 28 18:50:26 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
OPENSSL VERSION :: OpenSSL 1.0.1e-fips 11 Feb 2013

CLAMAV SRC :: clamav-0.98.tar.gz

$&gt;make install
$&gt;freshclam -uroot

Built successfully (as root user) ex1.c (added cl_debug() ) in the examples directory.
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $&gt;gcc -Wall ex1.c -o ex1 -lclamav

To scan one file, run the following command as "root" user.
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $&gt;./ex1 /home/TESTDIR/

Got the following error :: 

(Continue reading)

Tian Zhiying | 6 Aug 04:42 2014

Can I deploy the virus database to our intranet?


Our intranet has limited, so, we can't update virus database everyday, can I deploy the virus database to
our intranet? 


Tian Zhiying
Help us build a comprehensive ClamAV guide:

Daniel Friske | 6 Aug 04:29 2014

Syslog clamscan results

I’ve been asked to have install clamav on all of our linux boxes and have their scan results syslogged to a
central server. We already have a syslog server set up for our network devices, I’m just having trouble
getting this to work on the linux boxes.
I’m on a centos box that has rsyslogd already on it but can’t for the life of me figure out how to get it to work.

I added the following line in the rsyslog.conf file and I started to get logs from cron jobs among other
things but none from clamav
*.*  <at> server:514

I ran a clam scan to test
clamscan /tmp --log=/var/log/clamav/clamscan.log
Still nothing coming up on the syslog server

The clamav.conf file contains the following lines
LogFile /var/log/clamav.log
What am I doing wrong?


Daniel Friske

Disclaimer: This message contains confidential information and is intended only for the named
addressee. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail
from your system. Finally, the recipient should check this email and any attachments for the presence of
viruses. While we take every precaution to ensure that all outgoing email is scanned for viruses, the
company accepts no liability for any damage caused by any virus transmitted by this email.
(Continue reading)

Joel Esler (jesler | 29 Jul 16:48 2014

ClamAV®: ClamAV 0.96 Engine End of Life Announcement

> ClamAV 0.96 Engine End of Life Announcement
> ClamAV Community,
> This notice is to inform you that effective immediately ClamAV 0.96 (and all minor versions) is no longer
supported in accordance with ClamAV's EOL policy which can be found here:
> While the current CVD's being distributed will still work on ClamAV 0.96, we are enabling the
functionality to actually make those versions no longer be able to update.  There is detection that we have
written that cannot be shipped to the 0.96 branch.
> Thank you for using ClamAV!  
Attachment (smime.p7s): application/pkcs7-signature, 6509 bytes
Help us build a comprehensive ClamAV guide:
Chris | 24 Jul 00:10 2014

Still fighting with ClamAV and Ubuntu

Still trying to get this to work with SA. I'm pretty sure it's not going
to until I get the correct reply:

[sudo] password for chris: 
root <at> localhost:/usr/sbin# clamd ping
ERROR: setgroups() failed.

Any advice?



31.11°N 97.89°W (Elev. 1092 ft)
17:08:55 up 2 days, 23:23, 3 users, load average: 0.05, 0.16, 0.24
Ubuntu 14.04 LTS, kernel 3.13.0-32-generic

Help us build a comprehensive ClamAV guide:
Bernard Thédié | 23 Jul 11:41 2014

Priority problem


I'm using clamav under Linux. I've scheduled a daily scan of my home 
dir. I would like to know if there's a way of telling clamscan to run 
more nicely ; actually when clamscan runs, it takes between 75 and 90% 
of my CPU ! I would rather think of an antivirus as a silent, 
background, quiet process. I tried "nice" and "renice" but clamscan 
doesn't seem to take account of that.

Friendly yours
Help us build a comprehensive ClamAV guide:

Chris | 23 Jul 04:12 2014


Still working out the final kinks and learning a lot about Ubuntu. I've
got SA and ClamAV integrated now thanks to Anthony Dickinson on the
list. However, I noticed this in my hourly syslog snippet:

Jul 22 13:34:07 localhost spamd[18732]: spamd: processing message
<1406053942.31541.26.camel <at> localhost> for chris:1000
Jul 22 13:34:20 localhost clamd[11467]: Accepted connection from on port 1302, fd 13
Jul 22 13:34:20 localhost clamd[11467]: ScanStream( <at> 1302):
Can't create temporary file.
Jul 22 13:34:20 localhost spamd[18732]: spamd: clean message (-1.2/5.0)
for chris:1000 in 12.6 seconds, 2666 bytes.

Looking here - at the
clamd manpage I notice this:


       STREAM Scan  stream  -  on this command clamd will return "PORT
              you should connect to and send data to  scan.
              INSTREAM instead)

Question, do I need to make modifications to the file to reflect this?

I also noticed that if I run
(Continue reading)

Chris | 20 Jul 04:38 2014


Finally I'm about finished with setting up my Ubuntu 14.04 system and
getting everything setup the way it was in the old Mandriva system. I
have both SA and ClamAV running now but I'm missing a module,
File::Scan::ClamAV to interface with SA. Have tried multiple times to
install via CPAN, I'm posted the output at pastebin -

Any ideas anyone? ClamAV has been installed via the Ubuntu software
installer if it makes a difference.


Help us build a comprehensive ClamAV guide:

Shawn Webb | 18 Jul 22:56 2014

Re: [Clamav-devel] ClamAV(R): ClamAV 0.98.5 beta has been posted!

On Fri, Jul 18, 2014 at 4:51 PM, Mark Allan <markjallan <at>> wrote:

> On 9 Jul 2014, at 12:15 am, Joel Esler (jesler) <jesler <at>> wrote:
> > ClamAV 0.98.5 beta has been posted!
> > The ClamAV team is proud to announce the availability of ClamAV 0.98.5
> beta ready for testing!
> >
> >
> Compiled and appears to work fine on OS X 10.9 - also compiles fine on
> 10.10.
> For quite a while, there's been a huge number (several hundred) of
> compiler warnings - many ironically generated by code which has a comment
> alongside //silence compiler warning!
> Most warnings are about booleans being assigned to themselves, or unused
> variables and parameters.  Would it be of any help to try and remove these
> or would you prefer I just silence the warnings at my end with compiler
> flags?   -Wno-self-assign -Wno-unused-parameter -Wno-unused-variable
> Mark

Hey Mark,

I've recently fixed the majority of non-llvm compiler warnings in the
master branch of ClamAV's code. These fixes will go out in a future release.

(Continue reading)