[clamav-users] ClamAV ScanOnAccess not scanning RHEL7

Remi Bruggeman remi.bruggeman.ext at bayer.com
Mon Apr 3 01:25:10 EDT 2017


Hello Micky,

Thanks for looking further into this.
Here's the service information:
systemctl status clamd at scan.serviceclamd at scan.service - Generic clamav scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd at scan.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-03-30 11:31:54 CEST; 3 days ago
 Main PID: 16328 (clamd)
   CGroup: /system.slice/system-clamd.slice/clamd at scan.service
           └─16328 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes

---

cat /usr/lib/systemd/system/clamd at scan.service
.include /lib/systemd/system/clamd at .service

[Unit]
Description = Generic clamav scanner daemon

[Install]
WantedBy = multi-user.target

---

cat /lib/systemd/system/clamd at .service
[Unit]
Description = clamd scanner (%i) daemon
After = syslog.target nss-lookup.target network.target

[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf --foreground=yes
Restart = on-failure
PrivateTmp = true

I have tried to set the type to forking but the result remains the same.


Best regards,

Remi 

-----Original Message-----
From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On Behalf Of Mickey Sola
Sent: Friday, March 31, 2017 7:02 PM
To: ClamAV users ML
Subject: Re: [clamav-users] ClamAV ScanOnAccess not scanning RHEL7

Ah, sorry. Yes, I see the problem now.

I'm not certain off-hand what could be causing the discrepancy here. My
intuition tells me it's some sort of issue in how the service is getting
kicked off, but it may very well be a bug that needs further investigation.

If you could provide more details on how exactly you're starting up the
clamd service, that would be extremely helpful.

- Mickey

On Fri, Mar 31, 2017 at 3:26 AM, Remi Bruggeman <
remi.bruggeman.ext at bayer.com> wrote:

> Hey Micky
>
> Thank you so much for your clear reply. However, I do feel you have missed
> the mark.
> I have configured ClamAV to execute a script upon virus detection with the
> VirusEvent parameter in the config file.
> This script will move the suspected virus into quarantine, chmod it to 400
> and create a ticket in our ticketing system.
>
> The problem I'm facing is that when clamd is running as a (root) service
> (its 'normal' state) it does not seem to be using the on access scan, as I
> can freely manipulate the eicar test file without detection.
> However, when I execute clamd as root it does detect eicar, issue a
> virusevent and execute my script.
>
> In my original mail you'll notice I added 2 logtrails.
> The first one is when Clamd is running as a service. Imaging while this
> log was generated, I was creating a lot of eicar files and moving them to
> various places on the system. Sadly There's no output of this since Clamd
> did not detect these actions.
>
> The second one is when clamd has been executed as a root command, exactly
> the same command that's invoked by the service, which also runs as root:
> "/usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes". But here
> there's a significant difference. The moment I cat, copy or perform any
> other action on an eicar test file, it's found and handled:
> > Thu Mar 30 10:25:49 2017 -> ScanOnAccess: /root/test:
> Eicar-Test-Signature(1fa550df41e046eb56eae11d31259de9:73) FOUND
> > Thu Mar 30 10:35:31 2017 -> ScanOnAccess: /root/cfdf52:
> Eicar-Test-Signature(1fa550df41e046eb56eae11d31259de9:73) FOUND
> This behavior is the expected result of clamd as a service.
> The behavior is not consistent between the 2 modes of execution, while I
> think it should be.
>
> Notably, When I remove the OnAccessMountPath parameter from the config
> file, enable DDD and set the OnAccessIncludePath to /root, the clamd
> service _does_ work as expected and the on-access system _does_ notice when
> I'm playing with eicar. However, according to policy, we require to scan
> the complete filesystem.
>
>
> Best Regards,
>
> Remi
>
>
> -----Original Message-----
> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On
> Behalf Of Mickey Sola
> Sent: Thursday, March 30, 2017 6:52 PM
> To: ClamAV users ML
> Subject: Re: [clamav-users] ClamAV ScanOnAccess not scanning RHEL7
>
> Hi Remi,
>
> Your configuration looks fine, and it seems like you're getting expected
> behavior given what the log shows.
>
> I'll explain a bit more what's happening, and why you can freely move
> around the eicar testfile.
>
> The important line is here:
> Thu Mar 30 09:58:54 2017 -> ScanOnAccess: notifying only for access
> attempts.
>
> As you know, using OnAccessMountPath disables DDD. It also puts the
> OnAccess scanner into what's best described as "notify-only mode".
>
> Under the DDD system, with "protection mode" enabled, the OnAccess thread
> will essentially place a lock on any file under it's hierarchy if that file
> is accessed in any way. With the lock in place, the file will be scanned
> for malicious content to determine whether the access attempt should be
> allowed.
>
> As you can imagine, inadvertently locking important system files (which
> would happen if you were watching the entire filesystem in protection mode)
> oftentimes leads to entire system freezes. These freezes are why DDD
> prevents users from watching / .
>
> And while OnAccessMountPath does allow you to watch the entirety of / this
> comes with the tradeoff of being in notify-only mode (which scans, but does
> not lock files or block access attempts) in order to prevent users from
> freezing up their system.
>
> The hope with this design was to guide users away from shooting themselves
> in the foot with these tools, while still giving them the flexibility to
> meet their use case (or still shoot themselves in the foot, if that was the
> goal all along).
>
> Longwinded explanation aside, to fix your problem, not knowing your exact
> use case, I would suggest pointing DDD towards the parts of the system you
> most expect could be an initial attack surface for malware.
>
> Alternatively, you could continue scanning the entire system in notify-only
> mode and write an external handler which deals with any threats discovered
> and logged by clamd in whatever way best meets your needs.
>
> I hoped that helped clarify things a bit. Let me know if you have any
> further questions or if you think I've missed the mark in some way.
>
> Cheers,
> Mickey
>
> On Thu, Mar 30, 2017 at 5:40 AM, Remi Bruggeman <
> remi.bruggeman.ext at bayer.com> wrote:
>
> > Hello,
> >
> > I'm trying to configure the ClamAV OnAccessScan, but I'm running into
> some
> > trouble. I'm hoping anybody here has run into the same trouble and knows
> a
> > solution. As I have read the configuration options on the ClamAV Blog
> page,
> > I assume my configuration is correct, but I could of course have
> overlooked
> > something. http://blog.clamav.net/2016/03/configuring-on-access-
> > scanning-in-clamav.html
> > Should I have forgotten any information required to understand what's
> > going wrong, feel free to ask for it.
> >
> > System: RHEL7 3.10.0-514.6.1.el7.x86_64. (Red Hat)
> > Filesystem: ext4
> >
> > yum info clamav
> > Installed Packages
> > Name        : clamav
> > Arch        : x86_64
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 2.4 M
> >
> > Goal: ClamAV's OnAccessScan should recursively scan / and issue a
> > VirusEvent upon virus detection.
> > Configuration:
> >   ScanOnAccess true
> >   OnAccessMaxFileSize 5M
> >   OnAccessMountPath /
> > I realize this disables DDD. However, using DDD it's impossible to scan
> > the root dir.
> >
> > Problem: When the clamd service is running the onaccess scan seems to be
> > doing nothing. I can freely move the eicar test file around, open it and
> > cat it. No intervention what-so-ever.
> > Workaround: When I run the command that is executed by the service as
> > root: "/usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes" the
> > eicar test virus is detected and the VirusEvent is executed.
> >   ScanOnAccess: /root/cfdf52: Eicar-Test-Signature(
> > 1fa550df41e046eb56eae11d31259de9:73) FOUND
> > Expected result: The onaccess should work when the clamd service is
> > running and detect malicious code on access.
> >
> >
> > Additional info:
> > Clamd.log when the service starts:
> > Thu Mar 30 09:58:43 2017 -> +++ Started at Thu Mar 30 09:58:43 2017
> > Thu Mar 30 09:58:43 2017 -> Received 0 file descriptor(s) from systemd.
> > Thu Mar 30 09:58:43 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
> > x86_64, CPU: x86_64)
> > Thu Mar 30 09:58:43 2017 -> Running as user root (UID 0, GID 0)
> > Thu Mar 30 09:58:43 2017 -> Log file size limited to 1048576 bytes.
> > Thu Mar 30 09:58:43 2017 -> Reading databases from /var/lib/clamav
> > Thu Mar 30 09:58:43 2017 -> Not loading PUA signatures.
> > Thu Mar 30 09:58:43 2017 -> Not loading phishing signatures.
> > Thu Mar 30 09:58:43 2017 -> Bytecode: Security mode set to "TrustSigned".
> > Thu Mar 30 09:58:43 2017 -> Disabling URL based phishing detection.
> > Thu Mar 30 09:58:53 2017 -> Loaded 6125132 signatures.
> > Thu Mar 30 09:58:54 2017 -> LOCAL: Unix socket file
> > /var/run/clamd.scan/clamd.sock
> > Thu Mar 30 09:58:54 2017 -> LOCAL: Setting connection queue length to 1
> > Thu Mar 30 09:58:54 2017 -> Limits: Global size limit set to 104857600
> > bytes.
> > Thu Mar 30 09:58:54 2017 -> Limits: File size limit set to 26214400
> bytes.
> > Thu Mar 30 09:58:54 2017 -> Limits: Recursion level limit set to 16.
> > Thu Mar 30 09:58:54 2017 -> Limits: Files limit set to 10000.
> > Thu Mar 30 09:58:54 2017 -> Limits: MaxEmbeddedPE limit set to 10485760
> > bytes.
> > Thu Mar 30 09:58:54 2017 -> Limits: MaxHTMLNormalize limit set to
> 10485760
> > bytes.
> > Thu Mar 30 09:58:54 2017 -> Limits: MaxHTMLNoTags limit set to 2097152
> > bytes.
> > Thu Mar 30 09:58:54 2017 -> Limits: MaxScriptNormalize limit set to
> > 5242880 bytes.
> > Thu Mar 30 09:58:54 2017 -> Limits: MaxZipTypeRcg limit set to 1048576
> > bytes.
> > Thu Mar 30 09:58:54 2017 -> Limits: MaxPartitions limit set to 50.
> > Thu Mar 30 09:58:54 2017 -> Limits: MaxIconsPE limit set to 100.
> > Thu Mar 30 09:58:54 2017 -> Limits: MaxRecHWP3 limit set to 16.
> > Thu Mar 30 09:58:54 2017 -> Limits: PCREMatchLimit limit set to 10000.
> > Thu Mar 30 09:58:54 2017 -> Limits: PCRERecMatchLimit limit set to 5000.
> > Thu Mar 30 09:58:54 2017 -> Limits: PCREMaxFileSize limit set to
> 26214400.
> > Thu Mar 30 09:58:54 2017 -> Archive support enabled.
> > Thu Mar 30 09:58:54 2017 -> Algorithmic detection enabled.
> > Thu Mar 30 09:58:54 2017 -> Portable Executable support enabled.
> > Thu Mar 30 09:58:54 2017 -> ELF support enabled.
> > Thu Mar 30 09:58:54 2017 -> Mail files support disabled.
> > Thu Mar 30 09:58:54 2017 -> OLE2 support enabled.
> > Thu Mar 30 09:58:54 2017 -> PDF support enabled.
> > Thu Mar 30 09:58:54 2017 -> SWF support enabled.
> > Thu Mar 30 09:58:54 2017 -> HTML support enabled.
> > Thu Mar 30 09:58:54 2017 -> XMLDOCS support enabled.
> > Thu Mar 30 09:58:54 2017 -> HWP3 support enabled.
> > Thu Mar 30 09:58:54 2017 -> Heuristic: precedence enabled
> > Thu Mar 30 09:58:54 2017 -> Self checking every 43200 seconds.
> > Thu Mar 30 09:58:54 2017 -> ScanOnAccess: notifying only for access
> > attempts.
> > Thu Mar 30 09:58:54 2017 -> ScanOnAccess: Protecting '/' and rest of
> mount.
> > Thu Mar 30 09:58:54 2017 -> ScanOnAccess: Max file size limited to
> 5242880
> > bytes
> >
> > Clamd.log when the command is executed:
> > Thu Mar 30 10:25:28 2017 -> +++ Started at Thu Mar 30 10:25:28 2017
> > Thu Mar 30 10:25:28 2017 -> Received 0 file descriptor(s) from systemd.
> > Thu Mar 30 10:25:28 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
> > x86_64, CPU: x86_64)
> > Thu Mar 30 10:25:28 2017 -> Running as user root (UID 0, GID 0)
> > Thu Mar 30 10:25:28 2017 -> Log file size limited to 1048576 bytes.
> > Thu Mar 30 10:25:28 2017 -> Reading databases from /var/lib/clamav
> > Thu Mar 30 10:25:28 2017 -> Not loading PUA signatures.
> > Thu Mar 30 10:25:28 2017 -> Not loading phishing signatures.
> > Thu Mar 30 10:25:28 2017 -> Bytecode: Security mode set to "TrustSigned".
> > Thu Mar 30 10:25:28 2017 -> Disabling URL based phishing detection.
> > Thu Mar 30 10:25:38 2017 -> Loaded 6125132 signatures.
> > Thu Mar 30 10:25:39 2017 -> LOCAL: Unix socket file
> > /var/run/clamd.scan/clamd.sock
> > Thu Mar 30 10:25:39 2017 -> LOCAL: Setting connection queue length to 1
> > Thu Mar 30 10:25:39 2017 -> Limits: Global size limit set to 104857600
> > bytes.
> > Thu Mar 30 10:25:39 2017 -> Limits: File size limit set to 26214400
> bytes.
> > Thu Mar 30 10:25:39 2017 -> Limits: Recursion level limit set to 16.
> > Thu Mar 30 10:25:39 2017 -> Limits: Files limit set to 10000.
> > Thu Mar 30 10:25:39 2017 -> Limits: MaxEmbeddedPE limit set to 10485760
> > bytes.
> > Thu Mar 30 10:25:39 2017 -> Limits: MaxHTMLNormalize limit set to
> 10485760
> > bytes.
> > Thu Mar 30 10:25:39 2017 -> Limits: MaxHTMLNoTags limit set to 2097152
> > bytes.
> > Thu Mar 30 10:25:39 2017 -> Limits: MaxScriptNormalize limit set to
> > 5242880 bytes.
> > Thu Mar 30 10:25:39 2017 -> Limits: MaxZipTypeRcg limit set to 1048576
> > bytes.
> > Thu Mar 30 10:25:39 2017 -> Limits: MaxPartitions limit set to 50.
> > Thu Mar 30 10:25:39 2017 -> Limits: MaxIconsPE limit set to 100.
> > Thu Mar 30 10:25:39 2017 -> Limits: MaxRecHWP3 limit set to 16.
> > Thu Mar 30 10:25:39 2017 -> Limits: PCREMatchLimit limit set to 10000.
> > Thu Mar 30 10:25:39 2017 -> Limits: PCRERecMatchLimit limit set to 5000.
> > Thu Mar 30 10:25:39 2017 -> Limits: PCREMaxFileSize limit set to
> 26214400.
> > Thu Mar 30 10:25:39 2017 -> Archive support enabled.
> > Thu Mar 30 10:25:39 2017 -> Algorithmic detection enabled.
> > Thu Mar 30 10:25:39 2017 -> Portable Executable support enabled.
> > Thu Mar 30 10:25:39 2017 -> ELF support enabled.
> > Thu Mar 30 10:25:39 2017 -> Mail files support disabled.
> > Thu Mar 30 10:25:39 2017 -> OLE2 support enabled.
> > Thu Mar 30 10:25:39 2017 -> PDF support enabled.
> > Thu Mar 30 10:25:39 2017 -> SWF support enabled.
> > Thu Mar 30 10:25:39 2017 -> HTML support enabled.
> > Thu Mar 30 10:25:39 2017 -> XMLDOCS support enabled.
> > Thu Mar 30 10:25:39 2017 -> HWP3 support enabled.
> > Thu Mar 30 10:25:39 2017 -> Heuristic: precedence enabled
> > Thu Mar 30 10:25:39 2017 -> Self checking every 43200 seconds.
> > Thu Mar 30 10:25:39 2017 -> ScanOnAccess: notifying only for access
> > attempts.
> > Thu Mar 30 10:25:39 2017 -> ScanOnAccess: Protecting '/' and rest of
> mount.
> > Thu Mar 30 10:25:39 2017 -> ScanOnAccess: Max file size limited to
> 5242880
> > bytes
> > Thu Mar 30 10:25:49 2017 -> ScanOnAccess: /root/test:
> Eicar-Test-Signature(
> > 1fa550df41e046eb56eae11d31259de9:73) FOUND
> > Thu Mar 30 10:35:31 2017 -> ScanOnAccess: /root/cfdf52:
> > Eicar-Test-Signature(1fa550df41e046eb56eae11d31259de9:73) FOUND
> >
> > Packages:
> > >yum info clam*
> > Installed Packages
> > Name        : clamav
> > Arch        : x86_64
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 2.4 M
> > Repo        : installed
> > From repo   : clamav_x86_64
> > Summary     : End-user tools for the Clam Antivirus scanner
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : Clam AntiVirus is an anti-virus toolkit for UNIX. The main
> > purpose of this
> >             : software is the integration with mail servers (attachment
> > scanning). The
> >             : package provides a flexible and scalable multi-threaded
> > daemon, a command
> >             : line scanner, and a tool for automatic updating via
> > Internet. The programs
> >             : are based on a shared library distributed with the Clam
> > AntiVirus package,
> >             : which you can use with your own software. The virus
> database
> > is based on
> >             : the virus database from OpenAntiVirus, but contains
> > additional signatures
> >             : (including signatures for popular polymorphic viruses, too)
> > and is KEPT UP
> >             : TO DATE.
> >
> > Name        : clamav-data
> > Arch        : noarch
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 110 M
> > Repo        : installed
> > From repo   : clamav_noarch
> > Summary     : Virus signature data for the Clam Antivirus scanner
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : This package contains the virus-database needed by clamav.
> > This
> >             : database should be updated regularly; the 'clamav-update'
> > package
> >             : ships a corresponding cron-job. This package and the
> >             : 'clamav-data-empty' package are mutually exclusive.
> >             :
> >             : Use -data when you want a working (but perhaps outdated)
> > virus scanner
> >             : immediately after package installation.
> >             :
> >             : Use -data-empty when you are updating the virus database
> > regulary and
> >             : do not want to download a >5MB sized rpm-package with
> > outdated virus
> >             : definitions.
> >
> > Name        : clamav-filesystem
> > Arch        : noarch
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 0.0
> > Repo        : installed
> > From repo   : clamav_noarch
> > Summary     : Filesystem structure for clamav
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : This package provides the filesystem structure and contains
> > the
> >             : user-creation scripts required by clamav.
> >
> > Name        : clamav-lib
> > Arch        : x86_64
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 11 M
> > Repo        : installed
> > From repo   : clamav_x86_64
> > Summary     : Dynamic libraries for the Clam Antivirus scanner
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : This package contains dynamic libraries shared between
> > applications
> >             : using the Clam Antivirus scanner.
> >
> > Name        : clamav-scanner
> > Arch        : noarch
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 22 k
> > Repo        : installed
> > From repo   : clamav_noarch
> > Summary     : Clamav scanner daemon
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : This package contains a generic system wide clamd service
> > which is
> >             : e.g. used by the clamav-milter package.
> >
> > Name        : clamav-scanner-systemd
> > Arch        : noarch
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 136
> > Repo        : installed
> > From repo   : clamav_noarch
> > Summary     : Systemd initscripts for clamav scanner daemon
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : The systemd initscripts for clamav-scanner.
> >
> > Name        : clamav-server
> > Arch        : x86_64
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 244 k
> > Repo        : installed
> > From repo   : clamav_x86_64
> > Summary     : Clam Antivirus scanner server
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : ATTENTION: most users do not need this package; the main
> > package has
> >             : everything (or depends on it) which is needed to scan for
> > virii on
> >             : workstations.
> >             :
> >             : This package contains files which are needed to execute the
> > clamd-daemon.
> >             : This daemon does not provide a system-wide service. Instead
> > of, an instance
> >             : of this daemon should be started for each service requiring
> > it.
> >             :
> >             : See the README file how this can be done with a minimum of
> > effort.
> >
> > Name        : clamav-server-systemd
> > Arch        : noarch
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 235
> > Repo        : installed
> > From repo   : clamav_noarch
> > Summary     : Systemd initscripts for clamav server
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : Systemd template for the clamav server
> >
> > Name        : clamav-update
> > Arch        : x86_64
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 213 k
> > Repo        : installed
> > From repo   : clamav_x86_64
> > Summary     : Auto-updater for the Clam Antivirus scanner data-files
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : This package contains programs which can be used to update
> > the clamav
> >             : anti-virus database automatically. It uses the freshclam(1)
> > utility for
> >             : this task. To activate it, uncomment the entry in
> > /etc/cron.d/clamav-update.
> >
> > Available Packages
> > Name        : clamav-devel
> > Arch        : x86_64
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 39 k
> > Repo        : clamav_x86_64
> > Summary     : Header files and libraries for the Clam Antivirus scanner
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : This package contains headerfiles and libraries which are
> > needed to
> >             : build applications using clamav.
> >
> > Name        : clamav-scanner-sysvinit
> > Arch        : noarch
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 20 k
> > Repo        : clamav_noarch
> > Summary     : SysV initscripts for clamav scanner daemon
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : The SysV initscripts for clamav-scanner.
> >
> > Name        : clamav-server-sysvinit
> > Arch        : noarch
> > Version     : 0.99.2
> > Release     : 1.el7
> > Size        : 21 k
> > Repo        : clamav_noarch
> > Summary     : SysV initscripts for clamav server
> > URL         : http://www.clamav.net
> > License     : GPLv2
> > Description : SysV initscripts template for the clamav server
> >
> > Name        : clamav-unofficial-sigs
> > Arch        : noarch
> > Version     : 3.7.2
> > Release     : 1.el7
> > Size        : 41 k
> > Repo        : clamav_noarch
> > Summary     : Scripts to download unoffical clamav signatures
> > URL         : http://sourceforge.net/projects/unofficial-sigs/
> > License     : BSD
> > Description : This package contains scripts and configuration files
> >             : that provide the capability to download, test, and
> >             : update the 3rd-party signature databases provide by
> >             : Sanesecurity, SecuriteInfo, MalwarePatrol, OITC,
> >             : INetMsg and ScamNailer.
> >
> >
> > Best regards,
> >
> > Remi
> >
> >
> > ________________________________________________________________________
> > The information contained in this e-mail is for the exclusive use of the
> > intended recipient(s) and may be confidential, proprietary, and/or
> > legally privileged.  Inadvertent disclosure of this message does not
> > constitute a waiver of any privilege.  If you receive this message in
> > error, please do not directly or indirectly use, print, copy, forward,
> > or disclose any part of this message.  Please also delete this e-mail
> > and all copies and notify the sender.  Thank you.
> > ________________________________________________________________________
> > _______________________________________________
> > clamav-users mailing list
> > clamav-users at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
> ________________________________________________________________________
> The information contained in this e-mail is for the exclusive use of the
> intended recipient(s) and may be confidential, proprietary, and/or
> legally privileged.  Inadvertent disclosure of this message does not
> constitute a waiver of any privilege.  If you receive this message in
> error, please do not directly or indirectly use, print, copy, forward,
> or disclose any part of this message.  Please also delete this e-mail
> and all copies and notify the sender.  Thank you.
> ________________________________________________________________________
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
________________________________________________________________________
The information contained in this e-mail is for the exclusive use of the 
intended recipient(s) and may be confidential, proprietary, and/or 
legally privileged.  Inadvertent disclosure of this message does not 
constitute a waiver of any privilege.  If you receive this message in 
error, please do not directly or indirectly use, print, copy, forward,
or disclose any part of this message.  Please also delete this e-mail 
and all copies and notify the sender.  Thank you. 
________________________________________________________________________


More information about the clamav-users mailing list