[clamav-users] clamav-users Digest, Vol 137, Issue 3

Bernhard Vogel bernhard.vogel at 1und1.de
Fri May 6 09:48:37 UTC 2016 

Hello ClamAV Users,

I have an issue with clamav 0.99 on Debian 7 and  onDebian 8
When scanning many  Webhosting files like Wordpress, Joomla and similar.
clamscan throws errors like this:
  LibClamAV Error: cli_gentempfd: Can't create temporary file /tmp/clamav-bf5e1c8fb78e0c76336b17f146e786f7.tmp: Too many open files

And many clamav folders like this are left in the   /tmp/   directory:
    /tmp/clamav-ecf2715ac17367a5ec8b52227ccccaf2.tmp/rfc2397

The errors do not happen when I deactivate scriptnormalization.
clamscan  -ir   --max-scriptnormalize=1  ./wp-content

But with this option I miss many infected files.
The errors started with clamav 0.99

Best Regards, Bernhard

________________________________________
Von: clamav-users <clamav-users-bounces at lists.clamav.net> im Auftrag von clamav-users-request at lists.clamav.net <clamav-users-request at lists.clamav.net>
Gesendet: Mittwoch, 3. Februar 2016 18:00
An: clamav-users at lists.clamav.net
Betreff: clamav-users Digest, Vol 137, Issue 3

Send clamav-users mailing list submissions to
        clamav-users at lists.clamav.net

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
or, via email, send a message with subject or body 'help' to
        clamav-users-request at lists.clamav.net

You can reach the person managing the list at
        clamav-users-owner at lists.clamav.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of clamav-users digest..."


Today's Topics:

   1. Re: undefined signature ? Win.Trojan.Win64-166
      (Joel Esler (jesler))
   2. Re: undefined signature ? Win.Trojan.Win64-166 (Gaetan Trivino)


----------------------------------------------------------------------

Message: 1
Date: Tue, 2 Feb 2016 18:32:12 +0000
From: "Joel Esler (jesler)" <jesler at cisco.com>
To: ClamAV users ML <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] undefined signature ? Win.Trojan.Win64-166
Message-ID: <6FB52F35-9DDB-4009-85A8-CEEB0BADC06D at cisco.com>
Content-Type: text/plain; charset="utf-8"

Unfortunately, the system that presently publishes the ruleset (which we are building a replacement for (more details to come)), and sends the email, does not perform this function as a single step.  Someone may have published without clicking the ?send email? button.



--
Joel Esler
Manager, Talos Group




On Feb 2, 2016, at 11:26 AM, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:

I?ve noticed that not all updates seem to be sent to the list.  For example, did you get Updates (daily:21307) or (daily:21304)?

-Al-

On Tue, Feb 02, 2016 at 05:02 AM, Gaetan Trivino wrote:

Hello everyone,

I'm using clamav since a year now, and we are really happy with the service.

i've done a full search on my mail and archives,
i never see the signature comming in clamav-virusdb mailling list.

my definitions are up to date and signature seems to be a false
positive. How is it possible to have a signature available in my
daily.cvd but not announced in clamav-virusdb ?

I have this case 10 time a year with signatures defined in my daily.cvd
but not announced in clamav-virusdb.

Bests regards,
Ga?tan Trivino
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


------------------------------

Message: 2
Date: Wed, 3 Feb 2016 10:44:54 +0100
From: Gaetan Trivino <gaetan.trivino at corp.ovh.com>
To: ClamAV users ML <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] undefined signature ? Win.Trojan.Win64-166
Message-ID: <56B1CC16.6020102 at corp.ovh.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed

@Al True, i didn't receive thoses mails, and i didn't find it into
mailling list archive.

@Joel sad news. It explain everything. I was worried someone "inject"
ghosts signatures.

Is there a place where we could track updates changelogs ? Some
signatures sounds false positive for me, i want to track who send it and
why it was created. I use actually the maillingList as a changelog.

Bests,
Ga?tan

On 02/02/2016 07:32 PM, Joel Esler (jesler) wrote:
> Unfortunately, the system that presently publishes the ruleset (which we are building a replacement for (more details to come)), and sends the email, does not perform this function as a single step.  Someone may have published without clicking the ?send email? button.
>
>
>
> --
> Joel Esler
> Manager, Talos Group
>
>
>
>
> On Feb 2, 2016, at 11:26 AM, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:
>
> I?ve noticed that not all updates seem to be sent to the list.  For example, did you get Updates (daily:21307) or (daily:21304)?
>
> -Al-
>
> On Tue, Feb 02, 2016 at 05:02 AM, Gaetan Trivino wrote:
>
> Hello everyone,
>
> I'm using clamav since a year now, and we are really happy with the service.
>
> i've done a full search on my mail and archives,
> i never see the signature comming in clamav-virusdb mailling list.
>
> my definitions are up to date and signature seems to be a false
> positive. How is it possible to have a signature available in my
> daily.cvd but not announced in clamav-virusdb ?
>
> I have this case 10 time a year with signatures defined in my daily.cvd
> but not announced in clamav-virusdb.
>
> Bests regards,
> Ga?tan Trivino
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


Cordialement,
--
Ga?tan Trivino
OVH



------------------------------

Subject: Digest Footer

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

------------------------------

End of clamav-users Digest, Vol 137, Issue 3
********************************************

More information about the clamav-users mailing list