[clamav-users] How to know the configuration

mum laris mum_laris at hotmail.com
Thu Oct 8 08:30:30 UTC 2020 

Hi,

thanks for your quick answer.

Obtained running:

 > clamscan -r ~/.cache --detect-pua=yes -o

Attached required report.

Thanks a lot.

M.


On 08/10/20 10:07, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Thu, 8 Oct 2020, Olivier via clamav-users wrote:
>
>> Is there a way for clamscan and clamdscan to show the cofiguration they
>> are using?
>
> You haven't said what your system is nor how you installed ClamAV so I
> can't tell you what to look for on your own system but there is plenty
> of documentation for example at
>
> https://www.clamav.net/documents/configuration
>
>> I am having a different result if a scan the same file with clamscan and
>> clamdscan.
>
> That's not unlikely and it isn't a fault.  They are different tools.
>
>> The error with clamdscan comes down to Heuristics.Limits.Exceeded FOUND
>> bit not really saying what size is exceedded nor what size clamscan is
>> using that is OK.
>
> It's explained in the documentation.  You'll need to set aside some time
> to spend with it because there's quite a lot of it.  It's also worth your
> while to look through the archives of this mailing list.  For example you
> could click on a few links at
>
> https://marc.info/?l=clamav-users&r=1&w=2
>
> then browse the subject lines to see what looks interesting.
>
>> I want a way to make sure both clamscan and clamdscan are using the same
>> values.
>
> No, you want to understand what you're doing.  The tools are different.
> They are configured, and they do things, in very different ways. The
> common, er, thread is that in the end they both use the same signature
> database, but clamscan is a stand-alone tool which does everything on
> its own, and clamdscan hands the bulk of the work to a daemon called
> clamd.  There is another tool called clamav-milter which does that too.
>
-------------- next part --------------
Checking configuration files in /etc

Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName disabled
LogFile disabled
LogFileUnlock disabled
LogFileMaxSize = "1048576"
LogTime disabled
LogClean disabled
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose disabled
LogRotate disabled
ExtendedDetectionInfo disabled
PidFile = "/run/clamav/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/run/clamav/clamd-socket"
LocalSocketGroup disabled
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket = "3310"
TCPAddr = "127.0.0.1"
MaxConnectionQueueLength = "200"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "10"
ReadTimeout = "120"
CommandReadTimeout = "30"
SendBufTimeout = "500"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "vscan"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "5000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "100000"
PCRERecMatchLimit = "2000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled

freshclam.conf not found

Config file: clamav-milter.conf
-------------------------------
LogFile disabled
LogFileUnlock disabled
LogFileMaxSize = "1048576"
LogTime disabled
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose disabled
LogRotate disabled
PidFile = "/run/clamav/clamav-milter.pid"
TemporaryDirectory disabled
FixStaleSocket = "yes"
MaxThreads = "10"
ReadTimeout = "120"
Foreground disabled
User = "vscan"
MaxFileSize = "26214400"
ClamdSocket = "unix:/run/clamav/clamd-socket"
MilterSocket = "/run/clamav/clamav-milter-socket"
MilterSocketGroup disabled
MilterSocketMode disabled
LocalNet disabled
OnClean = "Accept"
OnInfected = "Quarantine"
OnFail = "Defer"
RejectMsg disabled
AddHeader = "no"
ReportHostname disabled
VirusAction disabled
Chroot disabled
Whitelist disabled
SkipAuthenticated disabled
LogInfected disabled
LogClean disabled
SupportMultipleRecipients disabled

Software settings
-----------------
Version: 0.103.0
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR 

Database information
--------------------
Database directory: /var/lib/clamav
daily.cld: version 25950, sigs: 4328320, built on Wed Oct  7 15:55:10 2020
bytecode.cld: version 331, sigs: 94, built on Thu Sep 19 18:12:33 2019
main.cld: version 59, sigs: 4564902, built on Mon Nov 25 14:56:15 2019
Total number of signatures: 8893316

Platform information
--------------------
uname: Linux 5.3.18-lp152.44-default #1 SMP Wed Sep 30 18:51:43 UTC 2020 (914f31e) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: "openSUSE Leap 15.2"
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a2179790800000000070500

Build information
-----------------
GNU C: 7.5.0 (7.5.0)
CPPFLAGS: 
CFLAGS: -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -DFP_64BIT  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -std=gnu++98
LDFLAGS: -pie
Configure: '--host=x86_64-suse-linux-gnu' '--build=x86_64-suse-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/lib' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-dependency-tracking' '--disable-clamav' '--disable-static' '--with-dbdir=/var/lib/clamav' '--with-user=vscan' '--with-group=vscan' '--enable-milter' '--enable-check' '--enable-clamdtop' '--disable-zlib-vcheck' '--disable-timestamps' '--disable-yara' '--with-system-libmspack' 'build_alias=x86_64-suse-linux-gnu' 'host_alias=x86_64-suse-linux-gnu' 'CXXFLAGS=-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -std=gnu++98' 'LDFLAGS=-pie' 'CFLAGS=-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -DFP_64BIT' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 121, dconf: 121

More information about the clamav-users mailing list