[opensuse] About PCRE support in clamav
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I see these messages in the log when clamav updates itself: <2.6> 2016-06-26 01:58:05 Telcontar freshclam 12164 - - [LibClamAV] cli_loadldb: logical signature for Win.Trojan.ssid18332-1 uses PCREs but support is disabled, skipping <2.6> 2016-06-26 01:58:05 Telcontar freshclam 12164 - - [LibClamAV] cli_loadldb: logical signature for Win.Ransomware.Locky-4 uses PCREs but support is disabled, skipping <2.6> 2016-06-26 01:58:05 Telcontar freshclam 12164 - - [LibClamAV] cli_loadldb: logical signature for Html.Exploit.CVE_2016_0184-1 uses PCREs but support is disabled, skipping This means that some detections will not work. I don't know if this is a switch or a compile option. But I do not see a mention of PCRE in "man clamd". Maybe it needs an engine update? The full log is: <2.6> 2016-06-26 01:57:34 Telcontar freshclam 2798 - - Received signal: wake up <2.6> 2016-06-26 01:57:34 Telcontar freshclam 2798 - - ClamAV update process started at Sun Jun 26 01:57:34 2016 <2.4> 2016-06-26 01:57:34 Telcontar freshclam 2798 - - Your ClamAV installation is OUTDATED! <2.4> 2016-06-26 01:57:34 Telcontar freshclam 2798 - - Local version: 0.99 Recommended version: 0.99.2 <2.6> 2016-06-26 01:57:34 Telcontar freshclam 2798 - - DON'T PANIC! Read http://www.clamav.net/support/faq <2.6> 2016-06-26 01:57:34 Telcontar freshclam 2798 - - main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) <2.6> 2016-06-26 01:58:04 Telcontar freshclam 2798 - - nonblock_connect: connect timing out (30 secs) <2.6> 2016-06-26 01:58:04 Telcontar freshclam 2798 - - Can't connect to port 80 of host db.es.clamav.net (IP: 194.65.79.153) <2.6> 2016-06-26 01:58:04 Telcontar freshclam 2798 - - Trying host db.es.clamav.net (150.214.142.197)... <2.6> 2016-06-26 01:58:04 Telcontar freshclam 2798 - - Downloading daily-21789.cdiff [100%] <2.6> 2016-06-26 01:58:04 Telcontar freshclam 2798 - - Downloading daily-21790.cdiff [100%] <2.6> 2016-06-26 01:58:05 Telcontar freshclam 12164 - - [LibClamAV] cli_loadldb: logical signature for Win.Trojan.ssid18332-1 uses PCREs but support is disabled, skipping <2.6> 2016-06-26 01:58:05 Telcontar freshclam 12164 - - [LibClamAV] cli_loadldb: logical signature for Win.Ransomware.Locky-4 uses PCREs but support is disabled, skipping <2.6> 2016-06-26 01:58:05 Telcontar freshclam 12164 - - [LibClamAV] cli_loadldb: logical signature for Html.Exploit.CVE_2016_0184-1 uses PCREs but support is disabled, skipping <2.6> 2016-06-26 01:58:05 Telcontar freshclam 2798 - - daily.cld updated (version: 21790, sigs: 344400, f-level: 63, builder: neo) <2.6> 2016-06-26 01:58:05 Telcontar freshclam 2798 - - bytecode.cld is up to date (version: 283, sigs: 53, f-level: 63, builder: neo) <2.6> 2016-06-26 01:58:09 Telcontar freshclam 2798 - - Database updated (4563243 signatures) from db.es.clamav.net (IP: 150.214.142.197) <2.6> 2016-06-26 01:58:09 Telcontar freshclam 2798 - - Clamd successfully notified about the update. <2.6> 2016-06-26 01:58:09 Telcontar freshclam 2798 - - -------------------------------------- <2.6> 2016-06-26 01:12:59 Telcontar clamd 3581 - - message repeated 3 times: [ SelfCheck: Database status OK.] <2.6> 2016-06-26 01:58:09 Telcontar clamd 3581 - - Reading databases from /var/lib/clamav <2.6> 2016-06-26 01:58:18 Telcontar clamd 3581 - - Database correctly reloaded (4557846 signatures) <2.6> 2016-06-26 02:58:18 Telcontar clamd 3581 - - SelfCheck: Database status OK. (openSUSE version in the signature) - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAldvdjwACgkQtTMYHG2NR9UfMgCfUYpbHmmliMLuxLHvSExhaZuf A5MAn1fgsiLbnTj88pTrozk0UrpOvynY =nrVB -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi Carlos, Am 26.06.2016 um 08:29 schrieb Carlos E. R.:
I see these messages in the log when clamav updates itself:
<2.6> 2016-06-26 01:58:05 Telcontar freshclam 12164 - - [LibClamAV] cli_loadldb: logical signature for Win.Trojan.ssid18332-1 uses PCREs but support is disabled, skipping
Please test clamav from http://download.opensuse.org/update/13.1-test/ because it's already in the maintenance queue. It would be nice to have some positive feedback first because my 13.1 testing possibilities are a bit limited. Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-06-26 09:12, Wolfgang Rosenauer wrote:
Please test clamav from http://download.opensuse.org/update/13.1-test/ because it's already in the maintenance queue. It would be nice to have some positive feedback first because my 13.1 testing possibilities are a bit limited.
Done :-) Telcontar:~ # rpm --verbose --upgrade "http://download.opensuse.org/update/13.1-test/x86_64/clamav-0.99.2-40.1.x86_..." Retrieving http://download.opensuse.org/update/13.1-test/x86_64/clamav-0.99.2-40.1.x86_... Preparing packages... clamav-0.99.2-40.1.x86_64 warning: /etc/clamd.conf created as /etc/clamd.conf.rpmnew /sbin/ldconfig: /usr/lib/libGLcore.so.1 is not a symbolic link clamav-0.99-36.1.x86_64 /sbin/ldconfig: /usr/lib/libGLcore.so.1 is not a symbolic link Telcontar:~ # rpm -q clamav clamav-0.99.2-40.1.x86_64 Telcontar:~ # Telcontar:~ # l /usr/lib/libGLcore.so.1 -rwxr-xr-x 1 root root 2976 Oct 7 2005 /usr/lib/libGLcore.so.1* Telcontar:~ # rpm -qf /usr/lib/libGLcore.so.1 file /usr/lib/libGLcore.so.1 is not owned by any package Telcontar:~ # Ah. I have the nvidia.run thing installed. And the log: <2.6> 2016-06-26 10:01:25 Telcontar clamd 3581 - - message repeated 3 times: [ SelfCheck: Database status OK.] <2.6> 2016-06-26 10:01:40 Telcontar clamd 3581 - - Pid file removed. <2.6> 2016-06-26 10:01:40 Telcontar clamd 3581 - - --- Stopped at Sun Jun 26 10:01:40 2016 <2.6> 2016-06-26 10:01:40 Telcontar clamd 3581 - - Socket file removed. <2.6> 2016-06-26 10:01:40 Telcontar freshclam 2798 - - Update process terminated <2.6> 2016-06-26 10:01:40 Telcontar freshclam 24222 - - freshclam daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) <2.6> 2016-06-26 10:01:40 Telcontar clamd 24223 - - Received 0 file descriptor(s) from systemd. <2.6> 2016-06-26 10:01:40 Telcontar clamd 24223 - - clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) <2.6> 2016-06-26 10:01:40 Telcontar clamd 24223 - - Running as user vscan (UID 65, GID 101) <2.6> 2016-06-26 10:01:40 Telcontar clamd 24223 - - Log file size limited to 1048576 bytes. <2.6> 2016-06-26 10:01:40 Telcontar clamd 24223 - - Reading databases from /var/lib/clamav <2.6> 2016-06-26 10:01:40 Telcontar clamd 24223 - - Not loading PUA signatures. <2.6> 2016-06-26 10:01:40 Telcontar clamd 24223 - - Bytecode: Security mode set to "TrustSigned". <2.6> 2016-06-26 10:01:40 Telcontar freshclam 24222 - - ClamAV update process started at Sun Jun 26 10:01:40 2016 <2.6> 2016-06-26 10:01:40 Telcontar freshclam 24222 - - main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) <2.6> 2016-06-26 10:01:48 Telcontar clamd 24223 - - Loaded 4557850 signatures. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24223 - - TCP: Bound to [127.0.0.1]:3310 <2.6> 2016-06-26 10:01:50 Telcontar clamd 24223 - - TCP: Setting connection queue length to 200 <2.6> 2016-06-26 10:01:50 Telcontar clamd 24223 - - LOCAL: Unix socket file /var/run/clamav/clamd-socket <2.6> 2016-06-26 10:01:50 Telcontar clamd 24223 - - LOCAL: Setting connection queue length to 200 <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: Global size limit set to 104857600 bytes. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: File size limit set to 26214400 bytes. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: Recursion level limit set to 16. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: Files limit set to 10000. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: MaxEmbeddedPE limit set to 10485760 bytes. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: MaxHTMLNormalize limit set to 10485760 bytes. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: MaxHTMLNoTags limit set to 2097152 bytes. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: MaxScriptNormalize limit set to 5242880 bytes. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: MaxZipTypeRcg limit set to 1048576 bytes. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: MaxPartitions limit set to 50. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: MaxIconsPE limit set to 100. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: MaxRecHWP3 limit set to 16. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: PCREMatchLimit limit set to 10000. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: PCRERecMatchLimit limit set to 5000. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Limits: PCREMaxFileSize limit set to 26214400. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Archive support enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Algorithmic detection enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Portable Executable support enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - ELF support enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Mail files support enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - OLE2 support enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - PDF support enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - SWF support enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - HTML support enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - XMLDOCS support enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - HWP3 support enabled. <2.6> 2016-06-26 10:01:50 Telcontar clamd 24226 - - Self checking every 3600 seconds. <2.6> 2016-06-26 10:02:11 Telcontar freshclam 24222 - - nonblock_connect: connect timing out (30 secs) <2.6> 2016-06-26 10:02:11 Telcontar freshclam 24222 - - Can't connect to port 80 of host db.es.clamav.net (IP: 194.65.79.153) <2.6> 2016-06-26 10:02:11 Telcontar freshclam 24222 - - Trying host db.es.clamav.net (150.214.142.197)... <2.6> 2016-06-26 10:02:11 Telcontar freshclam 24222 - - Downloading daily-21791.cdiff [100%] <2.6> 2016-06-26 10:02:11 Telcontar freshclam 24222 - - Downloading daily-21792.cdiff [100%] <2.6> 2016-06-26 10:02:12 Telcontar freshclam 24222 - - daily.cld updated (version: 21792, sigs: 345909, f-level: 63, builder: neo) <2.6> 2016-06-26 10:02:12 Telcontar freshclam 24222 - - bytecode.cld is up to date (version: 283, sigs: 53, f-level: 63, builder: neo) <2.6> 2016-06-26 10:02:15 Telcontar freshclam 24222 - - Database updated (4564752 signatures) from db.es.clamav.net (IP: 150.214.142.197) <2.6> 2016-06-26 10:02:15 Telcontar freshclam 24222 - - Clamd successfully notified about the update. <2.6> 2016-06-26 10:02:15 Telcontar freshclam 24222 - - -------------------------------------- <2.6> 2016-06-26 10:02:16 Telcontar clamd 24226 - - Reading databases from /var/lib/clamav <2.6> 2016-06-26 10:02:24 Telcontar clamd 24226 - - Database correctly reloaded (4559359 signatures) Good! Now, how do I trigger amavis to test a fake virii... :-? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
participants (2)
-
Carlos E. R.
-
Wolfgang Rosenauer