From: "Massimo S." Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 8101936 for ecs-isp@2rosenthals.com; Tue, 10 Oct 2023 05:55:32 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:51817 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1qq9ST-0000ZY-0B for ecs-isp@2rosenthals.com; Tue, 10 Oct 2023 05:55:21 -0400 Received: from mail2.quasarbbs.net ([80.86.52.115]:10086) by mail2.2rosenthals.com with esmtp (Exim 4.96) (envelope-from ) id 1qq9SM-0004aD-0V for ecs-isp@2rosenthals.com; Tue, 10 Oct 2023 05:55:17 -0400 X-SASI-Hits: BODY_SIZE_3000_3999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, FRAUD_X3 1.000000, FRAUD_X3_LARGE_BODY -1.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FRAUD_BADTHINGS 0.000000, __FRAUD_COMMON 0.000000, __FRAUD_CONTACT 0.000000, __FRAUD_WINNER 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __SUBJ_SHORT 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2023.10.10.92716 X-SASI-Hits: BODY_SIZE_3000_3999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, FRAUD_X3 1.000000, FRAUD_X3_LARGE_BODY -1.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, __ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FRAUD_BADTHINGS 0.000000, __FRAUD_COMMON 0.000000, __FRAUD_CONTACT 0.000000, __FRAUD_WINNER 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __SUBJ_SHORT 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2023.10.10.92716 Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.849) for ; Tue, 10 Oct 2023 11:55:09 Reply-To: ml@ecomstation.it Subject: Re: [eCS-ISP] ClamAV To: eCS ISP Mailing List References: Organization: eComStation dot it Message-ID: <7766e5ef-e9e1-ac64-dd61-b9f6aa9cd713@ecomstation.it> Date: Tue, 10 Oct 2023 11:55:06 +0200 User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424 Thunderbird/1.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Language: it-IT Content-Transfer-Encoding: 7bit Il 09/10/2023 23:42, Steven Levine ha scritto: > In , on 03/27/23 > at 09:40 AM, "Massimo S." said: > > Hi Massimo, > >> is there any news about ClamAV? > > In case you are wondering why I have not answered you private emails > regarding the status of clamav, I have asked you multiple times to refain > from sending PM that don't actually contain private information. I don't > know if you have chosen to ignore my requests or don't care enough to > honor them. > > Typically I ignore these private emails, because I am more interested in > helping the community as a whole than specific individuals. > > Please review ticket #775 and understand what Paul has said. If you don't > understand the answers, it's on you to ask questions. > > Also, if you want anyone to work on ticket #775, you need to correct the > omissions. > > First, you neglected to clearly state which version of clamav you are > running. > > Second, you neglected to check that the exceptq report included symbols. > > Third, you neglected to indicate what, if anything, you tried to > workaround the freshclam failure. > > Steven Hi, about 4 months passed so, sorry, but i've forgot a lot of staff. The ticket was abandoned after i published the eQ dump and i had not more feedback. Let's start again. On the server it's still installed ClamAV 0.102.0 freshclam: ClamAV 0.102.0/26074/Mon Feb 8 13:20:40 2021 What i use are only freshclam and clamscan executables to scan mailroot. I use clamav DB + sanesecurity scam and phishing DB even now sanesecurity 2 DBs still updates (they use rsync), but even clamscan 0.102.0 do not work anymore and if i run the scan on the maildirs it exit or crash with \USR\LOCAL\CLAMAV\BIN\CLAMSCAN.EXE (10/16/2019 12:06:11 3,938,904) Exception C0000005 - Access Violation etc. etc.. So even scanning the mails with the old clamv signatures dated 7/2011 and the sanesecur. signatures updated, that it's still better than nothing, do not work anymore. Now let's talk about the 0.103.6 freshclam build by Paul. clamav-0.103.6-os2-20220724.zip As first i'm only trying freshclam to see if it correctly download updated signatures version: ClamAV 0.103.6/26074/Mon Feb 8 13:20:40 2021 it start downloading updates, but at a certain point it fails with this message: WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.103.6 Recommended version: 0.103.10 WARNING: Stderr output from database load : realloc_problem: Not enough memory [...] X:\USR\LOCAL\CLAMAV\BIN\FRESHCLAM.EXE ERROR: Database load killed by signal 9 ERROR: Database test FAILED. ERROR: Unexpected error when attempting to update daily: Test failed ERROR: Database update process failed: Test failed ERROR: Update failed. Executable: 24/07/22 1:28 3.056.116 124 a--- freshclam.exe It produces no eQ trap, no entries in populog.os2, just display this "realloc_problem: Not enough memory" and quit, it also delete the temporary signatures files and only this files is let in the dest. dir: freshclam.dat 61 10/10/23 11:37a I hope to forget anything, i've also updated the ticket on mantis. thanks a lot massimo