From: "Massimo S." <ecs-isp@2rosenthals.com>
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] ClamAV
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-8101656@2rosenthals.com>
Organization: eComStation dot it
Message-ID: <7766e5ef-e9e1-ac64-dd61-b9f6aa9cd713@ecomstation.it>
Date: Tue, 10 Oct 2023 11:55:06 +0200
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-8101656@2rosenthals.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 7bit



Il 09/10/2023 23:42, Steven Levine ha scritto:
> In <list-6581113@2rosenthals.com>, on 03/27/23
>     at 09:40 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:
> 
> Hi Massimo,
> 
>> is there any news about ClamAV?
> 
> In case you are wondering why I have not answered you private emails
> regarding the status of clamav, I have asked you multiple times to refain
> from sending PM that don't actually contain private information.  I don't
> know if you have chosen to ignore my requests or don't care enough to
> honor them.
> 
> Typically I ignore these private emails, because I am more interested in
> helping the community as a whole than specific individuals.
> 
> Please review ticket #775 and understand what Paul has said.  If you don't
> understand the answers, it's on you to ask questions.
> 
> Also, if you want anyone to work on ticket #775, you need to correct the
> omissions.
> 
> First, you neglected to clearly state which version of clamav you are
> running.
> 
> Second, you neglected to check that the exceptq report included symbols.
> 
> Third, you neglected to indicate what, if anything, you tried to
> workaround the freshclam failure.
> 
> Steven

Hi,

about 4 months passed so, sorry, but i've forgot a lot of staff.
The ticket was abandoned after i published the eQ dump and i had not more feedback.

Let's start again.


On the server it's still installed
ClamAV 0.102.0
freshclam: ClamAV 0.102.0/26074/Mon Feb  8 13:20:40 2021

What i use are only freshclam and clamscan executables to scan mailroot.

I use clamav DB + sanesecurity scam and phishing DB even now sanesecurity 2 DBs
still updates (they use rsync), but even clamscan 0.102.0 do not work anymore
and if i run the scan on the maildirs it exit or crash with

\USR\LOCAL\CLAMAV\BIN\CLAMSCAN.EXE (10/16/2019 12:06:11 3,938,904)

  Exception C0000005 - Access Violation

etc. etc..

So even scanning the mails with the old clamv signatures dated 7/2011 and the sanesecur.
signatures updated, that it's still better than nothing, do not work anymore.





Now let's talk about the 0.103.6 freshclam build by Paul.
clamav-0.103.6-os2-20220724.zip


As first i'm only trying freshclam to see if it correctly download updated signatures

version:  ClamAV 0.103.6/26074/Mon Feb  8 13:20:40 2021

it start downloading updates, but at a certain point it fails with this message:

WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.6 Recommended version: 0.103.10
WARNING: Stderr output from database load : realloc_problem: Not enough memory [...] 
X:\USR\LOCAL\CLAMAV\BIN\FRESHCLAM.EXE
ERROR: Database load killed by signal 9
ERROR: Database test FAILED.
ERROR: Unexpected error when attempting to update daily: Test failed
ERROR: Database update process failed: Test failed
ERROR: Update failed.


Executable:
24/07/22  1:28      3.056.116    124 a---  freshclam.exe


It produces no eQ trap, no entries in populog.os2, just display this
"realloc_problem: Not enough memory" and quit, it also delete the
temporary signatures files and only this files is let in the dest. dir:

freshclam.dat       61 10/10/23 11:37a



I hope to forget anything, i've also updated the ticket on mantis.

thanks a lot


massimo