From: "Massimo S." <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTPS id 8103114 for ecs-isp@2rosenthals.com; Wed, 11 Oct 2023 04:01:01 -0400
Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:53871 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ml@ecomstation.it>)
	id 1qqU9C-0002mU-2O
	for ecs-isp@2rosenthals.com;
	Wed, 11 Oct 2023 04:00:50 -0400
Received: from mail2.quasarbbs.net ([80.86.52.115]:10057)
	by mail2.2rosenthals.com with esmtp (Exim 4.96)
	(envelope-from <ml@ecomstation.it>)
	id 1qqU97-0003iR-0z
	for ecs-isp@2rosenthals.com;
	Wed, 11 Oct 2023 04:00:46 -0400
X-SASI-Hits: BODY_SIZE_3000_3999 0.000000, BODY_SIZE_5000_LESS 0.000000,
	BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000,
	HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000,
	SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, URI_WITH_PATH_ONLY 0.000000,
	__ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000,
	__FRAUD_MONEY_CURRENCY 0.000000, __FRAUD_MONEY_CURRENCY_DOLLAR 0.000000,
	__FRAUD_URGENCY 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000,
	__FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000,
	__FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000,
	__HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000, __IN_REP_TO 0.000000,
	__MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000,
	__MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000,
	__MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000,
	__MSGID_HEX_844412 0.000000, __MULTIPLE_URI_TEXT 0.000000,
	__NO_HTML_TAG_RAW 0.000000, __PHISH_COMPR_DIR_NAME 0.000000,
	__REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000,
	__REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000,
	__SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000,
	__SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000,
	__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __SUBJ_SHORT 0.000000, __TO_IN_SUBJECT 0.000000,
	__TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,
	__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,
	__URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000,
	__URI_NO_WWW 0.000000, __URI_NS 0.000000, __URI_WITH_PATH 0.000000,
	__USER_AGENT 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2023.10.11.72717
X-SASI-Hits: BODY_SIZE_3000_3999 0.000000, BODY_SIZE_5000_LESS 0.000000,
	BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000,
	HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000,
	TO_IN_SUBJECT 0.500000, URI_WITH_PATH_ONLY 0.000000, __ANY_URI 0.000000,
	__AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000,
	__FRAUD_MONEY_CURRENCY 0.000000, __FRAUD_MONEY_CURRENCY_DOLLAR 0.000000,
	__FRAUD_URGENCY 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000,
	__FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000,
	__FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000,
	__HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000, __IN_REP_TO 0.000000,
	__MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000,
	__MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000,
	__MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000,
	__MSGID_HEX_844412 0.000000, __MULTIPLE_URI_TEXT 0.000000,
	__NO_HTML_TAG_RAW 0.000000, __PHISH_COMPR_DIR_NAME 0.000000,
	__REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000,
	__REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000,
	__SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000,
	__SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000,
	__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __SUBJ_SHORT 0.000000, __TO_IN_SUBJECT 0.000000,
	__TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,
	__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,
	__URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000,
	__URI_NO_WWW 0.000000, __URI_NS 0.000000, __URI_WITH_PATH 0.000000,
	__USER_AGENT 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2023.10.11.72717
Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.849)
  for <ecs-isp@2rosenthals.com>; Wed, 11 Oct 2023 10:00:44 
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] ClamAV
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-8102918@2rosenthals.com>
Organization: eComStation dot it
Message-ID: <2f0c1492-f9d4-f784-d9c2-9a2a37d3083c@ecomstation.it>
Date: Wed, 11 Oct 2023 10:00:39 +0200
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-8102918@2rosenthals.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 7bit



Il 11/10/2023 00:59, Steven Levine ha scritto:
> In <list-8101944@2rosenthals.com>, on 10/10/23
>     at 11:55 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:
> 
> Hi Massimo,
> 
>> about 4 months passed so, sorry, but i've forgot a lot of staff.
> 
> I hope if I ever get to be a young as you again, my memory works at least
> as well as it does now. :-
 >
>> The
>> ticket was abandoned after i published the eQ dump and i had not more
>> feedback.
> 
> The ticket was not abondoned by anyone I know of, unless it you meant to
> say you abandoned it.  You simply neglected to finish adding the required
> data which meant the ticket entry was never completed.  Paul answered as
> best the could given the information you provided.  I am  a bit older, an
> perhaps grumpier, so I sometimes lack the patience to tell folks to do the
> same simple things over and over again.

hi,

Steven, sorry, but noone asked for this info on Mantis
I got simply no answers at all


>> On the server it's still installed
>> ClamAV 0.102.0
>> freshclam: ClamAV 0.102.0/26074/Mon Feb  8 13:20:40 2021
> 
> Please provide a link to the build.  It appears that I missed the
> announcement.

http://smedley.id.au/tmp/clamav-0.102.0-os2-20191016.zip


>> I use clamav DB + sanesecurity scam and phishing DB even now sanesecurity
>> 2 DBs still updates (they use rsync)
> 
> OK
> 
>> but even clamscan 0.102.0 do not
>> work anymore and if i run the scan on the maildirs it exit or crash with
>> \USR\LOCAL\CLAMAV\BIN\CLAMSCAN.EXE (10/16/2019 12:06:11 3,938,904)
>>   Exception C0000005 - Access Violation
> 
> You keep saying this as if it is new information.  Did you understand
> Paul's explanation of why ClamScan is not working?
> 
>> Now let's talk about the 0.103.6 freshclam build by Paul.
>> clamav-0.103.6-os2-20220724.zip


https://smedley.id.au/tmp/clamav-0.103.6-os2-20220724.zip

>> As first i'm only trying freshclam to see if it correctly download
>> updated signatures
>> version:  ClamAV 0.103.6/26074/Mon Feb  8 13:20:40 2021
>> it start downloading updates, but at a certain point it fails with this
>> message:
> 
> Did you not understand Paul's explanation of why FreshScan is not working?

yes, but he said that maybe there is some workaround
elsewhere we are all fuc$ed no more softwares will run on our platform


>> I hope to forget anything, i've also updated the ticket on mantis.
> 
> Please to not forget to upload an exceptq report with proper symbol
> decodes.

i can't reproduce anymore the eQ dump, but i will retry

> Please do not forget to mention which ClamAV versions you are running.
> It's not always immediately obvious based on  the exceptq output and there
> are lots of ClamAV version in the wild.
> 
> For those reading along and somewhat curious about what the issue is, do a
> search for
> 
>    clamav reduce memory usage

if you mean this:

"You can edit the ClamAV init script (int /etc/init.d/ to add the command ulimit -m amountofram.
It will limit the possibility of ClamAV and you will probably swap which will probably slow down your whole 
system."

i guess this is not useful, or at least i don't even know how to give that
"ulimit -m amountfram" to freshclam or clamscan

about freshclam i can't understand the issue to download updates from the internet
and place them in a local dir eg. like sanesecurity does with rsync

> 
> Hopefully, Massimo has already done this.  Currently there are some
> workarounds, but no really usable solutions for us as yet.
> 
> BTW, is anyone else using ClamAV these days on OS/2?

they all should if they use a mail server (weasel* or such)
if they don't scan mails for virues this is no good at all

i've not a powerful HW at the moment, or i'd use the clam daemon to scan the emails in real time..
but at the moment clamscan is completely sufficient for me

* and i know there are a numbers, i guess you too



thanks

massimo


> Thanks,
> 
> Steven
>