From: "Steven Levine" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTPS id 8113077 for ecs-isp@2rosenthals.com; Sun, 15 Oct 2023 01:24:22 -0400
Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:42139 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <steve53@earthlink.net>)
	id 1qrtbm-0003BU-29
	for ecs-isp@2rosenthals.com;
	Sun, 15 Oct 2023 01:24:10 -0400
Received: from mta-202b.earthlink-vadesecure.net ([51.81.232.241]:57303 helo=mta-202a.earthlink-vadesecure.net)
	by mail2.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <steve53@earthlink.net>)
	id 1qrtbf-0000nv-2W
	for ecs-isp@2rosenthals.com;
	Sun, 15 Oct 2023 01:24:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; bh=uHcRplJWwT6BmZ6pV6M1aC9BhzOBWz22FVC+PE
 Pw6Lo=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject:
 date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to:
 references:list-id:list-help:list-unsubscribe:list-subscribe:list-post:
 list-owner:list-archive; q=dns/txt; s=dk12062016; t=1697347441;
 x=1697952241; b=QxZJY30WvvL5gLmQa1HLIrijsAkTEbA3u43VfHF50mJtMy14HBAjh5q
 BWQMEQ5i0UyRQ8V452tpOmI4SAeBj5hP2Ln+5QbfoG4D7hWq0dQHg/IQSQCEw3NYlSPwFSE
 jCxfRE9+49zkAmhRtTHA/5qhttuzXedrRUZl9ZQCQcf49mjm1c2iI1UKopIqL2vn68Pfngl
 2s1Hty2Cdub0zzKshBmQZglBjoHBu6chl/eHzj8uY5i8owXnzegA0xHWVbj3euofx+RSH0V
 marqvNCEzZO3Rt31SABr1A3VC5coRWY5AQ+QVE8w1DYhFhZ+he/wZivLac8m0AiWXqFBQj3
 g6A==
Received: from slamain ([108.193.253.247])
 by vsel2nmtao02p.internal.vadesecure.com with ngmta
 id 40546996-178e30814ce04b65; Sun, 15 Oct 2023 05:24:01 +0000
Message-ID: <652b458c.2.mr2ice.fgrirsq@earthlink.net>
Date: Sat, 14 Oct 2023 17:51:08 -0800
To: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>
In-Reply-To: <list-8112330@2rosenthals.com>
Subject: Re: [eCS-ISP] ClamAV
X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 

In <list-8112330@2rosenthals.com>, on 10/14/23
   at 05:24 PM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:

Hi Paul,

>> I get to update libc later.  On a positive note, I learned something new

After the libc update, I find that ClamAV had put me on timeout for too
many failures yesterday so I switched back to working on clamscan.

For some reason, at first is claimed

clamscan --debug --verbose --database=/Internet/clamav/lib --recursive=yes
/tmp/ LibClamAV debug: searching for unrar, user-searchpath: /clamav/lib
LibClamAV debug: searching for unrar: libclamunrar_iface.dll.9.0.5 not
found LibClamAV debug: searching for unrar: libclamunrar_iface.dll.9 not
found LibClamAV debug: searching for unrar: libclamunrar_iface.dll not
found LibClamAV debug: searching for unrar: libclamunrar_iface.a not found
LibClamAV debug: Cannot dlopen libclamunrar_iface: dlopen rc=2
extra=LIBCLAMUNRAR_IFACE.A - unrar support unavailable LibClamAV debug:
Initialized 0.103.6 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$ LibClamAV
debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: Loading databases from /Internet/clamav/lib
LibClamAV Error: cli_loaddbdir(): No supported database files found in
/Internet/clamav/lib ERROR: Can't open file or directory
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up

However, after some .cvd and .exe file shuffling, this went away.  What I
did that actually fixed it is probably going to remain a mystery.

Freshclam came alive after the timeout expired.  I need to ensure I don't
run out of memory while testing.

I can now run both freshclam and clamscan under the debugger, but the
sources differ enough that it's probably time for a clamav repo on your
github.

Does it make sense to update the sources to 0.103.10, which seems to be
the latest 0.103 LTS?  The logs show mostly unrar fixes, which don't
really apply to us. However, as I read

  https://docs.clamav.net/faq/faq-eol.html#version-support-matrix

it is possible that 0.103.6 could get locked out of access to .cvd updates
if the versions turns out to be problematic.  Given that 0.103.6 is
already pretty old, this is probably not going to happen until 0.103 goes
out of support.

Steven

-- 
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------