Mailing List ecs-isp@2rosenthals.com Archived Message #578

From: "Steven Levine" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Subject: Re: [eCS-ISP] ClamAV
Date: Sat, 14 Oct 2023 17:51:08 -0800
To: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>

In <list-8112330@2rosenthals.com>, on 10/14/23
   at 05:24 PM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:

Hi Paul,

>> I get to update libc later.  On a positive note, I learned something new

After the libc update, I find that ClamAV had put me on timeout for too
many failures yesterday so I switched back to working on clamscan.

For some reason, at first is claimed

clamscan --debug --verbose --database=/Internet/clamav/lib --recursive=yes
/tmp/ LibClamAV debug: searching for unrar, user-searchpath: /clamav/lib
LibClamAV debug: searching for unrar: libclamunrar_iface.dll.9.0.5 not
found LibClamAV debug: searching for unrar: libclamunrar_iface.dll.9 not
found LibClamAV debug: searching for unrar: libclamunrar_iface.dll not
found LibClamAV debug: searching for unrar: libclamunrar_iface.a not found
LibClamAV debug: Cannot dlopen libclamunrar_iface: dlopen rc=2
extra=LIBCLAMUNRAR_IFACE.A - unrar support unavailable LibClamAV debug:
Initialized 0.103.6 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$ LibClamAV
debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: Loading databases from /Internet/clamav/lib
LibClamAV Error: cli_loaddbdir(): No supported database files found in
/Internet/clamav/lib ERROR: Can't open file or directory
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up

However, after some .cvd and .exe file shuffling, this went away.  What I
did that actually fixed it is probably going to remain a mystery.

Freshclam came alive after the timeout expired.  I need to ensure I don't
run out of memory while testing.

I can now run both freshclam and clamscan under the debugger, but the
sources differ enough that it's probably time for a clamav repo on your
github.

Does it make sense to update the sources to 0.103.10, which seems to be
the latest 0.103 LTS?  The logs show mostly unrar fixes, which don't
really apply to us. However, as I read

  https://docs.clamav.net/faq/faq-eol.html#version-support-matrix

it is possible that 0.103.6 could get locked out of access to .cvd updates
if the versions turns out to be problematic.  Given that 0.103.6 is
already pretty old, this is probably not going to happen until 0.103 goes
out of support.

Steven

--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------


Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster