From: "Massimo S." Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 8121402 for ecs-isp@2rosenthals.com; Mon, 16 Oct 2023 13:00:31 -0400 Received: from [192.168.200.201] (port=47713 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.96) (envelope-from ) id 1qsQx2-0003nH-31 for ecs-isp@2rosenthals.com; Mon, 16 Oct 2023 13:00:21 -0400 Received: from mail2.quasarbbs.net ([80.86.52.115]:10015) by mail2.2rosenthals.com with esmtp (Exim 4.96) (envelope-from ) id 1qsQwr-0000qG-2u for ecs-isp@2rosenthals.com; Mon, 16 Oct 2023 13:00:11 -0400 X-SASI-Hits: BODY_SIZE_3000_3999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_8BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __EXTORTION_MALWARE 0.000000, __FORWARDED_MSG 0.000000, __FRAUD_URGENCY 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __SUBJ_SHORT 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2023.10.16.162117 X-SASI-Hits: BODY_SIZE_3000_3999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_8BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, __ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __EXTORTION_MALWARE 0.000000, __FORWARDED_MSG 0.000000, __FRAUD_URGENCY 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __SUBJ_SHORT 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2023.10.16.162117 Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.849) for ; Mon, 16 Oct 2023 19:00:06 Reply-To: ml@ecomstation.it Subject: Re: [eCS-ISP] ClamAV To: eCS ISP Mailing List References: Organization: eComStation dot it Message-ID: <87e4da22-cdcd-6f26-b496-7ab1d4c33f42@ecomstation.it> Date: Mon, 16 Oct 2023 19:00:05 +0200 User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424 Thunderbird/1.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Language: it-IT Content-Transfer-Encoding: 8bit Il 16/10/2023 18:21, Steven Levine ha scritto: > In , on 10/16/23 > at 10:04 AM, "Massimo S." said: > > Hi Massimo, > >>>>> 10-16-2023  09:51:10  SYS2070  PID f1da  TID 0001  Slot 00a0 >>>>> D:\USR\LOCAL\CLAMAV\BIN\FRESHCLAM.EXE >>>>> FRESHCLAM->LIBCN0.2026 >>>>> 182 >>>>> (i've already updated all the lib/libcx staff with yum) >>> i first switched the platform to p4 and then updated libc/libcx stuff, how is it possible? > > I don't have access to your system, so I can make semi-educated guesses. > Did you reboot afterwards? Are you sure the update did not fail? What > does > > yum list installed libc libcx > > report? > >> 14/04/04 16:37 356.330 124 a--- libc05.dll >> 11/09/23 19:37 45.428 124 a--- libc06.dll >> 11/09/23 19:37 45.429 124 a--- libc061.dll >> 11/09/23 19:37 153.562 124 a--- libc062.dll >> 11/09/23 19:37 153.562 124 a--- libc063.dll >> 11/09/23 19:37 153.628 124 a--- libc064.dll >> 11/09/23 19:37 153.628 124 a--- libc065.dll >> 11/09/23 19:37 316.363 124 a--- libc066.dll >> 11/09/23 19:37 1.274.428 124 a--- libcn0.dll >> 12/05/23 18:59 59.040 124 a--- libcx0.dll > > I can only guess you have a stray copy of libcn0.dll installed or loaded > somewhere. What does > > psfiles | find "LIBCN0" > > report? It should indicate that the copy from %UNIXROOT\usr\lib is > loaded. > > FWIW, lxlite will show the ordinals defined in an executable. > > lxlite -i- -c:exemap libcn0.dll > > shows that when run again the properly updated libcn0.dll, the ordinal > that was missing is now defined as: > > 02026 ___libc_touch > > which happens to be a side effect of my work with Paul and Dmitriy. > > Steven i've rebooted, now it generate no entries in popuplog.os2 but neither an eQ dump (but maybe i've to add SET EXCEPTQ=Z to c.sys) the result now is this (with 2021 sig. database) LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** cli_realloc(): Can't re-allocate memory to 1828472 bytes. realloc_problem: Not enough memory LibClamAV Error: cli_realloc(): Can't re-allocate memory to 1828472 bytes. LibClamAV Error: cli_ac_addpatt: Can't realloc ac_listtable LibClamAV Error: cli_parse_add(): Problem adding signature (3). LibClamAV Error: Problem parsing database at line 65273 LibClamAV Error: Can't load daily.ldb: Can't allocate memory LibClamAV Error: cli_tgzload: Can't load daily.ldb LibClamAV Error: Can't load d:\usr\local\clamav\share\clamav/daily.cld: MalformeLibClamAV Error: cli_loaddbdir(): error loading database d:\usr\local\clamav\shaERROR: Malformed database LIBC PANIC!! _um_free_maybe_lock: Tried to free block twice - block=11ef3cb8 lock=0x1 pid=0x00db ppid=0x00d7 tid=0x0001 slot=0x008d pri=0x0200 mc=0x0000 ps=0x0010 D:\USR\LOCAL\CLAMAV\BIN\CLAMSCAN.EXE massimo