Mailing List Archive

ClamAV® blog: ClamAV 0.103.0 released!
>
> https://blog.clamav.net/2020/09/clamav-01030-released.html <https://blog.clamav.net/2020/09/clamav-01030-released.html>
>
> ClamAV 0.103.0 released!
>
> Please visit the ClamAV Downloads page <https://www.clamav.net/downloads> to get your copy now!
>
> ClamAV 0.103.0 highlights
>
> With your feedback on the previous candidates, we've fixed these additional issues:
>
> The freshclam PID file was not readable by other users in the release candidates, but is now readable by all.
> An issue with how freshclam was linked with the autotools build system caused SysLog settings to be ignored
> The real-path checks introduced to clamscan and clamdscan in 0.102.4 broke scanning of some files with unicode filenames and files on network shares for Windows users.
> Thanks for your help!
> Major changes
>
> clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort.
> Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no.
> Special thanks to who made this feature a reality:
> Alberto Wu
> Alexander Sulfrian
> Arjen de Korte
> David Heidelberg
> Ged Haywood
> Julius Plenz
> Michael Orlitzky
> Thank you all for your patience in waiting for this feature.
>
> Notable changes
>
> The DLP module has been enhanced with additional credit card ranges and a new engine option that allows ClamAV to alert only on credit cards (and not, for instance, gift cards) when scanning with the DLP module. John Schember developed this feature, with input from Alexander Sulfrian.
> Support for Adobe Reader X PDF encryption, an overhaul of PNG scanning to detect PNG specific exploits, and a major change to GIF parsing, which makes it more tolerant to problematic files and adds the ability to scan overlays, all thanks to work and patches submitted by Aldo Mazzeo.
> clamdtop.exe now available for Windows users. Functionality is somewhat limited when compared to clamdtop on Linux. PDCurses is required to build clamdtop.exe for ClamAV on Windows.
> The phishing detection module will now print "Suspicious link found!" along with the "Real URL" and "Display URL" each time phishing is detected. In a future version, we would like to print out alert-related metadata like this at the end of a scan, but for now, this detail will help users understand why a given file is being flagged as phishing.
> Added new *experimental* CMake build tooling. CMake is not yet recommended for production builds. Our team would appreciate any assistance improving the CMake build tooling so we can one day deprecate Autotools and remove the Visual Studio solutions.
> Please see the new CMake installation instructions found in INSTALL.cmake.md for detailed instructions on how to build ClamAV with CMake.
> Added --ping and --wait options to the clamdscan and clamonacc client applications.
> The --ping (-p) command will attempt to ping clamd up to a specified maximum number of attempts at an optional interval. If the interval isn't specified, a default 1-second interval is used. It will exit with status code `0` when it receives a PONG from clamd or status code `21` if the timeout expires before it receives a response.
> Example:
> clamdscan -p 120 will attempt to ping clamd 120 at a 1 second interval.
> The --wait (-w) command will wait up to 30 seconds for clamd to start. This option may be used in tandem with the --ping option to customize the max # of attempts and the attempt interval. As with --ping, the scanning client may exit with status code 21 if the timeout expires before a connection is made to clamd.
> Example:
> clamdscan -p 30:2 -w <file> will attempt a scan, waiting up to 60 seconds for clamd to start and receive the scan request.
> The ping-and-wait feature is particularly useful for those wishing to start clamd and start clamonacc at startup, ensuring that clamd is ready before clamonacc starts. It is also useful for those wishing to start clamd immediately before initiating scans with clamdscan rather than having the clamd service run continuously.
> Added Excel 4.0 (XLM) macro detection and extraction support. Significantly improved VBA detection and extraction as well. Work courtesy of Jonas Zaddach.
> This support not yet added to sigtool, as the VBA extraction feature in sigtool is separate from the one used for scanning and will still need to be updated or replaced in the future.
> Improvements to the layout and legibility of temp files created during a scan. Improvements to legibility and content of the metadata JSON generated during a scan.
> To review the scan temp files and metadata JSON, run:
>
> clamscan --tempdir=<path> --leave-temps --gen-json <target>
>
> Viewing the scan temp files and metadata.json file provides some insight into how ClamAV analyzes a given file and can also be useful to analysts for the initial triage of potentially malicious files.
> Other improvements
>
> Added ability for freshclam and clamsubmit to override default use of OpenSSL CA bundle with a custom CA bundle. On Linux/Unix platforms (excluding macOS), users may specify a custom CA bundle by setting the CURL_CA_BUNDLE environment variable. On macOS and Windows, users are expected to add CA certificates to their respective system's keychain/certificate store. Patch courtesy of Sebastian A. Siewior
> clamscan and clamdscan now print the scan start and end dates in the scan summary.
> The clamonacc on-access scanning daemon for Linux now installs to sbin instead of bin.
> Improvements to the freshclam progress bar so the width of the text does not shift around as information changes and will not spill exceed 80 characters, even on very slow connections. Time is now displayed in Xm XXs (or Xh XXm) for values of 60 seconds or longer. Bytes display now changes units at the proper 1024 B/KiB instead of 2048 B/KiB. Patch courtesy of Zachary Murden.
> Improve column alignment and line wrap rendering for clamdtop. Also fixed an issue on Windows where clamdtop would occasionally disconnect from clamd and fail to reconnect. Patch courtesy of Zachary Murden.
> Improvements to the AutoIT parser.
> Loosened the curl version requirements in order to build and use clamonacc. You may now build ClamAV with any version of libcurl. However clamonacc's file descriptor-passing (FD-passing) capability will only be available with libcurl 7.40 or newer. FD-passing is ordinarily the default way to perform scans with clamonacc as it is significantly faster than streaming.
> Added LZMA and BZip2 decompression routines to the bytecode signature API.
> Disabled embedded type recognition for specific archive and disk image file types. This change reduces file type misclassification and improves scan time performance by reducing duplicated file scanning.
> Use pkg-config to detect libpcre2-8 before resorting to pcre2-config or pcre-config.
> Patch courtesy of Michael Orlitzky.
> Bug fixes
>
> Fixed issue scanning directories on Windows with clamdscan.exe that was introduced when mitigating against symlink quarantine attacks.
> Fixed behavior of freshclam --quiet option. Patch courtesy of Reio Remma.
> Fixed behavior of freshclam's OnUpdateExecute, OnErrorExecute, and OnOutdatedExecute config options on Windows when in daemon-mode so it can handle multiple arguments. Patch courtesy of Zachary Murden.
> Fixed an error in the heuristic alert mechanism that would cause a single detection within an archive to alert once for every subsequent file scanned, potentially resulting in thousands of alerts for a single scan.
> Fixed clamd, clamav-milter, and freshclam to create PID files before dropping privileges, to avoid the possibility of an unprivileged user from changing the PID file so that a service manager will kill a different process. This change does make the services unable to clean up the PID file on exit.
> Fixed the false positive (.fp) signature feature. In prior versions, the hash in a false positive signature would be checked only against the current layer of a file being scanned. In 0.103, every file layer is hashed, and the hashes for each in the scan recursion list are checked. This ensures that .fp signatures containing a hash for any layer in the scan leading up to the alert will negate the alert.
> As an example, a hash for a zip containing the file which alerts would not prevent the detection in prior versions. Only the hash of the embedded file would work. For some file types where the outermost is always an archive, eg. docx files, this made .fp signatures next to useless. For certain file types where the scanned content was a normalized version of the original content, eg. HTML, the normalized version was never hashed and this meant that .fp signatures never worked.
> Fixed Trusted & Revoked Windows executable (PE) file signature rules (.crb) maximum functionality level (FLEVEL) which had been being treated as the minimum FLEVEL. These signatures enable ClamAV to trust executables that are digitally signed by trusted publishers, or to alert on executables signed with compromised signing-certificates. The minimum and maximum FLEVELS enable or disable signatures at load time depending on the current ClamAV version.
> Fixed a bug wherein you could not build ClamAV with --enable-libclamav-only if curl was not installed on the system.
> Various other bug fixes, improvements, and documentation improvements.
> New Requirements
>
> Autotools (automake, autoconf, m4, pkg-config, libtool) are now required in order to build from a Git clone because the files generated by these tools have been removed from the Git repository. To generate theses files before you compile ClamAV, run autogen.sh. Users building with Autotools from the release tarball should be unaffected.
> Acknowledgments
>
> The ClamAV team thanks the following individuals for their code submissions:
>
> Aldo Mazzeo
> Ángel
> Antonino Cangialosi
> Clement Lecigne
> Jamie Biggar
> Jan Smutny
> Jim Klimov
> John Schember
> Jonathan Sabbe
> lutianxiong
> Michael Orlitzky
> Reio Remma
> Sebastian A. Siewior
> Zachary Murden
>
Re: [Clamav-devel] ClamAV® blog: ClamAV 0.103.0 released! [ In reply to ]
On 14/09/2020 23:36, Joel Esler (jesler) wrote:
>
>>
>> https://blog.clamav.net/2020/09/clamav-01030-released.html <https://blog.clamav.net/2020/09/clamav-01030-released.html>
>>
>> ClamAV 0.103.0 released!
>>
>> Please visit the ClamAV Downloads page <https://www.clamav.net/downloads> to get your copy now!
>>
>> ClamAV 0.103.0 highlights
>>

Well, that was entertaining.

It initially didn't even want to configure on my Solaris 11.3 system.

Using gcc 9.3.0, freshly built :-)

$ ./configure \
--disable-ipv6 \
--disable-silent-rules \
--disable-check \
--with-libbz2-prefix=/opt/local \
--prefix=/opt/sandbox

First problem: configure does not recognise
"--with-libbz2-prefix=/opt/local", it tries to use the system's
libbz2.so, which is a bit old.

Second problem:
...
checking that structure packing works... no
configure: error: Structure packing seems to be available, but is not
working with this compiler

Hmm, look at config.log, it can't find libcharset.so.1, sigh, add CFLAGS
and LDFLAGS...
$ ./configure \
CFLAGS=-I/opt/local/include \
LDFLAGS="-L/opt/local/lib -R/opt/local/lib" \
--disable-ipv6 \
--disable-silent-rules \
--disable-check \
--with-libbz2-prefix=/opt/local \
--prefix=/opt/sandbox

Now configure works, and coincidentally it finds the newer libbz2...

Onward!

$ gmake
...
../libtool: eval: line 1731: syntax error near unexpected token `|'
../libtool: eval: line 1731: `/bin/nm -p ../libclammspack/mspack/.libs
/libclammspack_la-cabc.o
../libclammspack/mspack/.libs/libclammspack_la-cabd.o
../libclammspack/mspack/.libs/libclammspack_la-chmc.o
../libclammspack/mspack/.libs/libclammspack_la-chmd.o
../libclammspack/mspack/.libs/libclammspack_la-crc32.o
../libclammspack/mspack/.libs/libclammspack_la-hlpc.o
../libclammspack/mspack/.libs/libclammspack_la-hlpd.o
../libclammspack/mspack/.libs/libclammspack_la-kwajc.o
../libclammspack/mspack/.libs/libclammspack_la-kwajd.o
../libclammspack/mspack/.libs/libclammspack_la-litc.o
../libclammspack/mspack/.libs/libclammspack_la-litd.o
../libclammspack/mspack/.libs/libclammspack_la-lzssd.o
../libclammspack/mspack/.libs/libclammspack_la-lzxc.o
../libclammspack/mspack/.libs/libclammspack_la-lzxd.o
../libclammspack/mspack/.libs/libclammspack_la-mszipc.o
../libclammspack/mspack/.libs/libclammspack_la-mszipd.o
../libclammspack/mspack/.libs/libclammspack_la-oabc.o
../libclammspack/mspack/.libs/libclammspack_la-oabd.o
../libclammspack/mspack/.libs/libclammspack_la-qtmd.o
../libclammspack/mspack/.libs/libclammspack_la-system.o
../libclammspack/mspack/.libs/libclammspack_la-szddc.o
../libclammspack/mspack/.libs/libclammspack_la-szddd.o | | /bin/gsed
's/.* //' | sort | uniq > .libs/libclammspack.exp'
gmake[4]: *** [libclammspack.la] Error 2

Ah, munge configure files for Solaris nm post 2010 or so:
$ for i in `find . -name configure`
do
sed 's/BDRT/BCDRT/' $i > /tmp/configure.$$
mv /tmp/configure.$$ $i
chmod a+x $i
done

Rinse, lather, repeat.

It builds!

$ sudo gmake install

And
$ sudo /opt/sandbox/bin/freshclam -f -F
does the right things! :-)

$ cd clamav-0.103.0/test
$ /opt/sandbox/bin/clamscan -v *
... And lots of "Clamav.Test.File-6 FOUND" messages.

Okay, do I feel lucky, shall I rebuild it and install????

Well, if you don't hear back from me, it worked, or else I've been
drowned in virii :-)

Cheers,
Gary B-)

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [Clamav-devel] ClamAV® blog: ClamAV 0.103.0 released! [ In reply to ]
On 15.09.20 14:24, Gary R. Schmidt wrote:
> Well, that was entertaining.

less of an adventure here (CentOS 7), but my spec file that has been
working without modifications since clamav 0.9x needed some patching
today, or else clamav-milter refused installation with:

Error: Package: clamav-milter-0.103.0-1.el7.x86_64 (clam-c7)
Requires: libclamav.so.9(CLAMAV_PRIVATE)(64bit)

adding the following lines helped:
Provides: libclamav.so.9()(64bit)
Provides: libclamav.so.9(CLAMAV_PRIVATE)(64bit)
Provides: libclamav.so.9(CLAMAV_PUBLIC)(64bit)

no idea why this is suddenly necessary...


Now it runs like charm, thank you to everybody involved in the new release!

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: ClamAV? blog: ClamAV 0.103.0 released! [ In reply to ]
Hi there,

On Tue, 15 Sep 2020, lukn via clamav-users wrote:
> On 15.09.20 14:24, Gary R. Schmidt wrote:
>
> > Well, that was entertaining.
>
> less of an adventure here (CentOS 7), but my spec file ...

Would you guys be able to try the release candidates next time?

I had no trouble with them, maybe my gear is a bit more mainstream.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: ClamAV® blog: ClamAV 0.103.0 released! [ In reply to ]
ClamAV 0.103.0 builds (and runs) fine most of the time, but I do see
(infrequent) failing checks on the build servers for openSUSE. This
could be a race condition in the tests and might depend on the number
of cores or CPU of the buildserver it runs on.

One thing that does concern me slightly, is the number of -Wformat
warning in the tests, for example

[ 166s] In file included from check_clamav.c:11:
[ 166s] check_clamav.c: In function 'diff_file_mem':
[ 166s] check_clamav.c:1267:26: warning: format '%d' expects argument
of type 'int', but argument 5 has type 'size_t' {aka 'long unsigned
int'} [-Wformat=]
[ 166s] 1267 | ck_assert_msg(!!buf, "unable to malloc buffer: %d", len);
[ 166s] | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~
[ 166s] | |
[ 166s] |
size_t {aka long unsigned int}
[ 166s] check_clamav.c:1267:53: note: format string is defined here
[ 166s] 1267 | ck_assert_msg(!!buf, "unable to malloc buffer: %d", len);
[ 166s] | ~^
[ 166s] | |
[ 166s] | int
[ 166s] | %ld

There are many more which could potentially be an issue.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: ClamAV® blog: ClamAV 0.103.0 released! [ In reply to ]
On 9/15/20 12:22 PM, Arjen de Korte via clamav-users wrote:
> ClamAV 0.103.0 builds (and runs) fine most of the time, but I do see
> (infrequent) failing checks on the build servers for openSUSE. This
> could be a race condition in the tests and might depend on the number of
> cores or CPU of the buildserver it runs on.
>
> One thing that does concern me slightly, is the number of -Wformat
> warning in the tests, for example
>
> [  166s] In file included from check_clamav.c:11:
> [  166s] check_clamav.c: In function 'diff_file_mem':
> [  166s] check_clamav.c:1267:26: warning: format '%d' expects argument
> of type 'int', but argument 5 has type 'size_t' {aka 'long unsigned
> int'} [-Wformat=]
> [  166s]  1267 |     ck_assert_msg(!!buf, "unable to malloc buffer: %d",
> len);
> [  166s]       |                          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~
> [  166s]       |                                                         |
> [  166s]       |
> size_t {aka long unsigned int}
> [  166s] check_clamav.c:1267:53: note: format string is defined here
> [  166s]  1267 |     ck_assert_msg(!!buf, "unable to malloc buffer: %d",
> len);
> [  166s]       |                                                    ~^
> [  166s]       |                                                     |
> [  166s]       |                                                     int
> [  166s]       |                                                    %ld
>
> There are many more which could potentially be an issue.

The Fedora build fails because we build with -Werror=format-security:

gcc -DHAVE_CONFIG_H -I. -I.. -I../libclammspack -I.. -I../libclamav
-I../libclamav -I../libclamunrar_iface -pthread -I/usr/include/json-c
-DSRCDIR=\"/home/orion/fedora/clamav/clamav-0.103.0/unit_tests\"
-DOBJDIR=\"/home/orion/fedora/clamav/clamav-0.103.0/unit_tests\"
-I/usr/include/libprelude -I/usr/include/libxml2 -O2 -flto=auto
-ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
-Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
-fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
-m64 -mtune=generic -fasynchronous-unwind-tables
-fstack-clash-protection -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64 -c -o check_clamav-check_jsnorm.o `test -f
'check_jsnorm.c' || echo './'`check_jsnorm.c
In file included from check_jsnorm.c:32:
check_jsnorm.c: In function 'tokenizer_test':
check_jsnorm.c:250:57: error: format not a string literal and no format
arguments [-Werror=format-security]
250 | ck_assert_msg("failed to open output file: %s", filename);
| ^~~~~~~~


In this case it appears that the ck_assert_msg() call is missing the
condition check. I've filed
https://github.com/Cisco-Talos/clamav-devel/pull/138 with I think the
proper fix.

Orion

--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 https://www.nwra.com/
Re: ClamAV? blog: ClamAV 0.103.0 released! [ In reply to ]
On Monday 14 September 2020, Joel Esler (jesler) via clamav-users wrote:

> ClamAV 0.103.0 released!

/lib/systemd/system/clamav-clamonacc.service is installed without
replacing @APP_CONFIG_DIRECTORY@ as far as I can see.

--
Regards, Sergey

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: ClamAV? blog: ClamAV 0.103.0 released! [ In reply to ]
On Monday 14 September 2020, Joel Esler (jesler) via clamav-users wrote:

> Bug fixes
>
> Fixed behavior of freshclam --quiet option. Patch courtesy of Reio Remma.

What has been fixed? I keep seeing the message "Connecting via proxy" and
the virusdb update reports.

# freshclam --version
ClamAV 0.103.0/25943/Wed Sep 30 17:54:21 2020

without update:

# /usr/bin/freshclam --quiet --daemon-notify
Connecting via proxy

with update (a snippet):

# /usr/bin/freshclam --quiet --daemon-notify
Connecting via proxy
* Trying x.x.x.x:3128...
* TCP_NODELAY set
* Connected to proxy (213.156.192.11) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to database.clamav.net:443
> CONNECT database.clamav.net:443 HTTP/1.1
Host: database.clamav.net:443
User-Agent: ClamAV/0.103.0 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 Connection established
....
> GET /daily-25943.cdiff HTTP/2
....
* Connection #0 to host proxy left intact


without proxy and with update (a snippet):

# /usr/bin/freshclam --quiet --daemon-notify
* Trying 104.16.219.84:443...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
....
> GET /daily-25943.cdiff HTTP/2
....
* Connection #0 to host database.clamav.net left intact


--
Regards, Sergey

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: ClamAV? blog: ClamAV 0.103.0 released! [ In reply to ]
Hi Sergey,

It looks like you have Verbose enabled in your freshclam.conf file, which is causing extra output from libcurl to be displayed despite the --quiet option.

The thing that was fixed was that "Testing database: ..." was being printed instead of logged, meaning it ignored the --quiet option. See: https://github.com/Cisco-Talos/clamav-devel/commit/095abcc28bc86fe25798be564d685f76530b19bd#diff-144511dd46e128d7d330578040a81f23

Regards,
Micah

-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Sergey
Sent: Thursday, October 1, 2020 1:44 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] ClamAV? blog: ClamAV 0.103.0 released!

On Monday 14 September 2020, Joel Esler (jesler) via clamav-users wrote:

> Bug fixes
>
> Fixed behavior of freshclam --quiet option. Patch courtesy of Reio Remma.

What has been fixed? I keep seeing the message "Connecting via proxy" and the virusdb update reports.

# freshclam --version
ClamAV 0.103.0/25943/Wed Sep 30 17:54:21 2020

without update:

# /usr/bin/freshclam --quiet --daemon-notify Connecting via proxy

with update (a snippet):

# /usr/bin/freshclam --quiet --daemon-notify Connecting via proxy
* Trying x.x.x.x:3128...
* TCP_NODELAY set
* Connected to proxy (213.156.192.11) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to database.clamav.net:443
> CONNECT database.clamav.net:443 HTTP/1.1
Host: database.clamav.net:443
User-Agent: ClamAV/0.103.0 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 Connection established
....
> GET /daily-25943.cdiff HTTP/2
....
* Connection #0 to host proxy left intact


without proxy and with update (a snippet):

# /usr/bin/freshclam --quiet --daemon-notify
* Trying 104.16.219.84:443...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
....
> GET /daily-25943.cdiff HTTP/2
....
* Connection #0 to host database.clamav.net left intact


--
Regards, Sergey

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml