Mailing List Archive

Same Error on  clamav-0.103.4

<0.0> clamscan -V
ClamAV 0.103.4/26363/Wed Nov 24 04:19:30 2021


<0.0> sigtool -l | tail
Doc.Malware.Valyria-6923115-0
Xls.Malware.Generic-6923116-0
Doc.Malware.00536d-6923117-0
Doc.Malware.Valyria-6923118-0
Xls.Malware.Sload-6923119-0
Xls.Downloader.Powload-6923120-0
ERROR: listdb: Malformed pattern line 32300 (file
/tmp/clamav-9745ca840b8ad8cd60a57d4cf313338c.tmp/main.ldb)
ERROR: listdb: Error listing database
/tmp/clamav-9745ca840b8ad8cd60a57d4cf313338c.tmp/main.ldb
ERROR: listdb: Can't list directory /var/lib/clamav/main.cvd
ERROR: listdb: Error listing database /var/lib/clamav/main.cvd


No Error on clamav-0.104.1

<0.0>clamscan -V
ClamAV 0.104.1/26362/Tue Nov 23 04:18:04 2021

<0.0>sigtool -l | tail
Bofhland.Retefe_6e7e
Bofhland.Retefe_6ca5
Bofhland.Retefe_2617
Bofhland.Retefe_7841
Bofhland.Retefe_7709
Bofhland.Locky_0c44
Bofhland.Malware.url.2673092
Bofhland.Malware.url.2673093
Bofhland.Malware.url.2673140
Bofhland.Malware.url.2673141

What are the differences?

Thanks,

--

 Pressure creates diamond.


On 11/24/21 10:14, Ralf Hildebrandt via clamav-users wrote:
> * Arnaud Jacques via clamav-users<clamav-users@lists.clamav.net>:
>> Is it just me, or?
> Same here:
>
> # clamdscan -V
> ClamAV 0.103.4/26363/Wed Nov 24 10:19:30 2021
>
> # sigtool -l|tail
> Doc.Malware.Valyria-6923115-0
> Xls.Malware.Generic-6923116-0
> Doc.Malware.00536d-6923117-0
> Doc.Malware.Valyria-6923118-0
> Xls.Malware.Sload-6923119-0
> Xls.Downloader.Powload-6923120-0
> ERROR: listdb: Malformed pattern line 32300 (file /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb)
> ERROR: listdb: Error listing database /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb
> ERROR: listdb: Can't list directory /var/lib/clamav/main.cld
> ERROR: listdb: Error listing database /var/lib/clamav/main.cld
>
> Ralf Hildebrandt
> Charité - Universitätsmedizin Berlin
> Geschäftsbereich IT | Abteilung Netzwerk
>
> Campus Benjamin Franklin (CBF)
> Haus I | 1. OG | Raum 105
> Hindenburgdamm 30 | D-12203 Berlin
>
> Tel. +49 30 450 570 155
> ralf.hildebrandt@charite.de
> https://www.charite.de
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

On Wed, Nov 24, 2021 at 10:14 AM Ralf Hildebrandt via clamav-users <
clamav-users@lists.clamav.net> wrote:

> * Arnaud Jacques via clamav-users <clamav-users@lists.clamav.net>:
> > Is it just me, or?
>
> Same here:
>
> # clamdscan -V
> ClamAV 0.103.4/26363/Wed Nov 24 10:19:30 2021
>
> # sigtool -l|tail
> Doc.Malware.Valyria-6923115-0
> Xls.Malware.Generic-6923116-0
> Doc.Malware.00536d-6923117-0
> Doc.Malware.Valyria-6923118-0
> Xls.Malware.Sload-6923119-0
> Xls.Downloader.Powload-6923120-0
> ERROR: listdb: Malformed pattern line 32300 (file
> /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb)
> ERROR: listdb: Error listing database
> /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb
> ERROR: listdb: Can't list directory /var/lib/clamav/main.cld
> ERROR: listdb: Error listing database /var/lib/clamav/main.cld
>

I get the same errors, yet clamscan loads things just fine and sigtool is
able to decode the signature on line 32300 (Doc.Trojan.Agent-6923124-0)
without a problem.

It definitely seems like an issue with the list-sigs functionality though,
given the disparity in counts between a count of the lines output by
sigtool -l and the number of known viruses reported by clamscan (version
0.103.3).

$ sigtool -l | wc -l
6640592

$ clamscan test.txt
/Users/mbroekman/Security/test/test.txt: OK

----------- SCAN SUMMARY -----------
Known viruses: 8579605

One curious thing is that the Powload signature is *exactly* 8192
characters in length. From past experience with older versions of ClamAV, I
thought 8k was the size limit for signatures, including the EOL for the
database line. I wonder if there's still an issue in the list-sigs
functionality around that, since clamscan doesn't report database errors.


--Maarten


Ralf Hildebrandt
> Charité - Universitätsmedizin Berlin
> Geschäftsbereich IT | Abteilung Netzwerk
>
> Campus Benjamin Franklin (CBF)
> Haus I | 1. OG | Raum 105
> Hindenburgdamm 30 | D-12203 Berlin
>
> Tel. +49 30 450 570 155
> ralf.hildebrandt@charite.de
> https://www.charite.de
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

On Wed, Nov 24, 2021 at 10:42 AM Maarten Broekman <
maarten.broekman@gmail.com> wrote:

>
>
> On Wed, Nov 24, 2021 at 10:14 AM Ralf Hildebrandt via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> * Arnaud Jacques via clamav-users <clamav-users@lists.clamav.net>:
>> > Is it just me, or?
>>
>> Same here:
>>
>> # clamdscan -V
>> ClamAV 0.103.4/26363/Wed Nov 24 10:19:30 2021
>>
>> # sigtool -l|tail
>> Doc.Malware.Valyria-6923115-0
>> Xls.Malware.Generic-6923116-0
>> Doc.Malware.00536d-6923117-0
>> Doc.Malware.Valyria-6923118-0
>> Xls.Malware.Sload-6923119-0
>> Xls.Downloader.Powload-6923120-0
>> ERROR: listdb: Malformed pattern line 32300 (file
>> /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb)
>> ERROR: listdb: Error listing database
>> /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb
>> ERROR: listdb: Can't list directory /var/lib/clamav/main.cld
>> ERROR: listdb: Error listing database /var/lib/clamav/main.cld
>>
>
> I get the same errors, yet clamscan loads things just fine and sigtool is
> able to decode the signature on line 32300 (Doc.Trojan.Agent-6923124-0)
> without a problem.
>
> It definitely seems like an issue with the list-sigs functionality though,
> given the disparity in counts between a count of the lines output by
> sigtool -l and the number of known viruses reported by clamscan (version
> 0.103.3).
>
> $ sigtool -l | wc -l
> 6640592
>
> $ clamscan test.txt
> /Users/mbroekman/Security/test/test.txt: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 8579605
>
> One curious thing is that the Powload signature is *exactly* 8192
> characters in length. From past experience with older versions of ClamAV, I
> thought 8k was the size limit for signatures, including the EOL for the
> database line. I wonder if there's still an issue in the list-sigs
> functionality around that, since clamscan doesn't report database errors.
>
>
A little more information:
There are only 4 signatures in the main.ldb that are over 8k in size. That
powload one is the only one that causes problems. I separated them out into
a new file:

$ wc -l ./test.ldb
4 ./test.ldb

$ cat test.ldb | awk -F\; '{ print $1 }'
Doc.Dropper.Generic-6922945-0
Win.Adware.Linkury-16152
Win.Adware.Linkury-16148
Xls.Downloader.Powload-6923120-0

When I run "sigtool -l./test.ldb", however, sigtool does something ... odd:
Doc.Dropper.Generic-6922945-0
6c652e577269746520223466343735323431376533323266343332643436353234353435376533313266366436393665363737373266366336393632326636373633363332663664363936653637373733333332326633333334333834323339333237653331326533353266363936653633366337353634363532663733373436343631373236373265363830303566356636373665373536333566373636313566366336393733373433613734323833353263333132393364323833303263333233303239303035663639366636323735363633613534373432383331326333313239336437333333333235663730373437323361323833313263333232393364326132383330326333313339323932633330326333333332336235663633366537343361323833303263333332393263333333323263333333323362356636323631373336353361323833313263333232393263333633343263333333323362356636363663363136373361323833303263333332393263333933363263333333323362356636363639366336353361323833303263333332393263333133323338326333333332336235663633363836313732363237353636336132383330326333333239326333313336333032633333333233623566363237353636373336393761336132383330326333333239326333313339333232633333333233623566373436643730363636653631366436353361323833313263333232393263333233323334326333333332336236663730363537323631373436663732336433613361323833313263333332393364323332383331326333313239326332383331326333343239336432363238333132633331323932633238333132633335323933643261323833313263333132393263323833313263333632393364323632383331326333373239336436623238333132633331323932633238333032633336323933623361356635613465333635663639366636323735363636313533343535323462353335663362333234313265336235663566363236313733363535663633373436663732336133613238333132633338323933643233323833313263333132393263323833303263333632393263323833313263333532393263323833313263333632393263323833303263333632393362336135663561346533363566363936663632373536363433333234353532346235333566336233323431326533623566356636333666366437303566363337343666373233613361323833313263333832393361356635613465333635663639366636323735363634333331343535323462353335663362333234313265336235663566363236313733363535663633373436663732336122
Win.Adware.Linkury-16152
00720063006800550072006c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00460046002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00460046002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c00460046002c0020003a00500072006f0074006500630074006f007200730053006500610072006300680044006f006d00610069006e002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00490045002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00490045002c0020003a0048006f00730074007300460069006c0065004d006f006e00690074006f0072004c0069006e006b0075007200790044006f006d00610069006e0073002c0020003a00420061007300690063004c0069006e006b0054006f004f00660066006500720073004d0061006e00610067006500720043006c006f007500640053006500720076006900630065002c0020003a00470065007400420075006e0064006c0069006e0067004100700070006c00690063006100740069006f006e00730054006f0049006e007300740061006c006c00460075006e006300740069006f006e002c0020003a0047006500740041007000700072006f0076006500640049006e00730074006c006c006100740069006f006e00460075006e006300740069006f006e002c0020003a005400610073006b006200610072004e006f0074006900660069006500720045007800650050006100740068002c0020003a00440065006600610075006c0074004d00610078004f00720064006500720073002c0020003a00440065006600610075006c00740049006e00740065007200760061006c002c0020003a0043006800650063006b0069006e0067004f006600660065007200730049006e00740065007200760061006c0049006e004d0069006e0075007400650073002c0020003a00500072006900760061007400650049006e007600650073007400690067006100740069006f006e0045006e00640070006f0069006e0074002c0020003a00530068006f007200740049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a004c006f006e00670049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a0052004f00540058006d006c004f007000650072006100740069006f006e007300550072006c002c0020003a0044006c006c0049006e006a0065006300740069006f006e00550072006c002c0020003a005400720061007900570069006e0064006f0077004800650061006400650072004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f0032004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004e0054004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f00440053004c006100620065006c002c0020003a00540061006b006500440065006600610075006c0074005300650061007200630068002c0020003a00540061006b0065004e00650077005400610062002c0020003a00540061006b00650048006f006d0065005000610067006500
Win.Adware.Linkury-16148
00072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00460046002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00460046002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c00460046002c0020003a00500072006f0074006500630074006f007200730053006500610072006300680044006f006d00610069006e002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00490045002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00490045002c0020003a0048006f00730074007300460069006c0065004d006f006e00690074006f0072004c0069006e006b0075007200790044006f006d00610069006e0073002c0020003a00420061007300690063004c0069006e006b0054006f004f00660066006500720073004d0061006e00610067006500720043006c006f007500640053006500720076006900630065002c0020003a00470065007400420075006e0064006c0069006e0067004100700070006c00690063006100740069006f006e00730054006f0049006e007300740061006c006c00460075006e006300740069006f006e002c0020003a0047006500740041007000700072006f0076006500640049006e00730074006c006c006100740069006f006e00460075006e006300740069006f006e002c0020003a005400610073006b006200610072004e006f0074006900660069006500720045007800650050006100740068002c0020003a00440065006600610075006c0074004d00610078004f00720064006500720073002c0020003a00440065006600610075006c00740049006e00740065007200760061006c002c0020003a0043006800650063006b0069006e0067004f006600660065007200730049006e00740065007200760061006c0049006e004d0069006e0075007400650073002c0020003a00500072006900760061007400650049006e007600650073007400690067006100740069006f006e0045006e00640070006f0069006e0074002c0020003a00530068006f007200740049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a004c006f006e00670049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a0052004f00540058006d006c004f007000650072006100740069006f006e007300550072006c002c0020003a0044006c006c0049006e006a0065006300740069006f006e00550072006c002c0020003a005400720061007900570069006e0064006f0077004800650061006400650072004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f0032004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004e0054004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f00440053004c006100620065006c002c0020003a00540061006b006500440065006600610075006c0074005300650061007200630068002c0020003a00540061006b0065004e00650077005400610062002c0020003a00540061006b00650048006f006d0065005000610067006500
Xls.Downloader.Powload-6923120-0
ERROR: listdb: Malformed pattern line 8 (file ./test.ldb)

This seems to indicate that:

- sigtool isn't reading the entire line from the database file, rather
it's only reading 8k.
- The error is *NOT* triggering on those other long signatures because
there *is* a semi-colon further in the signature file which allows
sigtool to "think" those long strings of numbers are actually the virus
names.
- The error IS triggering on the powload signature because the very next
read (line 1615: 'while (fgets(buffer, CLI_DEFAULT_LSIG_BUFSIZE, fh)) {' )
is hitting a newline.


--Maarten


> Ralf Hildebrandt
>> Charité - Universitätsmedizin Berlin
>> Geschäftsbereich IT | Abteilung Netzwerk
>>
>> Campus Benjamin Franklin (CBF)
>> Haus I | 1. OG | Raum 105
>> Hindenburgdamm 30 | D-12203 Berlin
>>
>> Tel. +49 30 450 570 155
>> ralf.hildebrandt@charite.de
>> https://www.charite.de
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>

I've opened https://github.com/Cisco-Talos/clamav/issues/389 for this
issue. The issue *shouldn't* be causing problems with scanning (it wasn't
causing a problem for me), but if it is please add a comment to the issue
to that effect.

--Maarten

On Wed, Nov 24, 2021 at 11:19 AM Maarten Broekman <
maarten.broekman@gmail.com> wrote:

>
>
> On Wed, Nov 24, 2021 at 10:42 AM Maarten Broekman <
> maarten.broekman@gmail.com> wrote:
>
>>
>>
>> On Wed, Nov 24, 2021 at 10:14 AM Ralf Hildebrandt via clamav-users <
>> clamav-users@lists.clamav.net> wrote:
>>
>>> * Arnaud Jacques via clamav-users <clamav-users@lists.clamav.net>:
>>> > Is it just me, or?
>>>
>>> Same here:
>>>
>>> # clamdscan -V
>>> ClamAV 0.103.4/26363/Wed Nov 24 10:19:30 2021
>>>
>>> # sigtool -l|tail
>>> Doc.Malware.Valyria-6923115-0
>>> Xls.Malware.Generic-6923116-0
>>> Doc.Malware.00536d-6923117-0
>>> Doc.Malware.Valyria-6923118-0
>>> Xls.Malware.Sload-6923119-0
>>> Xls.Downloader.Powload-6923120-0
>>> ERROR: listdb: Malformed pattern line 32300 (file
>>> /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb)
>>> ERROR: listdb: Error listing database
>>> /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb
>>> ERROR: listdb: Can't list directory /var/lib/clamav/main.cld
>>> ERROR: listdb: Error listing database /var/lib/clamav/main.cld
>>>
>>
>> I get the same errors, yet clamscan loads things just fine and sigtool is
>> able to decode the signature on line 32300 (Doc.Trojan.Agent-6923124-0)
>> without a problem.
>>
>> It definitely seems like an issue with the list-sigs functionality
>> though, given the disparity in counts between a count of the lines output
>> by sigtool -l and the number of known viruses reported by clamscan (version
>> 0.103.3).
>>
>> $ sigtool -l | wc -l
>> 6640592
>>
>> $ clamscan test.txt
>> /Users/mbroekman/Security/test/test.txt: OK
>>
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 8579605
>>
>> One curious thing is that the Powload signature is *exactly* 8192
>> characters in length. From past experience with older versions of ClamAV, I
>> thought 8k was the size limit for signatures, including the EOL for the
>> database line. I wonder if there's still an issue in the list-sigs
>> functionality around that, since clamscan doesn't report database errors.
>>
>>
> A little more information:
> There are only 4 signatures in the main.ldb that are over 8k in size. That
> powload one is the only one that causes problems. I separated them out into
> a new file:
>
> $ wc -l ./test.ldb
> 4 ./test.ldb
>
> $ cat test.ldb | awk -F\; '{ print $1 }'
> Doc.Dropper.Generic-6922945-0
> Win.Adware.Linkury-16152
> Win.Adware.Linkury-16148
> Xls.Downloader.Powload-6923120-0
>
> When I run "sigtool -l./test.ldb", however, sigtool does something ... odd:
> Doc.Dropper.Generic-6922945-0
>
> 6c652e577269746520223466343735323431376533323266343332643436353234353435376533313266366436393665363737373266366336393632326636373633363332663664363936653637373733333332326633333334333834323339333237653331326533353266363936653633366337353634363532663733373436343631373236373265363830303566356636373665373536333566373636313566366336393733373433613734323833353263333132393364323833303263333233303239303035663639366636323735363633613534373432383331326333313239336437333333333235663730373437323361323833313263333232393364326132383330326333313339323932633330326333333332336235663633366537343361323833303263333332393263333333323263333333323362356636323631373336353361323833313263333232393263333633343263333333323362356636363663363136373361323833303263333332393263333933363263333333323362356636363639366336353361323833303263333332393263333133323338326333333332336235663633363836313732363237353636336132383330326333333239326333313336333032633333333233623566363237353636373336393761336132383330326333333239326333313339333232633333333233623566373436643730363636653631366436353361323833313263333232393263333233323334326333333332336236663730363537323631373436663732336433613361323833313263333332393364323332383331326333313239326332383331326333343239336432363238333132633331323932633238333132633335323933643261323833313263333132393263323833313263333632393364323632383331326333373239336436623238333132633331323932633238333032633336323933623361356635613465333635663639366636323735363636313533343535323462353335663362333234313265336235663566363236313733363535663633373436663732336133613238333132633338323933643233323833313263333132393263323833303263333632393263323833313263333532393263323833313263333632393263323833303263333632393362336135663561346533363566363936663632373536363433333234353532346235333566336233323431326533623566356636333666366437303566363337343666373233613361323833313263333832393361356635613465333635663639366636323735363634333331343535323462353335663362333234313265336235663566363236313733363535663633373436663732336122
> Win.Adware.Linkury-16152
>
> 00720063006800550072006c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00460046002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00460046002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c00460046002c0020003a00500072006f0074006500630074006f007200730053006500610072006300680044006f006d00610069006e002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00490045002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00490045002c0020003a0048006f00730074007300460069006c0065004d006f006e00690074006f0072004c0069006e006b0075007200790044006f006d00610069006e0073002c0020003a00420061007300690063004c0069006e006b0054006f004f00660066006500720073004d0061006e00610067006500720043006c006f007500640053006500720076006900630065002c0020003a00470065007400420075006e0064006c0069006e0067004100700070006c00690063006100740069006f006e00730054006f0049006e007300740061006c006c00460075006e006300740069006f006e002c0020003a0047006500740041007000700072006f0076006500640049006e00730074006c006c006100740069006f006e00460075006e006300740069006f006e002c0020003a005400610073006b006200610072004e006f0074006900660069006500720045007800650050006100740068002c0020003a00440065006600610075006c0074004d00610078004f00720064006500720073002c0020003a00440065006600610075006c00740049006e00740065007200760061006c002c0020003a0043006800650063006b0069006e0067004f006600660065007200730049006e00740065007200760061006c0049006e004d0069006e0075007400650073002c0020003a00500072006900760061007400650049006e007600650073007400690067006100740069006f006e0045006e00640070006f0069006e0074002c0020003a00530068006f007200740049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a004c006f006e00670049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a0052004f00540058006d006c004f007000650072006100740069006f006e007300550072006c002c0020003a0044006c006c0049006e006a0065006300740069006f006e00550072006c002c0020003a005400720061007900570069006e0064006f0077004800650061006400650072004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f0032004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004e0054004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f00440053004c006100620065006c002c0020003a00540061006b006500440065006600610075006c0074005300650061007200630068002c0020003a00540061006b0065004e00650077005400610062002c0020003a00540061006b00650048006f006d0065005000610067006500
> Win.Adware.Linkury-16148
>
> 00072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00460046002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00460046002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c00460046002c0020003a00500072006f0074006500630074006f007200730053006500610072006300680044006f006d00610069006e002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00490045002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00490045002c0020003a0048006f00730074007300460069006c0065004d006f006e00690074006f0072004c0069006e006b0075007200790044006f006d00610069006e0073002c0020003a00420061007300690063004c0069006e006b0054006f004f00660066006500720073004d0061006e00610067006500720043006c006f007500640053006500720076006900630065002c0020003a00470065007400420075006e0064006c0069006e0067004100700070006c00690063006100740069006f006e00730054006f0049006e007300740061006c006c00460075006e006300740069006f006e002c0020003a0047006500740041007000700072006f0076006500640049006e00730074006c006c006100740069006f006e00460075006e006300740069006f006e002c0020003a005400610073006b006200610072004e006f0074006900660069006500720045007800650050006100740068002c0020003a00440065006600610075006c0074004d00610078004f00720064006500720073002c0020003a00440065006600610075006c00740049006e00740065007200760061006c002c0020003a0043006800650063006b0069006e0067004f006600660065007200730049006e00740065007200760061006c0049006e004d0069006e0075007400650073002c0020003a00500072006900760061007400650049006e007600650073007400690067006100740069006f006e0045006e00640070006f0069006e0074002c0020003a00530068006f007200740049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a004c006f006e00670049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a0052004f00540058006d006c004f007000650072006100740069006f006e007300550072006c002c0020003a0044006c006c0049006e006a0065006300740069006f006e00550072006c002c0020003a005400720061007900570069006e0064006f0077004800650061006400650072004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f0032004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004e0054004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f00440053004c006100620065006c002c0020003a00540061006b006500440065006600610075006c0074005300650061007200630068002c0020003a00540061006b0065004e00650077005400610062002c0020003a00540061006b00650048006f006d0065005000610067006500
> Xls.Downloader.Powload-6923120-0
> ERROR: listdb: Malformed pattern line 8 (file ./test.ldb)
>
> This seems to indicate that:
>
> - sigtool isn't reading the entire line from the database file, rather
> it's only reading 8k.
> - The error is *NOT* triggering on those other long signatures because
> there *is* a semi-colon further in the signature file which allows
> sigtool to "think" those long strings of numbers are actually the virus
> names.
> - The error IS triggering on the powload signature because the very
> next read (line 1615: 'while (fgets(buffer, CLI_DEFAULT_LSIG_BUFSIZE, fh))
> {' ) is hitting a newline.
>
>
> --Maarten
>
>
>> Ralf Hildebrandt
>>> Charité - Universitätsmedizin Berlin
>>> Geschäftsbereich IT | Abteilung Netzwerk
>>>
>>> Campus Benjamin Franklin (CBF)
>>> Haus I | 1. OG | Raum 105
>>> Hindenburgdamm 30 | D-12203 Berlin
>>>
>>> Tel. +49 30 450 570 155
>>> ralf.hildebrandt@charite.de
>>> https://www.charite.de
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>

This issue was fixed 0.104.0 with this commit: https://github.com/Cisco-Talos/clamav/commit/13af789f4ed
[https://opengraph.githubassets.com/832a364ece5b84d063f57a0a4f1aec496fb43823732d1d7dfc4c77a76c91ddd2/Cisco-Talos/clamav/commit/13af789f4eda8b7b65d4ddacc2c0b3cd91e4e152]<https://github.com/Cisco-Talos/clamav/commit/13af789f4ed>
SigTool: fix insufficient buffer size for --list-sigs · Cisco-Talos/clamav@13af789<https://github.com/Cisco-Talos/clamav/commit/13af789f4ed>
SigTool's --list-sigs feature can't handle long LDB signatures because the buffer size was wrong.
github.com

Ex:

? ./0.103.3/bin/sigtool -l|tail
Doc.Malware.Valyria-6923115-0
Xls.Malware.Generic-6923116-0
Doc.Malware.00536d-6923117-0
Doc.Malware.Valyria-6923118-0
Xls.Malware.Sload-6923119-0
Xls.Downloader.Powload-6923120-0
ERROR: listdb: Malformed pattern line 32300 (file /tmp/clamav-eb5a59fe3b37724270fffea9a6c9e791.tmp/main.ldb)
ERROR: listdb: Error listing database /tmp/clamav-eb5a59fe3b37724270fffea9a6c9e791.tmp/main.ldb
ERROR: listdb: Can't list directory /home/micasnyd/clams/0.103.3/share/clamav/main.cld
ERROR: listdb: Error listing database /home/micasnyd/clams/0.103.3/share/clamav/main.cld

? ./0.104.1/bin/sigtool -l|tail
PUA.Win.Adware.Opencandy-6872345-0
PUA.Win.Adware.Gamevance-6872347-0
PUA.Win.Adware.Opencandy-6872348-0
PUA.Win.Adware.Opencandy-6872350-0
PUA.Win.Adware.Cerbu-6872355-0
PUA.Win.Adware.Ursu-6873464-0
PUA.Win.Trojan.Scriptkd-6876283-0
PUA.Win.Downloader.Firseria-6877068-0
PUA.Win.Adware.Softpulse-6877069-0
PUA.Win.Packed.0040eff-6877419-0

Arnaud, if you have a strong need for this fix in 0.103, we can easily backport it in the next patch version. Else you can use 0.104+'s sigtool.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Maarten Broekman via clamav-users <clamav-users@lists.clamav.net>
Sent: Wednesday, November 24, 2021 8:33 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Maarten Broekman <maarten.broekman@gmail.com>
Subject: Re: [clamav-users] [ext] ERROR: listdb: Error listing database /var/lib/clamav/daily.cvd

I've opened https://github.com/Cisco-Talos/clamav/issues/389 for this issue. The issue shouldn't be causing problems with scanning (it wasn't causing a problem for me), but if it is please add a comment to the issue to that effect.

--Maarten

On Wed, Nov 24, 2021 at 11:19 AM Maarten Broekman <maarten.broekman@gmail.com<mailto:maarten.broekman@gmail.com>> wrote:


On Wed, Nov 24, 2021 at 10:42 AM Maarten Broekman <maarten.broekman@gmail.com<mailto:maarten.broekman@gmail.com>> wrote:


On Wed, Nov 24, 2021 at 10:14 AM Ralf Hildebrandt via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
* Arnaud Jacques via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>:
> Is it just me, or?

Same here:

# clamdscan -V
ClamAV 0.103.4/26363/Wed Nov 24 10:19:30 2021

# sigtool -l|tail
Doc.Malware.Valyria-6923115-0
Xls.Malware.Generic-6923116-0
Doc.Malware.00536d-6923117-0
Doc.Malware.Valyria-6923118-0
Xls.Malware.Sload-6923119-0
Xls.Downloader.Powload-6923120-0
ERROR: listdb: Malformed pattern line 32300 (file /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb)
ERROR: listdb: Error listing database /tmp/clamav-2aa50bd01844b36b876433804b298d0b.tmp/main.ldb
ERROR: listdb: Can't list directory /var/lib/clamav/main.cld
ERROR: listdb: Error listing database /var/lib/clamav/main.cld

I get the same errors, yet clamscan loads things just fine and sigtool is able to decode the signature on line 32300 (Doc.Trojan.Agent-6923124-0) without a problem.

It definitely seems like an issue with the list-sigs functionality though, given the disparity in counts between a count of the lines output by sigtool -l and the number of known viruses reported by clamscan (version 0.103.3).

$ sigtool -l | wc -l
6640592

$ clamscan test.txt
/Users/mbroekman/Security/test/test.txt: OK

----------- SCAN SUMMARY -----------
Known viruses: 8579605

One curious thing is that the Powload signature is exactly 8192 characters in length. From past experience with older versions of ClamAV, I thought 8k was the size limit for signatures, including the EOL for the database line. I wonder if there's still an issue in the list-sigs functionality around that, since clamscan doesn't report database errors.


A little more information:
There are only 4 signatures in the main.ldb that are over 8k in size. That powload one is the only one that causes problems. I separated them out into a new file:

$ wc -l ./test.ldb
4 ./test.ldb

$ cat test.ldb | awk -F\; '{ print $1 }'
Doc.Dropper.Generic-6922945-0
Win.Adware.Linkury-16152
Win.Adware.Linkury-16148
Xls.Downloader.Powload-6923120-0

When I run "sigtool -l./test.ldb", however, sigtool does something ... odd:
Doc.Dropper.Generic-6922945-0
6c652e577269746520223466343735323431376533323266343332643436353234353435376533313266366436393665363737373266366336393632326636373633363332663664363936653637373733333332326633333334333834323339333237653331326533353266363936653633366337353634363532663733373436343631373236373265363830303566356636373665373536333566373636313566366336393733373433613734323833353263333132393364323833303263333233303239303035663639366636323735363633613534373432383331326333313239336437333333333235663730373437323361323833313263333232393364326132383330326333313339323932633330326333333332336235663633366537343361323833303263333332393263333333323263333333323362356636323631373336353361323833313263333232393263333633343263333333323362356636363663363136373361323833303263333332393263333933363263333333323362356636363639366336353361323833303263333332393263333133323338326333333332336235663633363836313732363237353636336132383330326333333239326333313336333032633333333233623566363237353636373336393761336132383330326333333239326333313339333232633333333233623566373436643730363636653631366436353361323833313263333232393263333233323334326333333332336236663730363537323631373436663732336433613361323833313263333332393364323332383331326333313239326332383331326333343239336432363238333132633331323932633238333132633335323933643261323833313263333132393263323833313263333632393364323632383331326333373239336436623238333132633331323932633238333032633336323933623361356635613465333635663639366636323735363636313533343535323462353335663362333234313265336235663566363236313733363535663633373436663732336133613238333132633338323933643233323833313263333132393263323833303263333632393263323833313263333532393263323833313263333632393263323833303263333632393362336135663561346533363566363936663632373536363433333234353532346235333566336233323431326533623566356636333666366437303566363337343666373233613361323833313263333832393361356635613465333635663639366636323735363634333331343535323462353335663362333234313265336235663566363236313733363535663633373436663732336122
Win.Adware.Linkury-16152
00720063006800550072006c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00460046002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00460046002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c00460046002c0020003a00500072006f0074006500630074006f007200730053006500610072006300680044006f006d00610069006e002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00490045002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00490045002c0020003a0048006f00730074007300460069006c0065004d006f006e00690074006f0072004c0069006e006b0075007200790044006f006d00610069006e0073002c0020003a00420061007300690063004c0069006e006b0054006f004f00660066006500720073004d0061006e00610067006500720043006c006f007500640053006500720076006900630065002c0020003a00470065007400420075006e0064006c0069006e0067004100700070006c00690063006100740069006f006e00730054006f0049006e007300740061006c006c00460075006e006300740069006f006e002c0020003a0047006500740041007000700072006f0076006500640049006e00730074006c006c006100740069006f006e00460075006e006300740069006f006e002c0020003a005400610073006b006200610072004e006f0074006900660069006500720045007800650050006100740068002c0020003a00440065006600610075006c0074004d00610078004f00720064006500720073002c0020003a00440065006600610075006c00740049006e00740065007200760061006c002c0020003a0043006800650063006b0069006e0067004f006600660065007200730049006e00740065007200760061006c0049006e004d0069006e0075007400650073002c0020003a00500072006900760061007400650049006e007600650073007400690067006100740069006f006e0045006e00640070006f0069006e0074002c0020003a00530068006f007200740049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a004c006f006e00670049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a0052004f00540058006d006c004f007000650072006100740069006f006e007300550072006c002c0020003a0044006c006c0049006e006a0065006300740069006f006e00550072006c002c0020003a005400720061007900570069006e0064006f0077004800650061006400650072004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f0032004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004e0054004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f00440053004c006100620065006c002c0020003a00540061006b006500440065006600610075006c0074005300650061007200630068002c0020003a00540061006b0065004e00650077005400610062002c0020003a00540061006b00650048006f006d0065005000610067006500
Win.Adware.Linkury-16148
00072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c004300680072006f006d0065002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00460046002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00460046002c0020003a00500072006f0074006500630074006f00720073004e0065007700540061006200550052004c00460046002c0020003a00500072006f0074006500630074006f007200730053006500610072006300680044006f006d00610069006e002c0020003a00500072006f0074006500630074006f007200730048006f006d0065005000610067006500550052004c00490045002c0020003a00500072006f0074006500630074006f0072007300530065006100720063006800550072006c00490045002c0020003a0048006f00730074007300460069006c0065004d006f006e00690074006f0072004c0069006e006b0075007200790044006f006d00610069006e0073002c0020003a00420061007300690063004c0069006e006b0054006f004f00660066006500720073004d0061006e00610067006500720043006c006f007500640053006500720076006900630065002c0020003a00470065007400420075006e0064006c0069006e0067004100700070006c00690063006100740069006f006e00730054006f0049006e007300740061006c006c00460075006e006300740069006f006e002c0020003a0047006500740041007000700072006f0076006500640049006e00730074006c006c006100740069006f006e00460075006e006300740069006f006e002c0020003a005400610073006b006200610072004e006f0074006900660069006500720045007800650050006100740068002c0020003a00440065006600610075006c0074004d00610078004f00720064006500720073002c0020003a00440065006600610075006c00740049006e00740065007200760061006c002c0020003a0043006800650063006b0069006e0067004f006600660065007200730049006e00740065007200760061006c0049006e004d0069006e0075007400650073002c0020003a00500072006900760061007400650049006e007600650073007400690067006100740069006f006e0045006e00640070006f0069006e0074002c0020003a00530068006f007200740049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a004c006f006e00670049006e00740065007200760061006c0054006f0055007000640061007400650046006c0061006700730049006e004d0069006e0075007400650073002c0020003a0052004f00540058006d006c004f007000650072006100740069006f006e007300550072006c002c0020003a0044006c006c0049006e006a0065006300740069006f006e00550072006c002c0020003a005400720061007900570069006e0064006f0077004800650061006400650072004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f0032004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f004e0054004c006100620065006c002c0020003a005400720061007900570069006e0064006f00770049006e0066006f00440053004c006100620065006c002c0020003a00540061006b006500440065006600610075006c0074005300650061007200630068002c0020003a00540061006b0065004e00650077005400610062002c0020003a00540061006b00650048006f006d0065005000610067006500
Xls.Downloader.Powload-6923120-0
ERROR: listdb: Malformed pattern line 8 (file ./test.ldb)

This seems to indicate that:

* sigtool isn't reading the entire line from the database file, rather it's only reading 8k.
* The error is NOT triggering on those other long signatures because there is a semi-colon further in the signature file which allows sigtool to "think" those long strings of numbers are actually the virus names.
* The error IS triggering on the powload signature because the very next read (line 1615: 'while (fgets(buffer, CLI_DEFAULT_LSIG_BUFSIZE, fh)) {' ) is hitting a newline.

--Maarten


Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
ralf.hildebrandt@charite.de<mailto:ralf.hildebrandt@charite.de>
https://www.charite.de

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Wed, 24 Nov 2021, Micah Snyder (micasnyd) via clamav-users wrote:

> Date: Wed, 24 Nov 2021 19:42:29 +0000
> From: "Micah Snyder (micasnyd) via clamav-users"
> <clamav-users@lists.clamav.net>
> To: ClamAV users ML <clamav-users@lists.clamav.net>
> Cc: "Micah Snyder (micasnyd)" <micasnyd@cisco.com>
> Subject: Re: [clamav-users] [ext] ERROR: listdb: Error listing database
> /var/lib/clamav/daily.cvd
>
> This issue was fixed 0.104.0 with this commit: https://github.com/Cisco-Talos/clamav/commit/13af789f4ed
> [https://opengraph.githubassets.com/832a364ece5b84d063f57a0a4f1aec496fb43823732d1d7dfc4c77a76c91ddd2/Cisco-Talos/clamav/commit/13af789f4eda8b7b65d4ddacc2c0b3cd91e4e152]<https://github.com/Cisco-Talos/clamav/commit/13af789f4ed>
> SigTool: fix insufficient buffer size for --list-sigs · Cisco-Talos/clamav@13af789<https://github.com/Cisco-Talos/clamav/commit/13af789f4ed>
> SigTool's --list-sigs feature can't handle long LDB signatures because the buffer size was wrong.
> github.com
>
> Ex:
>
> ? ./0.103.3/bin/sigtool -l|tail
> Doc.Malware.Valyria-6923115-0
> Xls.Malware.Generic-6923116-0
> Doc.Malware.00536d-6923117-0
> Doc.Malware.Valyria-6923118-0
> Xls.Malware.Sload-6923119-0
> Xls.Downloader.Powload-6923120-0
> ERROR: listdb: Malformed pattern line 32300 (file /tmp/clamav-eb5a59fe3b37724270fffea9a6c9e791.tmp/main.ldb)
> ERROR: listdb: Error listing database /tmp/clamav-eb5a59fe3b37724270fffea9a6c9e791.tmp/main.ldb
> ERROR: listdb: Can't list directory /home/micasnyd/clams/0.103.3/share/clamav/main.cld
> ERROR: listdb: Error listing database /home/micasnyd/clams/0.103.3/share/clamav/main.cld
>
> ? ./0.104.1/bin/sigtool -l|tail
> PUA.Win.Adware.Opencandy-6872345-0
> PUA.Win.Adware.Gamevance-6872347-0
> PUA.Win.Adware.Opencandy-6872348-0
> PUA.Win.Adware.Opencandy-6872350-0
> PUA.Win.Adware.Cerbu-6872355-0
> PUA.Win.Adware.Ursu-6873464-0
> PUA.Win.Trojan.Scriptkd-6876283-0
> PUA.Win.Downloader.Firseria-6877068-0
> PUA.Win.Adware.Softpulse-6877069-0
> PUA.Win.Packed.0040eff-6877419-0
>
> Arnaud, if you have a strong need for this fix in 0.103, we can easily backport it in the next patch version. Else you can use 0.104+'s sigtool.
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> ________________________________

I applied the following patch to ClamAV 0.103.4 :

https://crashrecovery.org/amavis/clamav/RPMS/mdk101/clamav-0.103.4-sigtool.patch

wich seems to fix the sigtool problem :

[hubble:root]:(~)# sigtool -l | tail
Win.Malware.Generic-9911955-0
Win.Trojan.Kasidet-9911956-0
Win.Dropper.Behav-9911957-0
Win.Tool.Proxycrack-9911958-0
Win.Trojan.Generic-9911959-0
Win.Tool.Proxycrack-9911960-0
Win.Trojan.Pwcrack-9911961-0
Win.Malware.Shellini-9911962-0
Eicar-Test-Signature
Win.Packer.Agent-6412293-0
[hubble:root]:(~)# sigtool -l | wc -l
8593628
[hubble:root]:(~)# clamdscan -V
ClamAV 0.103.4/26363/Wed Nov 24 10:19:30 2021
[hubble:root]:(~)#
[hubble:root]:(~)# cd /var/lib/clamav/
[hubble:root]:(/var/lib/clamav)# ll
total 222144
-rw-r--r-- 1 clamav clamav 293670 Nov 25 04:58 bytecode.cvd
-rw-r--r-- 1 clamav clamav 56687807 Nov 25 04:58 daily.cvd
-rw-r--r-- 1 clamav clamav 69 Nov 25 04:58 freshclam.dat
-rw-r--r-- 1 clamav clamav 170479789 Nov 25 04:58 main.cvd
[hubble:root]:(/var/lib/clamav)#

--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml