Hi Dorian, all:
The error you found is this issue:
https://github.com/Cisco-Talos/clamav/issues/604 The certificate verification feature is essentially broken because of this bug. It isn't letting malware slip by, but it is preventing us from trusting software signed by trusted signing certificates.
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of G.W. Haywood via clamav-users <clamav-users@lists.clamav.net>
Sent: Tuesday, October 18, 2022 4:05 AM
To: Dorian ROSSE via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] i have often an error in the scan
Hi there,
On Tue, 18 Oct 2022, Dorian ROSSE via clamav-users wrote:
> I have often an error in the scan below on my windows system :
> LibClamAV Warning: crtmgr_rsa_verify: verification failed: fp_exptmod failed with 1
> I don't understand why I am got this error often,
> If this is a bad error thanks you in advance to repair it,
The message would not normally mean that ClamAV is broken, but it's
possible; at present there are ongoing changes in this part of ClamAV.
The developers read this list and I would expect that they would tell
us if they knew that something was broken. When ClamAV gives you that
message, it is telling you something about "signed" code.
Signed code was introduced by Microsoft many years ago:
https://blog.clamav.net/2013/02/authenticode-certificate-chain.html Unfortunately I think it's fair to say that the signed code feature
has not been a great success:
https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/ I personally would ignore the ClamAV message, but you do need to know
that I use no Windows machines, and only very rarely scan filesystems;
I only scan mail. If someone sent me some code in a mail message, it
would automatically, without the involvement of a human, be reported
to several anti-virus organizations and then be sent to the trash can.
> Does this is dangerous to use this option for pass the errors:
>
> '--nocerts'
You need to make that judgement for yourself. ClamAV can alert you to
something which it thinks isn't right. Whether or not you then choose
to do anything about it is up to you. Be aware that a *lot* of things
are "not right" in most computer systems, but that doesn't necessarily
mean that they are dangerous problems. Forged signatures in drivers
and other code is a very well-known problem, but as you can see from
the article above, checks which use the proper methods of verification
do not necessarily protect you. I'm afraid it's a minefield.
> Thanks you in advance for your answer smart,
May I suggest that you try to use a translation Website? I have had
good results from this one, at least for a few languages:
https://www.deepl.com/en/translator --
73,
Ged.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat