Citeren David Raynor <draynor@sourcefire.com>:
> Based on these reports we've started a take-back of the signature, so it
> will be dropped in the next daily CVD publish. We'll also analyze to see
> why this signature is triggering that behavior on some platforms.
Here freshclam (1.1.0) does complain about this signature, but so far
no crashes/segfaults.
May 16 09:35:35 mail systemd[1]: Starting Clam AntiVirus database updater...
May 16 09:35:35 mail freshclam[26095]: ClamAV update process started
at Tue May 16 09:35:35 2023
May 16 09:35:35 mail freshclam[26095]: daily database available for
update (local version: 26907, remote version: 26908)
May 16 09:35:37 mail freshclam[26095]: WARNING: ******* RESULT 200,
SIZE: 7213 *******
May 16 09:35:38 mail freshclam[26095]: Testing database:
'/var/lib/clamav/tmp.32a46b71ab/clamav-0ccde10ac58d6d6c5dd79c0318b41381.tmp-daily.cld'
...
May 16 09:35:43 mail freshclam[26097]: [LibClamAV] Don't know how to
create filter for: Win.Downloader.LNKAgent-10001628-0
May 16 09:35:43 mail freshclam[26097]: [LibClamAV] cli_ac_addsig:
cannot use filter for trie
May 16 09:35:47 mail freshclam[26095]: Database test passed.
May 16 09:35:49 mail freshclam[26095]: daily.cld updated (version:
26908, sigs: 2034816, f-level: 90, builder: raynman)
May 16 09:35:49 mail freshclam[26095]: main.cvd database is up-to-date
(version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
May 16 09:35:49 mail freshclam[26095]: bytecode.cvd database is
up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
May 16 09:35:49 mail clamd[934]: SelfCheck: Database modification
detected. Forcing reload.
May 16 09:35:49 mail clamd[934]: Reading databases from /var/lib/clamav
May 16 09:35:49 mail freshclam[26095]: Clamd successfully notified
about the update.
May 16 09:35:49 mail systemd[1]: freshclam.service: Deactivated successfully.
May 16 09:35:49 mail systemd[1]: Finished Clam AntiVirus database updater.
May 16 09:35:49 mail systemd[1]: freshclam.service: Consumed 10.503s CPU time.
May 16 09:36:17 mail clamd[934]: Database correctly reloaded (8666724
signatures)
May 16 09:36:17 mail clamd[934]: Activating the newly loaded database...
Maybe relevant, freshclam runs through a systemd.timer (so it is never
daemonized).
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat