Hello Ged,
thank you for your reply!
And for your tip - I will try doing verbose logging and will see if it provides me with any new information!
As to the PDF file, ClamAV crushes in the attempt to scan any, unfortunately... For example, I've been using the file in the attachment ("Test.pdf") for testing purposes - and the scan failed.
As a matter of fact, I am using ClamAV as a tool in a C# project (.NET Framework 4.6.2) - in the following context:
try
{
ProcessStartInfo startInfo = new ProcessStartInfo
{
FileName = @"""" + virusScanCommand + @"""",
Arguments = @"""" + fullFilename + @"""",
UseShellExecute = false,
RedirectStandardOutput = true,
CreateNoWindow = true,
WorkingDirectory = Path.GetDirectoryName(virusScanCommand)
};
Process scan = Process.Start(startInfo);
string output = scan.StandardOutput.ReadToEnd();
...
}
catch (Exception exp) {...}
where virusScanCommand is @"C:\Program Files\ClamAV\clamscan.exe" and fullFilename is a PDF file in Windows Temp folder, which is different every time. For example: @"C:\Users\anastasiia\AppData\Local\Temp\tmp4F0A.tmp".
The program doesn't catch any errors and runs normally after starting the process, it's the variable output that is for some reason empty. That's why I've only found out about the exit code when started logging.
As to the other information you requested, I am using:
- Windows 10 Enterprise, version 21H1, build 19043.1766, 64-bit OS, x64-based processor,
- clamscan (version 0.105.0.0), which I downloaded from https://www.clamav.net/downloads and activated by strictly following these instructions: https://blog.didierstevens.com/2017/08/24/quickpost-using-clamav-on-windows/.
And the output of "clamconf -n" is the following:
"
Config file: clamd.conf
-----------------------
TCPSocket = "3310"
TCPAddr = "localhost"
Config file: freshclam.conf
---------------------------
DatabaseMirror = "database.clamav.net"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.105.0
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 JSON RAR
Database information
--------------------
Database directory: C:\Program Files\ClamAV\database
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 16:21:51 2021
daily.cvd: version 26566, sigs: 1985565, built on Wed Jun 8 10:05:45 2022
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021 Total number of signatures: 8633084
Platform information
--------------------
uname: Microsoft Windows 6.2 SP0.0 Build 9200
OS: Windows, ARCH: AMD64, CPU: AMD64
zlib version: 1.2.12 (1.2.12), compile flags: 65 platform id: 0x10259696080000000000077c
Build information
-----------------
Microsoft Visual C++: (0.7.124)
sizeof(void*) = 8
Engine flevel: 150, dconf: 150
".
It might seem at the first sight that the problem lies somewhere in the C# code, but it doesn't. I have used a .cmd file (a primitive scan simulation) to test Process.Start() and it worked perfectly. Moreover, ClamAV does return an output, when I run the program in debug mode, but it doesn't when the software is run in release, which makes the problem even more obscure.
I hope you can help me with it! I will be happy to provide you with any further information, if needed.
Kind regards,
Anastasiia
-----Urspr?ngliche Nachricht-----
Von: clamav-users <clamav-users-bounces@lists.clamav.net> Im Auftrag von G.W. Haywood via clamav-users
Gesendet: Dienstag, 9. August 2022 12:12
An: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>; Ingo Rieping <rieping@r-sc.de>
Betreff: Re: [clamav-users] Meaning of the exit code -1073740791
Hi there,
On Tue, 9 Aug 2022, Anastasiia Korzhylova wrote:
> I am using ClamAV for work in my company and am contacting you to inquire about an exit code, which the software returns at my attempt to scan an ordinary, virus-free PDF file:
>
> -1073740791.
>
> Could you, please, tell me, what the exit code stands for, as I have not found any information on it in the documentation on your website.
It's possible that something in ClamAV is having difficulty with some part of the PDF file, but you have not given enough information for us to know what you have done so that we could reproduce it if necessary.
If you can repeat the command using verbose logging or verbose output (see the documentation for how to do that) ClamAV might might provide more information to you which might help you.
If you can put a copy of the PDF file somewhere on the Web for us so that we can scan it in the same way that you do that might help too.
But we really need you to tell us exactly what you did. When you do that, please include information about your operating system(s), the version of ClamAV which you are using, how you obtained and installed it, which parts of it you are using (for example clamd and clamdscan, or clamscan), the command(s) which you gave when ClamAV gave the exit code, and the *entire* output of the command.
The output of
clamconf -n
will include much of the information we need and would help us.
Incidentally
1073740791 - 2^30 + 2^10 + 2^3 + 2^0 = 0
Which tells me that a number of flags is set in the return code, but at the moment I do not know what they are nor why they are being set because I have no idea what is producing the return code. :/
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
thank you for your reply!
And for your tip - I will try doing verbose logging and will see if it provides me with any new information!
As to the PDF file, ClamAV crushes in the attempt to scan any, unfortunately... For example, I've been using the file in the attachment ("Test.pdf") for testing purposes - and the scan failed.
As a matter of fact, I am using ClamAV as a tool in a C# project (.NET Framework 4.6.2) - in the following context:
try
{
ProcessStartInfo startInfo = new ProcessStartInfo
{
FileName = @"""" + virusScanCommand + @"""",
Arguments = @"""" + fullFilename + @"""",
UseShellExecute = false,
RedirectStandardOutput = true,
CreateNoWindow = true,
WorkingDirectory = Path.GetDirectoryName(virusScanCommand)
};
Process scan = Process.Start(startInfo);
string output = scan.StandardOutput.ReadToEnd();
...
}
catch (Exception exp) {...}
where virusScanCommand is @"C:\Program Files\ClamAV\clamscan.exe" and fullFilename is a PDF file in Windows Temp folder, which is different every time. For example: @"C:\Users\anastasiia\AppData\Local\Temp\tmp4F0A.tmp".
The program doesn't catch any errors and runs normally after starting the process, it's the variable output that is for some reason empty. That's why I've only found out about the exit code when started logging.
As to the other information you requested, I am using:
- Windows 10 Enterprise, version 21H1, build 19043.1766, 64-bit OS, x64-based processor,
- clamscan (version 0.105.0.0), which I downloaded from https://www.clamav.net/downloads and activated by strictly following these instructions: https://blog.didierstevens.com/2017/08/24/quickpost-using-clamav-on-windows/.
And the output of "clamconf -n" is the following:
"
Config file: clamd.conf
-----------------------
TCPSocket = "3310"
TCPAddr = "localhost"
Config file: freshclam.conf
---------------------------
DatabaseMirror = "database.clamav.net"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.105.0
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 JSON RAR
Database information
--------------------
Database directory: C:\Program Files\ClamAV\database
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 16:21:51 2021
daily.cvd: version 26566, sigs: 1985565, built on Wed Jun 8 10:05:45 2022
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021 Total number of signatures: 8633084
Platform information
--------------------
uname: Microsoft Windows 6.2 SP0.0 Build 9200
OS: Windows, ARCH: AMD64, CPU: AMD64
zlib version: 1.2.12 (1.2.12), compile flags: 65 platform id: 0x10259696080000000000077c
Build information
-----------------
Microsoft Visual C++: (0.7.124)
sizeof(void*) = 8
Engine flevel: 150, dconf: 150
".
It might seem at the first sight that the problem lies somewhere in the C# code, but it doesn't. I have used a .cmd file (a primitive scan simulation) to test Process.Start() and it worked perfectly. Moreover, ClamAV does return an output, when I run the program in debug mode, but it doesn't when the software is run in release, which makes the problem even more obscure.
I hope you can help me with it! I will be happy to provide you with any further information, if needed.
Kind regards,
Anastasiia
-----Urspr?ngliche Nachricht-----
Von: clamav-users <clamav-users-bounces@lists.clamav.net> Im Auftrag von G.W. Haywood via clamav-users
Gesendet: Dienstag, 9. August 2022 12:12
An: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>; Ingo Rieping <rieping@r-sc.de>
Betreff: Re: [clamav-users] Meaning of the exit code -1073740791
Hi there,
On Tue, 9 Aug 2022, Anastasiia Korzhylova wrote:
> I am using ClamAV for work in my company and am contacting you to inquire about an exit code, which the software returns at my attempt to scan an ordinary, virus-free PDF file:
>
> -1073740791.
>
> Could you, please, tell me, what the exit code stands for, as I have not found any information on it in the documentation on your website.
It's possible that something in ClamAV is having difficulty with some part of the PDF file, but you have not given enough information for us to know what you have done so that we could reproduce it if necessary.
If you can repeat the command using verbose logging or verbose output (see the documentation for how to do that) ClamAV might might provide more information to you which might help you.
If you can put a copy of the PDF file somewhere on the Web for us so that we can scan it in the same way that you do that might help too.
But we really need you to tell us exactly what you did. When you do that, please include information about your operating system(s), the version of ClamAV which you are using, how you obtained and installed it, which parts of it you are using (for example clamd and clamdscan, or clamscan), the command(s) which you gave when ClamAV gave the exit code, and the *entire* output of the command.
The output of
clamconf -n
will include much of the information we need and would help us.
Incidentally
1073740791 - 2^30 + 2^10 + 2^3 + 2^0 = 0
Which tells me that a number of flags is set in the return code, but at the moment I do not know what they are nor why they are being set because I have no idea what is producing the return code. :/
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Attached Files:
-
Test.pdf (25.1 KB)