Mailing List Archive

Fwd: Clamav problems
---------- Forwarded message ---------
From: Furkan Yüceba? <frknycbs@gmail.com>
Date: Mon, Jun 10, 2019 at 5:55 PM
Subject: Re: Clamav problems
To: <clamav-devel@lists.clamav.net>, <micasnyd@cisco.com>


Anyone have a solution or thought on this ??

On Thu, May 30, 2019 at 10:04 PM Furkan Yüceba? <frknycbs@gmail.com> wrote:

>
>
> ---------- Forwarded message ---------
> From: Furkan Yüceba? <frknycbs@gmail.com>
> Date: Thu, May 30, 2019 at 1:46 PM
> Subject: Clamav problems
> To: <clamav-devel@lists.clamav.net>
>
>
> Hi there,
> About a month ago, I installed clamav on my debian-based(jessie)linux
> machine from jessie repository.
>
> *You can find first installed version (slow running one)
>
> root@ruhi:~# apt-cache policy clamav
> clamav:
> Kurulu: 0.101.2+dfsg-1
> Aday: 0.101.2+dfsg-1
> Sürüm çizelgesi:
> *** 0.101.2+dfsg-1 500
> 500 http://http.kali.org/kali kali-rolling/main amd64 Packages
> 500 http://ftp.de.debian.org/debian testing/main amd64 Packages
> 100 /var/lib/dpkg/status
> 0.100.0+dfsg-0+deb8u1 500
> 500 http://ftp.tr.debian.org/debian jessie/main amd64 Packages
> root@ruhi:~# apt-cache policy clamdscan
> clamdscan:
> Kurulu: 0.101.2+dfsg-1
> Aday: 0.101.2+dfsg-1
> Sürüm çizelgesi:
> *** 0.101.2+dfsg-1 500
> 500 http://http.kali.org/kali kali-rolling/main amd64 Packages
> 500 http://ftp.de.debian.org/debian testing/main amd64 Packages
> 100 /var/lib/dpkg/status
> 0.100.0+dfsg-0+deb8u1 500
> 500 http://ftp.tr.debian.org/debian jessie/main amd64 Packages
>
> In this try, I had a very serious scanning time problem.
> For 110 mb file (this is not encrypted file - normal exe), scanning time
> is : 1 m 33s (below screenshot)
>
> [image: image.png]
>
> After that, I installed clamav from the source code that you share on your
> web page (same version 0.101.2)
> The problem of slowing has been solved, but now it seems that not running
> stable and it is getting very fast results. I want to make sure the results
> are correct or not. Also you can see that "clamdscan" couldn't find
> infected files in my zip while "clamscan" could. Compressed files is
> enabled in my conf file.
>
> To see scanning time :
>
> root@furkan:~/Downloads# du -sh clamtest2.zip
> 8,7G clamtest2.zip
>
> root@furkan:~/Downloads/clamtest2# ls -la
> toplam 9174376
> drwxr-xr-x 2 root root 4096 May 27 19:26 .
> drwxr-xr-x 29 root root 20480 May 27 19:49 ..
> -rw-r--r-- 1 root root 1951432704 ?ub 20 08:55
> debian-live-9.8.0-amd64-xfce.iso
> -rw-r--r-- 1 root root 68 Nis 29 01:53 eicar.com
> -rw-r--r-- 1 root root 308 Nis 29 01:53 eicarcom2.zip
> -rw-r--r-- 1 root root 184 May 27 18:55 eicar_com.zip
> -rw-r--r-- 1 root root 873116238 Ara 23 18:29
> metasploitable-linux-2.0.0.zip
> -rwxr-xr-x 1 root root 166729977 Ara 27 01:54
> metasploit-latest-linux-x64-installer.run
> -rw-r--r-- 1 root root 317542415 Mar 4 01:08 OMNET_OS3_UAVSim-master.zip
> -rw-r--r-- 1 root root 816301191 Ara 27 02:33 Rapid7Setup-Linux64.bin
> -rw-r--r-- 1 root root 952795136 May 1 16:59 ssi-9.601-5.1.iso
> -rw-r--r-- 1 root root 4168089600 Mar 18 02:41 tsurugi_lab_2018.1.iso
> -rwxr-xr-x 1 root root 148464193 Ara 23 18:24
> VMware-Player-15.0.2-10952284.x86_64.bundle
>
> test :
>
> root@furkan:~/Downloads# clamdscan clamtest2/
> /root/Downloads/clamtest2/eicar_com.zip: Eicar-Test-Signature FOUND
> /root/Downloads/clamtest2/eicar.com: Eicar-Test-Signature FOUND
> /root/Downloads/clamtest2/eicarcom2.zip: Eicar-Test-Signature FOUND
>
> ----------- SCAN SUMMARY -----------
> Infected files: 3
> Time: 0.153 sec (0 m 0 s)
>
> root@furkan:~/Downloads# clamdscan clamtest2.zip
> /root/Downloads/clamtest2.zip: OK
>
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 0.000 sec (0 m 0 s)
>
> root@furkan:~/Downloads# clamdscan clamtest2/
> /root/Downloads/clamtest2/eicar_com.zip: Eicar-Test-Signature FOUND
> /root/Downloads/clamtest2/eicar.com: Eicar-Test-Signature FOUND
> /root/Downloads/clamtest2/eicarcom2.zip: Eicar-Test-Signature FOUND
>
> ----------- SCAN SUMMARY -----------
> Infected files: 3
> Time: 0.005 sec (0 m 0 s)
>
> root@furkan:~/Downloads# clamscan clamtest2/
> clamtest2/ssi-9.601-5.1.iso: OK
> clamtest2/metasploitable-linux-2.0.0.zip: OK
> clamtest2/tsurugi_lab_2018.1.iso: OK
> clamtest2/eicarcom2.zip: Eicar-Test-Signature FOUND
> clamtest2/metasploit-latest-linux-x64-installer.run: OK
> clamtest2/debian-live-9.8.0-amd64-xfce.iso: OK
> clamtest2/eicar_com.zip: Eicar-Test-Signature FOUND
> clamtest2/OMNET_OS3_UAVSim-master.zip: OK
> clamtest2/VMware-Player-15.0.2-10952284.x86_64.bundle: OK
> clamtest2/Rapid7Setup-Linux64.bin: OK
> clamtest2/eicar.com: Eicar-Test-Signature FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 6139363
> Engine version: 0.101.2
> Scanned directories: 1
> Scanned files: 11
> Infected files: 3
> Data scanned: 0.00 MB
> Data read: 8959.26 MB (ratio 0.00:1)
> Time: 49.356 sec (0 m 49 s)
>
> root@furkan:~/Downloads# clamscan clamtest2.zip
> clamtest2.zip: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 6139363
> Engine version: 0.101.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.00 MB
> Data read: 8908.36 MB (ratio 0.00:1)
> Time: 27.641 sec (0 m 27 s)
>
> Problems :
>
> 1) Clamav-daemon couldn't start properly. It starts working on my first
> attempt and then seems to be disabled and I couldn't make service up.
> 2) When I want to use "clamdscan" instead of "clamscan" always getting
> "ERROR: Could not connect to clamd on LocalSocket
> /var/run/clamav/clamd.ctl: No such file or directory" I can fix this to
> restart service and make "freshclam" but when I couldn't service up
> (issue1) I couldn't use clamdscan.
> * All problems and conf files are attached
>
> I hope you can help to fix the issues. Thank you
> Furkan
>
>
>
>