search

r3dlight / keysas

USB virus cleaning station
https://keysas.fr
GNU General Public License v3.0
45 stars 2 forks source link

Problème : EICAR TEST VIRUS #59

Closed ghost closed 6 months ago

ghost commented 6 months ago

Bonjour,

Voici mon problème est-il normal que lorsque je mets un un fichier test virus de eicar.org keysas ne le détecte pas ?

r3dlight commented 6 months ago

Bonjour,

Non, bien évidemment. Cela dit sans plus de précisions (Type d'installation, logs, rapport généré), c'est difficile de vous aiguiller.

Pourriez-vous me fournir le résultat des commandes suivantes : systemctl status clamav-daemon.service systemctl status keysas-in.service systemctl status keysas-transit.service

Merci de me préciser également la manière dont vous avez effectuer votre installation (téléchargement des binaires, compilation de sources, img sd).

Cdlt

ghost commented 6 months ago

● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (running) since Tue 2024-04-23 14:04:26 CEST; 4min 11s ago TriggeredBy: ● clamav-daemon.socket Docs: man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/ Process: 485 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS) Process: 495 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Main PID: 498 (clamd) Tasks: 2 (limit: 9314) Memory: 1.5G CPU: 20.344s CGroup: /system.slice/clamav-daemon.service └─498 /usr/sbin/clamd --foreground=true

avril 23 14:07:54 NCPA-KEYSAS-01 clamd[498]: LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 avril 23 14:07:54 NCPA-KEYSAS-01 clamd[498]: LibClamAV debug: Descriptor[10]: halting after file scan because: Virus(es) detected avril 23 14:07:54 NCPA-KEYSAS-01 clamd[498]: LibClamAV debug: Descriptor[10]: halting after file scan because: Virus(es) detected avril 23 14:07:54 NCPA-KEYSAS-01 clamd[498]: LibClamAV debug: cli_magic_scan: returning 1 at line 5014 avril 23 14:07:54 NCPA-KEYSAS-01 clamd[498]: LibClamAV debug: Descriptor[10]: halting after file scan because: Virus(es) detected avril 23 14:07:54 NCPA-KEYSAS-01 clamd[498]: Tue Apr 23 14:07:54 2024 -> instream(127.0.0.1@57126): Eicar-Signature(69630e4574ec6798239b091cda43dca0:69) FOUND avril 23 14:07:54 NCPA-KEYSAS-01 clamd[498]: Tue Apr 23 14:07:54 2024 -> Finished scanthread avril 23 14:07:54 NCPA-KEYSAS-01 clamd[498]: Tue Apr 23 14:07:54 2024 -> Scanthread: connection shut down (FD 9) avril 23 14:07:54 NCPA-KEYSAS-01 clamd[498]: Tue Apr 23 14:07:54 2024 -> THRMGR: queue (single) crossed low threshold -> signaling avril 23 14:07:54 NCPA-KEYSAS-01 clamd[498]: Tue Apr 23 14:07:54 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling

● keysas-in.service - keysas-in daemon Loaded: loaded (/etc/systemd/system/keysas-in.service; enabled; preset: enabled) Drop-In: /etc/systemd/system/keysas-in.service.d └─security.conf Active: active (running) since Tue 2024-04-23 14:04:34 CEST; 5min ago Main PID: 574 (keysas-in) Tasks: 1 (limit: 9314) Memory: 4.3M CPU: 190ms CGroup: /system.slice/keysas-in.service └─574 /usr/bin/keysas-in -i /var/local/in/ -s socket_in

avril 23 14:07:41 NCPA-KEYSAS-01 keysas-in[574]: 2024-04-23T12:07:41.340Z INFO [keysas_in] Chunk of file descriptors has been sent avril 23 14:07:41 NCPA-KEYSAS-01 keysas-in[574]: 2024-04-23T12:07:41.340Z INFO [keysas_in] File "/var/local/in/virus.txt" has been removed. avril 23 14:07:54 NCPA-KEYSAS-01 keysas-in[574]: 2024-04-23T12:07:54.350Z INFO [keysas_in] Chunk of file descriptors has been sent avril 23 14:07:54 NCPA-KEYSAS-01 keysas-in[574]: 2024-04-23T12:07:54.350Z INFO [keysas_in] File "/var/local/in/IndexerVolumeGuid" has been removed. avril 23 14:07:54 NCPA-KEYSAS-01 keysas-in[574]: 2024-04-23T12:07:54.350Z INFO [keysas_in] Chunk of file descriptors has been sent avril 23 14:07:54 NCPA-KEYSAS-01 keysas-in[574]: 2024-04-23T12:07:54.350Z INFO [keysas_in] File "/var/local/in/WPSettings.dat" has been removed. avril 23 14:07:54 NCPA-KEYSAS-01 keysas-in[574]: 2024-04-23T12:07:54.350Z INFO [keysas_in] Chunk of file descriptors has been sent avril 23 14:07:54 NCPA-KEYSAS-01 keysas-in[574]: 2024-04-23T12:07:54.350Z INFO [keysas_in] File "/var/local/in/eicar.com" has been removed. avril 23 14:07:54 NCPA-KEYSAS-01 keysas-in[574]: 2024-04-23T12:07:54.350Z INFO [keysas_in] Chunk of file descriptors has been sent avril 23 14:07:54 NCPA-KEYSAS-01 keysas-in[574]: 2024-04-23T12:07:54.350Z INFO [keysas_in] File "/var/local/in/virus.txt" has been removed.

● keysas-transit.service - keysas-transit daemon Loaded: loaded (/etc/systemd/system/keysas-transit.service; enabled; preset: enabled) Drop-In: /etc/systemd/system/keysas-transit.service.d └─security.conf Active: active (running) since Tue 2024-04-23 14:04:34 CEST; 5min ago Main PID: 578 (keysas-transit) Tasks: 1 (limit: 9314) Memory: 73.8M CPU: 1.417s CGroup: /system.slice/keysas-transit.service └─578 /usr/bin/keysas-transit -i socket_in -o socket_out -s 500000000 -c 127.0.0.1 -p 3310 -r /usr/share/keysas/rules/index.yar -t 1000 -a jpg,png,bmp,mp4,m4v,avi,wmv,mpg,flv,mp3,wav,ogg,epub,mobi,doc,docx,xls,xlsx,ppt,pptx

avril 23 14:07:54 NCPA-KEYSAS-01 keysas-transit[578]: 2024-04-23T12:07:54.656Z INFO [keysas_transit] Receiving data from keysas-in, message size: 129 avril 23 14:07:54 NCPA-KEYSAS-01 keysas-transit[578]: 2024-04-23T12:07:54.656Z INFO [keysas_transit] Receiving fd of file: eicar.com avril 23 14:07:54 NCPA-KEYSAS-01 keysas-transit[578]: 2024-04-23T12:07:54.716Z WARN [keysas_transit] Yara rules matched avril 23 14:07:54 NCPA-KEYSAS-01 keysas-transit[578]: 2024-04-23T12:07:54.716Z INFO [keysas_transit] Report for eicar.com: digest_ok: true, type_allowed: false, yara_pass: false, av_pass: false, too_big: false avril 23 14:07:54 NCPA-KEYSAS-01 keysas-transit[578]: 2024-04-23T12:07:54.716Z INFO [keysas_transit] File eicar.com sent to Keysas-out. avril 23 14:07:54 NCPA-KEYSAS-01 keysas-transit[578]: 2024-04-23T12:07:54.816Z INFO [keysas_transit] Receiving data from keysas-in, message size: 129 avril 23 14:07:54 NCPA-KEYSAS-01 keysas-transit[578]: 2024-04-23T12:07:54.816Z INFO [keysas_transit] Receiving fd of file: virus.txt avril 23 14:07:54 NCPA-KEYSAS-01 keysas-transit[578]: 2024-04-23T12:07:54.870Z WARN [keysas_transit] Yara rules matched avril 23 14:07:54 NCPA-KEYSAS-01 keysas-transit[578]: 2024-04-23T12:07:54.870Z INFO [keysas_transit] Report for virus.txt: digest_ok: true, type_allowed: false, yara_pass: false, av_pass: false, too_big: false avril 23 14:07:54 NCPA-KEYSAS-01 keysas-transit[578]: 2024-04-23T12:07:54.870Z INFO [keysas_transit] File virus.txt sent to Keysas-out.

Pour l'installation, je les fais avec la compilation de sources et je suis sur debian 12 J'ai l'impression que clamav le détecte, mais sur la page web il le met quand même dans les fichiers prêts à être transférés Capture d’écran du 2024-04-23 14-25-29

ghost commented 6 months ago

Voici mes logs pour clamav

/var/log/clamav/ clamav.log freshclam.log root@NCPA-KEYSAS-01:~# cat /var/log/clamav/clamav.log Tue Apr 23 11:21:06 2024 -> +++ Started at Tue Apr 23 11:21:06 2024 Tue Apr 23 11:21:06 2024 -> Received 1 file descriptor(s) from systemd. Tue Apr 23 11:21:06 2024 -> clamd daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 11:21:06 2024 -> Log file size limited to 4294967295 bytes. Tue Apr 23 11:21:06 2024 -> Reading databases from /var/lib/clamav Tue Apr 23 11:21:06 2024 -> Not loading PUA signatures. Tue Apr 23 11:21:06 2024 -> Bytecode: Security mode set to "TrustSigned". Tue Apr 23 11:21:27 2024 -> +++ Started at Tue Apr 23 11:21:27 2024 Tue Apr 23 11:21:27 2024 -> Received 0 file descriptor(s) from systemd. Tue Apr 23 11:21:27 2024 -> clamd daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 11:21:27 2024 -> Log file size limited to 4294967295 bytes. Tue Apr 23 11:21:27 2024 -> Reading databases from /var/lib/clamav Tue Apr 23 11:21:27 2024 -> Not loading PUA signatures. Tue Apr 23 11:21:27 2024 -> Bytecode: Security mode set to "TrustSigned". Tue Apr 23 11:21:55 2024 -> Loaded 8691764 signatures. Tue Apr 23 11:22:00 2024 -> TCP: Bound to [127.0.0.1]:3310 Tue Apr 23 11:22:00 2024 -> TCP: Setting connection queue length to 15 Tue Apr 23 11:22:00 2024 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl Tue Apr 23 11:22:00 2024 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl Tue Apr 23 11:22:00 2024 -> LOCAL: Setting connection queue length to 15 Tue Apr 23 11:22:00 2024 -> Limits: Global time limit set to 120000 milliseconds. Tue Apr 23 11:22:00 2024 -> Limits: Global size limit set to 104857600 bytes. Tue Apr 23 11:22:00 2024 -> Limits: File size limit set to 26214400 bytes. Tue Apr 23 11:22:00 2024 -> Limits: Recursion level limit set to 16. Tue Apr 23 11:22:00 2024 -> Limits: Files limit set to 10000. Tue Apr 23 11:22:00 2024 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Tue Apr 23 11:22:00 2024 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Tue Apr 23 11:22:00 2024 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Tue Apr 23 11:22:00 2024 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Tue Apr 23 11:22:00 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Tue Apr 23 11:22:00 2024 -> Limits: MaxPartitions limit set to 50. Tue Apr 23 11:22:00 2024 -> Limits: MaxIconsPE limit set to 100. Tue Apr 23 11:22:00 2024 -> Limits: MaxRecHWP3 limit set to 16. Tue Apr 23 11:22:00 2024 -> Limits: PCREMatchLimit limit set to 10000. Tue Apr 23 11:22:00 2024 -> Limits: PCRERecMatchLimit limit set to 5000. Tue Apr 23 11:22:00 2024 -> Limits: PCREMaxFileSize limit set to 26214400. Tue Apr 23 11:22:00 2024 -> Archive support enabled. Tue Apr 23 11:22:00 2024 -> AlertExceedsMax heuristic detection disabled. Tue Apr 23 11:22:00 2024 -> Heuristic alerts enabled. Tue Apr 23 11:22:00 2024 -> Portable Executable support enabled. Tue Apr 23 11:22:00 2024 -> ELF support enabled. Tue Apr 23 11:22:00 2024 -> Mail files support enabled. Tue Apr 23 11:22:00 2024 -> OLE2 support enabled. Tue Apr 23 11:22:00 2024 -> PDF support enabled. Tue Apr 23 11:22:00 2024 -> SWF support enabled. Tue Apr 23 11:22:00 2024 -> HTML support enabled. Tue Apr 23 11:22:00 2024 -> XMLDOCS support enabled. Tue Apr 23 11:22:00 2024 -> HWP3 support enabled. Tue Apr 23 11:22:00 2024 -> Self checking every 3600 seconds. Tue Apr 23 11:24:11 2024 -> --- Stopped at Tue Apr 23 11:24:11 2024 Tue Apr 23 11:24:11 2024 -> Socket file removed. Tue Apr 23 11:24:14 2024 -> +++ Started at Tue Apr 23 11:24:14 2024 Tue Apr 23 11:24:15 2024 -> Received 0 file descriptor(s) from systemd. Tue Apr 23 11:24:15 2024 -> clamd daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 11:24:15 2024 -> Log file size limited to 4294967295 bytes. Tue Apr 23 11:24:15 2024 -> Reading databases from /var/lib/clamav Tue Apr 23 11:24:15 2024 -> Not loading PUA signatures. Tue Apr 23 11:24:15 2024 -> Bytecode: Security mode set to "TrustSigned". Tue Apr 23 11:24:30 2024 -> Loaded 8691764 signatures. Tue Apr 23 11:24:33 2024 -> TCP: Bound to [127.0.0.1]:3310 Tue Apr 23 11:24:33 2024 -> TCP: Setting connection queue length to 15 Tue Apr 23 11:24:33 2024 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl Tue Apr 23 11:24:33 2024 -> LOCAL: Setting connection queue length to 15 Tue Apr 23 11:24:33 2024 -> Limits: Global time limit set to 120000 milliseconds. Tue Apr 23 11:24:33 2024 -> Limits: Global size limit set to 104857600 bytes. Tue Apr 23 11:24:33 2024 -> Limits: File size limit set to 26214400 bytes. Tue Apr 23 11:24:33 2024 -> Limits: Recursion level limit set to 16. Tue Apr 23 11:24:33 2024 -> Limits: Files limit set to 10000. Tue Apr 23 11:24:33 2024 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Tue Apr 23 11:24:33 2024 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Tue Apr 23 11:24:33 2024 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Tue Apr 23 11:24:33 2024 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Tue Apr 23 11:24:33 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Tue Apr 23 11:24:33 2024 -> Limits: MaxPartitions limit set to 50. Tue Apr 23 11:24:33 2024 -> Limits: MaxIconsPE limit set to 100. Tue Apr 23 11:24:33 2024 -> Limits: MaxRecHWP3 limit set to 16. Tue Apr 23 11:24:33 2024 -> Limits: PCREMatchLimit limit set to 10000. Tue Apr 23 11:24:33 2024 -> Limits: PCRERecMatchLimit limit set to 5000. Tue Apr 23 11:24:33 2024 -> Limits: PCREMaxFileSize limit set to 26214400. Tue Apr 23 11:24:33 2024 -> Archive support enabled. Tue Apr 23 11:24:33 2024 -> AlertExceedsMax heuristic detection disabled. Tue Apr 23 11:24:33 2024 -> Heuristic alerts enabled. Tue Apr 23 11:24:33 2024 -> Portable Executable support enabled. Tue Apr 23 11:24:33 2024 -> ELF support enabled. Tue Apr 23 11:24:33 2024 -> Mail files support enabled. Tue Apr 23 11:24:33 2024 -> OLE2 support enabled. Tue Apr 23 11:24:33 2024 -> PDF support enabled. Tue Apr 23 11:24:33 2024 -> SWF support enabled. Tue Apr 23 11:24:33 2024 -> HTML support enabled. Tue Apr 23 11:24:33 2024 -> XMLDOCS support enabled. Tue Apr 23 11:24:33 2024 -> HWP3 support enabled. Tue Apr 23 11:24:33 2024 -> Self checking every 3600 seconds. Tue Apr 23 12:11:25 2024 -> instream(127.0.0.1@46232): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND Tue Apr 23 12:12:15 2024 -> instream(127.0.0.1@41722): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND Tue Apr 23 12:32:23 2024 -> --- Stopped at Tue Apr 23 12:32:23 2024 Tue Apr 23 12:32:23 2024 -> Socket file removed. Tue Apr 23 12:32:23 2024 -> +++ Started at Tue Apr 23 12:32:23 2024 Tue Apr 23 12:32:23 2024 -> Received 1 file descriptor(s) from systemd. Tue Apr 23 12:32:23 2024 -> clamd daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 12:32:23 2024 -> Log file size limited to 4294967295 bytes. Tue Apr 23 12:32:23 2024 -> Reading databases from /var/lib/clamav Tue Apr 23 12:32:23 2024 -> Not loading PUA signatures. Tue Apr 23 12:32:23 2024 -> Bytecode: Security mode set to "TrustSigned". Tue Apr 23 12:32:41 2024 -> Loaded 8691764 signatures. Tue Apr 23 12:32:44 2024 -> TCP: Received AF_INET SOCK_STREAM socket from systemd. Tue Apr 23 12:32:44 2024 -> LOCAL: No local AF_UNIX SOCK_STREAM socket received from systemd. Tue Apr 23 12:32:44 2024 -> Limits: Global time limit set to 120000 milliseconds. Tue Apr 23 12:32:44 2024 -> Limits: Global size limit set to 104857600 bytes. Tue Apr 23 12:32:44 2024 -> Limits: File size limit set to 26214400 bytes. Tue Apr 23 12:32:44 2024 -> Limits: Recursion level limit set to 16. Tue Apr 23 12:32:44 2024 -> Limits: Files limit set to 10000. Tue Apr 23 12:32:44 2024 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Tue Apr 23 12:32:44 2024 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Tue Apr 23 12:32:44 2024 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Tue Apr 23 12:32:44 2024 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Tue Apr 23 12:32:44 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Tue Apr 23 12:32:44 2024 -> Limits: MaxPartitions limit set to 50. Tue Apr 23 12:32:44 2024 -> Limits: MaxIconsPE limit set to 100. Tue Apr 23 12:32:44 2024 -> Limits: MaxRecHWP3 limit set to 16. Tue Apr 23 12:32:44 2024 -> Limits: PCREMatchLimit limit set to 10000. Tue Apr 23 12:32:44 2024 -> Limits: PCRERecMatchLimit limit set to 5000. Tue Apr 23 12:32:44 2024 -> Limits: PCREMaxFileSize limit set to 26214400. Tue Apr 23 12:32:44 2024 -> Archive support enabled. Tue Apr 23 12:32:44 2024 -> AlertExceedsMax heuristic detection disabled. Tue Apr 23 12:32:44 2024 -> Heuristic alerts enabled. Tue Apr 23 12:32:44 2024 -> Portable Executable support enabled. Tue Apr 23 12:32:44 2024 -> ELF support enabled. Tue Apr 23 12:32:44 2024 -> Mail files support enabled. Tue Apr 23 12:32:44 2024 -> OLE2 support enabled. Tue Apr 23 12:32:44 2024 -> PDF support enabled. Tue Apr 23 12:32:44 2024 -> SWF support enabled. Tue Apr 23 12:32:44 2024 -> HTML support enabled. Tue Apr 23 12:32:44 2024 -> XMLDOCS support enabled. Tue Apr 23 12:32:44 2024 -> HWP3 support enabled. Tue Apr 23 12:32:44 2024 -> Self checking every 3600 seconds. Tue Apr 23 12:33:03 2024 -> instream(127.0.0.1@57536): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND Tue Apr 23 12:33:20 2024 -> instream(127.0.0.1@38340): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND Tue Apr 23 12:35:05 2024 -> --- Stopped at Tue Apr 23 12:35:05 2024 Tue Apr 23 12:35:05 2024 -> +++ Started at Tue Apr 23 12:35:05 2024 Tue Apr 23 12:35:05 2024 -> Received 1 file descriptor(s) from systemd. Tue Apr 23 12:35:05 2024 -> clamd daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 12:35:05 2024 -> Log file size limited to 4294967295 bytes. Tue Apr 23 12:35:05 2024 -> Reading databases from /var/lib/clamav Tue Apr 23 12:35:05 2024 -> Not loading PUA signatures. Tue Apr 23 12:35:05 2024 -> Bytecode: Security mode set to "TrustSigned". Tue Apr 23 12:35:24 2024 -> Loaded 8691764 signatures. Tue Apr 23 12:35:28 2024 -> TCP: Received AF_INET SOCK_STREAM socket from systemd. Tue Apr 23 12:35:28 2024 -> LOCAL: No local AF_UNIX SOCK_STREAM socket received from systemd. Tue Apr 23 12:35:28 2024 -> Limits: Global time limit set to 120000 milliseconds. Tue Apr 23 12:35:28 2024 -> Limits: Global size limit set to 104857600 bytes. Tue Apr 23 12:35:28 2024 -> Limits: File size limit set to 26214400 bytes. Tue Apr 23 12:35:28 2024 -> Limits: Recursion level limit set to 16. Tue Apr 23 12:35:28 2024 -> Limits: Files limit set to 10000. Tue Apr 23 12:35:28 2024 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Tue Apr 23 12:35:28 2024 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Tue Apr 23 12:35:28 2024 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Tue Apr 23 12:35:28 2024 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Tue Apr 23 12:35:28 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Tue Apr 23 12:35:28 2024 -> Limits: MaxPartitions limit set to 50. Tue Apr 23 12:35:28 2024 -> Limits: MaxIconsPE limit set to 100. Tue Apr 23 12:35:28 2024 -> Limits: MaxRecHWP3 limit set to 16. Tue Apr 23 12:35:28 2024 -> Limits: PCREMatchLimit limit set to 10000. Tue Apr 23 12:35:28 2024 -> Limits: PCRERecMatchLimit limit set to 5000. Tue Apr 23 12:35:28 2024 -> Limits: PCREMaxFileSize limit set to 26214400. Tue Apr 23 12:35:28 2024 -> Archive support enabled. Tue Apr 23 12:35:28 2024 -> AlertExceedsMax heuristic detection disabled. Tue Apr 23 12:35:28 2024 -> Heuristic alerts enabled. Tue Apr 23 12:35:28 2024 -> Portable Executable support enabled. Tue Apr 23 12:35:28 2024 -> ELF support enabled. Tue Apr 23 12:35:28 2024 -> Mail files support enabled. Tue Apr 23 12:35:28 2024 -> OLE2 support enabled. Tue Apr 23 12:35:28 2024 -> PDF support enabled. Tue Apr 23 12:35:28 2024 -> SWF support enabled. Tue Apr 23 12:35:28 2024 -> HTML support enabled. Tue Apr 23 12:35:28 2024 -> XMLDOCS support enabled. Tue Apr 23 12:35:28 2024 -> HWP3 support enabled. Tue Apr 23 12:35:28 2024 -> Self checking every 3600 seconds. Tue Apr 23 12:35:37 2024 -> instream(127.0.0.1@41030): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND Tue Apr 23 12:40:24 2024 -> --- Stopped at Tue Apr 23 12:40:24 2024 Tue Apr 23 12:40:25 2024 -> +++ Started at Tue Apr 23 12:40:25 2024 Tue Apr 23 12:40:25 2024 -> Received 1 file descriptor(s) from systemd. Tue Apr 23 12:40:25 2024 -> clamd daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 12:40:25 2024 -> Log file size limited to 4294967295 bytes. Tue Apr 23 12:40:25 2024 -> Reading databases from /var/lib/clamav Tue Apr 23 12:40:25 2024 -> Not loading PUA signatures. Tue Apr 23 12:40:25 2024 -> Bytecode: Security mode set to "TrustSigned". Tue Apr 23 12:40:41 2024 -> Loaded 8691764 signatures. Tue Apr 23 12:40:44 2024 -> TCP: Received AF_INET SOCK_STREAM socket from systemd. Tue Apr 23 12:40:44 2024 -> LOCAL: No local AF_UNIX SOCK_STREAM socket received from systemd. Tue Apr 23 12:40:44 2024 -> Limits: Global time limit set to 120000 milliseconds. Tue Apr 23 12:40:44 2024 -> Limits: Global size limit set to 104857600 bytes. Tue Apr 23 12:40:44 2024 -> Limits: File size limit set to 26214400 bytes. Tue Apr 23 12:40:44 2024 -> Limits: Recursion level limit set to 16. Tue Apr 23 12:40:44 2024 -> Limits: Files limit set to 10000. Tue Apr 23 12:40:44 2024 -> Limits: Core-dump limit is 0. Tue Apr 23 12:40:44 2024 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Tue Apr 23 12:40:44 2024 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Tue Apr 23 12:40:44 2024 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Tue Apr 23 12:40:44 2024 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Tue Apr 23 12:40:44 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Tue Apr 23 12:40:44 2024 -> Limits: MaxPartitions limit set to 50. Tue Apr 23 12:40:44 2024 -> Limits: MaxIconsPE limit set to 100. Tue Apr 23 12:40:44 2024 -> Limits: MaxRecHWP3 limit set to 16. Tue Apr 23 12:40:44 2024 -> Limits: PCREMatchLimit limit set to 10000. Tue Apr 23 12:40:44 2024 -> Limits: PCRERecMatchLimit limit set to 5000. Tue Apr 23 12:40:44 2024 -> Limits: PCREMaxFileSize limit set to 26214400. Tue Apr 23 12:40:44 2024 -> Archive support enabled. Tue Apr 23 12:40:44 2024 -> AlertExceedsMax heuristic detection disabled. Tue Apr 23 12:40:44 2024 -> Heuristic alerts enabled. Tue Apr 23 12:40:44 2024 -> Portable Executable support enabled. Tue Apr 23 12:40:44 2024 -> ELF support enabled. Tue Apr 23 12:40:44 2024 -> Mail files support enabled. Tue Apr 23 12:40:44 2024 -> OLE2 support enabled. Tue Apr 23 12:40:44 2024 -> PDF support enabled. Tue Apr 23 12:40:44 2024 -> SWF support enabled. Tue Apr 23 12:40:44 2024 -> HTML support enabled. Tue Apr 23 12:40:44 2024 -> XMLDOCS support enabled. Tue Apr 23 12:40:44 2024 -> HWP3 support enabled. Tue Apr 23 12:40:44 2024 -> Self checking every 3600 seconds. Tue Apr 23 12:40:44 2024 -> Listening daemon: PID: 95631 Tue Apr 23 12:40:44 2024 -> MaxQueue set to: 100 Tue Apr 23 12:40:44 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 12:40:44 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 12:40:44 2024 -> Got new connection, FD 9 Tue Apr 23 12:40:44 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 12:40:44 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 12:40:44 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 12:40:44 2024 -> got command VERSION (8, 7), argument: Tue Apr 23 12:40:44 2024 -> Receive thread: closing conn (FD 9), group finished Tue Apr 23 12:40:44 2024 -> Consumed entire command Tue Apr 23 12:40:44 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 12:40:44 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 12:44:27 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 12:44:27 2024 -> Got new connection, FD 9 Tue Apr 23 12:44:27 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 12:44:27 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 12:44:27 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 12:44:27 2024 -> got command VERSION (8, 7), argument: Tue Apr 23 12:44:27 2024 -> Receive thread: closing conn (FD 9), group finished Tue Apr 23 12:44:27 2024 -> Consumed entire command Tue Apr 23 12:44:27 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 12:44:27 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 12:44:34 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 12:44:34 2024 -> Got new connection, FD 9 Tue Apr 23 12:44:34 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 12:44:34 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 12:44:34 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 12:44:34 2024 -> got command VERSION (8, 7), argument: Tue Apr 23 12:44:34 2024 -> Receive thread: closing conn (FD 9), group finished Tue Apr 23 12:44:34 2024 -> Consumed entire command Tue Apr 23 12:44:34 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 12:44:34 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 12:53:29 2024 -> Waiting for all threads to finish Tue Apr 23 12:53:29 2024 -> Received POLLIN|POLLHUP on fd 7 Tue Apr 23 12:53:30 2024 -> --- Stopped at Tue Apr 23 12:53:30 2024 Tue Apr 23 12:54:10 2024 -> +++ Started at Tue Apr 23 12:54:10 2024 Tue Apr 23 12:54:10 2024 -> Received 1 file descriptor(s) from systemd. Tue Apr 23 12:54:10 2024 -> clamd daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 12:54:10 2024 -> Log file size limited to 4294967295 bytes. Tue Apr 23 12:54:10 2024 -> Reading databases from /var/lib/clamav Tue Apr 23 12:54:10 2024 -> Not loading PUA signatures. Tue Apr 23 12:54:10 2024 -> Bytecode: Security mode set to "TrustSigned". Tue Apr 23 12:54:42 2024 -> Loaded 8691764 signatures. Tue Apr 23 12:54:45 2024 -> TCP: Received AF_INET SOCK_STREAM socket from systemd. Tue Apr 23 12:54:45 2024 -> LOCAL: No local AF_UNIX SOCK_STREAM socket received from systemd. Tue Apr 23 12:54:45 2024 -> Limits: Global time limit set to 120000 milliseconds. Tue Apr 23 12:54:45 2024 -> Limits: Global size limit set to 104857600 bytes. Tue Apr 23 12:54:45 2024 -> Limits: File size limit set to 26214400 bytes. Tue Apr 23 12:54:45 2024 -> Limits: Recursion level limit set to 16. Tue Apr 23 12:54:45 2024 -> Limits: Files limit set to 10000. Tue Apr 23 12:54:45 2024 -> Limits: Core-dump limit is 0. Tue Apr 23 12:54:45 2024 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Tue Apr 23 12:54:45 2024 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Tue Apr 23 12:54:45 2024 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Tue Apr 23 12:54:45 2024 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Tue Apr 23 12:54:45 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Tue Apr 23 12:54:45 2024 -> Limits: MaxPartitions limit set to 50. Tue Apr 23 12:54:45 2024 -> Limits: MaxIconsPE limit set to 100. Tue Apr 23 12:54:45 2024 -> Limits: MaxRecHWP3 limit set to 16. Tue Apr 23 12:54:45 2024 -> Limits: PCREMatchLimit limit set to 10000. Tue Apr 23 12:54:45 2024 -> Limits: PCRERecMatchLimit limit set to 5000. Tue Apr 23 12:54:45 2024 -> Limits: PCREMaxFileSize limit set to 26214400. Tue Apr 23 12:54:45 2024 -> Archive support enabled. Tue Apr 23 12:54:45 2024 -> AlertExceedsMax heuristic detection disabled. Tue Apr 23 12:54:45 2024 -> Heuristic alerts enabled. Tue Apr 23 12:54:45 2024 -> Portable Executable support enabled. Tue Apr 23 12:54:45 2024 -> ELF support enabled. Tue Apr 23 12:54:45 2024 -> Mail files support enabled. Tue Apr 23 12:54:45 2024 -> OLE2 support enabled. Tue Apr 23 12:54:45 2024 -> PDF support enabled. Tue Apr 23 12:54:45 2024 -> SWF support enabled. Tue Apr 23 12:54:45 2024 -> HTML support enabled. Tue Apr 23 12:54:45 2024 -> XMLDOCS support enabled. Tue Apr 23 12:54:45 2024 -> HWP3 support enabled. Tue Apr 23 12:54:45 2024 -> Self checking every 3600 seconds. Tue Apr 23 12:54:45 2024 -> Listening daemon: PID: 547 Tue Apr 23 12:54:45 2024 -> MaxQueue set to: 100 Tue Apr 23 12:54:45 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 12:54:45 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 12:54:45 2024 -> Got new connection, FD 9 Tue Apr 23 12:54:45 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 12:54:45 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 12:54:45 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 12:54:45 2024 -> got command VERSION (8, 7), argument: Tue Apr 23 12:54:45 2024 -> Receive thread: closing conn (FD 9), group finished Tue Apr 23 12:54:45 2024 -> Consumed entire command Tue Apr 23 12:54:45 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 12:54:45 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 12:55:33 2024 -> Got new connection, FD 9 Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 12:55:33 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 12:55:33 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 12:55:33 2024 -> Receive thread: INSTREAM: /tmp/clamav-8e5000d7b8eebdf72f4470f01a66f2c0.tmp fd 10 Tue Apr 23 12:55:33 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 12:55:33 2024 -> Moved partial command: 84 Tue Apr 23 12:55:33 2024 -> mode == MODE_STREAM Tue Apr 23 12:55:33 2024 -> Got chunksize: 76 Tue Apr 23 12:55:33 2024 -> Quota Remaining: 26214324 Tue Apr 23 12:55:33 2024 -> Processed 76 bytes of chunkdata, pos 4 Tue Apr 23 12:55:33 2024 -> Got chunksize: 0 Tue Apr 23 12:55:33 2024 -> Chunks complete Tue Apr 23 12:55:33 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 12:55:33 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 12:55:33 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> Finished scanthread Tue Apr 23 12:55:33 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 12:55:33 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 12:55:33 2024 -> Got new connection, FD 9 Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 12:55:33 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 12:55:33 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 12:55:33 2024 -> Receive thread: INSTREAM: /tmp/clamav-95dad67b7b0830d99eb5e1e33e5b3eaa.tmp fd 10 Tue Apr 23 12:55:33 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 12:55:33 2024 -> Moved partial command: 20 Tue Apr 23 12:55:33 2024 -> mode == MODE_STREAM Tue Apr 23 12:55:33 2024 -> Got chunksize: 12 Tue Apr 23 12:55:33 2024 -> Quota Remaining: 26214388 Tue Apr 23 12:55:33 2024 -> Processed 12 bytes of chunkdata, pos 4 Tue Apr 23 12:55:33 2024 -> Got chunksize: 0 Tue Apr 23 12:55:33 2024 -> Chunks complete Tue Apr 23 12:55:33 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 12:55:33 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 12:55:33 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> Finished scanthread Tue Apr 23 12:55:33 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 12:55:33 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 12:55:33 2024 -> Got new connection, FD 9 Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 12:55:33 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 12:55:33 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 12:55:33 2024 -> Receive thread: INSTREAM: /tmp/clamav-b017f47749ae96e949131b1649c1772a.tmp fd 10 Tue Apr 23 12:55:33 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 12:55:33 2024 -> Moved partial command: 76 Tue Apr 23 12:55:33 2024 -> mode == MODE_STREAM Tue Apr 23 12:55:33 2024 -> Got chunksize: 68 Tue Apr 23 12:55:33 2024 -> Quota Remaining: 26214332 Tue Apr 23 12:55:33 2024 -> Processed 68 bytes of chunkdata, pos 4 Tue Apr 23 12:55:33 2024 -> Got chunksize: 0 Tue Apr 23 12:55:33 2024 -> Chunks complete Tue Apr 23 12:55:33 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 12:55:33 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 12:55:33 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> instream(127.0.0.1@51824): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND Tue Apr 23 12:55:33 2024 -> Finished scanthread Tue Apr 23 12:55:33 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 12:55:33 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 12:55:33 2024 -> Got new connection, FD 9 Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 12:55:33 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 12:55:33 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 12:55:33 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 12:55:33 2024 -> Receive thread: INSTREAM: /tmp/clamav-49130d830a8b0a1d66c662a272a4953c.tmp fd 10 Tue Apr 23 12:55:33 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 12:55:33 2024 -> Moved partial command: 77 Tue Apr 23 12:55:33 2024 -> mode == MODE_STREAM Tue Apr 23 12:55:33 2024 -> Got chunksize: 69 Tue Apr 23 12:55:33 2024 -> Quota Remaining: 26214331 Tue Apr 23 12:55:33 2024 -> Processed 69 bytes of chunkdata, pos 4 Tue Apr 23 12:55:33 2024 -> Got chunksize: 0 Tue Apr 23 12:55:33 2024 -> Chunks complete Tue Apr 23 12:55:33 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 12:55:33 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 12:55:33 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> instream(127.0.0.1@51838): Eicar-Signature(69630e4574ec6798239b091cda43dca0:69) FOUND Tue Apr 23 12:55:33 2024 -> Finished scanthread Tue Apr 23 12:55:33 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 12:55:33 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 12:55:33 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 13:05:23 2024 -> Waiting for all threads to finish Tue Apr 23 13:05:23 2024 -> Received POLLIN|POLLHUP on fd 7 Tue Apr 23 13:05:24 2024 -> --- Stopped at Tue Apr 23 13:05:24 2024 Tue Apr 23 14:04:27 2024 -> +++ Started at Tue Apr 23 14:04:27 2024 Tue Apr 23 14:04:29 2024 -> Received 1 file descriptor(s) from systemd. Tue Apr 23 14:04:29 2024 -> clamd daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 14:04:29 2024 -> Log file size limited to 4294967295 bytes. Tue Apr 23 14:04:29 2024 -> Reading databases from /var/lib/clamav Tue Apr 23 14:04:29 2024 -> Not loading PUA signatures. Tue Apr 23 14:04:29 2024 -> Bytecode: Security mode set to "TrustSigned". Tue Apr 23 14:05:03 2024 -> Loaded 8691764 signatures. Tue Apr 23 14:05:06 2024 -> TCP: Received AF_INET SOCK_STREAM socket from systemd. Tue Apr 23 14:05:06 2024 -> LOCAL: No local AF_UNIX SOCK_STREAM socket received from systemd. Tue Apr 23 14:05:06 2024 -> Limits: Global time limit set to 120000 milliseconds. Tue Apr 23 14:05:06 2024 -> Limits: Global size limit set to 104857600 bytes. Tue Apr 23 14:05:06 2024 -> Limits: File size limit set to 26214400 bytes. Tue Apr 23 14:05:06 2024 -> Limits: Recursion level limit set to 16. Tue Apr 23 14:05:06 2024 -> Limits: Files limit set to 10000. Tue Apr 23 14:05:06 2024 -> Limits: Core-dump limit is 0. Tue Apr 23 14:05:06 2024 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Tue Apr 23 14:05:06 2024 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Tue Apr 23 14:05:06 2024 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Tue Apr 23 14:05:06 2024 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Tue Apr 23 14:05:06 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Tue Apr 23 14:05:06 2024 -> Limits: MaxPartitions limit set to 50. Tue Apr 23 14:05:06 2024 -> Limits: MaxIconsPE limit set to 100. Tue Apr 23 14:05:06 2024 -> Limits: MaxRecHWP3 limit set to 16. Tue Apr 23 14:05:06 2024 -> Limits: PCREMatchLimit limit set to 10000. Tue Apr 23 14:05:06 2024 -> Limits: PCRERecMatchLimit limit set to 5000. Tue Apr 23 14:05:06 2024 -> Limits: PCREMaxFileSize limit set to 26214400. Tue Apr 23 14:05:06 2024 -> Archive support enabled. Tue Apr 23 14:05:06 2024 -> AlertExceedsMax heuristic detection disabled. Tue Apr 23 14:05:06 2024 -> Heuristic alerts enabled. Tue Apr 23 14:05:06 2024 -> Portable Executable support enabled. Tue Apr 23 14:05:06 2024 -> ELF support enabled. Tue Apr 23 14:05:06 2024 -> Mail files support enabled. Tue Apr 23 14:05:06 2024 -> OLE2 support enabled. Tue Apr 23 14:05:06 2024 -> PDF support enabled. Tue Apr 23 14:05:06 2024 -> SWF support enabled. Tue Apr 23 14:05:06 2024 -> HTML support enabled. Tue Apr 23 14:05:06 2024 -> XMLDOCS support enabled. Tue Apr 23 14:05:06 2024 -> HWP3 support enabled. Tue Apr 23 14:05:06 2024 -> Self checking every 3600 seconds. Tue Apr 23 14:05:06 2024 -> Listening daemon: PID: 498 Tue Apr 23 14:05:06 2024 -> MaxQueue set to: 100 Tue Apr 23 14:05:06 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 14:05:06 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 14:05:06 2024 -> Got new connection, FD 9 Tue Apr 23 14:05:06 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 14:05:06 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 14:05:06 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 14:05:06 2024 -> got command VERSION (8, 7), argument: Tue Apr 23 14:05:06 2024 -> Receive thread: closing conn (FD 9), group finished Tue Apr 23 14:05:06 2024 -> Consumed entire command Tue Apr 23 14:05:06 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 14:05:06 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 14:07:41 2024 -> Got new connection, FD 9 Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 14:07:41 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 14:07:41 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 14:07:41 2024 -> Receive thread: INSTREAM: /tmp/clamav-28232221c2d50b3079990e27b2567a66.tmp fd 10 Tue Apr 23 14:07:41 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 14:07:41 2024 -> Consumed entire command Tue Apr 23 14:07:41 2024 -> mode == MODE_STREAM Tue Apr 23 14:07:41 2024 -> fds_poll_recv: timeout after 180 seconds Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 14:07:41 2024 -> Moved partial command: 84 Tue Apr 23 14:07:41 2024 -> mode == MODE_STREAM Tue Apr 23 14:07:41 2024 -> Got chunksize: 76 Tue Apr 23 14:07:41 2024 -> Quota Remaining: 26214324 Tue Apr 23 14:07:41 2024 -> Processed 76 bytes of chunkdata, pos 4 Tue Apr 23 14:07:41 2024 -> Got chunksize: 0 Tue Apr 23 14:07:41 2024 -> Chunks complete Tue Apr 23 14:07:41 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 14:07:41 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 14:07:41 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> Finished scanthread Tue Apr 23 14:07:41 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 14:07:41 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 14:07:41 2024 -> Got new connection, FD 9 Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 14:07:41 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 14:07:41 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 14:07:41 2024 -> Receive thread: INSTREAM: /tmp/clamav-ae593525be84f10477932a7a49d0fe39.tmp fd 10 Tue Apr 23 14:07:41 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 14:07:41 2024 -> Moved partial command: 20 Tue Apr 23 14:07:41 2024 -> mode == MODE_STREAM Tue Apr 23 14:07:41 2024 -> Got chunksize: 12 Tue Apr 23 14:07:41 2024 -> Quota Remaining: 26214388 Tue Apr 23 14:07:41 2024 -> Processed 12 bytes of chunkdata, pos 4 Tue Apr 23 14:07:41 2024 -> Got chunksize: 0 Tue Apr 23 14:07:41 2024 -> Chunks complete Tue Apr 23 14:07:41 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 14:07:41 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 14:07:41 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> Finished scanthread Tue Apr 23 14:07:41 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 14:07:41 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 14:07:41 2024 -> Got new connection, FD 9 Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 14:07:41 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 14:07:41 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 14:07:41 2024 -> Receive thread: INSTREAM: /tmp/clamav-2993b568182ef76757e37d24231374f9.tmp fd 10 Tue Apr 23 14:07:41 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 14:07:41 2024 -> Moved partial command: 76 Tue Apr 23 14:07:41 2024 -> mode == MODE_STREAM Tue Apr 23 14:07:41 2024 -> Got chunksize: 68 Tue Apr 23 14:07:41 2024 -> Quota Remaining: 26214332 Tue Apr 23 14:07:41 2024 -> Processed 68 bytes of chunkdata, pos 4 Tue Apr 23 14:07:41 2024 -> Got chunksize: 0 Tue Apr 23 14:07:41 2024 -> Chunks complete Tue Apr 23 14:07:41 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 14:07:41 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 14:07:41 2024 -> instream(127.0.0.1@58112): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND Tue Apr 23 14:07:41 2024 -> Finished scanthread Tue Apr 23 14:07:41 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 14:07:41 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 14:07:41 2024 -> Got new connection, FD 9 Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 14:07:41 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 14:07:41 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 14:07:41 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 14:07:41 2024 -> Receive thread: INSTREAM: /tmp/clamav-214ff5516d4e868765aee384b0606503.tmp fd 10 Tue Apr 23 14:07:41 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 14:07:41 2024 -> Moved partial command: 77 Tue Apr 23 14:07:41 2024 -> mode == MODE_STREAM Tue Apr 23 14:07:41 2024 -> Got chunksize: 69 Tue Apr 23 14:07:41 2024 -> Quota Remaining: 26214331 Tue Apr 23 14:07:41 2024 -> Processed 69 bytes of chunkdata, pos 4 Tue Apr 23 14:07:41 2024 -> Got chunksize: 0 Tue Apr 23 14:07:41 2024 -> Chunks complete Tue Apr 23 14:07:41 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 14:07:41 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 14:07:41 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> instream(127.0.0.1@58116): Eicar-Signature(69630e4574ec6798239b091cda43dca0:69) FOUND Tue Apr 23 14:07:41 2024 -> Finished scanthread Tue Apr 23 14:07:41 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 14:07:41 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:41 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 14:07:54 2024 -> Got new connection, FD 9 Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 14:07:54 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 14:07:54 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 14:07:54 2024 -> Receive thread: INSTREAM: /tmp/clamav-446edb6ffc4c226c451bbc3eeb06e247.tmp fd 10 Tue Apr 23 14:07:54 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 14:07:54 2024 -> Moved partial command: 84 Tue Apr 23 14:07:54 2024 -> mode == MODE_STREAM Tue Apr 23 14:07:54 2024 -> Got chunksize: 76 Tue Apr 23 14:07:54 2024 -> Quota Remaining: 26214324 Tue Apr 23 14:07:54 2024 -> Processed 76 bytes of chunkdata, pos 4 Tue Apr 23 14:07:54 2024 -> Got chunksize: 0 Tue Apr 23 14:07:54 2024 -> Chunks complete Tue Apr 23 14:07:54 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 14:07:54 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 14:07:54 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> Finished scanthread Tue Apr 23 14:07:54 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 14:07:54 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 14:07:54 2024 -> Got new connection, FD 9 Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 14:07:54 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 14:07:54 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 14:07:54 2024 -> Receive thread: INSTREAM: /tmp/clamav-67e96820f278689ac75e81c2f66e6e11.tmp fd 10 Tue Apr 23 14:07:54 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 14:07:54 2024 -> Moved partial command: 20 Tue Apr 23 14:07:54 2024 -> mode == MODE_STREAM Tue Apr 23 14:07:54 2024 -> Got chunksize: 12 Tue Apr 23 14:07:54 2024 -> Quota Remaining: 26214388 Tue Apr 23 14:07:54 2024 -> Processed 12 bytes of chunkdata, pos 4 Tue Apr 23 14:07:54 2024 -> Got chunksize: 0 Tue Apr 23 14:07:54 2024 -> Chunks complete Tue Apr 23 14:07:54 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 14:07:54 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 14:07:54 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> Finished scanthread Tue Apr 23 14:07:54 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 14:07:54 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 14:07:54 2024 -> Got new connection, FD 9 Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 14:07:54 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 14:07:54 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 14:07:54 2024 -> Receive thread: INSTREAM: /tmp/clamav-a5fc9e7c1e129959d8fa7a0b259bc52c.tmp fd 10 Tue Apr 23 14:07:54 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 14:07:54 2024 -> Moved partial command: 76 Tue Apr 23 14:07:54 2024 -> mode == MODE_STREAM Tue Apr 23 14:07:54 2024 -> Got chunksize: 68 Tue Apr 23 14:07:54 2024 -> Quota Remaining: 26214332 Tue Apr 23 14:07:54 2024 -> Processed 68 bytes of chunkdata, pos 4 Tue Apr 23 14:07:54 2024 -> Got chunksize: 0 Tue Apr 23 14:07:54 2024 -> Chunks complete Tue Apr 23 14:07:54 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 14:07:54 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 14:07:54 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> instream(127.0.0.1@57112): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND Tue Apr 23 14:07:54 2024 -> Finished scanthread Tue Apr 23 14:07:54 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 14:07:54 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 3 Tue Apr 23 14:07:54 2024 -> Got new connection, FD 9 Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 5 Tue Apr 23 14:07:54 2024 -> fds_poll_recv: timeout after 30 seconds Tue Apr 23 14:07:54 2024 -> Received POLLIN|POLLHUP on fd 9 Tue Apr 23 14:07:54 2024 -> got command INSTREAM (9, 12), argument: Tue Apr 23 14:07:54 2024 -> Receive thread: INSTREAM: /tmp/clamav-d6011efb93f3244d8a5a3e96d5c53358.tmp fd 10 Tue Apr 23 14:07:54 2024 -> Breaking command loop, mode is no longer MODE_COMMAND Tue Apr 23 14:07:54 2024 -> Moved partial command: 77 Tue Apr 23 14:07:54 2024 -> mode == MODE_STREAM Tue Apr 23 14:07:54 2024 -> Got chunksize: 69 Tue Apr 23 14:07:54 2024 -> Quota Remaining: 26214331 Tue Apr 23 14:07:54 2024 -> Processed 69 bytes of chunkdata, pos 4 Tue Apr 23 14:07:54 2024 -> Got chunksize: 0 Tue Apr 23 14:07:54 2024 -> Chunks complete Tue Apr 23 14:07:54 2024 -> Number of file descriptors polled: 1 fds Tue Apr 23 14:07:54 2024 -> fds_poll_recv: timeout after 3600 seconds Tue Apr 23 14:07:54 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> instream(127.0.0.1@57126): Eicar-Signature(69630e4574ec6798239b091cda43dca0:69) FOUND Tue Apr 23 14:07:54 2024 -> Finished scanthread Tue Apr 23 14:07:54 2024 -> Scanthread: connection shut down (FD 9) Tue Apr 23 14:07:54 2024 -> THRMGR: queue (single) crossed low threshold -> signaling Tue Apr 23 14:07:54 2024 -> THRMGR: queue (bulk) crossed low threshold -> signaling

/var/log/clamav/freshclam.log Tue Apr 23 10:57:24 2024 -> -------------------------------------- Tue Apr 23 10:57:24 2024 -> freshclam daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 10:57:24 2024 -> ClamAV update process started at Tue Apr 23 10:57:24 2024 Tue Apr 23 10:57:24 2024 -> daily database available for download (remote version: 27254) Tue Apr 23 10:57:31 2024 -> Testing database: '/var/lib/clamav/tmp.37acfe5ba1/clamav-a27e28a08450f74e606ef5f51848a432.tmp-daily.cvd' ... Tue Apr 23 10:57:38 2024 -> Database test passed. Tue Apr 23 10:57:38 2024 -> daily.cvd updated (version: 27254, sigs: 2059934, f-level: 90, builder: raynman) Tue Apr 23 10:57:38 2024 -> main database available for download (remote version: 62) Tue Apr 23 10:57:56 2024 -> Testing database: '/var/lib/clamav/tmp.37acfe5ba1/clamav-09183a6d1921c0f848ee8fd89d8d634c.tmp-main.cvd' ... Tue Apr 23 10:58:03 2024 -> Database test passed. Tue Apr 23 10:58:03 2024 -> main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Tue Apr 23 10:58:03 2024 -> bytecode database available for download (remote version: 335) Tue Apr 23 10:58:04 2024 -> Testing database: '/var/lib/clamav/tmp.37acfe5ba1/clamav-86246582a6632d749ea8e623d3f731a6.tmp-bytecode.cvd' ... Tue Apr 23 10:58:04 2024 -> Database test passed. Tue Apr 23 10:58:04 2024 -> bytecode.cvd updated (version: 335, sigs: 86, f-level: 90, builder: raynman) Tue Apr 23 10:58:04 2024 -> WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl: No such file or directory Tue Apr 23 10:58:04 2024 -> -------------------------------------- Tue Apr 23 12:07:38 2024 -> Received signal: wake up Tue Apr 23 12:07:38 2024 -> ClamAV update process started at Tue Apr 23 12:07:38 2024 Tue Apr 23 12:07:38 2024 -> daily.cvd database is up-to-date (version: 27254, sigs: 2059934, f-level: 90, builder: raynman) Tue Apr 23 12:07:38 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Tue Apr 23 12:07:38 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman) Tue Apr 23 12:07:38 2024 -> -------------------------------------- Tue Apr 23 12:32:22 2024 -> Update process terminated Tue Apr 23 12:32:22 2024 -> -------------------------------------- Tue Apr 23 12:32:22 2024 -> freshclam daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 12:32:22 2024 -> ClamAV update process started at Tue Apr 23 12:32:22 2024 Tue Apr 23 12:32:22 2024 -> daily.cvd database is up-to-date (version: 27254, sigs: 2059934, f-level: 90, builder: raynman) Tue Apr 23 12:32:22 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Tue Apr 23 12:32:22 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman) Tue Apr 23 12:32:22 2024 -> -------------------------------------- Tue Apr 23 12:35:04 2024 -> Update process terminated Tue Apr 23 12:35:04 2024 -> -------------------------------------- Tue Apr 23 12:35:04 2024 -> freshclam daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 12:35:04 2024 -> ClamAV update process started at Tue Apr 23 12:35:04 2024 Tue Apr 23 12:35:04 2024 -> daily.cvd database is up-to-date (version: 27254, sigs: 2059934, f-level: 90, builder: raynman) Tue Apr 23 12:35:04 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Tue Apr 23 12:35:04 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman) Tue Apr 23 12:35:04 2024 -> -------------------------------------- Tue Apr 23 12:40:23 2024 -> Update process terminated Tue Apr 23 12:40:23 2024 -> -------------------------------------- Tue Apr 23 12:40:23 2024 -> freshclam daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64) Tue Apr 23 12:40:23 2024 -> ClamAV update process started at Tue Apr 23 12:40:23 2024 Tue Apr 23 12:40:23 2024 -> daily.cvd database is up-to-date (version: 27254, sigs: 2059934, f-level: 90, builder: raynman) Tue Apr 23 12:40:23 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Tue Apr 23 12:40:23 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman) Tue Apr 23 12:40:23 2024 -> -------------------------------------- Tue Apr 23 12:53:29 2024 -> Update process terminated

j'avais aussi une erreur, mais je n'arrive plus à la voir sur le socket voici mon fichier de conf, je ne sais pas si c'est ici que je dois mettre le TCPSocket et le TCPAddr ?

/etc/clamav/clamd.conf

Automatically Generated by clamav-daemon postinst

To reconfigure clamd run #dpkg-reconfigure clamav-daemon

Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details

TCPSocket 3310 TCPAddr 127.0.0.1 LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true LocalSocketGroup clamav LocalSocketMode 666

TemporaryDirectory is not set to its default /tmp here to make overriding

the default with environment variables TMPDIR/TMP/TEMP possible

User clamav ScanMail true ScanArchive true ArchiveBlockEncrypted false MaxDirectoryRecursion 15 FollowDirectorySymlinks false FollowFileSymlinks false ReadTimeout 180 MaxThreads 12 MaxConnectionQueueLength 15 LogSyslog false LogRotate true LogFacility LOG_LOCAL6 LogClean false LogVerbose false PreludeEnable no PreludeAnalyzerName ClamAV DatabaseDirectory /var/lib/clamav OfficialDatabaseOnly false SelfCheck 3600 Foreground false Debug true ScanPE true MaxEmbeddedPE 10M ScanOLE2 true ScanPDF true ScanHTML true MaxHTMLNormalize 10M MaxHTMLNoTags 2M MaxScriptNormalize 5M MaxZipTypeRcg 1M ScanSWF true ExitOnOOM false LeaveTemporaryFiles false AlgorithmicDetection true ScanELF true IdleTimeout 30 CrossFilesystems true PhishingSignatures true PhishingScanURLs true PhishingAlwaysBlockSSLMismatch false PhishingAlwaysBlockCloak false PartitionIntersection false DetectPUA false ScanPartialMessages false HeuristicScanPrecedence false StructuredDataDetection false CommandReadTimeout 30 SendBufTimeout 200 MaxQueue 100 ExtendedDetectionInfo true OLE2BlockMacros false AllowAllMatchScan true ForceToDisk false DisableCertCheck false DisableCache false MaxScanTime 120000 MaxScanSize 100M MaxFileSize 25M MaxRecursion 16 MaxFiles 10000 MaxPartitions 50 MaxIconsPE 100 PCREMatchLimit 10000 PCRERecMatchLimit 5000 PCREMaxFileSize 25M ScanXMLDOCS true ScanHWP3 true MaxRecHWP3 16 StreamMaxLength 25M LogFile /var/log/clamav/clamav.log LogTime true LogFileUnlock false LogFileMaxSize 0 Bytecode true BytecodeSecurity TrustSigned BytecodeTimeout 60000 OnAccessMaxFileSize 5M

r3dlight commented 6 months ago

TCPSocket 3310 TCPAddr 127.0.0.1 La config clamav semble bonne (comme indiqué dans la doc). Cela semble fonctionner correctement : Les fichiers prêts à transférer sont simplement des rapports de scan (.krp), pas les fichiers eux même qui ont bien été supprimés.

ghost commented 6 months ago

Merci de votre éclaircissement, je n'avais pas compris comment fonctionner ce dernier, je pensais que le.krp était mon fichier