[Pkg-clamav-devel] Bug#704656: clamav: Non-actionable cron spam
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Tue Apr 8 09:57:42 UTC 2014
Control: reassign -1 clamav-unofficial-sigs 3.7.1-3
Control: tag -1 moreinfo
Hi Tollef,
On 07.04.2014 15:48, Tollef Fog Heen wrote:
>> You reported this bug (quite exactly) one year ago. Sorry that you
>> didn't get a reply sooner.
>> I hope it was just a temporary issue and this bug can be closed.
>
> It comes and goes, we still see it now and then, not as often as we saw
> them for a while, though.
Then this needs more investigation.
>> If this is not the case, do you know of a way to reproduce this?
>
> Run many hosts, wait for a bit? :-)
:-)
> The real problem is what should I do about this? It says some list of
> signatures is bad, but it doesn't point me at anywhere I can read more
> about this, nor does it explain what this means: Are all signatures
> disabled? Is it just using the old ones? Something else?
>
> As it is, it says «something is broken» without much more information.
I looked into this and found that this error message comes from
clamav-unofficial-sigs.sh [1].
It runs clamscan in order to determine whether the new database is good.
But unfortunately it sends the error messages from this to /dev/null and
instead gives the warning you see, although this command could fail for
a number of reasons.
After that, it doesn't update this database, so the old one will be used.
If you see this again, please report the output of:
clamscan -d /usr/unofficial-dbs/ss-dbs/honeynet.hdb
/var/lib/clamav-unofficial-sigs/configs/scan-test.txt
This should reveal what is really failing.
Best regards,
Andreas
1:
https://sources.debian.net/src/clamav-unofficial-sigs/3.7.2-2/clamav-unofficial-sigs.sh#L1053
More information about the Pkg-clamav-devel
mailing list