BUG: ClamAV 0.104.0 does not work

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
ralfik
New user
New user
Posts: 10
Joined: 2007-12-16 02:41

BUG: ClamAV 0.104.0 does not work

Post by ralfik » 2021-09-19 12:46

After updating ClamAV to version 0.104.0, hMail stopped communicating with the antivirus program.

"ERROR" 9352 "2021-09-19 00: 09: 06.565" "Severity: 3 (Medium), Code: HM5406, Source: ClamAVVirusScanner :: Scan, Description: Protocol error. Unexpected response: UNKNOWN COMMAND

After returning to version 0.103.3, everything is OK. There is probably a change in the communication protocol in the new version of ClamAV (?)

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2021-09-19 13:19

ralfik wrote:
2021-09-19 12:46
There is probably a change in the communication protocol in the new version of ClamAV (?)
Geez, would you really think :?: :!:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: BUG: ClamAV 0.104.0 does not work

Post by jimimaseye » 2021-09-19 13:23

RvdH wrote:
2021-09-19 13:19
ralfik wrote:
2021-09-19 12:46
There is probably a change in the communication protocol in the new version of ClamAV (?)
Geez, would you really think :?: :!:
No, I wouldnt. I seriously doubt it.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: BUG: ClamAV 0.104.0 does not work

Post by palinka » 2021-09-19 14:09

Looks like there were a lot of changes in 0.104. Not surprising there would be errors on the windows side. I looked quickly and saw several windows issues with paths on github and the mailing list.

I would give it some time before upgrading. Better yet, send clamav log entries to the mailing list or post an issue on github. If they don't know about an issue, they won't be able to fix it.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2021-09-19 15:23

Looks like 0.104.0 doesn't need special builds to run as service on Windows

Code: Select all

clamd and freshclam are now available as Windows services. To install and run them, use the --install-service option and net start [name] command.

Special thanks to Gianluigi Tiesi for his original work on this feature.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

ralfik
New user
New user
Posts: 10
Joined: 2007-12-16 02:41

Re: BUG: ClamAV 0.104.0 does not work

Post by ralfik » 2021-09-19 16:34

RvdH wrote:
2021-09-19 15:23
Looks like 0.104.0 doesn't need special builds to run as service on Windows

Code: Select all

clamd and freshclam are now available as Windows services. To install and run them, use the --install-service option and net start [name] command.

Special thanks to Gianluigi Tiesi for his original work on this feature.
I tried that as the first thing that came to my mind. Unfortunately, the result is the same.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2021-09-19 16:43

CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2021-09-19 18:13

Changelog says northing about a breaking change in how clamd should work, except for maybe:
Added the %f format string option to the ClamD VirusEvent feature to insert the file path of the scan target when a virus-event occurs. This supplements the VirusEvent %v option which prints the signature (virus) name. The ClamD VirusEvent feature also provides two environment variables, $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNAME for a similar effect.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

mipanu
New user
New user
Posts: 1
Joined: 2021-10-13 15:17

Re: BUG: ClamAV 0.104.0 does not work

Post by mipanu » 2021-10-13 15:19

Any solution?

I also get the same "UNKNOWN COMMAND".

ClamAV 0.104.0

Thanks.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2021-10-13 15:36

You should really ask ClamAV people, apparently they have changed something that breaks compatibility
https://github.com/Cisco-Talos/clamav
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

laskowski
New user
New user
Posts: 9
Joined: 2009-09-20 03:53

Re: BUG: ClamAV 0.104.0 does not work

Post by laskowski » 2022-01-30 07:34

31.01.2022 and clamav 104.2 still SAME ERROR
can someone do a help ?

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: BUG: ClamAV 0.104.0 does not work

Post by mattg » 2022-01-31 01:13

RvdH wrote:
2021-10-13 15:36
You should really ask ClamAV people, apparently they have changed something that breaks compatibility
https://github.com/Cisco-Talos/clamav
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

lord_dragonus
New user
New user
Posts: 14
Joined: 2009-12-29 12:34

Re: BUG: ClamAV 0.104.0 does not work

Post by lord_dragonus » 2022-02-08 19:34

hMailServer is using the command "STREAM" as shown here https://github.com/hmailserver/hmailser ... er.cpp#L64
It was deprecated and has been deleted now. The right command should be "INSTREAM" now, as shown in the manpage: https://manpages.debian.org/testing/cla ... .8.en.html
So hMailServer must be updated here to get this work again.

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: BUG: ClamAV 0.104.0 does not work

Post by mattg » 2022-02-08 23:06

Did you start an issue on hMaislerver's github ?
If not, can you please...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

laskowski
New user
New user
Posts: 9
Joined: 2009-09-20 03:53

Re: BUG: ClamAV 0.104.0 does not work

Post by laskowski » 2022-02-09 01:41

mattg wrote:
2022-02-08 23:06
Did you start an issue on hMaislerver's github ?
If not, can you please...
No idea how to use github... never did anything with github.

lord_dragonus
New user
New user
Posts: 14
Joined: 2009-12-29 12:34

Re: BUG: ClamAV 0.104.0 does not work

Post by lord_dragonus » 2022-02-09 01:49

mattg wrote:
2022-02-08 23:06
Did you start an issue on hMaislerver's github ?
If not, can you please...
Sure, will do that.

EDIT:
Link to issue: https://github.com/hmailserver/hmailserver/issues/420

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-09 10:11

Question is, will that change break backwards compatibility?
With what version that INSTREAM command was introduced?
Why on earth they decided the delete it? They could just leave STREAM command there as alias for INSTREAM command
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

lord_dragonus
New user
New user
Posts: 14
Joined: 2009-12-29 12:34

Re: BUG: ClamAV 0.104.0 does not work

Post by lord_dragonus » 2022-02-09 11:15

I already answered your questions on GitHub: https://github.com/hmailserver/hmailserver/issues/420
We should discuss it there.

For record, this is my answer:
Hello @RvdHout,

it's marked as deprecated since February 11th 2009: https://github.com/Cisco-Talos/clamav/c ... b19bc9dR50

The commands are slightly different: INSTREAM acceptes the data on the same communication port, whereas STREAM just send a new temporary port for the data to send to.

Since the INSTREAM command has been added 2009 too, there is no problem for backward compatibility. So all ClamAV versions since 0.95 should work with INSTREAM.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-09 11:17

I think there is more to it then just changing STREAM with INSTREAM

Prior 0.104.x clamav reported the PORT to connect to

Code: Select all

PORT 1483
stream: OK
After that HMS send the STREAM command over port 1483

The CLAMAV would reply back with another stream on port 1081:

Code: Select all

PORT 1081
stream: Eicar-Signature FOUND

With this INSTREAM change the whole PORT part seems to be to be left out, which result in HMS failing with the UNKNOWN COMMAND error
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-09 11:21

lord_dragonus wrote:
2022-02-09 11:15
I already answered your questions on GitHub: https://github.com/hmailserver/hmailserver/issues/420
We should discuss it there.

For record, this is my answer:
Hello @RvdHout,

it's marked as deprecated since February 11th 2009: https://github.com/Cisco-Talos/clamav/c ... b19bc9dR50

The commands are slightly different: INSTREAM acceptes the data on the same communication port, whereas STREAM just send a new temporary port for the data to send to.

Since the INSTREAM command has been added 2009 too, there is no problem for backward compatibility. So all ClamAV versions since 0.95 should work with INSTREAM.
Thx, i'm gonna play with this....lets see where it gets me :)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: BUG: ClamAV 0.104.0 does not work

Post by jimimaseye » 2022-02-09 11:30

Also, even though STREAM is "deprecated" since 2009 it still continued to work up to 0.103. So what change was done in v0.104 that wasnt there in 0.103? You say
lord_dragonus wrote:
2022-02-08 19:34
It was deprecated and has been deleted now. The right command should be "INSTREAM" now, as shown in the manpage: https://manpages.debian.org/testing/cla ... .8.en.html
The man page quoted still references STREAM as 'deprecated' since 2009 but (as we have identified) it was still being allowed until 0.103 (so deprecated meaning officially unsupported but not removed usually for legacy connectivity). Can I ask where you see documentation or the evidence of it finally being removed in 0.104? (Im not doubting you, just curious on where the evidence is found. This makes things easier to understand).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

lord_dragonus
New user
New user
Posts: 14
Joined: 2009-12-29 12:34

Re: BUG: ClamAV 0.104.0 does not work

Post by lord_dragonus » 2022-02-09 12:31

jimimaseye wrote:
2022-02-09 11:30
[...] Can I ask where you see documentation or the evidence of it finally being removed in 0.104? (Im not doubting you, just curious on where the evidence is found. This makes things easier to understand).
Sure, it has been deleted February 25th 2021 within this commit: https://github.com/Cisco-Talos/clamav/c ... 246bf6f99a

See the comment of the commit:
[...] Also remove deprecated STREAM command.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-09 13:12

Quick solution, stick with 0.103.5 :)
I think this whole function has to be rewritten using socket(s) to be able to support 0.104.x
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: BUG: ClamAV 0.104.0 does not work

Post by SorenR » 2022-02-09 15:22

I have two versions of ClamAV.pm in my SpamAssassin ./lib/file/scan folder from way back when I was getting it up running and I just noticed I'm using the STREAM version.

NOTE: ClamAV integration in SpamAssassin includes a DIFFERENT ClamAV.pm stored with the ClamAV.cf in the ./etc directory. The ClamAV.pm in the ./lib/file/scan originate from CPAN (presumeably).

So I cut out the Perl sub that does the actual STREAM'ing from both versions.

Version 1.95 by unknown at unknown date

Code: Select all

sub streamscan {
 my $self = shift;
 my $data = shift;

 if(@_){ #don't join unless needed [cpan #78769]
    $data = join q{},($data,@_);
 }

 $self->_seterrstr;

 my $conn = $self->_get_connection || return;
 $self->_send($conn, "nINSTREAM\n");
 $self->_send($conn, pack("N", length($data)));
 $self->_send($conn, $data);
 $self->_send($conn, pack("N", 0));

 chomp(my $r = $conn->getline);

 my @return;
 if($r =~ /stream:\ (.+)\ FOUND/ix){
	@return = ('FOUND', $1);
 } else {
	@return = ('OK');
 }
 $conn->close;
 return @return;
}
ClamAV.pm,v 1.8 2004/09/17 22:07:51 cfaber

Code: Select all

sub streamscan {
 my ($self) = shift;

 my $data = join '', @_;

 $self->_seterrstr;

 my $conn = $self->_get_connection || return;
 $self->_send($conn, "STREAM\n");
 chomp(my $response = $conn->getline);

 my @return;
 if($response =~ /^PORT (\d+)/){
	if((my $c = $self->_get_tcp_connection($1))){
		$self->_send($c, $data);
		$c->close;

		chomp(my $r = $conn->getline);
		if($r =~ /stream: (.+) FOUND/i){
			@return = ('FOUND', $1);
		} else {
			@return = ('OK');
		}
	} else {
		$conn->close;
		return;
	}
 }
 $conn->close;
 return @return;
}
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

lord_dragonus
New user
New user
Posts: 14
Joined: 2009-12-29 12:34

Re: BUG: ClamAV 0.104.0 does not work

Post by lord_dragonus » 2022-02-09 15:43

RvdH wrote:
2022-02-09 13:12
Quick solution, stick with 0.103.5 :)
I think this whole function has to be rewritten using socket(s) to be able to support 0.104.x
It's not necessary to rewrite the whole function. The only thing is, that the data have to be send directly to the main port, instead of opening another port and sending it to this port. And of course, the command have to be changed. Thanks to @SorenR for posting the old and new example. It should help to edit the function quickly.

Sure, the "Quick solution" works, but only until September 14th 2023. It's the EOL date for the 0.103.x version and as of this date it's forbidden to download database updates. (That was my problem with the 0.102.x after January 3rd 2022)
Source: https://docs.clamav.net/faq/faq-eol.htm ... ort-matrix

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-09 15:51

lord_dragonus wrote:
2022-02-09 15:43
RvdH wrote:
2022-02-09 13:12
Quick solution, stick with 0.103.5 :)
I think this whole function has to be rewritten using socket(s) to be able to support 0.104.x
It's not necessary to rewrite the whole function. The only thing is, that the data have to be send directly to the main port, instead of opening another port and sending it to this port. And of course, the command have to be changed. Thanks to @SorenR for posting the old and new example. It should help to edit the function quickly.

Sure, the "Quick solution" works, but only until September 14th 2023. It's the EOL date for the 0.103.x version and as of this date it's forbidden to download database updates. (That was my problem with the 0.102.x after January 3rd 2022)
Source: https://docs.clamav.net/faq/faq-eol.htm ... ort-matrix
OK, if you think it is that easy i expect your (working!) pull request later today (it is open source you all know, right?)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: BUG: ClamAV 0.104.0 does not work

Post by SorenR » 2022-02-09 17:12

SorenR wrote:
2022-02-09 15:22
Version 1.95 by unknown at unknown date

Code: Select all

sub streamscan {
 my $self = shift;
 my $data = shift;

 if(@_){ #don't join unless needed [cpan #78769]
    $data = join q{},($data,@_);
 }

 $self->_seterrstr;

 my $conn = $self->_get_connection || return;
 $self->_send($conn, "nINSTREAM\n");
 $self->_send($conn, pack("N", length($data)));
 $self->_send($conn, $data);
 $self->_send($conn, pack("N", 0));

 chomp(my $r = $conn->getline);

 my @return;
 if($r =~ /stream:\ (.+)\ FOUND/ix){
	@return = ('FOUND', $1);
 } else {
	@return = ('OK');
 }
 $conn->close;
 return @return;
}
ClamAV.pm,v 1.8 2004/09/17 22:07:51 cfaber

Code: Select all

sub streamscan {
 my ($self) = shift;

 my $data = join '', @_;

 $self->_seterrstr;

 my $conn = $self->_get_connection || return;
 $self->_send($conn, "STREAM\n");
 chomp(my $response = $conn->getline);

 my @return;
 if($response =~ /^PORT (\d+)/){
	if((my $c = $self->_get_tcp_connection($1))){
		$self->_send($c, $data);
		$c->close;

		chomp(my $r = $conn->getline);
		if($r =~ /stream: (.+) FOUND/i){
			@return = ('FOUND', $1);
		} else {
			@return = ('OK');
		}
	} else {
		$conn->close;
		return;
	}
 }
 $conn->close;
 return @return;
}
Note... pack("N", length($data))

https://perldoc.perl.org/functions/pack

"N" -> An unsigned long (32-bit) in "network" (big-endian) order.
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-09 17:17

SorenR wrote:
2022-02-09 17:12
SorenR wrote:
2022-02-09 15:22
Version 1.95 by unknown at unknown date

Code: Select all

sub streamscan {
 my $self = shift;
 my $data = shift;

 if(@_){ #don't join unless needed [cpan #78769]
    $data = join q{},($data,@_);
 }

 $self->_seterrstr;

 my $conn = $self->_get_connection || return;
 $self->_send($conn, "nINSTREAM\n");
 $self->_send($conn, pack("N", length($data)));
 $self->_send($conn, $data);
 $self->_send($conn, pack("N", 0));

 chomp(my $r = $conn->getline);

 my @return;
 if($r =~ /stream:\ (.+)\ FOUND/ix){
	@return = ('FOUND', $1);
 } else {
	@return = ('OK');
 }
 $conn->close;
 return @return;
}
ClamAV.pm,v 1.8 2004/09/17 22:07:51 cfaber

Code: Select all

sub streamscan {
 my ($self) = shift;

 my $data = join '', @_;

 $self->_seterrstr;

 my $conn = $self->_get_connection || return;
 $self->_send($conn, "STREAM\n");
 chomp(my $response = $conn->getline);

 my @return;
 if($response =~ /^PORT (\d+)/){
	if((my $c = $self->_get_tcp_connection($1))){
		$self->_send($c, $data);
		$c->close;

		chomp(my $r = $conn->getline);
		if($r =~ /stream: (.+) FOUND/i){
			@return = ('FOUND', $1);
		} else {
			@return = ('OK');
		}
	} else {
		$conn->close;
		return;
	}
 }
 $conn->close;
 return @return;
}
Note... pack("N", length($data))

https://perldoc.perl.org/functions/pack

"N" -> An unsigned long (32-bit) in "network" (big-endian) order.
What on earth do i have to do with perl code?
Geez, come on... i can post perfectly working C# code, but does that solve anything?
the problem is the wrapper function ClamAVVirusScanner::Scan within HMS, which uses boost and translate that into working c++ for reading the returned data using a single connection
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: BUG: ClamAV 0.104.0 does not work

Post by SorenR » 2022-02-09 18:13

RvdH wrote:
2022-02-09 17:17
SorenR wrote:
2022-02-09 17:12
SorenR wrote:
2022-02-09 15:22
Version 1.95 by unknown at unknown date

Code: Select all

sub streamscan {
 my $self = shift;
 my $data = shift;

 if(@_){ #don't join unless needed [cpan #78769]
    $data = join q{},($data,@_);
 }

 $self->_seterrstr;

 my $conn = $self->_get_connection || return;
 $self->_send($conn, "nINSTREAM\n");
 $self->_send($conn, pack("N", length($data)));
 $self->_send($conn, $data);
 $self->_send($conn, pack("N", 0));

 chomp(my $r = $conn->getline);

 my @return;
 if($r =~ /stream:\ (.+)\ FOUND/ix){
	@return = ('FOUND', $1);
 } else {
	@return = ('OK');
 }
 $conn->close;
 return @return;
}
ClamAV.pm,v 1.8 2004/09/17 22:07:51 cfaber

Code: Select all

sub streamscan {
 my ($self) = shift;

 my $data = join '', @_;

 $self->_seterrstr;

 my $conn = $self->_get_connection || return;
 $self->_send($conn, "STREAM\n");
 chomp(my $response = $conn->getline);

 my @return;
 if($response =~ /^PORT (\d+)/){
	if((my $c = $self->_get_tcp_connection($1))){
		$self->_send($c, $data);
		$c->close;

		chomp(my $r = $conn->getline);
		if($r =~ /stream: (.+) FOUND/i){
			@return = ('FOUND', $1);
		} else {
			@return = ('OK');
		}
	} else {
		$conn->close;
		return;
	}
 }
 $conn->close;
 return @return;
}
Note... pack("N", length($data))

https://perldoc.perl.org/functions/pack

"N" -> An unsigned long (32-bit) in "network" (big-endian) order.
What on earth do i have to do with perl code?
Geez, come on... i can post perfectly working C# code, but does that solve anything?
the problem is the wrapper function ClamAVVirusScanner::Scan within HMS, which uses boost and translate that into working c++ for reading the returned data using a single connection
You are not the only one reading this forum and you want people to get involved so chill out. I posted the Perl examples to give people a sense of how much needs to be changed.

I personally is struggeling to "translate" the Perl pack function to something useable in C++. I think I need to use intrin.h (already used by VC) and probably ... "unsigned long _byteswap_ulong(unsigned long value);" ???
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-09 18:37

SorenR wrote:
2022-02-09 18:13
You are not the only one reading this forum and you want people to get involved so chill out. I posted the Perl examples to give people a sense of how much needs to be changed.
But yet you quoted it (and posted the same code once more!) and posted it in a direct response after my message, weird...

Anyway, we have until September 14th 2023 to figure this out, it's gonna be OK by then (i hope) :mrgreen:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

lord_dragonus
New user
New user
Posts: 14
Joined: 2009-12-29 12:34

Re: BUG: ClamAV 0.104.0 does not work

Post by lord_dragonus » 2022-02-09 18:53

@SorenR: Thank you very much for the examples and the explanation of the perl code, this will help me!

@RvdH: I don't have a testbed yet, but I will create one next weekend. I will then send you the pull request.

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: BUG: ClamAV 0.104.0 does not work

Post by SorenR » 2022-02-10 00:20

Sending Int32 as Big Endian (Network order) ??? Still trying to figure out the Perl pack function ... :roll:
INSTREAM
It is mandatory to prefix this command with n or z.
Scan a stream of data. The stream is sent to clamd in chunks, after INSTREAM, on the same socket on which the command was sent. This avoids the overhead of establishing new TCP connections and problems with NAT. The format of the chunk is: '<length><data>' where <length> is the size of the following data in bytes expressed as a 4 byte unsigned integer in network byte order and <data> is the actual chunk. Streaming is terminated by sending a zero-length chunk. Note: do not exceed StreamMaxLength as defined in clamd.conf, otherwise clamd will reply with INSTREAM size limit exceeded and close the connection.
NB. This is C#...

Code: Select all

using System;

public class Example
{
   public static void Main()
   {
      int value = 12345678;
      byte[] bytes = BitConverter.GetBytes(value);
      Console.WriteLine(BitConverter.ToString(bytes));

      if (BitConverter.IsLittleEndian)
         Array.Reverse(bytes);

      Console.WriteLine(BitConverter.ToString(bytes));
      // Call method to send byte stream across machine boundaries.

      // Receive byte stream from beyond machine boundaries.
      Console.WriteLine(BitConverter.ToString(bytes));
      if (BitConverter.IsLittleEndian)
         Array.Reverse(bytes);

      Console.WriteLine(BitConverter.ToString(bytes));
      int result = BitConverter.ToInt32(bytes, 0);
      Console.WriteLine("Original value: {0}", value);
      Console.WriteLine("Returned value: {0}", result);
   }
}
// The example displays the following output on a little-endian system:
//       4E-61-BC-00
//       00-BC-61-4E
//       00-BC-61-4E
//       4E-61-BC-00
//       Original value: 12345678
//       Returned value: 12345678
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-10 09:36

SorenR wrote:
2022-02-10 00:20
Sending Int32 as Big Endian (Network order) ??? Still trying to figure out the Perl pack function ... :roll:
INSTREAM
It is mandatory to prefix this command with n or z.
Scan a stream of data. The stream is sent to clamd in chunks, after INSTREAM, on the same socket on which the command was sent. This avoids the overhead of establishing new TCP connections and problems with NAT. The format of the chunk is: '<length><data>' where <length> is the size of the following data in bytes expressed as a 4 byte unsigned integer in network byte order and <data> is the actual chunk. Streaming is terminated by sending a zero-length chunk. Note: do not exceed StreamMaxLength as defined in clamd.conf, otherwise clamd will reply with INSTREAM size limit exceeded and close the connection.
NB. This is C#...

Code: Select all

using System;

public class Example
{
   public static void Main()
   {
      int value = 12345678;
      byte[] bytes = BitConverter.GetBytes(value);
      Console.WriteLine(BitConverter.ToString(bytes));

      if (BitConverter.IsLittleEndian)
         Array.Reverse(bytes);

      Console.WriteLine(BitConverter.ToString(bytes));
      // Call method to send byte stream across machine boundaries.

      // Receive byte stream from beyond machine boundaries.
      Console.WriteLine(BitConverter.ToString(bytes));
      if (BitConverter.IsLittleEndian)
         Array.Reverse(bytes);

      Console.WriteLine(BitConverter.ToString(bytes));
      int result = BitConverter.ToInt32(bytes, 0);
      Console.WriteLine("Original value: {0}", value);
      Console.WriteLine("Returned value: {0}", result);
   }
}
// The example displays the following output on a little-endian system:
//       4E-61-BC-00
//       00-BC-61-4E
//       00-BC-61-4E
//       4E-61-BC-00
//       Original value: 12345678
//       Returned value: 12345678
Here is a complete clamav client wrapper written in C#
https://github.com/michaelhans/Clamson/ ... #L238-L294

htonl is the equivalent for "network-byte-order" in c++ as it seems

You use either (newline escaped/delimited)

Code: Select all

nINSTREAM\n
or (zero escaped/delimited)

Code: Select all

zINSTREAM\0
workflow:
1. send the INSTREAM command: zINSTREAM\0, or nINSTREAM\n
2. send <length> (big endian, 4 bytes)
3. send the chunk of data corresponding to the above length
4. repeat at 2 as long as you have more blocks to send
5. send a 0-length block to mark end of stream
6. get response
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: BUG: ClamAV 0.104.0 does not work

Post by SorenR » 2022-02-10 13:53

RvdH wrote:
2022-02-10 09:36
Here is a complete clamav client wrapper written in C#
https://github.com/michaelhans/Clamson/ ... #L238-L294

htonl is the equivalent for "network-byte-order" in c++ as it seems

You use either (newline escaped/delimited)

Code: Select all

nINSTREAM\n
or (zero escaped/delimited)

Code: Select all

zINSTREAM\0
workflow:
1. send the INSTREAM command: zINSTREAM\0, or nINSTREAM\n
2. send <length> (big endian, 4 bytes)
3. send the chunk of data corresponding to the above length
4. repeat at 2 as long as you have more blocks to send
5. send a 0-length block to mark end of stream
6. get response
Hmm... Something's fishy...

ClamAV log:

Code: Select all

Thu Feb 10 12:40:20 2022 -> WARNING: INSTREAM: Size limit reached, (requested: 842019123, max: 26214400)
Thu Feb 10 12:40:20 2022 -> WARNING: INSTREAM: Size limit reached, (requested: 842019123, max: 26214400)
Code change...

Code: Select all

   VirusScanningResult
   ClamAVVirusScanner::Scan(const String &hostName, int primaryPort, const String &sFilename)
   {
      LOG_DEBUG("Connecting to ClamAV virus scanner...");

      int streamPort = 0;

      TimeoutCalculator calculator;

      SynchronousConnection commandConnection(calculator.Calculate(IniFileSettings::Instance()->GetClamMinTimeout(), IniFileSettings::Instance()->GetClamMaxTimeout()));
      if (!commandConnection.Connect(hostName, primaryPort))
      {
         return VirusScanningResult(_T("ClamAVVirusScanner::Scan"), 
            Formatter::Format("Unable to connect to ClamAV server at {0}:{1}.", hostName, primaryPort));
      }

      if (!commandConnection.Write("nINSTREAM\n"))
         return VirusScanningResult("ClamAVVirusScanner::Scan", "Unable to write STREAM command.");

      AnsiString readData;

      // Send the file on the stream socket.
      File oFile;
      if (!oFile.Open(sFilename, File::OTReadOnly))
      {
         String sErrorMsg = Formatter::Format("Could not send file {0} via socket since it does not exist.", sFilename);
         return VirusScanningResult("ClamAVVirusScanner::Scan", sErrorMsg);
      }

      const int STREAM_BLOCK_SIZE = 4096;
      const int maxIterations = 100000;
      for (int i = 0; i < maxIterations; i++)
      {
         std::shared_ptr<ByteBuffer> pBuf = oFile.ReadChunk(STREAM_BLOCK_SIZE);

         if (!pBuf)
            break;

         // Send the request.
         if (!commandConnection.Write(to_string(htonl(sizeof(*pBuf)))))
            return VirusScanningResult("ClamAVVirusScanner::Scan", "Unable to write data to stream port.");

         if (!commandConnection.Write(*pBuf))
            return VirusScanningResult("ClamAVVirusScanner::Scan", "Unable to write data to stream port.");
      }

      if (!commandConnection.Write(to_string(htonl(0))))
         return VirusScanningResult("ClamAVVirusScanner::Scan", "Unable to write data to stream port.");

      if (!commandConnection.ReadUntil("\n", readData))
         return VirusScanningResult("ClamAVVirusScanner::Scan", "Unable to read response (after streaming).");

      readData.TrimRight("\n");

      // Parse the response and see if a virus was reported.
      try
      {
         const regex expression("^stream.*: (.*) FOUND$"); 
         cmatch what; 
         if(regex_match(readData.c_str(), what, expression)) 
         {
            LOG_DEBUG("Virus detected: " + what[1]);
            return VirusScanningResult(VirusScanningResult::VirusFound, String(what[1]));
         }
         else
         {
            LOG_DEBUG("No virus detected: " + readData);
            return VirusScanningResult(VirusScanningResult::NoVirusFound, Formatter::Format("Result: {0}", readData));
         }
      }
      catch (std::runtime_error &) // regex_match will throw runtime_error if regexp is too complex.
      {
         return VirusScanningResult("ClamAVVirusScanner::Scan", "Unable to parse regular expression.");
      }

      
   }
This is very wrong or only a little wrong ?;-)

if (!commandConnection.Write(to_string(htonl(sizeof(*pBuf)))))
Attachments
ClamAV.jpg
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-10 14:05

What if you LOG_DEBUG that value? Just the check if it holds proper values...not behind my PC right now, so can not check

LOG_DEBUG(Formatter::Format("big endian, 4 bytes: {0}", to_string(htonl(sizeof(*pBuf)))));
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: BUG: ClamAV 0.104.0 does not work

Post by SorenR » 2022-02-10 14:17

RvdH wrote:
2022-02-10 14:05
What if you LOG_DEBUG that value? Just the check if it holds proper values...not behind my PC right now, so can not check

LOG_DEBUG(Formatter::Format("big endian, 4 bytes: {0}", to_string(htonl(sizeof(*pBuf)))));
Chunk size is 4096 (int), 4096 in hex is "0x1000" and Big Endian should be "0x0001" No ??
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: BUG: ClamAV 0.104.0 does not work

Post by SorenR » 2022-02-10 14:30

Hmm....

Code: Select all

"DEBUG"	4020	"2022-02-10 13:28:39.698"	"Connecting to ClamAV virus scanner..."
"DEBUG"	4020	"2022-02-10 13:28:39.701"	"big endian, 4 bytes: {0} 201326592"
"DEBUG"	4020	"2022-02-10 13:28:39.719"	"No virus detected: INSTREAM size limit exceeded. ERROR"
"DEBUG"	4020	"2022-02-10 13:28:39.723"	"Connecting to ClamAV virus scanner..."
"DEBUG"	4020	"2022-02-10 13:28:39.725"	"big endian, 4 bytes: {0} 201326592"
"DEBUG"	4020	"2022-02-10 13:28:39.751"	"No virus detected: INSTREAM size limit exceeded. ERROR"
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-10 14:30

SorenR wrote:
2022-02-10 14:17
RvdH wrote:
2022-02-10 14:05
What if you LOG_DEBUG that value? Just the check if it holds proper values...not behind my PC right now, so can not check

LOG_DEBUG(Formatter::Format("big endian, 4 bytes: {0}", to_string(htonl(sizeof(*pBuf)))));
Chunk size is 4096 (int), 4096 in hex is "0x1000" and Big Endian should be "0x0001" No ??
Would the problem not be to_string()?
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: BUG: ClamAV 0.104.0 does not work

Post by SorenR » 2022-02-10 14:49

RvdH wrote:
2022-02-10 14:30
SorenR wrote:
2022-02-10 14:17
RvdH wrote:
2022-02-10 14:05
What if you LOG_DEBUG that value? Just the check if it holds proper values...not behind my PC right now, so can not check

LOG_DEBUG(Formatter::Format("big endian, 4 bytes: {0}", to_string(htonl(sizeof(*pBuf)))));
Chunk size is 4096 (int), 4096 in hex is "0x1000" and Big Endian should be "0x0001" No ??
Would the problem not be to_string()?
I think I'm mixing apples and pears...

LOG_DEBUG("size of *pBuf " + to_string(sizeof(pBuf)));

Code: Select all

"DEBUG"	2916	"2022-02-10 13:38:28.703"	"size of *pBuf 12"

Code: Select all

const int STREAM_BLOCK_SIZE = 4096;
std::shared_ptr<ByteBuffer> pBuf = oFile.ReadChunk(STREAM_BLOCK_SIZE);
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

jemm971
New user
New user
Posts: 5
Joined: 2020-10-07 23:15

Re: BUG: ClamAV 0.104.0 does not work

Post by jemm971 » 2022-02-18 20:40

I have the same trouble since my upgrade of clamAV in the 0.104.2.0 version : I get a UNKNOWN RESPOND when I make a test of ClamAV in hMailServer.

So I also upgrated to the last hMailServer version (5.6.8) , but still the same trouble.

Finally I came back to my previous ClamAV version (0.102.2.0), which was working well.
But in this version the freshclam doesn't work anymore, so the virus signature are no more updated.

Does anyone find a solution ?

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-18 20:47

RvdH wrote:
2022-02-09 13:12
Quick solution, stick with 0.103.5 :)
http://oss.netfarm.it/clamav/
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: BUG: ClamAV 0.104.0 does not work

Post by SorenR » 2022-02-18 22:50

RvdH wrote:
2022-02-18 20:47
RvdH wrote:
2022-02-09 13:12
Quick solution, stick with 0.103.5 :)
http://oss.netfarm.it/clamav/
I've been running the INSTREAM mod (my version) for almost 1 week now on two servers with 0.103.3. No issues so far.
This weekend I'll be upgrading to 0.104.x 64-bit.
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-02-19 02:53

SorenR wrote:
2022-02-18 22:50
RvdH wrote:
2022-02-18 20:47
RvdH wrote:
2022-02-09 13:12
Quick solution, stick with 0.103.5 :)
http://oss.netfarm.it/clamav/
I've been running the INSTREAM mod (my version) for almost 1 week now on two servers with 0.103.3. No issues so far.
This weekend I'll be upgrading to 0.104.x 64-bit.
Me to, custom 5.7.x build, the only thing that bothers me is the 1 line difference between 5.6.x. and 5.7.x that don't compute (you probably know what i am taking about, i adapted your union approach)

Maybe make a PR?
I already stated i won't be making a PR as the guy requesting it, said it was easy fix....so i'm waiting for his efforts and PR (and as i am still on 103.5 i have no immediate demand for it)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

jemm971
New user
New user
Posts: 5
Joined: 2020-10-07 23:15

Re: BUG: ClamAV 0.104.0 does not work

Post by jemm971 » 2022-02-22 22:50

RvdH wrote:
2022-02-18 20:47
RvdH wrote:
2022-02-09 13:12
Quick solution, stick with 0.103.5 :)
http://oss.netfarm.it/clamav/
the 0.103.5 version works well !
Thanks RvdH !

Cyberslog
New user
New user
Posts: 23
Joined: 2022-01-14 18:15

Re: BUG: ClamAV 0.104.0 does not work

Post by Cyberslog » 2022-05-07 18:53

well 0.103.5 has now expired and cant find a 0.103.6 so tried to switch to ClamAV from https://www.clamav.net/downloads#otherversions win32 to be exact I get the UNKNOWN ERROR when I test ClamAV. Has this issue been fixed yet just curious if I need to switch up something here.

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: BUG: ClamAV 0.104.0 does not work

Post by SorenR » 2022-05-07 23:52

Cyberslog wrote:
2022-05-07 18:53
well 0.103.5 has now expired and cant find a 0.103.6 so tried to switch to ClamAV from https://www.clamav.net/downloads#otherversions win32 to be exact I get the UNKNOWN ERROR when I test ClamAV. Has this issue been fixed yet just curious if I need to switch up something here.
https://www.hmailserver.com/forum/viewt ... 38#p237938
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

ralfik
New user
New user
Posts: 10
Joined: 2007-12-16 02:41

Re: BUG: ClamAV 0.104.0 does not work

Post by ralfik » 2022-05-09 19:31

SorenR wrote:
2022-05-07 23:52
Cyberslog wrote:
2022-05-07 18:53
well 0.103.5 has now expired and cant find a 0.103.6 so tried to switch to ClamAV from https://www.clamav.net/downloads#otherversions win32 to be exact I get the UNKNOWN ERROR when I test ClamAV. Has this issue been fixed yet just curious if I need to switch up something here.
https://www.hmailserver.com/forum/viewt ... 38#p237938
Excellent work! Thank you!

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-05-11 20:15

ClamAV people keep pushing out new version/branches as mushrooms, as of 2022-05-03 we now have 0.103.6, 0.104.3 and new 0.105.0 to choose from, but a decent change-log is to much to ask i guess

For vanilla hMailserver 5.6.x you need 0.103.x, for 0.104.x and/or 0.105.x you need this (.46) mod/alternate build
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

vidiot
New user
New user
Posts: 14
Joined: 2015-03-16 21:18

Re: BUG: ClamAV 0.104.0 does not work

Post by vidiot » 2022-05-12 20:12

RvdH wrote:
2022-05-11 20:15
ClamAV people keep pushing out new version/branches as mushrooms, as of 2022-05-03 we now have 0.103.6, 0.104.3 and new 0.105.0 to choose from, but a decent change-log is to much to ask i guess

For vanilla hMailserver 5.6.x you need 0.103.x, for 0.104.x and/or 0.105.x you need this (.46) mod/alternate build
Looks like this is as close as can be found: https://github.com/Cisco-Talos/clamav/c ... b36fa70ae9. Also, I noted that v105 is destined to be a 1.0 release! https://github.com/Cisco-Talos/clamav/c ... a4f37109c9

Thanks for your work RvdH!

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: BUG: ClamAV 0.104.0 does not work

Post by RvdH » 2022-06-17 08:53

Cyberslog wrote:
2022-05-07 18:53
well 0.103.5 has now expired and cant find a 0.103.6 so tried to switch to ClamAV from https://www.clamav.net/downloads#otherversions win32 to be exact I get the UNKNOWN ERROR when I test ClamAV. Has this issue been fixed yet just curious if I need to switch up something here.
0.103.6
https://oss.netfarm.it/clamav/
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: BUG: ClamAV 0.104.0 does not work

Post by palinka » 2022-06-17 12:38

RvdH wrote:
2022-06-17 08:53
Cyberslog wrote:
2022-05-07 18:53
well 0.103.5 has now expired and cant find a 0.103.6 so tried to switch to ClamAV from https://www.clamav.net/downloads#otherversions win32 to be exact I get the UNKNOWN ERROR when I test ClamAV. Has this issue been fixed yet just curious if I need to switch up something here.
0.103.6
https://oss.netfarm.it/clamav/
👍

Post Reply