ClamAV Question
Posted: Tue Jan 24, 2017 3:39 pm
For the latest ClamAV packages from the asl-4.0 repo on CentOS 5.x (on our way to migrating away from it by the end of March but still in use at present):
clamd-0.99.2-35.el5.art.x86_64.rpm and relateds, we are now seeing the logs filling up with:
LibClamAV Warning: cli_loadldb: logical signature for Win.Ransomware.Locky-4 uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for Html.Exploit.CVE_2016_0184-1 uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for Pdf.Exploit.APSB16_26-1 uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for Swf.Exploit.2016_4215-1 uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for Pdf.Exploit.CVE_2016_1079-2 uses PCREs but support is disabled, skipping
and similar when clam is restarted.
As best I can see on a couple of searches, appears to be related to how the package itself was built. Is this something we can change a setting on on our end or is it related to how the updated package was built (PCRE is installed on the box)?
Thanks.
clamd-0.99.2-35.el5.art.x86_64.rpm and relateds, we are now seeing the logs filling up with:
LibClamAV Warning: cli_loadldb: logical signature for Win.Ransomware.Locky-4 uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for Html.Exploit.CVE_2016_0184-1 uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for Pdf.Exploit.APSB16_26-1 uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for Swf.Exploit.2016_4215-1 uses PCREs but support is disabled, skipping
LibClamAV Warning: cli_loadldb: logical signature for Pdf.Exploit.CVE_2016_1079-2 uses PCREs but support is disabled, skipping
and similar when clam is restarted.
As best I can see on a couple of searches, appears to be related to how the package itself was built. Is this something we can change a setting on on our end or is it related to how the updated package was built (PCRE is installed on the box)?
Thanks.