-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerard a écrit : > On Fri, 23 Oct 2009 11:46:03 +0200 tonio@xxxxxxxxxxxxxx > <tonio@xxxxxxxxxxxxxx> replied: > > >> Steve Basford a écrit : >>> Hi All, >>> >>> I'm pleased to announce two new signatures databases: >>> >>> New Database 1: >>> >>> Database name: spearl.ndb >>> >>> Description: phishing_links is a list of generic forms used for >>> e-mail account phishing >>> >>> Provider: APER Risk of FP's: low Website: http://code DOT >>> google DOT com/p/anti-phishing-email-reply/ >>> >>> New Database 2: >>> >>> Database name: scamnailer.ndb >>> >>> Note: this database may use more cpu resources, due to >>> extensive use of conditional signatures >>> >>> Description: This uses far more than just the well-known list >>> of phishing email addresses published on SourceForge. It also >>> uses a very large list of addresses, which have been discovered >>> and manually checked by a large and very well known corporation >>> on the web, which you will definitely have heard of >>> >>> Provider: Julian Field/Tony Finch Risk of FP's: medium Website: >>> www DOT scamnailer DOT info >>> >>> New scripts will no doubt be available soon to take advantage >>> of these two new databases (unless you edit them yourself) >>> >>> In other news: >>> >>> a) Tweaks have been made to spear.ndb file to improve the >>> detection rates. >>> >>> b) Lots of generic signatures to help block spear phishing have >>> been added to phish.ndb (generally >>> Sanesecurity.Phishing.Fake's) >>> >>> Cheers, >>> >>> Steve Sanesecurity >>> >> hi i've the same problem with scamnailer.ndb as lately with >> signature MSRBL-SPAM and winnow_phish_complete (see previous >> thread): >> >> ClamAV update process started at Fri Oct 23 11:42:43 2009 >> main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, >> builder: sven) daily.cld is up to date (version: 9930, sigs: >> 92347, f-level: 43, builder: guitar) LibClamAV Error: >> mpool_malloc(): Attempt to allocate 2097152 bytes. Please report >> to http://bugs.clamav.net LibClamAV Error: cli_ac_addpatt: Can't >> realloc ac_pattable LibClamAV Error: cli_parse_add(): Problem >> adding signature (3). LibClamAV Error: Problem parsing database >> at line 2880 LibClamAV Error: Can't load >> /var/lib/clamav/scamnailer.ndb: Malformed database ERROR: >> Malformed database >> >> Clamav 0.95.2 > > I am not sure how the script you are using works; however, you > could try this. > > 1) Locate the offending signature file(s) A) Check if copies of the > original downloaded files are still there 2) Delete them 3) Restart > clamav 4) See if any errors are reported 5) Run you script with > full logging if possible 6) Check the clamav log to see if the > files were correctly loaded. > already done. if i delete offendig file, clamd starting ok. i'm using bill landry' script version 3.5 i've also tried to manually donwload signature file from original source: wget http://www.mailscanner.eu/scamnailer.ndb same error when i restart clamd: LibClamAV Error: mpool_malloc(): Attempt to allocate 2097152 bytes. Please report to http://bugs.clamav.net LibClamAV Error: cli_ac_addpatt: Can't realloc ac_pattable LibClamAV Error: cli_parse_add(): Problem adding signature (3). LibClamAV Error: Problem parsing database at line 1871 LibClamAV Error: Can't load /var/lib/clamav/scamnailer.ndb: Malformed database ERROR: Malformed database -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkrhiRMACgkQ8FtMlUNHQIO6IACffrKPodSXtlLDpoQohTTAq4xH pK8AoKnYyNy62XtTPbTbO7IPLMPqzh7I =fn8a -----END PGP SIGNATURE-----