0006341: clamonacc: LibClamAV Warning: Unsupported message format `global' -if you believe this file contains a virus, ... - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0006341	Kali Linux	General Bug	public	2020-04-30 06:21	2020-12-01 10:41

Reporter	RoseDeSable	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	open
Product Version	kali-dev

Summary	0006341: clamonacc: LibClamAV Warning: Unsupported message format `global' -if you believe this file contains a virus, ...
Description	Hello, my clamonacc is speaking about the local port 10000 with the clamav-daemon: tcp 0 0 127.0.0.1:10000 0.0.0.0:* LISTEN 894/clamd <== netstat output After the start of clamonacc the first test with eicar.com is correct. After a while I make a second test. Now I find the message in the subject in my syslog: Apr 30 06:45:46 myKaliLinux clamd[894]: LibClamAV Warning: Unsupported message format `global' - if you bel> Apr 30 06:45:46 myKaliLinux clamd[894]: LibClamAV Warning: Unsupported message format`global' - if you bel> Apr 30 06:45:44 myKaliLinux clamd[14178]: /root/downloads/eicar.com: winnow.malware.test.eicar.com.UNOFFICI> Apr 30 06:45:44 myKaliLinux clamd[894]: instream(127.0.0.1@40076): winnow.malware.test.eicar.com.UNOFFICIAL> Apr 30 06:45:44 myKaliLinux clamd[894]: Thu Apr 30 06:45:44 2020 -> instream(127.0.0.1@40076): winnow.malwa> Apr 30 06:45:44 myKaliLinux clamd[14178]: ClamMisc: $/proc/14262 vanished before UIDs could be exclCClamMis> Apr 30 06:45:44 myKaliLinux clamd[894]: instream(127.0.0.1@40062): winnow.malware.test.eicar.com.UNOFFICIAL> Apr 30 06:45:44 myKaliLinux clamd[894]: Thu Apr 30 06:45:44 2020 -> instream(127.0.0.1@40062): winnow.malwa The process 14178 is clamonacc and the number 894 is the clamav-daemon. I write the content of clamonacc's log into a named pipe: clamonacc -F 2>&1 1>/var/log/clamav/clamonacc.log From here I filter out the log and write it into the syslog with the tag of clamd: ./filter_log.bash -i /var/log/clamav/clamonacc.log \| systemd-cat -t clamd After the failure message both processes crunch a lot of cpu: `PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 894 clamav 20 0 1734360 1,2g 6996 S 3,3 15,8 4:16.98 clamd` 69048 root 20 0 5940 956 840 R 1,3 0,0 0:00.04 sed 59447 root 20 0 539048 42544 8568 S 1,0 0,5 0:06.35 clamonacc The process 'sed' is a part of the filter. It deletes the message "ClamMisc: $/proc/.... vanished before UIDs could be excluded; scanning anyway", because these would spam my syslog. clamav is on 0.102.2+dfsg-2 What's to do ? By Rose

g0tmi1k 2020-12-01 10:41 administrator ~0013743	This report has been filed against an old version of Kali. We will be closing this ticket due to inactivity. Please could you see if you are able to replicate this issue with the latest version of Kali Linux (https://www.kali.org/downloads/)? If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing, and also give information about your setup? For more information, please read: https://kali.training/topic/filing-a-good-bug-report/

Date Modified	Username	Field	Change
2020-04-30 06:21	RoseDeSable	New Issue
2020-12-01 10:41	g0tmi1k	Note Added: 0013743
2020-12-01 10:41	g0tmi1k	Status	new => closed