mailhostcr2 ~ # clamscan MegaSAS.log --debug LibClamAV debug: searching for unrar, user-searchpath: /usr/lib64 LibClamAV debug: unrar support loaded from /usr/lib64/libclamunrar_iface.so.6.1.4 libclamunrar_iface_so_6_1 LibClamAV debug: Initialized 0.96.2 engine LibClamAV debug: Initializing phishcheck module LibClamAV debug: Phishcheck: Compiling regex: ^ *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$ LibClamAV debug: Phishcheck module initialized LibClamAV debug: Bytecode initialized in JIT mode LibClamAV debug: Loading databases from /var/lib/clamav LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = fad53de5357e9e0fe053afe917f215e6 LibClamAV debug: cli_versig: Decoded signature: fad53de5357e9e0fe053afe917f215e6 LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** LibClamAV debug: in cli_tgzload() LibClamAV debug: daily.info loaded LibClamAV debug: in cli_tgzload() LibClamAV debug: daily.cfg loaded LibClamAV debug: daily.ign loaded LibClamAV debug: daily.ign2 loaded LibClamAV debug: Initializing engine->root[0] LibClamAV debug: Initialising AC pattern matcher of root[0] LibClamAV debug: cli_initroots: Initializing BM tables of root[0] LibClamAV debug: Initializing engine->root[1] LibClamAV debug: Initialising AC pattern matcher of root[1] LibClamAV debug: cli_initroots: Initializing BM tables of root[1] LibClamAV debug: Initializing engine->root[2] LibClamAV debug: Initialising AC pattern matcher of root[2] LibClamAV debug: Initializing engine->root[3] LibClamAV debug: Initialising AC pattern matcher of root[3] LibClamAV debug: Initializing engine->root[4] LibClamAV debug: Initialising AC pattern matcher of root[4] LibClamAV debug: Initializing engine->root[5] LibClamAV debug: Initialising AC pattern matcher of root[5] LibClamAV debug: Initializing engine->root[6] LibClamAV debug: Initialising AC pattern matcher of root[6] LibClamAV debug: Initializing engine->root[7] LibClamAV debug: Initialising AC pattern matcher of root[7] LibClamAV debug: Initializing engine->root[8] LibClamAV debug: Initialising AC pattern matcher of root[8] LibClamAV debug: Initializing engine->root[9] LibClamAV debug: Initialising AC pattern matcher of root[9] LibClamAV debug: Loaded 117 filetype definitions LibClamAV debug: daily.ftm loaded LibClamAV debug: daily.db loaded LibClamAV debug: daily.hdb loaded LibClamAV debug: daily.hdu skipped LibClamAV debug: daily.mdb loaded LibClamAV debug: daily.mdu skipped LibClamAV debug: daily.ndb loaded LibClamAV debug: daily.ndu skipped LibClamAV debug: daily.ldb loaded LibClamAV debug: daily.zmd loaded LibClamAV debug: daily.idb loaded LibClamAV debug: daily.fp loaded LibClamAV debug: Loading regex_list LibClamAV debug: daily.pdb loaded LibClamAV debug: Loading regex_list LibClamAV debug: daily.wdb loaded LibClamAV debug: /var/lib/clamav/daily.cvd loaded LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 8fe3cc45c557e0a345009922d8932f09 LibClamAV debug: cli_versig: Decoded signature: 8fe3cc45c557e0a345009922d8932f09 LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV debug: in cli_tgzload() LibClamAV debug: safebrowsing.info loaded LibClamAV debug: in cli_tgzload() LibClamAV debug: Loading regex_list LibClamAV debug: safebrowsing.gdb loaded LibClamAV debug: /var/lib/clamav/safebrowsing.cvd loaded LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = a9a0a414477b114c59466a996142d92f LibClamAV debug: cli_versig: Decoded signature: a9a0a414477b114c59466a996142d92f LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV debug: in cli_tgzload() LibClamAV debug: bytecode.info loaded LibClamAV debug: in cli_tgzload() LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 8 APIcalls, maxapi 89 LibClamAV debug: Parsed 12 BBs, 42 instructions LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: Parsed 10 BBs, 47 instructions LibClamAV debug: unknown inst type: 67 LibClamAV debug: Parsed 9 BBs, 31 instructions LibClamAV debug: Parsed 3 BBs, 9 instructions LibClamAV debug: Parsed 4 functions LibClamAV debug: Bytecode 830620.cbc(1) has logical signature: BC.Heuristic.Trojan.SusPacked.BF-3.{A,B,C};Engine:51-255,IconGroup2:BIFROSE,Target:1;0;0:4d5a LibClamAV debug: 830620.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 7 APIcalls, maxapi 66 LibClamAV debug: unknown inst type: 67 LibClamAV debug: Parsed 19 BBs, 97 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 767944.cbc(2) has logical signature: BC.Win32.Patched.User32;Engine:52-255,Target:1;(0&((((5=0)|(4<2)|(4>2))&3&(2=0))|((4=0)&2))&1);VI:49006e007400650072006e0061006c004e0061006d006500000075007300650072003300;VI:43006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f007200610074006900;VI:460069006c006500560065007200730069006f006e000000000035002e00;VI:460069006c006500560065007200730069006f006e000000000036002e003000;*:41007000700049006e00690074005f0044004c004c0073;*:4c006f006100640041007000700049006e00690074005f0044004c004c00730000 LibClamAV debug: 767944.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 8 APIcalls, maxapi 65 LibClamAV debug: Parsed 47 BBs, 228 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 814800.cbc(3) has logical signature: BC.Exploit.CVE_2010_1885;Engine:52-255,Target:3;0;6863703a2f2f{25-700}736372697074{1-3}6465666572 LibClamAV debug: 814800.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 11 APIcalls, maxapi 66 LibClamAV debug: Parsed 55 BBs, 258 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 829571.cbc(4) has logical signature: BC.Exploit.CVE_2010_1885-2;Engine:52-255,Target:3;0;6863703a2f2f{25-700}736372697074{1-3}6465666572 LibClamAV debug: 829571.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 6 APIcalls, maxapi 42 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 66 LibClamAV debug: unknown inst type: 66 LibClamAV debug: Parsed 48 BBs, 220 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 824716.cbc(5) has logical signature: BC.Exploit.CVE_2010_2568.{};Target:0;0;4c0000000114020000000000c000000000000046 LibClamAV debug: 824716.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 7 APIcalls, maxapi 89 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: Parsed 11 BBs, 42 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 830429.cbc(6) has logical signature: BC.Heuristic.Trojan.SusPacked.BF.{};Engine:51-255,IconGroup2:BIFROSE,Target:1;0;EP+0:60be00??41008dbe00??feff57eb0b908a064688074701db75078b1e83eefc11db72edb80100000001db75078b1e83eefc11db11c001 LibClamAV debug: 830429.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 4 APIcalls, maxapi 16 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 68 LibClamAV debug: Parsed 12 BBs, 47 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 817795.cbc(7) has logical signature: BC.Exploit.CVE_2010_0815.{Exploit.CVE_2010_0815};Engine:52-255,Target:0;0;0:d0cf11e0a1b11ae1 LibClamAV debug: 817795.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: Skipping bytecode with (engine) functionality level 51-51 (current 54) LibClamAV debug: 767943.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 4 APIcalls, maxapi 16 LibClamAV debug: unknown inst type: 66 LibClamAV debug: Parsed 9 BBs, 31 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 817376.cbc(8) has logical signature: BC.XLS.Exploit.{CVE_2009_3129};Engine:52-255,Target:0;(0&(2|1));0:d0cf11e0a1b11ae1;*:57006f0072006b0062006f006f006b;*:42006f006f006b LibClamAV debug: 817376.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 6 APIcalls, maxapi 15 LibClamAV debug: Parsed 9 BBs, 93 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode 767942.cbc(9) has logical signature: BC.ClamAV-Test-File-detected-via-bytecode.{};Target:1;(0&2&1);0:4d5a50000200000004000f00ffff0000;EOF-544:4d5a50000200000004000f00ffff0000;S0+0:4d5a50000200000004000f00ffff0000 LibClamAV debug: 767942.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 8 APIcalls, maxapi 89 LibClamAV debug: Parsed 13 BBs, 43 instructions LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: Parsed 12 BBs, 51 instructions LibClamAV debug: unknown inst type: 67 LibClamAV debug: Parsed 9 BBs, 31 instructions LibClamAV debug: Parsed 3 BBs, 9 instructions LibClamAV debug: Parsed 4 functions LibClamAV debug: Bytecode 837393.cbc(10) has logical signature: BC.Heuristic.Trojan.SusPacked.BF-4.{A,B,C};Engine:51-255,IconGroup2:BIFROSE,Target:1;0;0:4d5a LibClamAV debug: 837393.cbc loaded LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 25 APIcalls, maxapi 68 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: Parsed 780 BBs, 7413 instructions LibClamAV debug: Parsed 3 BBs, 8 instructions LibClamAV debug: Parsed 2 functions LibClamAV debug: Bytecode 842839.cbc(11) has logical signature: BC.PDF.Parser-2.{MalwareFound};Target:0;(1|0|2);0:255044462d312e;0:252150532d41646f62652d??2e????5044462d;0,1024:255044462d;EOF-1024,1019:2525454f46;EOF-1280,1266:737461727478726566 LibClamAV debug: 842839.cbc loaded LibClamAV debug: last.hdb loaded LibClamAV debug: /var/lib/clamav/bytecode.cvd loaded LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 59b7133605b0857b1a76bfe8b3645ff5 LibClamAV debug: cli_versig: Decoded signature: 59b7133605b0857b1a76bfe8b3645ff5 LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV debug: in cli_tgzload() LibClamAV debug: main.info loaded LibClamAV debug: in cli_tgzload() LibClamAV debug: main.db loaded LibClamAV debug: Ignoring signature Exploit.PDF-552 LibClamAV debug: Ignoring signature Exploit.PDF-6064 LibClamAV debug: Ignoring signature Trojan.Agent-119128 LibClamAV debug: main.hdb loaded LibClamAV debug: Ignoring signature Trojan.Inject-601 LibClamAV debug: Ignoring signature Trojan.Agent-32909 LibClamAV debug: Ignoring signature Trojan.Dropper-16405 LibClamAV debug: Ignoring signature Worm.Downadup-282 LibClamAV debug: Ignoring signature Worm.Downadup-319 LibClamAV debug: Ignoring signature Trojan.Agent-121212 LibClamAV debug: Ignoring signature Trojan.Dropper-20544 LibClamAV debug: main.mdb loaded LibClamAV debug: Ignoring signature HTML.Phishing.Bank-22 LibClamAV debug: Ignoring signature HTML.Phishing.Pay-159 LibClamAV debug: Ignoring signature Worm.Stration.NS LibClamAV debug: Ignoring signature Email.Faketube LibClamAV debug: Ignoring signature Email.Phishing.DblDom-57 LibClamAV debug: Ignoring signature Email.Phishing.DblDom-78 LibClamAV debug: Ignoring signature Email.Phishing.DblDom-89 LibClamAV debug: Ignoring signature Email.Phishing.DblDom-91 LibClamAV debug: Ignoring signature Trojan.VB-3950 LibClamAV debug: Ignoring signature JS.Agent-35 LibClamAV debug: Ignoring signature Worm.Kido-23 LibClamAV debug: Ignoring signature W32.Virut-29 LibClamAV debug: Ignoring signature Exploit.PDF-34 LibClamAV debug: Ignoring signature Trojan.Pakes-2516 LibClamAV debug: main.ndb loaded LibClamAV debug: main.zmd loaded LibClamAV debug: main.fp loaded LibClamAV debug: /var/lib/clamav/main.cvd loaded LibClamAV debug: Using filter for trie 0 LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 6131 (reloff: 6, absoff: 0) BM sigs: 30022 (reloff: 15, absoff: 102) maxpatlen 470 LibClamAV debug: Using filter for trie 1 LibClamAV debug: Matcher[1]: PE: AC sigs: 13548 (reloff: 4446, absoff: 0) BM sigs: 46987 (reloff: 43043, absoff: 3944) maxpatlen 468 LibClamAV debug: Matcher[2]: OLE2: AC sigs: 1723 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 176 (ac_only mode) LibClamAV debug: Matcher[3]: HTML: AC sigs: 5783 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 461 (ac_only mode) LibClamAV debug: Using filter for trie 4 LibClamAV debug: Matcher[4]: MAIL: AC sigs: 1150 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 255 (ac_only mode) LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 26 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 227 (ac_only mode) LibClamAV debug: Matcher[6]: ELF: AC sigs: 22 (reloff: 4, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 304 (ac_only mode) LibClamAV debug: Using filter for trie 7 LibClamAV debug: Matcher[7]: ASCII: AC sigs: 1534 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 467 (ac_only mode) LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: MD5 sigs (files): 43602 LibClamAV debug: MD5 sigs (PE sections): 675833 LibClamAV debug: Building regex list LibClamAV debug: Using filter for trie 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: Building regex list LibClamAV debug: Using filter for trie 0 LibClamAV debug: hashtab: Freeing hashset, elements: 340384, capacity: 1048576 LibClamAV debug: Converting hashset to array: 39990 entries LibClamAV debug: hashtab: Freeing hashset, elements: 39990, capacity: 65536 LibClamAV debug: Dynamic engine configuration settings: LibClamAV debug: -------------------------------------- LibClamAV debug: Module PE: On LibClamAV debug: * Submodule PARITE: On LibClamAV debug: * Submodule KRIZ: On LibClamAV debug: * Submodule MAGISTR: On LibClamAV debug: * Submodule POLIPOS: On LibClamAV debug: * Submodule MD5SECT: On LibClamAV debug: * Submodule UPX: On LibClamAV debug: * Submodule FSG: On LibClamAV debug: * Submodule SWIZZOR: On LibClamAV debug: * Submodule PETITE: On LibClamAV debug: * Submodule PESPIN: On LibClamAV debug: * Submodule YC: On LibClamAV debug: * Submodule WWPACK: On LibClamAV debug: * Submodule NSPACK: On LibClamAV debug: * Submodule MEW: On LibClamAV debug: * Submodule UPACK: On LibClamAV debug: * Submodule ASPACK: On LibClamAV debug: Module ELF: On LibClamAV debug: Module MACHO: On LibClamAV debug: Module ARCHIVE: On LibClamAV debug: * Submodule RAR: On LibClamAV debug: * Submodule ZIP: On LibClamAV debug: * Submodule GZIP: On LibClamAV debug: * Submodule BZIP: On LibClamAV debug: * Submodule ARJ: On LibClamAV debug: * Submodule SZDD: On LibClamAV debug: * Submodule CAB: On LibClamAV debug: * Submodule CHM: On LibClamAV debug: * Submodule OLE2: On LibClamAV debug: * Submodule TAR: On LibClamAV debug: * Submodule CPIO: On LibClamAV debug: * Submodule BINHEX: On LibClamAV debug: * Submodule SIS: On LibClamAV debug: * Submodule NSIS: On LibClamAV debug: * Submodule AUTOIT: On LibClamAV debug: * Submodule ISHIELD: On LibClamAV debug: * Submodule 7zip: On LibClamAV debug: Module DOCUMENT: On LibClamAV debug: * Submodule HTML: On LibClamAV debug: * Submodule RTF: On LibClamAV debug: * Submodule PDF: On LibClamAV debug: * Submodule SCRIPT: On LibClamAV debug: * Submodule HTMLSKIPRAW: On LibClamAV debug: * Submodule JSNORM: On LibClamAV debug: Module MAIL: On LibClamAV debug: * Submodule MBOX: On LibClamAV debug: * Submodule TNEF: On LibClamAV debug: Module OTHER: On LibClamAV debug: * Submodule UUENCODED: On LibClamAV debug: * Submodule SCRENC: On LibClamAV debug: * Submodule RIFF: On LibClamAV debug: * Submodule JPEG: On LibClamAV debug: * Submodule CRYPTFF: On LibClamAV debug: * Submodule DLP: On LibClamAV debug: * Submodule MYDOOMLOG: On LibClamAV debug: * Submodule PREFILTERING: On LibClamAV debug: Module PHISHING On LibClamAV debug: * Submodule ENGINE: On LibClamAV debug: * Submodule ENTCONV: On LibClamAV debug: Module BYTECODE On LibClamAV debug: * Submodule INTERPRETER: On LibClamAV debug: * Submodule JIT X86: On LibClamAV debug: * Submodule JIT PPC: On LibClamAV debug: * Submodule JIT ARM: ** Off ** Segmentation fault (core dumped)