Malformed clamav database
Clamav error listed below generated every 2 or 3 seconds.
Apr 19 16:18:11 bni org.clamav.clamd[64556]: LibClamAV Warning: **************************************************
Apr 19 16:18:11 bni org.clamav.clamd[64556]: LibClamAV Warning: *** The virus database is older than 7 days! ***
Apr 19 16:18:11 bni org.clamav.clamd[64556]: LibClamAV Warning: *** Please update it as soon as possible. ***
Apr 19 16:18:11 bni org.clamav.clamd[64556]: LibClamAV Warning: **************************************************
Apr 19 16:18:11 bni org.clamav.clamd[64556]: LibClamAV Error: cli_loadinfo: Digital signature not found
Apr 19 16:18:11 bni org.clamav.clamd[64556]: LibClamAV Error: Can't load daily.info: Malformed database
Apr 19 16:18:11 bni org.clamav.clamd[64556]: LibClamAV Error: cli_tgzload: Can't load daily.info
Apr 19 16:18:11 bni org.clamav.clamd[64556]: LibClamAV Error: Can't load /var/clamav/daily.cvd: Malformed database
Apr 19 16:18:11 bni org.clamav.clamd[64556]: ERROR: Malformed database
Apr 19 16:18:11 bni com.apple.launchd[1] (org.clamav.clamd[64556]): Exited with exit code: 1
Apr 19 16:18:11 bni com.apple.launchd[1] (org.clamav.clamd): Throttling respawn: Will start in 10 seconds
Apr 19 16:18:13 bni jabberd/c2s[333]: [7] [::ffff:192.168.0.241, port=64398] connect
Apr 19 16:18:13 bni jabberd/c2s[333]: SASL callback for non-existing host: bni.private
Apr 19 16:18:13 bni jabberd/c2s[333]: [7] [::ffff:192.168.0.241, port=64398] disconnect jid=unbound, packets: 0
Apr 19 16:18:15 bni com.apple.wikid.mailinglists[64557]: mail:status = "list-updated"
Apr 19 16:18:16 bni jabberd/c2s[333]: [7] [::ffff:192.168.0.241, port=64399] connect
Apr 19 16:18:16 bni jabberd/c2s[333]: SASL callback for non-existing host: bni.private
Apr 19 16:18:16 bni jabberd/c2s[333]: [7] [::ffff:192.168.0.241, port=64399] disconnect jid=unbound, packets: 0
Apr 19 16:18:19 bni jabberd/c2s[333]: [7] [::ffff:192.168.0.241, port=64402] connect
Apr 19 16:18:19 bni jabberd/c2s[333]: SASL callback for non-existing host: bni.private
Apr 19 16:18:19 bni jabberd/c2s[333]: [7] [::ffff:192.168.0.241, port=64402] disconnect jid=unbound, packets: 0
Any thoughts to correct would be appreciated.
JB
JB - today, I have been disecting this issue at hand. Here's my fix
The noise from the Console (process restarting every few seconds, a good reason, but poor messages on how to fix or what is the real issues!):
Console
9/11/11 11:37:36 AM org.clamav.clamd[1623] LibClamAV Warning: **************************************************
9/11/11 11:37:36 AM org.clamav.clamd[1623] LibClamAV Warning: *** The virus database is older than 7 days! ***
9/11/11 11:37:36 AM org.clamav.clamd[1623] LibClamAV Warning: *** Please update it as soon as possible. ***
9/11/11 11:37:36 AM org.clamav.clamd[1623] LibClamAV Warning: **************************************************
9/11/11 11:37:36 AM org.clamav.clamd[1623] LibClamAV Error: cli_loadinfo: Digital signature not found
9/11/11 11:37:36 AM org.clamav.clamd[1623] LibClamAV Error: Can't load daily.info: Malformed database
9/11/11 11:37:36 AM org.clamav.clamd[1623] LibClamAV Error: cli_tgzload: Can't load daily.info
9/11/11 11:37:36 AM org.clamav.clamd[1623] LibClamAV Error: Can't load /var/clamav/daily.cvd: Malformed database
9/11/11 11:37:36 AM org.clamav.clamd[1623] ERROR: Malformed database
9/11/11 11:37:36 AM com.apple.launchd[1] (org.clamav.clamd[1623]) Exited with exit code: 1
9/11/11 11:37:36 AM com.apple.launchd[1] (org.clamav.clamd) Throttling respawn: Will start in 10 seconds
9/11/11 11:37:46 AM org.clamav.clamd[1626] LibClamAV Warning: ***********************************************************
9/11/11 11:37:46 AM org.clamav.clamd[1626] LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
9/11/11 11:37:46 AM org.clamav.clamd[1626] LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
9/11/11 11:37:46 AM org.clamav.clamd[1626] LibClamAV Warning: ***********************************************************
9/11/11 11:37:47 AM org.clamav.clamd[1626] LibClamAV Warning: ***********************************************************
9/11/11 11:37:47 AM org.clamav.clamd[1626] LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
9/11/11 11:37:47 AM org.clamav.clamd[1626] LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
9/11/11 11:37:47 AM org.clamav.clamd[1626] LibClamAV Warning: ***********************************************************
Console - quiet now - haha for a few minutes
9/11/11 11:37:53 AM org.clamav.clamd[1626] Limits: Global size limit set to 104857600 bytes.
9/11/11 11:37:53 AM org.clamav.clamd[1626] Limits: File size limit set to 26214400 bytes.
9/11/11 11:37:53 AM org.clamav.clamd[1626] Limits: Recursion level limit set to 16.
9/11/11 11:37:53 AM org.clamav.clamd[1626] Limits: Files limit set to 10000.
9/11/11 11:37:53 AM org.clamav.clamd[1626] Archive support enabled.
9/11/11 11:37:53 AM org.clamav.clamd[1626] Algorithmic detection enabled.
9/11/11 11:37:53 AM org.clamav.clamd[1626] Portable Executable support enabled.
9/11/11 11:37:53 AM org.clamav.clamd[1626] ELF support enabled.
9/11/11 11:37:53 AM org.clamav.clamd[1626] Mail files support enabled.
9/11/11 11:37:53 AM org.clamav.clamd[1626] OLE2 support enabled.
9/11/11 11:37:53 AM org.clamav.clamd[1626] PDF support enabled.
9/11/11 11:37:53 AM org.clamav.clamd[1626] HTML support enabled.
9/11/11 11:37:53 AM org.clamav.clamd[1626] Self checking every 600 seconds.
9/11/11 11:37:53 AM org.clamav.clamd[1626] Set stacksize to 1048576
Fixed by running: freshclam
Run Program: Terminal Window -> type: sudo freshclam
mac-001:~ ladmin$ sudo su
Password:
sh-3.2# freshclam
ClamAV update process started at Sun Sep 11 11:36:53 2011
Downloading main-52.cdiff [100%]
Downloading main-53.cdiff [100%]
main.cld updated (version: 53, sigs: 846214, f-level: 53, builder: sven)
WARNING: getfile: daily-9451.cdiff not found on remote server (IP: 200.236.31.1)
WARNING: getpatch: Can't download daily-9451.cdiff from database.clamav.net
WARNING: getfile: daily-9451.cdiff not found on remote server (IP: 208.72.56.53)
WARNING: getpatch: Can't download daily-9451.cdiff from database.clamav.net
WARNING: getfile: daily-9451.cdiff not found on remote server (IP: 69.12.162.28)
WARNING: getpatch: Can't download daily-9451.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
[LibClamAV] ***********************************************************
[LibClamAV] *** This version of the ClamAV engine is outdated. ***
[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
[LibClamAV] ***********************************************************
daily.cvd updated (version: 13600, sigs: 190348, f-level: 60, builder: guitar)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 58, recommended = 60
DON'T PANIC! Read http://www.clamav.net/support/faq
Downloading bytecode.cvd [100%]
[LibClamAV] ***********************************************************
[LibClamAV] *** This version of the ClamAV engine is outdated. ***
[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
[LibClamAV] ***********************************************************
bytecode.cvd updated (version: 144, sigs: 41, f-level: 60, builder: edwin)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 58, recommended = 60
DON'T PANIC! Read http://www.clamav.net/support/faq
Database updated (1036603 signatures) from database.clamav.net (IP: 150.214.142.197)
sh-3.2#
Back to Console Log
so after 10 minutes I get this now
9/11/11 11:47:53 AM org.clamav.clamd[1626] No stats for Database check - forcing reload
9/11/11 11:47:53 AM org.clamav.clamd[1626] Reading databases from /var/clamav
9/11/11 11:47:53 AM org.clamav.clamd[1626] LibClamAV Warning: ***********************************************************
9/11/11 11:47:53 AM org.clamav.clamd[1626] LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
9/11/11 11:47:53 AM org.clamav.clamd[1626] LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
9/11/11 11:47:53 AM org.clamav.clamd[1626] LibClamAV Warning: ***********************************************************
9/11/11 11:47:54 AM org.clamav.clamd[1626] LibClamAV Warning: ***********************************************************
9/11/11 11:47:54 AM org.clamav.clamd[1626] LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
9/11/11 11:47:54 AM org.clamav.clamd[1626] LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
9/11/11 11:47:54 AM org.clamav.clamd[1626] LibClamAV Warning: ***********************************************************
9/11/11 11:48:00 AM org.clamav.clamd[1626] Database correctly reloaded (1035192 signatures)
What Steps did I take and what versions do I have now on my Mac Server Snow 10.6.8 ?
This is what I did:
1. downloaded the Mark's Version (latest one)
2. downloaded & Installed the Calav - apple open source site to get latest "Engine"
Oh, you can reload the entire ClamAv on your Mac Server by the Apple Open Source Site:
http://www.apple.com/opensource/
clamav
clamav
0.97
Server
3. downloaded the stable version of Mark's "ClamXav" using the base 'Clamav' from apple standard.
http://www.clamxav.com/download.php
4. Installed Mark's current version. See Settings for new folder to quarantine.
okay, to be continued...
Best Regards,
TJ
Similar Messages
-
Logical delete in database adapter
Hello
I was wondering if someone has solution the problem with polling database. You can specify the logical delete column and you can give values for READ, UNREAD and RESERVED states. The problem is that when for example ESB project polls some specific table and starts an instance for every new row with specified logical delete field with value UNREAD, when something unexpected happens and something goes wrong the database adapter updates the row with READ value. This is problematic if we have thousands of rows, and we would like to separate the errored rows from the successfully read rows. Is there anyway (easy) way to update those rows that went wrong to some other value than READ?
I don't know if anyone understood me, but just for clarification here's a example:
I have a ESB-project which poll specific database table and parses and XML from the data. After this the ESB-project sends the data to some Web Service. The database table has column CONDITION_CODE in which value 0 means unread and value 1 means read. Now if everything goes fine there is no problems. But if the Web Service is unavailable or the data is malformed, the database adapter still updates the CONDITION_CODE to 1! We have no ways (except to listen ESB_ERROR topic and implement some error handling there) to know what rows were successfully delivered and which were not...
Hope I was able to clarify the problem... And I hope someone could be able to provide me with answer.
Best Regards TuomasDid you use the RESERVED value property? How about the transaction mechanism? Do you have global transactions? I gues you would have to use them!
-
I've been following (roughly) the simple virus scanner interface that SUN provides, and adapted it into a slightly heavier weight filter that interfaces with libclamav. At first both were compiled using GCC, and I thought due to some of the weird problems I had when debugging flags were inserted, maybe Sun Studio would give better results. It hasn't, and I'm at a bit of a loss as to what to do next.
The symptom is that parts of the message just dissapear, and I see the old mime boundaries within the message body, so it seems like there's some pointer indicating where the message starts that's being corrupted by something in my code.
Interestingly, if I stop processing the message while still inside the headers, there is no problem, but that's not a very effective virus scanner if it can only look at the content type and filename of the part now is it?
This happens regardless of whether I use GCC or CC, and I'm using 0.88.1 of clamav. The output message is shown last. It should be fairly obvious what's wrong with it.
Here's my code, perhaps someone can tell me what I'm doing wrong.
** WARNING ** This IS NOT polished code, so please don't expect it to be perfect. It's clean, but includes absolute pathnames, and some other nauties that should be removed before anyone even thinks of reusing this. Once it actually works, I'll do the nessisary code cleanup, and release this to the community to do whatever anyone wants with.
Makefile
SERVER_ROOT=/opt/SUNWmsgsr
INSTALL_LOCATION=/var/opt/SUNWmsgsr/site-programs/
INCLUDE=-I${SERVER_ROOT}/include
LIBPATH=-L${SERVER_ROOT}/lib
CLAMLIBS=`/usr/local/bin/clamav-config --libs` -lclamav
CLAMFLAGS=`/usr/local/bin/clamav-config --cflags`
LIBS=-lmtasdk ${CLAMLIBS}
FLAGS=${CLAMFLAGS}
all:
cc ${FLAGS} -o msgsr_clamav msgsr_clamav.c \
${INCLUDE} ${LIBPATH} ${LIBS}
install:
cp msgsr_clamav ${INSTALL_LOCATION}
cp msgsr_clamav.cnf ${INSTALL_LOCATION}************************************************
Expansions
CLAMLIBS=-L/usr/local/lib -lz -lbz2 -lpthread -lclamav
CLAMFLAGS=-I/usr/local/include -xO4************************************************
msgsr_clamav.c
* msgsr_clamav
* Interface the Sun Java System Message Server with LibClamAV
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <pthread.h>
#include "clamav.h" // LibClamAV Header
#include "mtasdk.h"
* A structure to store channel options
typedef struct {
/* Produce debug output? */
int debug;
// Maximum size (in bytes) attachment to scan
int scan_maxsize;
// Scan recursion level
int scan_recursion_level;
// Max files
int scan_maxfiles;
// Path to ClamAV Virus Database
char db_dir[BIGALFA_SIZE+3];
// Used Internally by ClamAV. Stored here for ease of access
struct cl_node *root;
unsigned int signo;
struct cl_stat dbstat;
pthread_mutex_t reload_mutex;
// MIME types to ignore
char ignore_mime_types[BIGALFA_SIZE+3];
// Types of files to ignore
char ignore_file_types[BIGALFA_SIZE+3];
/* Unwanted MIME content types (ALWAYS stripped, never scanned) */
char bad_mime_types[BIGALFA_SIZE+3];
/* Unwanted file types (ALWAYS stripped, never scanned)*/
char bad_file_types[BIGALFA_SIZE+3];
/* Length of bmt string */
size_t bmt_len;
/* Length of bft string */
size_t bft_len;
} our_options_t;
// A structure passed per message to contain message specific data, including open files, etc.
typedef struct {
// The filename of the temp file in use so it can be unlinked when we're done with it.
char temp_file_name[BIGALFA_SIZE * 2 + 10];
// The file * to the temp file in use, so we don't have to reopen it across calls to decode_inspect
FILE *temp_file;
// A pointer to the single instance of our_options_t that is shared across all threads
our_options_t * options;
} msg_temp_data_t;
* Forward declarations
static void error_exit(int ires, const char *msg);
static void error_report(our_options_t *options, int ires, const char *func);
static void error_reports(our_options_t *options, const char* errStr, const char *func);
static int is_bad_mime_type(our_options_t *options, mta_decode_t *dctx, char *buf, size_t maxbuflen);
static int is_bad_file_type(our_options_t *options, mta_opt_t *params, const char *param_name, char *buf, size_t maxbuflen);
static int load_options(our_options_t *options);
static mta_dq_process_message_t process_message;
static mta_decode_read_t decode_read;
static mta_decode_inspect_t decode_inspect;
* main() -- Initialize the MTA SDK, load our options, and then
* start the message processing loop.
int main()
int ires,ret;
char error_msg[BIGALFA_SIZE+3];
our_options_t options;
* Initialize the MTA SDK
* See explanatory comment 1
if ((ires = mtaInit(0)))
error_exit(ires, "Unable to initialize the MTA SDK");
* Load our channel options
* See explanatory comment 2
if ((ires = load_options(&options)))
error_exit(ires, "Unable to load our channel options");
* Initialize the ClamAV Virus Engine and Database
// Preconditions to initializing the ClamAV database
options.root=NULL; options.signo=0;
// Load the virus database
mtaLog("cl_loaddbdir() loading database from %s",options.db_dir);
if ((ret = cl_loaddbdir(options.db_dir, &options.root, &options.signo)))
sprintf(error_msg,"cl_loaddbdir() error: %s", cl_strerror(ret));
error_exit(MTA_NO,error_msg);
mtaLog("cl_loaddbdir() loaded %d virus definitions",options.signo);
// Internalize the virus database structure
mtaLog("cl_build() initializing database");
if((ret = cl_build(options.root)))
sprintf(error_msg,"cl_build() error: %s", cl_strerror(ret));
error_exit(MTA_NO,error_msg);
// Keep track of database updates
memset(&options.dbstat, 0, sizeof(struct cl_stat));
cl_statinidir(options.db_dir, &options.dbstat);
// Initialize our reload mutex
if (ret = pthread_mutex_init(&options.reload_mutex,NULL))
sprintf(error_msg,"pthread_mutex_init() error: %d", ret);
error_exit(MTA_NO,error_msg);
* Now process the queued messages. Be sure to indicate a
* thread stack size sufficient to accomodate message
* enqueue processing.
* See explanatory comment 3
if ((ires = mtaDequeueStart((void *)&options,
process_message, NULL, 0)))
error_exit(ires, "Error during dequeue processing");
* All done
cl_free(options.root);
mtaDone();
return(0);
*Reloads the virus database and re-initializes the in memory structure
* Loads a new virus database, then if all succeeds, it
* swaps the new database with the old one. It's assumed
* clamav releases the database gracefully, but another mutex
* may be required if this is not the case.
static int reload_database(our_options_t *options)
struct cl_node *newroot = NULL,*oldroot;
char error_msg[BIGALFA_SIZE+3];
int ret;
unsigned int signo=0;
if (pthread_mutex_trylock(&options->reload_mutex)) { // Only one reload at a time thank you.
if(cl_statchkdir(&options->dbstat) == 1) { // Make sure we actually need an update
mtaLog("reload_database() Virus database is stale... reloading");
mtaLog("cl_loaddbdir() reloading database from %s",options->db_dir);
// Load the new virus database
if ((ret = cl_loaddbdir(options->db_dir, &newroot, &signo)))
mtaLog("cl_loaddbdir() error: %s", cl_strerror(ret));
return (-1);
mtaLog("cl_loaddbdir() loaded %d virus definitions",options->signo);
// Internalize the virus database structure
mtaLog("cl_build() re-initializing database");
if((ret = cl_build(newroot)))
mtaLog("cl_build() error: %s", cl_strerror(ret));
mtaLog("reload_database() Database reload aborted");
cl_free(newroot);
return (-2);
// Save a pointer to the old root
oldroot = options->root;
// Swap in the new root and signo
options->root = newroot;
options->signo = signo;
// Release the old root
cl_free(oldroot);
mtaLog("database_reload() Successfully loaded new virus database");
// Keep track of database updates
cl_statfree(&options->dbstat);
cl_statinidir(options->db_dir, &options->dbstat);
pthread_mutex_unlock(&options->reload_mutex);
* process_message() -- This routine is called by
* mtaDequeueStart() to process each queued
* message. We don稚 make use of ctx2, but
* ctx1 is a pointer to our channel options.
* See explanatory comment 4
static int process_message(void **ctx2, void *ctx1, mta_dq_t *dq, const char *env_from, size_t env_from_len)
const char *adr;
int disp, ires;
size_t len;
mta_nq_t *nq;
msg_temp_data_t msg_data;
* Initializations
nq = NULL;
msg_data.options = (our_options_t *)ctx1;
msg_data.temp_file = NULL;
* Check the virus database to make sure it isn't stale
* If it it's not currently reloading, and is stale, reload it.
//if(cl_statchkdir(&(msg_data.options->dbstat)) == 1)
// reload_database(msg_data.options);
* A little macro to do error checking on mta*() calls
#define CHECK(f,x) \
if ((ires = x)) { error_report(msg_data.options, ires, f); goto \
done_bad; }
* Start a message enqueue. Use the dequeue context to copy
* envelope flags fromt the current message to this new
* message being enqueued.
* See explanatory comment 5
CHECK("mtaEnqueueStart", mtaEnqueueStart(&nq, env_from, env_from_len, MTA_DQ_CONTEXT, dq, 0));
* Process the envelope recipient list
* See explanatory comment 6
while (!(ires = mtaDequeueRecipientNext(dq, &adr, &len, 0)))
* Add this envelope recipient address to the message
* being enqueued. Use the dequeue context to copy
* envelope flags for this recipient from the current
* message to the new message.
ires = mtaEnqueueTo(nq, adr, len, MTA_DQ_CONTEXT,
dq, MTA_ENV_TO, 0);
/* See explanatory comment 7 */
disp = (ires) ? MTA_DISP_DEFERRED : MTA_DISP_RELAYED;
CHECK("mtaDequeueRecipientDisposition", mtaDequeueRecipientDisposition(dq, adr, len,disp, 0));
* A normal exit from the loop occurs when
* mtaDequeueRecipientNext() returns an MTA_EOF status.
* Any other status signifies an error.
if (ires != MTA_EOF)
error_report(msg_data.options, ires, "mtaDequeueRecipientNext");
goto done_bad;
* Begin the MIME decode of the message
* See explanatory comment 8
CHECK("mtaDecodeMessage",
mtaDecodeMessage(
/* Private context is our message data structure */
(void *)&msg_data,
/* Input is the message being dequeued */
MTA_DECODE_DQ, (void *)dq,
/* Output is the message being enqueued */
MTA_DECODE_NQ, (void *)nq,
/* Inspection routine */
decode_inspect,
/* Convert non-MIME formats to MIME */
MTA_DECODE_THURMAN,
0));
* Finish the enqueue
* NOTE: IT担 IMPORTANT TO DO THIS before DOING THE
* DEQUEUE. YOU WILL LOSE MAIL IF YOU DO THE DEQUEUE FIRST
* and then THE ENQUEUE FAILS.
* See explanatory text 9
CHECK("mtaEnqueueFinish", mtaEnqueueFinish(nq, 0));
nq = NULL;
* Finish the dequeue
CHECK("mtaDequeueFinish", mtaDequeueMessageFinish(dq, 0));
* All done with this message
return(MTA_OK);
done_bad:
* Abort any ongoing enqueue or dequeue
if (nq)
mtaEnqueueFinish(nq, MTA_ABORT, 0);
if (dq)
mtaDequeueMessageFinish(dq, MTA_ABORT, 0);
* And return our error status
return(ires);
#undef CHECK
* decode_inspect() -- This is the routine that inspects each
* message part, deciding whether to accept
* or reject it.
* See explanatory comment 10
static int decode_inspect(void *ctx, mta_decode_t *dctx, int data_type,const char *data, size_t data_len)
char buf[BIGALFA_SIZE * 2 + 10];
const char *virname;
int i;
static unsigned int part_c = 1;
msg_temp_data_t *msg_data = (msg_temp_data_t *)ctx;
strncpy(buf,data,data_len);
buf[data_len] = 0;
mtaLog("decode_inspect() (%d,%ud): %s",data_type,dctx,buf);
switch (data_type)
case MTA_DATA_HEADER:
* See if the part has:
* 1. A bad MIME content-type,
* 2. A bad file name extension in the (deprecated)
* NAME= content-type parameter, or
* 3. A bad file name extension in the
* FILENAME= content-disposition parameter.
i = 0;
if ((i = is_bad_mime_type((void *)msg_data->options, dctx, buf, sizeof(buf))) ||
is_bad_file_type((void *)msg_data->options,mtaDecodeMessageInfoParams(dctx,MTA_DECODE_CTYPE_PARAMS, NULL),"NAME", buf, sizeof(buf)) ||
is_bad_file_type((void *)msg_data->options,mtaDecodeMessageInfoParams(dctx,MTA_DECODE_CDISP_PARAMS, NULL),"FILENAME", buf, sizeof(buf)))
char msg[BIGALFA_SIZE*4 + 10];
* Replace this part with a text message indicating
* that the part痴 content has been deleted.
* See explanatory comment 11
if (i)
i = sprintf(msg,
"The content of this message part has been removed.\n"
"It contained a potentially harmful media type of %.*s",
strlen(buf)-2, buf+1);
else
i = sprintf(msg,
"The content of this message part has been removed.\n"
"It contained a potentially harmful file named '%s'", buf);
mtaLog("decode_inspect(): %s",msg);
return(mtaDecodeMessagePartDelete(dctx,
MTA_REASON, msg, i,
MTA_DECODE_CTYPE, "text", 4,
MTA_DECODE_CSUBTYPE, "plain", 5,
MTA_DECODE_CCHARSET, "us-ascii", 8,
MTA_DECODE_CDISP, "inline", 6,
MTA_DECODE_CLANG, "en", 2, 0));
} break; // case MTA_DATA_HEADER:
case MTA_DATA_TEXT:
case MTA_DATA_BINARY:
if (msg_data->temp_file == NULL)
sprintf(msg_data->temp_file_name,"/tmp/%i.tmp",part_c++);
mtaLog("messageDecode(): Opening Temp File %s",msg_data->temp_file_name);
msg_data->temp_file = fopen(msg_data->temp_file_name,"wb");
fwrite(data,data_len,1,msg_data->temp_file);
return(MTA_OK);
break;
case MTA_DATA_NONE:
fflush(msg_data->temp_file);
fclose(msg_data->temp_file);
msg_data->temp_file = NULL;
struct cl_limits limits;
memset(&limits, 0, sizeof(struct cl_limits));
/* maximal number of files in archive */;
limits.maxfiles = 1000;
/* maximal archived file size */
limits.maxfilesize = 10 * 1048576; /* 10 MB */
/* maximal recursion level */
limits.maxreclevel = 5;
/* maximal compression ratio */
limits.maxratio = 200;
/* disable memory limit for bzip2 scanner */
limits.archivememlim = 0;
i = cl_scanfile(msg_data->temp_file_name, &virname, NULL, msg_data->options->root,&limits,CL_SCAN_STDOPT);
unlink (msg_data->temp_file_name);
if(i == CL_VIRUS) {
char msg[BIGALFA_SIZE*4 + 10];
size_t idlen;
i = sprintf(msg,
"The content of this message part has been removed.\n"
"It contained the virus %s in a file named '%s'", virname,buf);
mtaDequeueInfo(dctx,MTA_ENV_ID,&buf,&idlen);
buf[idlen] = '\0';
mtaLog("decode_inspect(): Detected %s virus in part %i of msg ID %s",virname,0,buf);
return(mtaDecodeMessagePartDelete(dctx,
MTA_REASON, msg, i,
MTA_DECODE_CTYPE, "text", 4,
MTA_DECODE_CSUBTYPE, "plain", 5,
MTA_DECODE_CCHARSET, "us-ascii", 8,
MTA_DECODE_CDISP, "inline", 6,
MTA_DECODE_CLANG, "en", 2, 0));
} else {
if(i != CL_CLEAN)
mtaLog("decode_inspect() Error: %s scanning file %s",cl_strerror(i),msg_data->temp_file_name);
else
mtaLog("decode_inspect(): Part in file %s is clean",msg_data->temp_file_name);
//return(mtaDecodeMessagePartCopy(dctx, 0));
return(MTA_OK); break;
return(MTA_OK);
* is_bad_mime_type() -- See if the part痴 media type is in our
* bad MIME content types, for example:
* application/vbscript
* See explanatory comment 13
static int is_bad_mime_type(our_options_t *options,
mta_decode_t *dctx, char *buf,
size_t maxbuflen)
const char *csubtype, *ctype;
size_t i, len1, len2;
char *ptr;
* Sanity checks
if (!options || !options->bmt_len ||
!options->bad_mime_types[0] ||
!dctx)
return(0);
* Get the MIME content type
ctype = mtaDecodeMessageInfoString(dctx, MTA_DECODE_CTYPE,NULL, &len1);
csubtype = mtaDecodeMessageInfoString(dctx,MTA_DECODE_CSUBTYPE,NULL, &len2);
* Build the string: <0x01>type/subtype<0x01><0x00>
ptr = buf;
*ptr++ = (char)0x01;
for (i = 0; i < len1; i++)
*ptr++ = tolower(*ctype++);
*ptr++ = '/';
for (i = 0; i < len2; i++)
*ptr++ = tolower(*csubtype++);
*ptr++ = (char)0x01;
*ptr = '\0';
* Now see if the literal just built occurs in the list of
* bad MIME content types
return((strstr(options->bad_mime_types, buf)) ? -1 : 0);
* is_bad_file_type() -- See if the part has an associated file
* name whose file extension is in our list
* of bad file names, such as .vbs.
* See explanatory comment 14
static int is_bad_file_type(our_options_t *options,
mta_opt_t *params,
const char *param_name, char *buf,
size_t maxbuflen)
const char *ptr1;
char fext[BIGALFA_SIZE+2], *ptr2;
size_t i, len;
* Sanity checks
if (!options || !options->bft_len || !params || !param_name)
return(0);
len = 0;
buf[0] = '\0';
if (mtaOptionString(params, param_name, 0, buf, &len,
maxbuflen - 1) ||
!len || !buf[0])
* No file name parameter specified
return(0);
* A file name parameter was specified. Parse it to
* extract the file extension portion, if any.
ptr1 = strrchr(buf, '.');
if (!ptr1)
* No file extension specified
return(0);
* Now store the string created earlier in fext[]
* Note that we drop the ・・from the extension.
ptr1++; /* Skip over the ・・*/
ptr2 = fext;
*ptr2++ = (char)0x01;
len = len - (ptr1 - buf);
for (i = 0; i < len; i++)
*ptr2++ = tolower(*ptr1++);
*ptr2++ = (char)0x01;
*ptr2++ = '\0';
* Now return -1 if the string occurs in
* options->bad_file_types.
return((strstr(options->bad_file_types, fext)) ? -1 : 0);
* load_options() -- Load our channel options from the channel痴
* option file
* See explanatory comment 15
static int load_options(our_options_t *options)
char buf[BIGALFA_SIZE+1];
size_t buflen, i;
mta_opt_t *channel_opts;
int ires;
const char *ptr0;
char *ptr1;
* Initialize the our private channel option structure
memset(options, 0, sizeof(our_options_t));
* Set internal defaults for important features
options->scan_maxsize = 10 * 1024 * 1024; // 10 MB
options->scan_recursion_level = 10;
options->scan_maxfiles = 200;
strcpy(options->db_dir,cl_retdbdir()); // Default ClamAV Directory
* Access the channel痴 option file
* See explanatory comment 16
channel_opts = NULL;
if ((ires = mtaOptionStart(&channel_opts, "/var/opt/SUNWmsgsr/site-programs/msgsr_clamav.cnf", 0, 0)))
mtaLog("Unable to access our channel option file");
return(ires);
* DEBUG=0|1
options->debug = 0;
mtaOptionInt(channel_opts, "DEBUG", 0, &options->debug);
if (options->debug)
mtaDebug(MTA_DEBUG_SDK, 0);
* BAD_MIME_TYPES=type1/subtype1[,type2/subtype2[,...]]
buf[0] = '\0';
mtaOptionString(channel_opts, "BAD_MIME_TYPES", 0, buf,
&buflen, sizeof(buf));
* Now translate the comma separated list:
* Type1/Subtype1[,Type2/Subtype2[,...]]
* to
*<0x01>type1/subtype1[<0x01>type2/subtype2[<0x01>...]]<0x01>
ptr0 = buf;
ptr1 = options->bad_mime_types;
*ptr1++ = (char)0x01;
for (i = 0; i < buflen; i++)
if (*ptr0 != ',')
*ptr1++ = tolower(*ptr0++);
else
*ptr1++ = (char)0x01;
ptr0++;
*ptr1++ = (char)0x01;
*ptr1 = '\0';
options->bmt_len = ptr1 - options->bad_mime_types;
* BAD_FILE_TYPES=["."]Ext1[,["."]Ext2[,...]]
buf[0] = '\0';
buflen = 0;
mtaOptionString(channel_opts, "BAD_FILE_TYPES", 0, buf,
&buflen, sizeof(buf));
* Now translate the comma separated list:
* ["."]Ext1[,["."]Ext2[,...]]
* to
* <0x01>ext1[<0x01>ext2[<0x01>...]]<0x01>
ptr0 = buf;
ptr1 = options->bad_file_types;
*ptr1++ = (char)0x01;
for (i = 0; i < buflen; i++)
switch(*ptr0)
default : /* copy after translating to lower case */
*ptr1++ = tolower(*ptr0++);
break;
case '.' : /* discard */
break;
case ',' : /* end current type */
*ptr1++ = (char)0x01;
ptr0++;
break;
*ptr1++ = (char)0x01;
*ptr1 = '\0';
options->bft_len = ptr1 - options->bad_file_types;
* Dispose of the mta_opt_t context
* See explanatory comment 17
mtaOptionFinish(channel_opts);
* And return a success
return(MTA_OK);
* error_report() ・Report an error condition when debugging is
* enabled.
static void error_report(our_options_t *options, int ires,
const char *func)
if (options->debug)
mtaLog("%s() returned %d; %s",
(func ? func : "?"), ires, mtaStrError(ires,0));
static void error_reports(our_options_t *options, const char* errStr,
const char *func)
if (options->debug)
mtaLog("%s() reported: %s",
(func ? func : "?"), errStr);
* error_exit() -- Exit with an error status and error message.
static void error_exit(int ires, const char *msg)
mtaLog("%s%s%s", (msg ? msg : ""), (msg ? "; " : ""),
mtaStrError(ires,0));
exit(1);
msgsr_clamav.cnf
DEBUG=1
BAD_MIME_TYPES=application/vbscript
BAD_FILE_TYPES=bat,pif,vb,vbs,chs,exe************************************************
broken message
Return-path: <[email protected]>
Received: from virusscan-daemon.apple.california.com by apple.california.com
(Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005))
id <[email protected]> for [email protected]; Thu,
20 Apr 2006 07:30:13 -0700 (PDT)
Received: from california.com ([209.159.129.16])
by apple.california.com (Sun Java System Messaging Server 6.2-3.04 (built Jul
15 2005)) with ESMTP id <[email protected]> for
[email protected]; Thu, 20 Apr 2006 07:30:05 -0700 (PDT)
Received: from [61.23.221.222] by apple.california.com (mshttpd); Thu,
20 Apr 2006 14:30:05 +0000 (GMT)
Content-return: allowed
Date: Thu, 20 Apr 2006 14:30:05 +0000 (GMT)
From: [email protected]
Subject: Re: testing
In-reply-to: <[email protected]>
To: [email protected]
Message-id: <[email protected]>
MIME-version: 1.0
X-Mailer: Sun Java(tm) System Messenger Express 6.2-3.04 (built Jul 15 2005)
Content-type: multipart/alternative;
boundary="Boundary_(ID_iOVR4MBjhWJn/mh7Ij+BUQ)"
Content-language: en
X-Accept-Language: en
Priority: normal
References: <[email protected]>
Original-recipient: rfc822;[email protected]
This is a multi-part message in MIME format.
--Boundary_(ID_iOVR4MBjhWJn/mh7Ij+BUQ)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
Content-disposition: inline
Data is missing from here
----ec04832708e231d6e2f
--Boundary_(ID_iOVR4MBjhWJn/mh7Ij+BUQ)
Content-type: text/html; charset=us-ascii
Content-transfer-encoding: quoted-printable
Content-disposition: inline
Data is missing from here
nal Message -----=3Cbr=3EFrom=3A chales=40california=2Ecom=3Cbr=3EDate=3A=
Thursday=2C April 20=2C 2006 11=3A19 pm=3Cbr=3ESubject=3A testing=3Cbr=3E=
To=3A chales=40california=2Ecom=3Cbr=3E=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B=
3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B 5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B=
7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B 9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B=
1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B 3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B=
5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B 7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B=
9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B 1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B=
3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B 5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B=
7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B 9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B=
1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B 3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B=
5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B 7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B=
9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B 1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B=
3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B 5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B=
7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B 9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B=
1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B 3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B=
5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B 7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B=
9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B 1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B=
3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B 5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B=
7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B 9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B=
1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B 3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B=
5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B 7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B=
9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B 1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B=
3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B 5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B=
7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B 9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B=
1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B 3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B=
5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B 7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B=
9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B 1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B=
3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B 5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B=
7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B 9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B=
1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B 3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B=
5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B 7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B=
9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B 1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B=
3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B 5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B=
7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B 9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B=
1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B 3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B=
5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B 7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B=
9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B 1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B=
3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B 5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B=
7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B 9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B=
1=3Cbr=3E=26gt=3B 2=3Cbr=3E=26gt=3B 3=3Cbr=3E=26gt=3B 4=3Cbr=3E=26gt=3B=
5=3Cbr=3E=26gt=3B 6=3Cbr=3E=26gt=3B 7=3Cbr=3E=26gt=3B 8=3Cbr=3E=26gt=3B=
9=3Cbr=3E=26gt=3B 0=3Cbr=3E=26gt=3B =3Cbr=3E=26gt=3B
----ec04832708e231d6e2f
--Boundary_(ID_iOVR4MBjhWJn/mh7Ij+BUQ)
Content-type: text/x-vcard; name=chales.vcf; charset=us-ascii
Content-transfer-encoding: base64
Content-disposition: attachment; filename=chales.vcf
Content-description: Card for <[email protected]>
bA0KdGVsO3dvcms6NTEwLTI4Ny04NDUwDQp1cmw6aHR0cDovL3d3dy5jYWxpZm9ybmlh
LmNvbS8NCm9yZzpDYWxpZm9ybmlhQ29tLCBJbmM7DQp2ZXJzaW9uOjIuMQ0KZW1haWw7
aW50ZXJuZXQ6Y2hhbGVzQGNhbGlmb3JuaWEuY29tDQp0aXRsZTpTeXN0ZW0gQWRtaW5p
c3RyYXRvcg0KZW5kOnZjYXJkDQo=
----ec04832708e231d6e2f--
Boundary_(ID_iOVR4MBjhWJn/mh7Ij+BUQ)Ok, so it's not my code. Using the virus_scanner_simple.c example from SUN, if you change the decode_inspect routine to return MTA_OK for every call (which should technically just let the message pass) it has the same behavior as my program. (Not all that suprising since mine is a derivative of said program)
That said, this now looks like a library issue. I'm using Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005) according to the SMTP prompt, and was wondering if perhaps I should apply:
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118207-42-1&searchclause=6306404
The issue seems to be in the mtaDecodeMessage function, and occurs when the decode_inspect function is allowed to parse the message body, not just the message headers.
The machine is a Sun Ultra 4500 running Solaris 10. Here's the banner:
SunOS cookie 5.10 Generic_118822-23 sun4u sparc SUNW,Ultra-Enterprise
Has anyone else had similar problems using the MTA SDK? Is there anything I'm missing here (besides the above mentioned patch) that might fix this? -
How do i get rid of (trojan genome 157)
How do I get rid of a trojan virus (trojan genome 157)
For fastest, most efficient answers to questions such as this, please visit the ClamXav Forum.
douglasnils wrote:
I did a scan with ClamXav and it reported that I had a trojan and identified it as as (Trojan genome 157).
Here are some other names that malware goes by from VirusTotal. First submitted to VirusTotal 11 Nov 2011 and added to the ClamAV® database exactly two years ago today. Obviously Windows malware of some sort.
Almost all Mac malware contains the letters "OSX" in the infection name.
Where was it found? The reason I ask is that if it was include as an e-mail attachment or a backup drive their may be special instructions regarding the proper way to delete such things to avoid damage.
Otherwise please follow the instructions at Dealing with Infected Files. -
Should I delete or quarantine a virus named "OSX.Trojan.FkCodec-1" I found on my MacBook?
Here are the details from ClamXav:
I'm concerned about the first three; I checked out the emails and they seem to be false positives.
Filename
Infection Name
Status
/Users/admin/Downloads/Installer/InteractivePen Scaling Fix.dmg
Osx.Trojan.FkCodec-1
/Users/admin/Downloads/Installer 2/InteractivePen Scaling Fix.dmg
Osx.Trojan.FkCodec-1
/Users/admin/Downloads/mitsubishiinteractivepenmacdriverfix.zip
Osx.Trojan.FkCodec-1
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/0/3/Messages/30172.partial. emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/0/3/Messages/30423.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/0/7/Messages/70244.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/0/7/Messages/70716.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/1/1/Messages/111255.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/1/1/Messages/111306.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/4/Messages/41063.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/4/Messages/41567.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/7/Messages/71984.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/2/3/Messages/32793.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/2/4/Messages/42009.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/2/5/Messages/52619.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/2/6/Messages/62556.emlx
Heuristics.Phishing.Email.SSL-Spoof
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/2/6/Messages/62557.emlx
Heuristics.Phishing.Email.SSL-Spoof
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/2/6/Messages/62558.emlx
Heuristics.Phishing.Email.SSL-Spoof
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/2/9/Messages/92433.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/2/9/Messages/92793.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/3/2/Messages/23268.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/3/2/Messages/23423.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/3/4/Messages/43106.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/3/4/Messages/43404.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/3/9/Messages/93223.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/4/2/Messages/24616.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/5/9/Messages/95903.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/2/Messages/26682.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/5/Messages/56942.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/9/Messages/96126.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/9/Messages/96255.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/7/0/1/Messages/107569.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/2/Messages/28673.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/3/Messages/38345.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/4/Messages/48133.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/9/Messages/98891.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/9/5/Messages/59488.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/9/6/Messages/69004.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/9/6/Messages/69573.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/0/8/Messa ges/80364.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/0/8/Messa ges/80394.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/1/1/Mes sages/111168.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/8/Messa ges/81343.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/8/Messa ges/81711.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/8/Messa ges/81852.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/2/8/Messa ges/82566.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/3/8/Messa ges/83494.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/4/9/Messa ges/94155.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/4/9/Messa ges/94281.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/4/9/Messa ges/94713.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/9/Messa ges/96552.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/9/Messa ges/96605.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/9/Messa ges/96655.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/7/0/1/Mes sages/107898.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/9/Messa ges/98981.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/9/7/Messa ges/79891.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/1/1/Messa ges/111211.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/5/9/Message s/95035.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/5/9/Message s/95097.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/8/Message s/86582.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/8/Message s/86690.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/8/Message s/86769.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/8/Message s/86783.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/8/Message s/86922.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/6/9/Message s/96801.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/7/8/Message s/87261.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/7/8/Message s/87479.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/[Gmail].mbox/Starred.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/0/1/Messa ges/108134.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/E*TRADE.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/7/Messages/78327.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/E*TRADE.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/7/Messages/78570.emlx
Heuristics.Phishing.Email.SSL-Spoof
/Users/admin/Library/Mail/V2/[email protected]/E*TRADE.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/7/Messages/78571.emlx
Heuristics.Phishing.Email.SSL-Spoof
/Users/admin/Library/Mail/V2/[email protected]/E*TRADE.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/7/Messages/78572.emlx
Heuristics.Phishing.Email.SSL-Spoof
/Users/admin/Library/Mail/V2/[email protected]/E*TRADE.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/7/Messages/78772.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/0/1/Messages/10734.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/0/1/Messages/10908.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/0/9/Messages/90238.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/0/9/Messages/90717.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/1/1/Messages/111004.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/1/1/Messages/111048.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/Messages/1667.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/4/1/Messages/14279.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/4/Messages/4202.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/4/Messages/4466.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/5/9/Messages/95222.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/5/9/Messages/95446.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/5/9/Messages/95574.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/5/Messages/5807.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/7/0/1/Messages/107238.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/7/9/Messages/97822.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/1/Messages/18756.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/8/Messages/8377.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/9/8/Messages/89874.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/INBOX.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/Messages/586.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/Jeff Sella.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/1/1/1/Messages/111223.emlx
Heuristics.Phishing.Email.SpoofedDomain
/Users/admin/Library/Mail/V2/[email protected]/Jeff Sella.mbox/E535C3FE-D683-4B46-8E61-BCF03C4C02B8/Data/7/0/1/Messages/107506.emlx
Heuristics.Phishing.Email.SpoofedDomainStevieOneder wrote:
As far as where I got these files and how old they are, I'm not sure. I assumed this is fairly recent, since I've run ClamXav at least several times in the last month or two prior to yesterday. (However, didn't one of you say that ClamXav just added this recently to their virus definitions?)
Exactly, which is why I'm anxious to get this fixed. I believe it may be part of a bigger problem with a new approach to rapidly producing signatures that may not be the right approach if it is producing more False Positives. In that past that has not been a significant problem with ClamAV® signatures so I need to get them as much factual feedback as I can as quickly as possible. I would guess that you downloaded those files some time ago (mine is dated 3/28/12) to update a Mitsubishi driver of some sort. Are you saying you don't recall having a need for such a thing? I don't really know what a Mitsubishi Interacgtive Pen is.
But the fact that one file is named "Interactive Pen" and another "Mitsubishi" piqued my curiosity, because I use an Interwrite Board or SmartBoard at work, and last year I was using a Mitsubishi projector, so I'm wondering if it had something to do with a file I downloaded 9-12 months ago. However, I think I'd remember the Codec V Plug-In message, since I'm careful about installing plug-ins. I will ask my son about watching videos and let you know if I find out more.
That would make sense. Nothing you have told me leads me to believe that you have ever actually downloaded the FkCodec installer, let alone installed the adware. This must just be a case of a False Positive. If you can just verify that I have the right file then I'll take care of it, otherwise I would need to upload the file to ClamAV® so that I can follow up with them.
Two last questions: 1) Is there any reason it wouldn't be safe for me to get bank account or brokerage firm website password wise at this point?
No reason at all.
2) Is ClamXav recommended, if it has so many false positives? Is there any other anti-virus program you'd suggest, or would you reccomend I just not worry about anti-virus programs since Macs are relatively safe?
Full disclosure, I do uncompensated Tech Support for the ClamXav Forum, so I make it a habit of not making any recommendations on specific products. As I said before, false positives have been rare with the ClamAV® database in the past, so this is something the ClamXav developer and I are very interested in putting a stop to.
I personally have about five A-V products installed on my Mac and don't use any of them routinely, only for test purposes. I currently rely 100% on OS X and my computer skills to protect me and that has served me well since the day I installed OS X 10.0. I realize that the day will probably come when that's not good enough and I'll need more, but it's very much a personal choice that each Mac user needs to make after educating himself on the threat and recognizing that any A-V product will extract a penalty in terms of CPU, RAM and hard drive utilization. It's a trade off, and only you know if it's worth it or not. Obviously the passive scanners such as ClamXav and the products available from the AppStore only work in a manual mode, so those only slow things down during a scan. Other products that run in the background provide real-time protection but slow things down. It's all about what you are comfortable with.
thomas_r.'s Mac Malware Guide is a great place to start. -
Infected files detected by ClamXAV
I know it isn't needed to use any kind of Anti-Virus softwares on a mac, but since I exchange files on my mac with a PC frequently, I would use ClamXAV to scan files which is a program that quite a lot of Mac users recommended me to use.
Recently it told me that two files are infected that I found quite strange: one is a google chrome cache file and the another is a software called Hongkong Toolbar which is developed by HK Commercial Radio (which is a big company) and I downloaded the program from their official site.
So finally I threw both files to metascan and virustotal to see whether other antivirus programs say.
Turns out ClamXAV is the only antivirus that told me these files are infected.
Anyone can give me some clue about this issue? Are the files really infected or is misinterpreted by ClamXAV?
Thanks a lot for providing help.hngkaho wrote:
I've scanned it with virus total as well and it showed the following positive result: ClamAV- Swf.Exploit.CVE_2014_0564-2; Qihoo-360- heur.swf.rate.3
So the CVE_2014_0564 vulnerability involves Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X, discovered in mid-October and the signature was added to the ClamAV database on November 4. It checks for a Flash code containing a string of hex characters shown here.
Since those versions of Flash Player are blocked by XProtect, it should no longer be a threat to OS X.
I can't rule it out as a true infected web site. Additional analysis could be done by submitting the URL of the web site to VirusTotal if you knew what it was. -
Database disk image is malformed
I got this error whike using "tweetadder" on my macbook pro. "database disk image is malformed"
What is the solution to this?
ThanksI'm investigating this same issue.
There is a similar thread here:
http://discussions.apple.com/thread.jspa?messageID=984105󰐩
I'm trying to figure out if there is a way to simply trash the database and rebuild it from scratch rather than trying to locate the invalid entries. -
Failed executing task 'RUN_PHASE_!_CONVERTER':Error #3123:Database disk image is malformed.
help!?
Hi,
I'm very sorry to hear about the 3123 error. This error is a very low level error from the underlying database Muse uses. It typically indicates the file has been corrupted by something outside of Muse (i.e. failed file transfer, failed file synchronization, file on media that was removed without being ejected, etc.),
Was the file stored in a synchronized folder (i.e. Dropbox, Creative Cloud Connection, other) or on a server?
It would be helpful if you could send us the .muse file at [email protected] along with a link to this thread. (If the file is larger than 20Mb you can use a service like Adobe SendNow, SendThisFile or WeTransfer.)
It's very rare that a file that reports this error can be repaired, but if possible we'll repair the file. Even if it's not possible, examining the file may help us determine the underlying cause of the corruption. -
I was perusing the error console, and found many instances of this error,
I was perusing the error console, and found many instances of this error,
-
What does this error message mean. I have an external drive and I wonder if it is corrupted and if I can restore what is lost there.
Hi breinhar9911
I've never seen a case where Lr has managed to delete a catalog or backups, so something really sounds odd there. I've seen cases where it's lost track of where they are, but I can't think of a way LR could delete them. LR doesn't even know backups exist!
Which NTFS on Mac software are you using? Considering how new Mountain Lion is, that's the first place I'd be looking for odd issues. I'm no expert in odd error messages, but disk I/O error stands out to me in that message.
When you've had the catalog on the internal drive, what were the failures you were getting then? -
ClamAV fails to scan for viruses in emails [CLAWS MAIL]
I've recently switched from Thunderbird to Claws Mail and ran into one small, but annoying, problem.
I want to use ClamAV + the clamav extension for claws mail to scan for viruses, however it does seem to have permission problems.
clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
Scanning error:
/home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
Here's my clamd.conf:
## Please read the clamd.conf(5) manual before editing this file.
# Comment or remove the line below.
#Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamav/clamd.log
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M
# Log time with each message.
# Default: no
LogTime yes
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes
# Use system logger (can work together with LogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
#LogVerbose yes
# Log additional information about the infected file, such as its
# size and hash, together with the virus name.
#ExtendedDetectionInfo yes
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /run/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
TemporaryDirectory /tmp
# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav
# Only load the official signatures published by the ClamAV project.
# Default: no
OfficialDatabaseOnly yes
# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/lib/clamav/clamd.sock
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
LocalSocketGroup clamav
# Sets the permissions on the unix socket to the specified mode.
# Default: disabled (socket is world accessible)
#LocalSocketMode 660
# Remove stale socket after unclean shutdown.
# Default: yes
#FixStaleSocket yes
# TCP port address.
# Default: no
#TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
#TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 200
#MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.
# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 25M
#StreamMaxLength 10M
# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000
# Maximum number of threads running at the same time.
# Default: 10
#MaxThreads 20
# Waiting for data from a client socket will timeout after this time (seconds).
# Default: 120
#ReadTimeout 300
# This option specifies the time (in seconds) after which clamd should
# timeout if a client doesn't provide any initial command after connecting.
# Default: 5
#CommandReadTimeout 5
# This option specifies how long to wait (in miliseconds) if the send buffer is full.
# Keep this value low to prevent clamd hanging
# Default: 500
#SendBufTimeout 200
# Maximum number of queued items (including those being processed by MaxThreads threads)
# It is recommended to have this value at least twice MaxThreads if possible.
# WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
# the following condition should hold:
# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
# Default: 100
#MaxQueue 200
# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60
# Don't scan files and directories matching regex
# This directive can be used multiple times
# Default: scan all
#ExcludePath ^/proc/
#ExcludePath ^/sys/
# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes
# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes
# Scan files and directories on other filesystems.
# Default: yes
#CrossFilesystems yes
# Perform a database check.
# Default: 600 (10 min)
#SelfCheck 600
# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
User clamav
# Initialize supplementary group access (clamd must be started by root).
# Default: no
#AllowSupplementaryGroups no
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes
# Detect Possibly Unwanted Applications.
# Default: no
#DetectPUA yes
# Exclude a specific PUA category. This directive can be used multiple times.
# See http://www.clamav.net/support/pua for the complete list of PUA
# categories.
# Default: Load all categories (if DetectPUA is activated)
#ExcludePUA NetTool
#ExcludePUA PWTool
# Only include a specific PUA category. This directive can be used multiple
# times.
# Default: Load all categories (if DetectPUA is activated)
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT
# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
#AlgorithmicDetection yes
## Executable files
# PE stands for Portable Executable - it's an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite. If you turn off this option, the original files will still be
# scanned, but without additional processing.
# Default: yes
#ScanPE yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
#ScanELF yes
# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes
## Documents
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
#ScanOLE2 yes
# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
# Default: no
#OLE2BlockMacros no
# This option enables scanning within PDF files.
# If you turn off this option, the original files will still be scanned, but
# without decoding and additional processing.
# Default: yes
#ScanPDF yes
## Mail files
# Enable internal e-mail scanner.
# If you turn off this option, the original files will still be scanned, but
# without parsing individual messages/attachments.
# Default: yes
#ScanMail yes
# Scan RFC1341 messages split over many emails.
# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
# Default: no
#ScanPartialMessages yes
# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
#PhishingSignatures yes
# Scan URLs found in mails for phishing attempts using heuristics.
# Default: yes
#PhishingScanURLs yes
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
# This can lead to false positives.
# Default: no
#PhishingAlwaysBlockSSLMismatch no
# Always block cloaked URLs, even if URL isn't in database.
# This can lead to false positives.
# Default: no
#PhishingAlwaysBlockCloak no
# Allow heuristic match to take precedence.
# When enabled, if a heuristic scan (such as phishingScan) detects
# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
# scan-time.
# When disabled, virus/phish detected by heuristic scans will be reported only at
# the end of a scan. If an archive contains both a heuristically detected
# virus/phish, and a real malware, the real malware will be reported
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
# differently from "real" malware.
# If a non-heuristically-detected virus (signature-based) is found first,
# the scan is interrupted immediately, regardless of this config option.
# Default: no
#HeuristicScanPrecedence yes
## Data Loss Prevention (DLP)
# Enable the DLP module
# Default: No
#StructuredDataDetection yes
# This option sets the lowest number of Credit Card numbers found in a file
# to generate a detect.
# Default: 3
#StructuredMinCreditCardCount 5
# This option sets the lowest number of Social Security Numbers found
# in a file to generate a detect.
# Default: 3
#StructuredMinSSNCount 5
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxx-yy-zzzz
# Default: yes
#StructuredSSNFormatNormal yes
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxxyyzzzz
# Default: no
#StructuredSSNFormatStripped yes
## HTML
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
#ScanHTML yes
## Archives
# ClamAV can scan within archives and compressed files.
# If you turn off this option, the original files will still be scanned, but
# without unpacking and additional processing.
# Default: yes
#ScanArchive yes
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no
## Limits
# The options below protect your system against Denial of Service attacks
# using archive bombs.
# This option sets the maximum amount of data to be scanned for each input file.
# Archives and other containers are recursively extracted and scanned up to this
# value.
# Value of 0 disables the limit
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 100M
#MaxScanSize 150M
# Files larger than this limit won't be scanned. Affects the input file itself
# as well as files contained inside it (when the input file is an archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 25M
#MaxFileSize 30M
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deeply the process should be continued.
# Note: setting this limit too high may result in severe damage to the system.
# Default: 16
#MaxRecursion 10
# Number of files to be scanned within an archive, a document, or any other
# container file.
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10000
#MaxFiles 15000
## Clamuko settings
# Enable Clamuko. Dazuko must be configured and running. Clamuko supports
# both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
# is the preferred option. For more information please visit www.dazuko.org
# Default: no
#ClamukoScanOnAccess yes
# The number of scanner threads that will be started (DazukoFS only).
# Having multiple scanner threads allows Clamuko to serve multiple
# processes simultaneously. This is particularly beneficial on SMP machines.
# Default: 3
#ClamukoScannerCount 3
# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M
# Set access mask for Clamuko (Dazuko only).
# Default: no
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes
# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line. (Dazuko only)
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
# Default: disabled
#ClamukoExcludePath /home/bofh
# With this option you can whitelist specific UIDs. Processes with these UIDs
# will be able to access all files.
# This option can be used multiple times (one per line).
# Default: disabled
#ClamukoExcludeUID 0
# With this option enabled ClamAV will load bytecode from the database.
# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
# Default: yes
#Bytecode yes
# Set bytecode security level.
# Possible values:
# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
# This value is only available if clamav was built with --enable-debug!
# TrustSigned - trust bytecode loaded from signed .c[lv]d files,
# insert runtime safety checks for bytecode loaded from other sources
# Paranoid - don't trust any bytecode, insert runtime checks for all
# Recommended: TrustSigned, because bytecode in .cvd files already has these checks
# Note that by default only signed bytecode is loaded, currently you can only
# load unsigned bytecode in --enable-debug mode.
# Default: TrustSigned
#BytecodeSecurity TrustSigned
# Set bytecode timeout in miliseconds.
# Default: 5000
# BytecodeTimeout 1000
My freshclam.conf:
## Please read the freshclam.conf(5) manual before editing this file.
# Comment or remove the line below.
#Example
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav
# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/clamav/freshclam.log
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M
# Log time with each message.
# Default: no
#LogTime yes
# Enable verbose logging.
# Default: no
#LogVerbose yes
# Use system logger (can work together with UpdateLogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# This option allows you to save the process identifier of the daemon
# Default: disabled
#PidFile /var/run/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
#DatabaseOwner clamav
# Initialize supplementary group access (freshclam must be started by root).
# Default: no
#AllowSupplementaryGroups yes
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
# the database verification domain.
# WARNING: Do not touch it unless you're configuring freshclam to use your
# own database verification domain.
# Default: current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# You can use db.XY.ipv6.clamav.net for IPv6 connections.
#DatabaseMirror db.XY.clamav.net
# database.clamav.net is a round-robin record which points to our most
# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
# not working. DO NOT TOUCH the following line unless you know what you
# are doing.
DatabaseMirror database.clamav.net
# How many attempts to make before giving up.
# Default: 3 (per mirror)
#MaxAttempts 5
# With this option you can control scripted updates. It's highly recommended
# to keep it enabled.
# Default: yes
#ScriptedUpdates yes
# By default freshclam will keep the local databases (.cld) uncompressed to
# make their handling faster. With this option you can enable the compression;
# the change will take effect with the next database update.
# Default: no
#CompressLocalDatabase no
# With this option you can provide custom sources (http:// or file://) for
# database files. This option can be used multiple times.
# Default: no custom URLs
#DatabaseCustomURL http://myserver.com/mysigs.ndb
#DatabaseCustomURL file:///mnt/nfs/local.hdb
# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24
# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString
# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS'es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd
# Send the RELOAD command to clamd.
# Default: no
NotifyClamd /etc/clamav/clamd.conf
# Run command after successful database update.
# Default: disabled
#OnUpdateExecute command
# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command
# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Timeout in seconds when connecting to database server.
# Default: 30
#ConnectTimeout 60
# Timeout in seconds when reading from database server.
# Default: 30
#ReceiveTimeout 60
# With this option enabled, freshclam will attempt to load new
# databases into memory to make sure they are properly handled
# by libclamav before replacing the old ones.
# Default: yes
#TestDatabases yes
# When enabled freshclam will submit statistics to the ClamAV Project about
# the latest virus detections in your environment. The ClamAV maintainers
# will then use this data to determine what types of malware are the most
# detected in the field and in what geographic area they are.
# Freshclam will connect to clamd in order to get recent statistics.
# Default: no
#SubmitDetectionStats /path/to/clamd.conf
# Country of origin of malware/detection statistics (for statistical
# purposes only). The statistics collector at ClamAV.net will look up
# your IP address to determine the geographical origin of the malware
# reported by your installation. If this installation is mainly used to
# scan data which comes from a different location, please enable this
# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
# of the country of origin.
# Default: disabled
#DetectionStatsCountry country-code
# This option enables support for our "Personal Statistics" service.
# When this option is enabled, the information on malware detected by
# your clamd installation is made available to you through our website.
# To get your HostID, log on http://www.stats.clamav.net and add a new
# host to your host list. Once you have the HostID, uncomment this option
# and paste the HostID here. As soon as your freshclam starts submitting
# information to our stats collecting service, you will be able to view
# the statistics of this clamd installation by logging into
# http://www.stats.clamav.net with the same credentials you used to
# generate the HostID. For more information refer to:
# http://www.clamav.net/support/faq/faq-cctts/
# This feature requires SubmitDetectionStats to be enabled.
# Default: disabled
#DetectionStatsHostID unique-id
# This option enables support for Google Safe Browsing. When activated for
# the first time, freshclam will download a new database file (safebrowsing.cvd)
# which will be automatically loaded by clamd and clamscan during the next
# reload, provided that the heuristic phishing detection is turned on. This
# database includes information about websites that may be phishing sites or
# possible sources of malware. When using this option, it's mandatory to run
# freshclam at least every 30 minutes.
# Freshclam uses the ClamAV's mirror infrastructure to distribute the
# database and its updates but all the contents are provided under Google's
# terms of use. See http://code.google.com/support/bin/answer.py?answer=70015
# and http://safebrowsing.clamav.net for more information.
# Default: disabled
#SafeBrowsing yes
# This option enables downloading of bytecode.cvd, which includes additional
# detection mechanisms and improvements to the ClamAV engine.
# Default: enabled
#Bytecode yes
# Download an additional 3rd party signature database distributed through
# the ClamAV mirrors. Here you can find a list of available databases:
# http://www.clamav.net/download/cvd/3rdparty
# This option can be used multiple times.
#ExtraDatabase dbname1
#ExtraDatabase dbname2
Any help is much appreciated.MatejLach wrote:
clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
Scanning error:
/home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane. -
Solved. error in apxldimg after upgrade from 3.0 to 3.1 on 9.2.0.5 database
Hi,
I've upgraded my Apex installation on a 9.2.0.5 database and get an error when running the apxldimg.sql script.
SQL> @apxldimg d:\xml
PL/SQL procedure successfully completed.
old 1: create directory APEX_IMAGES as '&1/apex/images'
new 1: create directory APEX_IMAGES as 'd:\xml/apex/images'
Directory created.
filelist_xml xmltype := xmltype(bfilename(upload_directory_name,file_
list),nls_charset_id('AL32UTF8'));
ERROR at line 15:
ORA-06550: line 15, column 36:
PLS-00306: wrong number or types of arguments in call to 'XMLTYPE'
ORA-06550: line 15, column 25:
PL/SQL: Item ignored
ORA-06550: line 38, column 15:
PLS-00302: component 'EXISTSRESOURCE' must be declared
ORA-06550: line 38, column 3:
PL/SQL: Statement ignored
ORA-06550: line 52, column 46:
PLS-00320: the declaration of the type of this expression is incomplete or
malformed
ORA-06550: line 52, column 3:
PL/SQL: Statement ignored
ORA-06550: line 57, column 53:
PLS-00201: identifier 'I' must be declared
ORA-06550: line 57, column 5:
PL/SQL: Statement ignored
ORA-06550: line 86, column 19:
PLS-00306: wrong number or types of arguments in call to 'CREATERESOURCE'
ORA-06550: line 86, column 9:
PL/SQL: Statement ignored
ORA-06550: line 88, column 19:
PLS-00306: wrong number or types of arguments in call to 'CREATERESOURCE'
ORA-06550: line 88, column 9:
PL/SQL: Statement ignored
if not dbms_xdb.existsResource(ro_anonymous_acl) and
ERROR at line 18:
ORA-06550: line 18, column 21:
PLS-00302: component 'EXISTSRESOURCE' must be declared
ORA-06550: line 18, column 5:
PL/SQL: Statement ignoredWho has an idea what is the problem ?
SQL> select comp_id,version from dba_registry;
COMP_ID VERSION
CATALOG 9.2.0.5.0
CATPROC 9.2.0.5.0
OWM 9.2.0.1.0
JAVAVM 9.2.0.5.0
XML 9.2.0.7.0
CATJAVA 9.2.0.5.0
ORDIM 9.2.0.5.0
SDO 9.2.0.5.0
CONTEXT 9.2.0.5.0
XDB 9.2.0.5.0
WK 9.2.0.5.0
APEX 3.1.1.00.09Rene
Message was edited by:
Rene W.Hi Rene,
When you found out that you misread the instrucition and you already ran the script, what did you do next? Did you restore the db and redo over? Or did you continue on? I have the same problem with you too but I'm not sure what to do next.
Trina :)
[email protected] -
Use PL/SQL procedure to guard against malformed CSV files before upload
Hi all,
In my CSV upload utility, I've implemented error checking procedures, but they are invoked only AFTER data has been uploaded to temp table. This doesn't catch the following sample scenarios:
1. The CSV is malformed, with some rows shifted due to fields and separators missing here and there.
2. User has chosen a wrong CSV to upload (most likely number of fields mismatch)
I'm wondering if it is a good idea to have procedure to read in the CSV, scan each line, count the number of fields (null fields but with delimiters showing the field exist is ok) for each record. If every single record matches the required number of fields for that table, then the CSV is ok, and the insert from external table to temp table is allow. This will ensure at least the CSV file has a valid matrix size for the target table, but rest of error checking is left until after temp table is populated.
One of my concerns is, I specify "missing field values are null" in the external table parameters, which is necessary since not all fields are required. Does this specification causes a row with missing trailing separators still considered valid? If so then the stored procedure must be programmed to omit such a case.
What do you think? Many thanks.Hi, Cuauhtemoc Amox
Thank you for your advice. I have set web adi using PL SQL interface.
I have decided to go futher
i have a procedure like that
procedure delete_old_data ( p_id in number, p_description in varchar2)
as
begin
begin
if g_flag ='N' then
delete from xx_test;
g_flag='Y';
else null;
end if;
end;
insert into xx_test (p_id,p_descriptiom);
end;
G_FLAG is a global variable with default value ='N' in my package. When web_adi upload
first row from excel sheet, then procedure delete all data from table and change g_flag to 'Y'.
All other rows uploads succesfully; it works fine.
But when user change data in excel sheet and try to upload second time. DELETE_OLD_DATA procedure doesnt work in proper way.
I have found what problem is. when user use same template and try to upload data several times there is same SESSION_ID in database.
i.e. g_flag ='Y' when user try to upload second time. But when user log off and create template again it is work properly.
My question is: How i can different upload attempts? May be there is some id for each upload proccess.
if i can use this ID in my procedure user will have opportunity to use same template.
Thank you -
Error while trying to insert data on a database through a mediator
I have build a simple project on 11g TP$, which consists of a mediator, a file adapter, that reads an xml file and a DB adapter that inserts data on a database.
The mediator connects the file adapter to the DB adapter and through a routing rule it inserts data on a table of the database.
When I try to run this project the input file is consumed by the file adapter, but after that I get the following error
SEVERE: Part {body} return null from the message :in
Dec 5, 2008 2:24:55 PM oracle.tip.mediator.service.transformation.XSLTransformer getPartDocument
SEVERE: payload map source message :{opaque=oracle.xml.parser.v2.XMLElement@19b0076}
Dec 5, 2008 2:24:55 PM oracle.tip.mediator.service.transformation.MediatorTransformationHandler transform
SEVERE: Transformation failed
oracle.tip.mediator.infra.exception.MediatorException: Error occured while transforming payload!
Please review the XSL or source payload.Contact Oracle Support if error not fixable
at oracle.tip.mediator.service.transformation.XSLTransformer.getPartDocument(XSLTransformer.java:191)
at oracle.tip.mediator.service.transformation.XSLTransformer.transform(XSLTransformer.java:102)
at oracle.tip.mediator.service.transformation.MediatorTransformationHandler.transform(MediatorTransformationHandler.java:103)
at oracle.tip.mediator.service.transformation.MediatorTransformationHandler.transform(MediatorTransformationHandler.java:196)
at oracle.tip.mediator.service.DataActionHandler.getNextPayload(DataActionHandler.java:145)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:74)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:53)
at oracle.tip.mediator.service.OneWayActionHandler.oneWayRequestProcess(OneWayActionHandler.java:67)
at oracle.tip.mediator.service.OneWayActionHandler.process(OneWayActionHandler.java:34)
at oracle.tip.mediator.service.ActionProcessor.onMessage(ActionProcessor.java:61)
at oracle.tip.mediator.dispatch.MessageDispatcher.executeCase(MessageDispatcher.java:103)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCase(InitialMessageDispatcher.java:465)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCases(InitialMessageDispatcher.java:361)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCases(InitialMessageDispatcher.java:254)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.dispatch(InitialMessageDispatcher.java:149)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.process(MediatorServiceEngine.java:533)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.post(MediatorServiceEngine.java:634)
at oracle.integration.platform.blocks.mesh.AsynchronousMessageHandler.doPost(AsynchronousMessageHandler.java:138)
at oracle.integration.platform.blocks.mesh.MessageRouter.post(MessageRouter.java:152)
at oracle.integration.platform.blocks.mesh.MeshImpl.post(MeshImpl.java:159)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:59)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy70.post(Unknown Source)
at oracle.integration.platform.blocks.adapter.fw.jca.mdb.AdapterServiceMDB.onMessage(AdapterServiceMDB.java:574)
at oracle.integration.platform.blocks.adapter.fw.jca.messageinflow.MessageEndpointImpl.onMessage(MessageEndpointImpl.java:295)
at oracle.tip.adapter.file.inbound.ProcessWork.publishMessage(ProcessWork.java:2127)
at oracle.tip.adapter.file.inbound.ProcessWork.doTranslation(ProcessWork.java:1719)
at oracle.tip.adapter.file.inbound.ProcessWork.translateAndPublish(ProcessWork.java:677)
at oracle.tip.adapter.file.inbound.ProcessWork.run(ProcessWork.java:320)
at oracle.integration.platform.blocks.adapter.fw.jca.work.WorkerJob.go(WorkerJob.java:51)
at oracle.integration.platform.blocks.adapter.fw.common.ThreadPool.run(ThreadPool.java:283)
at java.lang.Thread.run(Thread.java:595)
Dec 5, 2008 2:24:55 PM oracle.tip.mediator.serviceEngine.MediatorServiceEngine process
SEVERE: Updating fault processing DMS metrics
Dec 5, 2008 2:24:55 PM oracle.tip.mediator.serviceEngine.MediatorServiceEngine process
SEVERE: Got an exception: Error occured while transforming payload!
Please review the XSL or source payload.Contact Oracle Support if error not fixable
oracle.tip.mediator.infra.exception.MediatorException: Error occured while transforming payload!
Please review the XSL or source payload.Contact Oracle Support if error not fixable
at oracle.tip.mediator.service.transformation.XSLTransformer.getPartDocument(XSLTransformer.java:191)
at oracle.tip.mediator.service.transformation.XSLTransformer.transform(XSLTransformer.java:102)
at oracle.tip.mediator.service.transformation.MediatorTransformationHandler.transform(MediatorTransformationHandler.java:103)
at oracle.tip.mediator.service.transformation.MediatorTransformationHandler.transform(MediatorTransformationHandler.java:196)
at oracle.tip.mediator.service.DataActionHandler.getNextPayload(DataActionHandler.java:145)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:74)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:53)
at oracle.tip.mediator.service.OneWayActionHandler.oneWayRequestProcess(OneWayActionHandler.java:67)
at oracle.tip.mediator.service.OneWayActionHandler.process(OneWayActionHandler.java:34)
at oracle.tip.mediator.service.ActionProcessor.onMessage(ActionProcessor.java:61)
at oracle.tip.mediator.dispatch.MessageDispatcher.executeCase(MessageDispatcher.java:103)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCase(InitialMessageDispatcher.java:465)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCases(InitialMessageDispatcher.java:361)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCases(InitialMessageDispatcher.java:254)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.dispatch(InitialMessageDispatcher.java:149)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.process(MediatorServiceEngine.java:533)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.post(MediatorServiceEngine.java:634)
at oracle.integration.platform.blocks.mesh.AsynchronousMessageHandler.doPost(AsynchronousMessageHandler.java:138)
at oracle.integration.platform.blocks.mesh.MessageRouter.post(MessageRouter.java:152)
at oracle.integration.platform.blocks.mesh.MeshImpl.post(MeshImpl.java:159)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:59)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy70.post(Unknown Source)
at oracle.integration.platform.blocks.adapter.fw.jca.mdb.AdapterServiceMDB.onMessage(AdapterServiceMDB.java:574)
at oracle.integration.platform.blocks.adapter.fw.jca.messageinflow.MessageEndpointImpl.onMessage(MessageEndpointImpl.java:295)
at oracle.tip.adapter.file.inbound.ProcessWork.publishMessage(ProcessWork.java:2127)
at oracle.tip.adapter.file.inbound.ProcessWork.doTranslation(ProcessWork.java:1719)
at oracle.tip.adapter.file.inbound.ProcessWork.translateAndPublish(ProcessWork.java:677)
at oracle.tip.adapter.file.inbound.ProcessWork.run(ProcessWork.java:320)
at oracle.integration.platform.blocks.adapter.fw.jca.work.WorkerJob.go(WorkerJob.java:51)
at oracle.integration.platform.blocks.adapter.fw.common.ThreadPool.run(ThreadPool.java:283)
at java.lang.Thread.run(Thread.java:595)
Dec 5, 2008 2:24:55 PM oracle.integration.platform.blocks.adapter.fw.log.LogManagerImpl log
SEVERE: JCABinding=> Read ReadAdapter Service Read was unable to perform delivery of inbound message to the composite due to: oracle.tip.mediator.infra.exception.MediatorException: Error occured while transforming payload!
Please review the XSL or source payload.Contact Oracle Support if error not fixable
Dec 5, 2008 2:24:55 PM oracle.integration.platform.blocks.adapter.fw.log.LogManagerImpl log
SEVERE: JCABinding=> Read
oracle.fabric.common.FabricInvocationException: oracle.tip.mediator.infra.exception.MediatorException: Error occured while transforming payload!
Please review the XSL or source payload.Contact Oracle Support if error not fixable
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.process(MediatorServiceEngine.java:599)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.post(MediatorServiceEngine.java:634)
at oracle.integration.platform.blocks.mesh.AsynchronousMessageHandler.doPost(AsynchronousMessageHandler.java:138)
at oracle.integration.platform.blocks.mesh.MessageRouter.post(MessageRouter.java:152)
at oracle.integration.platform.blocks.mesh.MeshImpl.post(MeshImpl.java:159)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:59)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy70.post(Unknown Source)
at oracle.integration.platform.blocks.adapter.fw.jca.mdb.AdapterServiceMDB.onMessage(AdapterServiceMDB.java:574)
at oracle.integration.platform.blocks.adapter.fw.jca.messageinflow.MessageEndpointImpl.onMessage(MessageEndpointImpl.java:295)
at oracle.tip.adapter.file.inbound.ProcessWork.publishMessage(ProcessWork.java:2127)
at oracle.tip.adapter.file.inbound.ProcessWork.doTranslation(ProcessWork.java:1719)
at oracle.tip.adapter.file.inbound.ProcessWork.translateAndPublish(ProcessWork.java:677)
at oracle.tip.adapter.file.inbound.ProcessWork.run(ProcessWork.java:320)
at oracle.integration.platform.blocks.adapter.fw.jca.work.WorkerJob.go(WorkerJob.java:51)
at oracle.integration.platform.blocks.adapter.fw.common.ThreadPool.run(ThreadPool.java:283)
at java.lang.Thread.run(Thread.java:595)
Caused by: oracle.tip.mediator.infra.exception.MediatorException: Error occured while transforming payload!
Please review the XSL or source payload.Contact Oracle Support if error not fixable
at oracle.tip.mediator.service.transformation.XSLTransformer.getPartDocument(XSLTransformer.java:191)
at oracle.tip.mediator.service.transformation.XSLTransformer.transform(XSLTransformer.java:102)
at oracle.tip.mediator.service.transformation.MediatorTransformationHandler.transform(MediatorTransformationHandler.java:103)
at oracle.tip.mediator.service.transformation.MediatorTransformationHandler.transform(MediatorTransformationHandler.java:196)
at oracle.tip.mediator.service.DataActionHandler.getNextPayload(DataActionHandler.java:145)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:74)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:53)
at oracle.tip.mediator.service.OneWayActionHandler.oneWayRequestProcess(OneWayActionHandler.java:67)
at oracle.tip.mediator.service.OneWayActionHandler.process(OneWayActionHandler.java:34)
at oracle.tip.mediator.service.ActionProcessor.onMessage(ActionProcessor.java:61)
at oracle.tip.mediator.dispatch.MessageDispatcher.executeCase(MessageDispatcher.java:103)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCase(InitialMessageDispatcher.java:465)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCases(InitialMessageDispatcher.java:361)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCases(InitialMessageDispatcher.java:254)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.dispatch(InitialMessageDispatcher.java:149)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.process(MediatorServiceEngine.java:533)
... 24 more
Dec 5, 2008 2:24:55 PM oracle.integration.platform.blocks.adapter.fw.log.LogManagerImpl log
WARNING: JCABinding=> Read ReadonReject: The resource adapter 'File Adapter' requested handling of a malformed inbound message. However, the following Service property has not been defined: 'rejectedMessageHandlers'. Please define it and redeploy the module. Will use the default Rejection Directory file://jca\Read\rejectedMessages for now.
Dec 5, 2008 2:24:55 PM oracle.integration.platform.blocks.adapter.fw.log.LogManagerImpl log
WARNING: JCABinding=> Read ReadonReject: Sending invalid inbound message to Exception Handler:
Dec 5, 2008 2:24:55 PM oracle.tip.mediator.common.error.ErrorMessageEnqueuer$EnqueuerThread run
SEVERE: Failed to enqueue error message
javax.jms.TransactionInProgressException: Cannot call commit on a XA capable JMS session.
at oracle.j2ee.ra.jms.generic.RAUtils.make(RAUtils.java:595)
at oracle.j2ee.ra.jms.generic.RAUtils.toTransactionInProgressException(RAUtils.java:846)
at oracle.j2ee.ra.jms.generic.RAUtils.toTransactionInProgressException(RAUtils.java:840)
at oracle.j2ee.ra.jms.generic.SessionWrapper.commit(SessionWrapper.java:197)
at oracle.tip.mediator.common.error.ErrorMessageEnqueuer$EnqueuerThread.run(ErrorMessageEnqueuer.java:187)
at java.lang.Thread.run(Thread.java:595)
I have checked the .xsd file and my xml several times and it seems that they are correct. Moreover, the .xsl file is also correct.
Does anyone have any idea of what may produce this problem?
ThanksI was finally able to get my project working. Heidi - You were right, there was a problem with the XSL generated by the XSL map editor.
I am trying to locate if this issue has already been reported, but I am highlighting it here, in case someone else faces the same.
The XSL generated was as follows:
<xsl:stylesheet version="1.0"
xmlns:dvm="[http://www.oracle.com/XSL/Transform/java/oracle.tip.dvm.LookupValue]"
xmlns:bpws="[http://schemas.xmlsoap.org/ws/2003/03/business-process/]"
xmlns:ns1="[http://xmlns.oracle.com/pcbpel/adapter/db/ReadEmps/Read/DB/]"
xmlns:plt="[http://schemas.xmlsoap.org/ws/2003/05/partner-link/]"
xmlns:ns0="[http://www.w3.org/2001/XMLSchema]"
xmlns:hwf="[http://xmlns.oracle.com/bpel/workflow/xpath]"
xmlns:xp20="[http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.Xpath20]"
xmlns:xref="[http://www.oracle.com/XSL/Transform/java/oracle.tip.xref.xpath.XRefXPathFunctions]"
xmlns:tns="[http://xmlns.oracle.com/pcbpel/adapter/file/ReadEmps/Read/Read/]"
xmlns:xsl="[http://www.w3.org/1999/XSL/Transform]"
xmlns:ora="[http://schemas.oracle.com/xpath/extension]"
xmlns:xsi="[http://www.w3.org/2001/XMLSchema-instance]"
xmlns:imp1="[www.TargetNameSpace.com/EmpTrack|http://www.targetnamespace.com/EmpTrack]*"*
xmlns:top="[http://xmlns.oracle.com/pcbpel/adapter/db/top/DB]"
xmlns:ids="[http://xmlns.oracle.com/bpel/services/IdentityService/xpath]"
xmlns:orcl="[http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.ExtFunc]"
xmlns:mhdr="[http://www.oracle.com/XSL/Transform/java/oracle.tip.mediator.service.common.functions.GetRequestHeaderExtnFunction]"
exclude-result-prefixes="xsl plt ns0 tns imp1 ns1 top dvm bpws hwf xp20 xref ora ids orcl mhdr">
<xsl:template match="/">
<top:EmployeeTrackingCollection>
<xsl:for-each select*="/imp1:ROWSET/imp1:ROW*">
<top:EmployeeTracking>
<top:locationId>
<xsl:value-of select="*imp1:LOCATION_ID*"/>
</top:locationId>
<top:employeeId>
<xsl:value-of select="*imp1:EMPLOYEE_ID*"/>
</top:employeeId>
<top:employeeX>
<xsl:value-of select="*imp1:EMPLOYEE_X*"/>
</top:employeeX>
<top:employeeY>
<xsl:value-of select="*imp1:EMPLOYEE_Y"*/>
</top:employeeY>
</top:EmployeeTracking>
</xsl:for-each>
</top:EmployeeTrackingCollection>
</xsl:template>
</xsl:stylesheet>
The Xpath included the "imp1:" tag to reference the namespace. I tested this XSL and it didn't work. However, on removing the namespace "imp1:" from the Xpath, the XSL works fine and I am able to insert into the database. "No suitable driver" still appears in the log, but all rows from the XML are inserted into the database.
Heidi - do you think this is a bug? -
Error executing a package on Oracle 10G database
Hi,
I've a package on Oracle 10G database which accepts xml string as input,loads it into XMLDOM and does some processing.
When I execute this package from .Net 2.0 client,I get the following error:
**Error**
err ORA-31011: XML parsing failed
ORA-19202: Error occurred in XML processing
LPX-00216: invalid character 0 (0x0)
Error at line 1
**Error**
But when I execute the same package from .Net client 2.0 on Oracle 9i database, it seems to work fine.The xml which I am sending is well-formed one.
Where am i going wrong?
Please help.
Thanks in advance...!
Regards,
AmitCheck the xml strings passed as input . One of the xmls may be malformed.
Maybe you are looking for
-
Mid 2010 Macbook Pro won't switch to Nvidia graphics.
I have been playing Starcraft II on my Macbook Pro (i7/4G RAM/15" Display) for a few weeks now. Yesterday my frame rates dropped through the floor. The game was nearly unplayable. I thought initially that the level I was playing just had too many uni
-
How to connect my iPad 2 to Sony Bavaria wirless? Any other way than apple tv?
How to connect my iPad 2 to Sony Bavaria wirless? Any other way than apple tv?
-
Blog Summary/Entry-link on front-page?
Hi all! I have a front-page and a blog-page on my newly created iWeb '08 site, and it's working great. However I'd like to have my blog-entries show up on the front-page, just the title as a link, that takes you to the blog entry. I'd rather not make
-
Master Recipe without material
Dear PP Gurus, I have one query. I want to create master recipe without material, i have created the same. Now while creating process order it is giving error, BOM for material 500000010 does not contain any valid items Message no. CO636 please guide
-
Every time I download an app on one of my apple devices, it automatically goes onto both of the other devices. How do I stop this from happening?