I'm going to continue updating this thread as I investigate the issue further. Running a test clamscan with -statistics=bytecode yeilds:
Difficult to discern if this happens to be the bytecode that is being loaded when the table exceeds its capacity or if there is something about this particular bytecode that is causing issues.
Somebody also shared a clever solution that can be used to instruct clamscan to only receive files that have been modified within a recent timeframe. Below is my untested psuedocode interpretation of their concept:
Would only scan items in home whose modified timestamp is no greater than an hour ago. This also makes the assumption that a malicious object wouldn't be able to modify its timestamps in some way.
Code:
LibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV Error: sigperf_events_init: events table full. Increase MAX_TRACKED_BCLibClamAV info: Bytecode name #runs #matches usecs total usecs avgLibClamAV info: ============= ===== ======== =========== =========LibClamAV info: BC.Img.Exploit.CVE_2017_12101-6336739-0.{} 1 0 8 8.00
Somebody also shared a clever solution that can be used to instruct clamscan to only receive files that have been modified within a recent timeframe. Below is my untested psuedocode interpretation of their concept:
Code:
clamscan -ir -f $(find /home -type f -mmin -60)
Statistics: Posted by Uptorn — 2024-01-24 23:52