ASSP_AFC 4.34 released

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

ASSP_AFC 4.34 released

Thomas Eckardt/eck
Hi all,

The ASSP_AFC plugin version 4.34 is released at CVS and SF download.

It contains additionaly code to detect any MS-Office macro as executable
code (exe-bin).
It tries to detect any obfuscated JS code of the "lucky virus" as
executable code (exe-bin).

Thomas


DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.34 released

K Post
Thanks.
Will there be an update to 3.x?  Or can we just use 4.x without
using/paying for the smime portion?


On Mon, Aug 15, 2016 at 2:23 AM, Thomas Eckardt <[hidden email]>
wrote:

> Hi all,
>
> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
>
> It contains additionaly code to detect any MS-Office macro as executable
> code (exe-bin).
> It tries to detect any obfuscated JS code of the "lucky virus" as
> executable code (exe-bin).
>
> Thomas
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>

------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.34 released

James Brown
In reply to this post by Thomas Eckardt/eck
Hi Thomas.

Seeing this a lot after upgrading to version 4.34:

Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file (can't open archive) '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz' - Unrecognized archive format
Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz' - <-30> - Unrecognized archive format
Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 30122 concurrent equal 'Warning' loglines from all Workers)
Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send
Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!

I think this is two issues: 1) the unrecognised archive format and 2) the unexpected signal SEGV error, because I see lots of SEGV errors without the archive format error:

Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database table HMMdb to file /Applications/assp/HMMdb
Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 72912 concurrent equal 'Warning' loglines from all Workers)
Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file asspstats.sav

Note also that the Warning line does not have a date/time stamp followed by [Worker_1], it just starts with ‘Warning’.


Also just noticed this:

Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running worker for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30 seconds) is now reached
Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to transfer connection to any worker - try again!
Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to transfer connection to any worker within 120 seconds - restart ASSP!
Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence

ASSP version 2.5.2(16207)

Thanks,

James.


> On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt <[hidden email]> wrote:
>
> Hi all,
>
> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
>
> It contains additionaly code to detect any MS-Office macro as executable
> code (exe-bin).
> It tries to detect any obfuscated JS code of the "lucky virus" as
> executable code (exe-bin).
>
> Thomas
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. http://sdm.link/zohodev2dev_______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user



------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.34 released

Thomas Eckardt/eck
>I think this is two issues: 1) the unrecognised archive format and 2) the
unexpected signal SEGV error

Yes, this seems to be the case.
The first one, is an error from Archive::Libarchive::XS. It is unable to
detectthe archive format.
The second one is caused by the first. ASSP_AFC is falling back to another
uncompress engine, which causes the SEGV in processing a shared scalar in
'main::'.
I think, the second one I can fix in the next assp.pl release.

Thomas





Von:    James Brown <[hidden email]>
An:     For Users of ASSP <[hidden email]>
Datum:  18.08.2016 03:56
Betreff:        Re: [Assp-user] ASSP_AFC 4.34 released



Hi Thomas.

Seeing this a lot after upgrading to version 4.34:

Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file (can't
open archive)
'/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz'
- Unrecognized archive format
Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract
'/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz'
- <-30> - Unrecognized archive format
Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in
Worker_1: package - ASSP_AFC, file -
/Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file
- /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 30122
concurrent equal 'Warning' loglines from all Workers)
Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send
Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in
Worker_1: package - ASSP_AFC, file -
/Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!

I think this is two issues: 1) the unrecognised archive format and 2) the
unexpected signal SEGV error, because I see lots of SEGV errors without
the archive format error:

Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database
table HMMdb to file /Applications/assp/HMMdb
Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file
- /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 72912
concurrent equal 'Warning' loglines from all Workers)
Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file asspstats.sav

Note also that the Warning line does not have a date/time stamp followed
by [Worker_1], it just starts with ‘Warning’.


Also just noticed this:

Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running worker
for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30
seconds) is now reached
Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to
transfer connection to any worker - try again!
Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to transfer
connection to any worker within 120 seconds - restart ASSP!
Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence

ASSP version 2.5.2(16207)

Thanks,

James.


> On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt <[hidden email]>
wrote:
>
> Hi all,
>
> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
>
> It contains additionaly code to detect any MS-Office macro as executable

> code (exe-bin).
> It tries to detect any obfuscated JS code of the "lucky virus" as
> executable code (exe-bin).
>
> Thomas
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,

> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports.
http://sdm.link/zohodev2dev_______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user



------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************



------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.34 released

Thomas Eckardt/eck
In reply to this post by K Post
>Will there be an update to 3.x?
No, version 3 will be removed, when the next assp.pl will be released.
You can use version 4.

Thomas




Von:    K Post <[hidden email]>
An:     For Users of ASSP <[hidden email]>
Datum:  17.08.2016 23:45
Betreff:        Re: [Assp-user] ASSP_AFC 4.34 released



Thanks.
Will there be an update to 3.x?  Or can we just use 4.x without
using/paying for the smime portion?


On Mon, Aug 15, 2016 at 2:23 AM, Thomas Eckardt
<[hidden email]>
wrote:

> Hi all,
>
> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
>
> It contains additionaly code to detect any MS-Office macro as executable
> code (exe-bin).
> It tries to detect any obfuscated JS code of the "lucky virus" as
> executable code (exe-bin).
>
> Thomas
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the

>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.34 released

Thomas Eckardt/eck
In reply to this post by James Brown
I've just released ASSP_AFC 4.35 (CVS and SF) - the SEGV should be fixed
there.
Depending on the used OS and Perl it may be possible, that an additionaly
small correction of assp.pl is required to fix this SEGV.
Try ASSP_AFC 4.35 and tell me if it works for you.

assp.pl correction is: move the two lines 6996 + 6997

our ($SAVEOUT, $SAVEERR);
our $lockOUT:shared;

to:  after the line 147

our $islendian = (unpack("h*", pack("s", 1)) =~ /^1/) ;
our ($SAVEOUT, $SAVEERR);
our $lockOUT:shared;


 For Perl 5.16.3 and higher, the assp.pl correction should be not
required.

Thomas





Von:    James Brown <[hidden email]>
An:     For Users of ASSP <[hidden email]>
Datum:  18.08.2016 03:56
Betreff:        Re: [Assp-user] ASSP_AFC 4.34 released



Hi Thomas.

Seeing this a lot after upgrading to version 4.34:

Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file (can't
open archive)
'/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz'
- Unrecognized archive format
Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract
'/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz'
- <-30> - Unrecognized archive format
Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in
Worker_1: package - ASSP_AFC, file -
/Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file
- /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 30122
concurrent equal 'Warning' loglines from all Workers)
Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send
Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in
Worker_1: package - ASSP_AFC, file -
/Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!

I think this is two issues: 1) the unrecognised archive format and 2) the
unexpected signal SEGV error, because I see lots of SEGV errors without
the archive format error:

Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database
table HMMdb to file /Applications/assp/HMMdb
Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file
- /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 72912
concurrent equal 'Warning' loglines from all Workers)
Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file asspstats.sav

Note also that the Warning line does not have a date/time stamp followed
by [Worker_1], it just starts with ‘Warning’.


Also just noticed this:

Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running worker
for a new connection - wait (max 30 seconds)
Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30
seconds) is now reached
Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to
transfer connection to any worker - try again!
Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to transfer
connection to any worker within 120 seconds - restart ASSP!
Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence

ASSP version 2.5.2(16207)

Thanks,

James.


> On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt <[hidden email]>
wrote:
>
> Hi all,
>
> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
>
> It contains additionaly code to detect any MS-Office macro as executable

> code (exe-bin).
> It tries to detect any obfuscated JS code of the "lucky virus" as
> executable code (exe-bin).
>
> Thomas
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,

> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports.
http://sdm.link/zohodev2dev_______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user



------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************



------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.34 released

James Brown
Thanks Thomas,

that seems to have fixed it so far.

Will now try to work out why it finds .gz files unrecognisable.

Thanks,

James.

> On 18 Aug. 2016, at 6:27 pm, Thomas Eckardt <[hidden email]> wrote:
>
> I've just released ASSP_AFC 4.35 (CVS and SF) - the SEGV should be fixed
> there.
> Depending on the used OS and Perl it may be possible, that an additionaly
> small correction of assp.pl is required to fix this SEGV.
> Try ASSP_AFC 4.35 and tell me if it works for you.
>
> assp.pl correction is: move the two lines 6996 + 6997
>
> our ($SAVEOUT, $SAVEERR);
> our $lockOUT:shared;
>
> to:  after the line 147
>
> our $islendian = (unpack("h*", pack("s", 1)) =~ /^1/) ;
> our ($SAVEOUT, $SAVEERR);
> our $lockOUT:shared;
>
>
> For Perl 5.16.3 and higher, the assp.pl correction should be not
> required.
>
> Thomas
>
>
>
>
>
> Von:    James Brown <[hidden email]>
> An:     For Users of ASSP <[hidden email]>
> Datum:  18.08.2016 03:56
> Betreff:        Re: [Assp-user] ASSP_AFC 4.34 released
>
>
>
> Hi Thomas.
>
> Seeing this a lot after upgrading to version 4.34:
>
> Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file (can't
> open archive)
> '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz'
> - Unrecognized archive format
> Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract
> '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz'
> - <-30> - Unrecognized archive format
> Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in
> Worker_1: package - ASSP_AFC, file -
> /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
> Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file
> - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 30122
> concurrent equal 'Warning' loglines from all Workers)
> Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send
> Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in
> Worker_1: package - ASSP_AFC, file -
> /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
>
> I think this is two issues: 1) the unrecognised archive format and 2) the
> unexpected signal SEGV error, because I see lots of SEGV errors without
> the archive format error:
>
> Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database
> table HMMdb to file /Applications/assp/HMMdb
> Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file
> - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 72912
> concurrent equal 'Warning' loglines from all Workers)
> Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file asspstats.sav
>
> Note also that the Warning line does not have a date/time stamp followed
> by [Worker_1], it just starts with ‘Warning’.
>
>
> Also just noticed this:
>
> Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
> for a new connection - wait (max 30 seconds)
> Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
> for a new connection - wait (max 30 seconds)
> Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
> for a new connection - wait (max 30 seconds)
> Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running worker
> for a new connection - wait (max 30 seconds)
> Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30
> seconds) is now reached
> Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to
> transfer connection to any worker - try again!
> Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to transfer
> connection to any worker within 120 seconds - restart ASSP!
> Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence
>
> ASSP version 2.5.2(16207)
>
> Thanks,
>
> James.
>
>
>> On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt <[hidden email]>
> wrote:
>>
>> Hi all,
>>
>> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
>>
>> It contains additionaly code to detect any MS-Office macro as executable
>
>> code (exe-bin).
>> It tries to detect any obfuscated JS code of the "lucky virus" as
>> executable code (exe-bin).
>>
>> Thomas
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential,
> legally
>> privileged and protected in law and are intended solely for the use of
> the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
> ------------------------------------------------------------------------------
>> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
>> patterns at an interface-level. Reveals which users, apps, and protocols
> are
>> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>
>> J-Flow, sFlow and other flows. Make informed decisions using capacity
>> planning reports.
> http://sdm.link/zohodev2dev_______________________________________________
>> Assp-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user



------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.34 released

K Post
I'm running Perl 5.20.1 on Windows and even with AFC 4.35 I'm getting LOTS
of

Aug-18-16 17:37:06 Warning: got unexpected signal SEGV in Worker_1: package
- ASSP_AFC, file - c:/ASSP/Plugins/ASSP_AFC.pm, line - 1959!


I'll try the ASSP.pl modification, but wanted to raise a flag since you
indicated ithat the mod shouldn't be necessary for Perl 5.16 or newer.

On Thu, Aug 18, 2016 at 8:23 AM, James Brown <[hidden email]> wrote:

> Thanks Thomas,
>
> that seems to have fixed it so far.
>
> Will now try to work out why it finds .gz files unrecognisable.
>
> Thanks,
>
> James.
>
> > On 18 Aug. 2016, at 6:27 pm, Thomas Eckardt <[hidden email]>
> wrote:
> >
> > I've just released ASSP_AFC 4.35 (CVS and SF) - the SEGV should be fixed
> > there.
> > Depending on the used OS and Perl it may be possible, that an additionaly
> > small correction of assp.pl is required to fix this SEGV.
> > Try ASSP_AFC 4.35 and tell me if it works for you.
> >
> > assp.pl correction is: move the two lines 6996 + 6997
> >
> > our ($SAVEOUT, $SAVEERR);
> > our $lockOUT:shared;
> >
> > to:  after the line 147
> >
> > our $islendian = (unpack("h*", pack("s", 1)) =~ /^1/) ;
> > our ($SAVEOUT, $SAVEERR);
> > our $lockOUT:shared;
> >
> >
> > For Perl 5.16.3 and higher, the assp.pl correction should be not
> > required.
> >
> > Thomas
> >
> >
> >
> >
> >
> > Von:    James Brown <[hidden email]>
> > An:     For Users of ASSP <[hidden email]>
> > Datum:  18.08.2016 03:56
> > Betreff:        Re: [Assp-user] ASSP_AFC 4.34 released
> >
> >
> >
> > Hi Thomas.
> >
> > Seeing this a lot after upgrading to version 4.34:
> >
> > Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file
> (can't
> > open archive)
> > '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.
> com.au_1471384504_1471470908.xml.gz'
> > - Unrecognized archive format
> > Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract
> > '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.
> com.au_1471384504_1471470908.xml.gz'
> > - <-30> - Unrecognized archive format
> > Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in
> > Worker_1: package - ASSP_AFC, file -
> > /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
> > Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file
> > - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 30122
> > concurrent equal 'Warning' loglines from all Workers)
> > Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send
> > Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in
> > Worker_1: package - ASSP_AFC, file -
> > /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
> >
> > I think this is two issues: 1) the unrecognised archive format and 2) the
> > unexpected signal SEGV error, because I see lots of SEGV errors without
> > the archive format error:
> >
> > Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database
> > table HMMdb to file /Applications/assp/HMMdb
> > Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file
> > - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 72912
> > concurrent equal 'Warning' loglines from all Workers)
> > Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file
> asspstats.sav
> >
> > Note also that the Warning line does not have a date/time stamp followed
> > by [Worker_1], it just starts with ‘Warning’.
> >
> >
> > Also just noticed this:
> >
> > Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
> worker
> > for a new connection - wait (max 30 seconds)
> > Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
> worker
> > for a new connection - wait (max 30 seconds)
> > Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
> worker
> > for a new connection - wait (max 30 seconds)
> > Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running
> worker
> > for a new connection - wait (max 30 seconds)
> > Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30
> > seconds) is now reached
> > Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to
> > transfer connection to any worker - try again!
> > Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to transfer
> > connection to any worker within 120 seconds - restart ASSP!
> > Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence
> >
> > ASSP version 2.5.2(16207)
> >
> > Thanks,
> >
> > James.
> >
> >
> >> On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt <[hidden email]
> >
> > wrote:
> >>
> >> Hi all,
> >>
> >> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
> >>
> >> It contains additionaly code to detect any MS-Office macro as executable
> >
> >> code (exe-bin).
> >> It tries to detect any obfuscated JS code of the "lucky virus" as
> >> executable code (exe-bin).
> >>
> >> Thomas
> >>
> >>
> >> DISCLAIMER:
> >> *******************************************************
> >> This email and any files transmitted with it may be confidential,
> > legally
> >> privileged and protected in law and are intended solely for the use of
> > the
> >>
> >> individual to whom it is addressed.
> >> This email was multiple times scanned for viruses. There should be no
> >> known virus in this email!
> >> *******************************************************
> >>
> >>
> > ------------------------------------------------------------
> ------------------
> >> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> >> patterns at an interface-level. Reveals which users, apps, and protocols
> > are
> >> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> >
> >> J-Flow, sFlow and other flows. Make informed decisions using capacity
> >> planning reports.
> > http://sdm.link/zohodev2dev_________________________________
> ______________
> >> Assp-user mailing list
> >> [hidden email]
> >> https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> > ------------------------------------------------------------
> ------------------
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential, legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> > ------------------------------------------------------------
> ------------------
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
> ------------------------------------------------------------
> ------------------
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>

------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.34 released

K Post
Nope, even with the ASSP.pl tweak, I'm still getting

Aug-18-16 18:06:33 Warning: got unexpected signal SEGV in Worker_2: package
- ASSP_AFC, file - c:/ASSPPlugins/ASSP_AFC.pm, line - 1959!

On Thu, Aug 18, 2016 at 5:47 PM, K Post <[hidden email]> wrote:

> I'm running Perl 5.20.1 on Windows and even with AFC 4.35 I'm getting LOTS
> of
>
> Aug-18-16 17:37:06 Warning: got unexpected signal SEGV in Worker_1:
> package - ASSP_AFC, file - c:/ASSP/Plugins/ASSP_AFC.pm, line - 1959!
>
>
> I'll try the ASSP.pl modification, but wanted to raise a flag since you
> indicated ithat the mod shouldn't be necessary for Perl 5.16 or newer.
>
> On Thu, Aug 18, 2016 at 8:23 AM, James Brown <[hidden email]> wrote:
>
>> Thanks Thomas,
>>
>> that seems to have fixed it so far.
>>
>> Will now try to work out why it finds .gz files unrecognisable.
>>
>> Thanks,
>>
>> James.
>>
>> > On 18 Aug. 2016, at 6:27 pm, Thomas Eckardt <[hidden email]>
>> wrote:
>> >
>> > I've just released ASSP_AFC 4.35 (CVS and SF) - the SEGV should be fixed
>> > there.
>> > Depending on the used OS and Perl it may be possible, that an
>> additionaly
>> > small correction of assp.pl is required to fix this SEGV.
>> > Try ASSP_AFC 4.35 and tell me if it works for you.
>> >
>> > assp.pl correction is: move the two lines 6996 + 6997
>> >
>> > our ($SAVEOUT, $SAVEERR);
>> > our $lockOUT:shared;
>> >
>> > to:  after the line 147
>> >
>> > our $islendian = (unpack("h*", pack("s", 1)) =~ /^1/) ;
>> > our ($SAVEOUT, $SAVEERR);
>> > our $lockOUT:shared;
>> >
>> >
>> > For Perl 5.16.3 and higher, the assp.pl correction should be not
>> > required.
>> >
>> > Thomas
>> >
>> >
>> >
>> >
>> >
>> > Von:    James Brown <[hidden email]>
>> > An:     For Users of ASSP <[hidden email]>
>> > Datum:  18.08.2016 03:56
>> > Betreff:        Re: [Assp-user] ASSP_AFC 4.34 released
>> >
>> >
>> >
>> > Hi Thomas.
>> >
>> > Seeing this a lot after upgrading to version 4.34:
>> >
>> > Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file
>> (can't
>> > open archive)
>> > '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.c
>> om.au_1471384504_1471470908.xml.gz'
>> > - Unrecognized archive format
>> > Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract
>> > '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.c
>> om.au_1471384504_1471470908.xml.gz'
>> > - <-30> - Unrecognized archive format
>> > Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in
>> > Worker_1: package - ASSP_AFC, file -
>> > /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
>> > Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC,
>> file
>> > - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed
>> 30122
>> > concurrent equal 'Warning' loglines from all Workers)
>> > Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send
>> > Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in
>> > Worker_1: package - ASSP_AFC, file -
>> > /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
>> >
>> > I think this is two issues: 1) the unrecognised archive format and 2)
>> the
>> > unexpected signal SEGV error, because I see lots of SEGV errors without
>> > the archive format error:
>> >
>> > Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database
>> > table HMMdb to file /Applications/assp/HMMdb
>> > Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC,
>> file
>> > - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed
>> 72912
>> > concurrent equal 'Warning' loglines from all Workers)
>> > Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file
>> asspstats.sav
>> >
>> > Note also that the Warning line does not have a date/time stamp followed
>> > by [Worker_1], it just starts with ‘Warning’.
>> >
>> >
>> > Also just noticed this:
>> >
>> > Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
>> worker
>> > for a new connection - wait (max 30 seconds)
>> > Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
>> worker
>> > for a new connection - wait (max 30 seconds)
>> > Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
>> worker
>> > for a new connection - wait (max 30 seconds)
>> > Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running
>> worker
>> > for a new connection - wait (max 30 seconds)
>> > Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30
>> > seconds) is now reached
>> > Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to
>> > transfer connection to any worker - try again!
>> > Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to
>> transfer
>> > connection to any worker within 120 seconds - restart ASSP!
>> > Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence
>> >
>> > ASSP version 2.5.2(16207)
>> >
>> > Thanks,
>> >
>> > James.
>> >
>> >
>> >> On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt <
>> [hidden email]>
>> > wrote:
>> >>
>> >> Hi all,
>> >>
>> >> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
>> >>
>> >> It contains additionaly code to detect any MS-Office macro as
>> executable
>> >
>> >> code (exe-bin).
>> >> It tries to detect any obfuscated JS code of the "lucky virus" as
>> >> executable code (exe-bin).
>> >>
>> >> Thomas
>> >>
>> >>
>> >> DISCLAIMER:
>> >> *******************************************************
>> >> This email and any files transmitted with it may be confidential,
>> > legally
>> >> privileged and protected in law and are intended solely for the use of
>> > the
>> >>
>> >> individual to whom it is addressed.
>> >> This email was multiple times scanned for viruses. There should be no
>> >> known virus in this email!
>> >> *******************************************************
>> >>
>> >>
>> > ------------------------------------------------------------
>> ------------------
>> >> What NetFlow Analyzer can do for you? Monitors network bandwidth and
>> > traffic
>> >> patterns at an interface-level. Reveals which users, apps, and
>> protocols
>> > are
>> >> consuming the most bandwidth. Provides multi-vendor support for
>> NetFlow,
>> >
>> >> J-Flow, sFlow and other flows. Make informed decisions using capacity
>> >> planning reports.
>> > http://sdm.link/zohodev2dev_________________________________
>> ______________
>> >> Assp-user mailing list
>> >> [hidden email]
>> >> https://lists.sourceforge.net/lists/listinfo/assp-user
>> >
>> >
>> >
>> > ------------------------------------------------------------
>> ------------------
>> > _______________________________________________
>> > Assp-user mailing list
>> > [hidden email]
>> > https://lists.sourceforge.net/lists/listinfo/assp-user
>> >
>> >
>> >
>> >
>> > DISCLAIMER:
>> > *******************************************************
>> > This email and any files transmitted with it may be confidential,
>> legally
>> > privileged and protected in law and are intended solely for the use of
>> the
>> >
>> > individual to whom it is addressed.
>> > This email was multiple times scanned for viruses. There should be no
>> > known virus in this email!
>> > *******************************************************
>> >
>> >
>> > ------------------------------------------------------------
>> ------------------
>> > _______________________________________________
>> > Assp-user mailing list
>> > [hidden email]
>> > https://lists.sourceforge.net/lists/listinfo/assp-user
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> _______________________________________________
>> Assp-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>
>
>

------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.35 released

Peter Hinman
In reply to this post by James Brown
Hi Thomas -

I've installed 4.35 and now assp is crashing.  On restart, I get the
following line in the log file.

2016-08-18 23:22:08 [Worker_1] Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file - /opt/assp/Plugins/ASSP_AFC.pm, line - 1959!

Running assp 16090 on linux, Perl 5.18.2.  I'll try updating assp and see if that makes a difference.

Peter



On 8/18/2016 6:23 AM, James Brown wrote:

> Thanks Thomas,
>
> that seems to have fixed it so far.
>
> Will now try to work out why it finds .gz files unrecognisable.
>
> Thanks,
>
> James.
>
>> On 18 Aug. 2016, at 6:27 pm, Thomas Eckardt <[hidden email]> wrote:
>>
>> I've just released ASSP_AFC 4.35 (CVS and SF) - the SEGV should be fixed
>> there.
>> Depending on the used OS and Perl it may be possible, that an additionaly
>> small correction of assp.pl is required to fix this SEGV.
>> Try ASSP_AFC 4.35 and tell me if it works for you.
>>
>> assp.pl correction is: move the two lines 6996 + 6997
>>
>> our ($SAVEOUT, $SAVEERR);
>> our $lockOUT:shared;
>>
>> to:  after the line 147
>>
>> our $islendian = (unpack("h*", pack("s", 1)) =~ /^1/) ;
>> our ($SAVEOUT, $SAVEERR);
>> our $lockOUT:shared;
>>
>>
>> For Perl 5.16.3 and higher, the assp.pl correction should be not
>> required.
>>
>> Thomas
>>
>>
>>
>>
>>
>> Von:    James Brown <[hidden email]>
>> An:     For Users of ASSP <[hidden email]>
>> Datum:  18.08.2016 03:56
>> Betreff:        Re: [Assp-user] ASSP_AFC 4.34 released
>>
>>
>>
>> Hi Thomas.
>>
>> Seeing this a lot after upgrading to version 4.34:
>>
>> Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file (can't
>> open archive)
>> '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz'
>> - Unrecognized archive format
>> Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract
>> '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz'
>> - <-30> - Unrecognized archive format
>> Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in
>> Worker_1: package - ASSP_AFC, file -
>> /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
>> Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file
>> - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 30122
>> concurrent equal 'Warning' loglines from all Workers)
>> Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send
>> Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in
>> Worker_1: package - ASSP_AFC, file -
>> /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
>>
>> I think this is two issues: 1) the unrecognised archive format and 2) the
>> unexpected signal SEGV error, because I see lots of SEGV errors without
>> the archive format error:
>>
>> Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database
>> table HMMdb to file /Applications/assp/HMMdb
>> Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC, file
>> - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed 72912
>> concurrent equal 'Warning' loglines from all Workers)
>> Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file asspstats.sav
>>
>> Note also that the Warning line does not have a date/time stamp followed
>> by [Worker_1], it just starts with ‘Warning’.
>>
>>
>> Also just noticed this:
>>
>> Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
>> for a new connection - wait (max 30 seconds)
>> Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
>> for a new connection - wait (max 30 seconds)
>> Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running worker
>> for a new connection - wait (max 30 seconds)
>> Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running worker
>> for a new connection - wait (max 30 seconds)
>> Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30
>> seconds) is now reached
>> Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to
>> transfer connection to any worker - try again!
>> Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to transfer
>> connection to any worker within 120 seconds - restart ASSP!
>> Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence
>>
>> ASSP version 2.5.2(16207)
>>
>> Thanks,
>>
>> James.
>>
>>
>>> On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt <[hidden email]>
>> wrote:
>>> Hi all,
>>>
>>> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
>>>
>>> It contains additionaly code to detect any MS-Office macro as executable
>>> code (exe-bin).
>>> It tries to detect any obfuscated JS code of the "lucky virus" as
>>> executable code (exe-bin).
>>>
>>> Thomas
>>>
>>>
>>> DISCLAIMER:
>>> *******************************************************
>>> This email and any files transmitted with it may be confidential,
>> legally
>>> privileged and protected in law and are intended solely for the use of
>> the
>>> individual to whom it is addressed.
>>> This email was multiple times scanned for viruses. There should be no
>>> known virus in this email!
>>> *******************************************************
>>>
>>>
>> ------------------------------------------------------------------------------
>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and
>> traffic
>>> patterns at an interface-level. Reveals which users, apps, and protocols
>> are
>>> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>>> J-Flow, sFlow and other flows. Make informed decisions using capacity
>>> planning reports.
>> http://sdm.link/zohodev2dev_______________________________________________
>>> Assp-user mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Assp-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential, legally
>> privileged and protected in law and are intended solely for the use of the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Assp-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user


------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.35 released

Thomas Eckardt/eck
HI Peter,

I'm sorry. I forgot to change the same use of the same statement in line
1959 of ASSP_AFC.pl 4.35.
This is solved in 4.36 - it is just released.

Thomas





Von:    Peter Hinman <[hidden email]>
An:     [hidden email]
Datum:  19.08.2016 01:31
Betreff:        Re: [Assp-user] ASSP_AFC 4.35 released



Hi Thomas -

I've installed 4.35 and now assp is crashing.  On restart, I get the
following line in the log file.

2016-08-18 23:22:08 [Worker_1] Warning: got unexpected signal SEGV in
Worker_1: package - ASSP_AFC, file - /opt/assp/Plugins/ASSP_AFC.pm, line -
1959!

Running assp 16090 on linux, Perl 5.18.2.  I'll try updating assp and see
if that makes a difference.

Peter



On 8/18/2016 6:23 AM, James Brown wrote:

> Thanks Thomas,
>
> that seems to have fixed it so far.
>
> Will now try to work out why it finds .gz files unrecognisable.
>
> Thanks,
>
> James.
>
>> On 18 Aug. 2016, at 6:27 pm, Thomas Eckardt
<[hidden email]> wrote:
>>
>> I've just released ASSP_AFC 4.35 (CVS and SF) - the SEGV should be
fixed
>> there.
>> Depending on the used OS and Perl it may be possible, that an
additionaly

>> small correction of assp.pl is required to fix this SEGV.
>> Try ASSP_AFC 4.35 and tell me if it works for you.
>>
>> assp.pl correction is: move the two lines 6996 + 6997
>>
>> our ($SAVEOUT, $SAVEERR);
>> our $lockOUT:shared;
>>
>> to:  after the line 147
>>
>> our $islendian = (unpack("h*", pack("s", 1)) =~ /^1/) ;
>> our ($SAVEOUT, $SAVEERR);
>> our $lockOUT:shared;
>>
>>
>> For Perl 5.16.3 and higher, the assp.pl correction should be not
>> required.
>>
>> Thomas
>>
>>
>>
>>
>>
>> Von:    James Brown <[hidden email]>
>> An:     For Users of ASSP <[hidden email]>
>> Datum:  18.08.2016 03:56
>> Betreff:        Re: [Assp-user] ASSP_AFC 4.34 released
>>
>>
>>
>> Hi Thomas.
>>
>> Seeing this a lot after upgrading to version 4.34:
>>
>> Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file
(can't
>> open archive)
>>
'/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz'
>> - Unrecognized archive format
>> Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract
>>
'/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.com.au_1471384504_1471470908.xml.gz'
>> - <-30> - Unrecognized archive format
>> Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in
>> Worker_1: package - ASSP_AFC, file -
>> /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
>> Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC,
file
>> - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed
30122
>> concurrent equal 'Warning' loglines from all Workers)
>> Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send
>> Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in
>> Worker_1: package - ASSP_AFC, file -
>> /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
>>
>> I think this is two issues: 1) the unrecognised archive format and 2)
the
>> unexpected signal SEGV error, because I see lots of SEGV errors without
>> the archive format error:
>>
>> Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database
>> table HMMdb to file /Applications/assp/HMMdb
>> Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC,
file
>> - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed
72912
>> concurrent equal 'Warning' loglines from all Workers)
>> Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file
asspstats.sav
>>
>> Note also that the Warning line does not have a date/time stamp
followed
>> by [Worker_1], it just starts with ‘Warning’.
>>
>>
>> Also just noticed this:
>>
>> Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
worker
>> for a new connection - wait (max 30 seconds)
>> Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
worker
>> for a new connection - wait (max 30 seconds)
>> Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
worker
>> for a new connection - wait (max 30 seconds)
>> Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running
worker
>> for a new connection - wait (max 30 seconds)
>> Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30
>> seconds) is now reached
>> Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to
>> transfer connection to any worker - try again!
>> Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to
transfer

>> connection to any worker within 120 seconds - restart ASSP!
>> Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence
>>
>> ASSP version 2.5.2(16207)
>>
>> Thanks,
>>
>> James.
>>
>>
>>> On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt
<[hidden email]>
>> wrote:
>>> Hi all,
>>>
>>> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
>>>
>>> It contains additionaly code to detect any MS-Office macro as
executable

>>> code (exe-bin).
>>> It tries to detect any obfuscated JS code of the "lucky virus" as
>>> executable code (exe-bin).
>>>
>>> Thomas
>>>
>>>
>>> DISCLAIMER:
>>> *******************************************************
>>> This email and any files transmitted with it may be confidential,
>> legally
>>> privileged and protected in law and are intended solely for the use of
>> the
>>> individual to whom it is addressed.
>>> This email was multiple times scanned for viruses. There should be no
>>> known virus in this email!
>>> *******************************************************
>>>
>>>
>>
------------------------------------------------------------------------------
>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and
>> traffic
>>> patterns at an interface-level. Reveals which users, apps, and
protocols
>> are
>>> consuming the most bandwidth. Provides multi-vendor support for
NetFlow,
>>> J-Flow, sFlow and other flows. Make informed decisions using capacity
>>> planning reports.
>>
http://sdm.link/zohodev2dev_______________________________________________
>>> Assp-user mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>
>>
>>
------------------------------------------------------------------------------

>> _______________________________________________
>> Assp-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential,
legally
>> privileged and protected in law and are intended solely for the use of
the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>>
------------------------------------------------------------------------------
>> _______________________________________________
>> Assp-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
------------------------------------------------------------------------------
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user


------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************



------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP_AFC 4.34 released

K Post
In reply to this post by K Post
FYI - it looks like this thread got split up (at least for me in gmail).
For the benefit of those who might have missed this in the other thread.
>From Thomas:

I'm sorry. I forgot to change the same use of the same statement in line
1959 of ASSP_AFC.pl 4.35.
This is solved in 4.36 - it is just released.



On Thu, Aug 18, 2016 at 6:08 PM, K Post <[hidden email]> wrote:

> Nope, even with the ASSP.pl tweak, I'm still getting
>
> Aug-18-16 18:06:33 Warning: got unexpected signal SEGV in Worker_2:
> package - ASSP_AFC, file - c:/ASSPPlugins/ASSP_AFC.pm, line - 1959!
>
> On Thu, Aug 18, 2016 at 5:47 PM, K Post <[hidden email]> wrote:
>
>> I'm running Perl 5.20.1 on Windows and even with AFC 4.35 I'm getting
>> LOTS of
>>
>> Aug-18-16 17:37:06 Warning: got unexpected signal SEGV in Worker_1:
>> package - ASSP_AFC, file - c:/ASSP/Plugins/ASSP_AFC.pm, line - 1959!
>>
>>
>> I'll try the ASSP.pl modification, but wanted to raise a flag since you
>> indicated ithat the mod shouldn't be necessary for Perl 5.16 or newer.
>>
>> On Thu, Aug 18, 2016 at 8:23 AM, James Brown <[hidden email]>
>> wrote:
>>
>>> Thanks Thomas,
>>>
>>> that seems to have fixed it so far.
>>>
>>> Will now try to work out why it finds .gz files unrecognisable.
>>>
>>> Thanks,
>>>
>>> James.
>>>
>>> > On 18 Aug. 2016, at 6:27 pm, Thomas Eckardt <
>>> [hidden email]> wrote:
>>> >
>>> > I've just released ASSP_AFC 4.35 (CVS and SF) - the SEGV should be
>>> fixed
>>> > there.
>>> > Depending on the used OS and Perl it may be possible, that an
>>> additionaly
>>> > small correction of assp.pl is required to fix this SEGV.
>>> > Try ASSP_AFC 4.35 and tell me if it works for you.
>>> >
>>> > assp.pl correction is: move the two lines 6996 + 6997
>>> >
>>> > our ($SAVEOUT, $SAVEERR);
>>> > our $lockOUT:shared;
>>> >
>>> > to:  after the line 147
>>> >
>>> > our $islendian = (unpack("h*", pack("s", 1)) =~ /^1/) ;
>>> > our ($SAVEOUT, $SAVEERR);
>>> > our $lockOUT:shared;
>>> >
>>> >
>>> > For Perl 5.16.3 and higher, the assp.pl correction should be not
>>> > required.
>>> >
>>> > Thomas
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > Von:    James Brown <[hidden email]>
>>> > An:     For Users of ASSP <[hidden email]>
>>> > Datum:  18.08.2016 03:56
>>> > Betreff:        Re: [Assp-user] ASSP_AFC 4.34 released
>>> >
>>> >
>>> >
>>> > Hi Thomas.
>>> >
>>> > Seeing this a lot after upgrading to version 4.34:
>>> >
>>> > Aug-18-16 11:29:00 [Worker_1] Warning: possibly virus infected file
>>> (can't
>>> > open archive)
>>> > '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.c
>>> om.au_1471384504_1471470908.xml.gz'
>>> > - Unrecognized archive format
>>> > Aug-18-16 11:29:00 [Worker_1] Warning: fatal - libarchive extract
>>> > '/Applications/assp/tmp/zip_1_1471483740/proximus.be_bordo.c
>>> om.au_1471384504_1471470908.xml.gz'
>>> > - <-30> - Unrecognized archive format
>>> > Aug-18-16 11:29:00 [Worker_1] Warning: got unexpected signal SEGV in
>>> > Worker_1: package - ASSP_AFC, file -
>>> > /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
>>> > Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC,
>>> file
>>> > - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed
>>> 30122
>>> > concurrent equal 'Warning' loglines from all Workers)
>>> > Aug-18-16 11:29:17 [Worker_10000] Info: looking for files to (re)send
>>> > Aug-18-16 11:29:16 [Worker_1] Warning: got unexpected signal SEGV in
>>> > Worker_1: package - ASSP_AFC, file -
>>> > /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765!
>>> >
>>> > I think this is two issues: 1) the unrecognised archive format and 2)
>>> the
>>> > unexpected signal SEGV error, because I see lots of SEGV errors without
>>> > the archive format error:
>>> >
>>> > Aug-18-16 11:32:08 [Worker_10000] Backup: 3,691,737 records of database
>>> > table HMMdb to file /Applications/assp/HMMdb
>>> > Warning: got unexpected signal SEGV in Worker_1: package - ASSP_AFC,
>>> file
>>> > - /Applications/assp/Plugins/ASSP_AFC.pm, line - 1765! (suppressed
>>> 72912
>>> > concurrent equal 'Warning' loglines from all Workers)
>>> > Aug-18-16 11:32:08 [Worker_10000] Info: saving Stats in file
>>> asspstats.sav
>>> >
>>> > Note also that the Warning line does not have a date/time stamp
>>> followed
>>> > by [Worker_1], it just starts with ‘Warning’.
>>> >
>>> >
>>> > Also just noticed this:
>>> >
>>> > Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
>>> worker
>>> > for a new connection - wait (max 30 seconds)
>>> > Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
>>> worker
>>> > for a new connection - wait (max 30 seconds)
>>> > Aug-18-16 11:23:14 [Main_Thread] Info: unable to detect any running
>>> worker
>>> > for a new connection - wait (max 30 seconds)
>>> > Aug-18-16 11:23:15 [Main_Thread] Info: unable to detect any running
>>> worker
>>> > for a new connection - wait (max 30 seconds)
>>> > Aug-18-16 11:23:15 [Main_Thread] Info: ConnectionTransferTimeOut (30
>>> > seconds) is now reached
>>> > Aug-18-16 11:23:15 [Main_Thread] Warning: Main_Thread is unable to
>>> > transfer connection to any worker - try again!
>>> > Aug-18-16 11:23:15 [Main_Thread] Error: Main_Thread is unable to
>>> transfer
>>> > connection to any worker within 120 seconds - restart ASSP!
>>> > Aug-18-16 11:23:15 [Main_Thread] Initializing shutdown sequence
>>> >
>>> > ASSP version 2.5.2(16207)
>>> >
>>> > Thanks,
>>> >
>>> > James.
>>> >
>>> >
>>> >> On 15 Aug. 2016, at 4:23 pm, Thomas Eckardt <
>>> [hidden email]>
>>> > wrote:
>>> >>
>>> >> Hi all,
>>> >>
>>> >> The ASSP_AFC plugin version 4.34 is released at CVS and SF download.
>>> >>
>>> >> It contains additionaly code to detect any MS-Office macro as
>>> executable
>>> >
>>> >> code (exe-bin).
>>> >> It tries to detect any obfuscated JS code of the "lucky virus" as
>>> >> executable code (exe-bin).
>>> >>
>>> >> Thomas
>>> >>
>>> >>
>>> >> DISCLAIMER:
>>> >> *******************************************************
>>> >> This email and any files transmitted with it may be confidential,
>>> > legally
>>> >> privileged and protected in law and are intended solely for the use of
>>> > the
>>> >>
>>> >> individual to whom it is addressed.
>>> >> This email was multiple times scanned for viruses. There should be no
>>> >> known virus in this email!
>>> >> *******************************************************
>>> >>
>>> >>
>>> > ------------------------------------------------------------
>>> ------------------
>>> >> What NetFlow Analyzer can do for you? Monitors network bandwidth and
>>> > traffic
>>> >> patterns at an interface-level. Reveals which users, apps, and
>>> protocols
>>> > are
>>> >> consuming the most bandwidth. Provides multi-vendor support for
>>> NetFlow,
>>> >
>>> >> J-Flow, sFlow and other flows. Make informed decisions using capacity
>>> >> planning reports.
>>> > http://sdm.link/zohodev2dev_________________________________
>>> ______________
>>> >> Assp-user mailing list
>>> >> [hidden email]
>>> >> https://lists.sourceforge.net/lists/listinfo/assp-user
>>> >
>>> >
>>> >
>>> > ------------------------------------------------------------
>>> ------------------
>>> > _______________________________________________
>>> > Assp-user mailing list
>>> > [hidden email]
>>> > https://lists.sourceforge.net/lists/listinfo/assp-user
>>> >
>>> >
>>> >
>>> >
>>> > DISCLAIMER:
>>> > *******************************************************
>>> > This email and any files transmitted with it may be confidential,
>>> legally
>>> > privileged and protected in law and are intended solely for the use of
>>> the
>>> >
>>> > individual to whom it is addressed.
>>> > This email was multiple times scanned for viruses. There should be no
>>> > known virus in this email!
>>> > *******************************************************
>>> >
>>> >
>>> > ------------------------------------------------------------
>>> ------------------
>>> > _______________________________________________
>>> > Assp-user mailing list
>>> > [hidden email]
>>> > https://lists.sourceforge.net/lists/listinfo/assp-user
>>>
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> _______________________________________________
>>> Assp-user mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>
>>
>>
>

------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user