Dumaru again
Stephan Ilaender
mailscanner at LAYLINE.DE
Fri Mar 26 09:57:14 GMT 2004
am 26.03.2004 schrieb Spicer, Kevin zum Thema
## Re: Dumaru again ##
> If you are using disable-archive then clam won't look inside archives. Your
> other scanner is detecting it either because a) it is configured to unpack
> archives b) Its signatures are based on the zip file, rather than its
> contents. I suggest you turn disable-archive off, and when you get a false
> positive submit it to the clamav folks (through their web site) in order to
> get the signature corrected. They are usually very good at correcting these
> kind of things.
>
just a quick clarification here:
--no-archive
Disable archive support built in libclamav.
this means internal support for zip is disabled - an archive will still be
unpacked and scanned using the command line tools provided by the OS. As an
example:
file /tmp/Mtw3afm
/tmp/Mtw3afm: Zip archive data, at least v1.0 to extract
clamscan --no-archive /tmp/Mtw3afm
/tmp/Mtw3afm: Worm.Dumaru.Y FOUND
I think the clam team should probably rename this option to something like
--no-builtin-archive-support or whatever. You can read more on this issue here:
http://www.mail-archive.com/clamav-users@lists.sourceforge.net/msg02969.html
I quote:
"The way to get results of scanning of all files in a zip file is
disabling built-in archive support in libclamav (--disable-archive) and
enabling scanning with external unzip program (--unzip[=FULLPATH])."
// note that --disable-archive has been renamed to --no-archive
again, as I said - if I attach the myphoto.zip Dumaru *IS* detected ...
regards,
Stephan
More information about the MailScanner
mailing list