Bug in ClamAV 0.80

[Julian Field]

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Can someone confirm this for me please?
I have a copy of the F-Prot distribution, which includes a copy of EICAR
inside their docs so that you have a test file.
ClamAV finds this file when it is checking individual elements of the
tgz file, but then reports the tgz file itself as being clean.

I get this output from
/usr/lib/MailScanner/clamav-wrapper /usr/local -r --disable-summary
--stdout .
---SNIP---
/tmp/clamav.17357/clamav-ed6a79aa30cd343a/f-prot/doc_ws/screenshot.jpg: OK
/tmp/clamav.17357/clamav-ed6a79aa30cd343a/f-prot/doc_ws/sys_req.html: OK
/tmp/clamav.17357/clamav-ed6a79aa30cd343a/f-prot/doc_ws/test_eicar.html:
Eicar-Test-Signature FOUND
/tmp/clamav.17357/clamav-ed6a79aa30cd343a/f-prot/doc_ws/test_inst.html: OK
/tmp/clamav.17357/clamav-ed6a79aa30cd343a/f-prot/doc_ws/tip.jpg: OK
---SNIP---
(raw) /tmp/clamav.17357/clamav-fcf5882c8ea0c1ad/fp-linux-ws-4.0.0.tgz: OK
---SNIP---

As you can see, it reports the EICAR but then says the tgz is clean. I
can find no way of reliably pulling out all this /tmp stuff so that I
can deduce the real name of the archive.

Why did the ClamAV guys break their nice tidy output format?

For now, do *not* use the "clamav" scanner. The "clamavmodule" scanner
should still work okay.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).