LibClamAV Warning: Broken PE header detected.

Jim Holland mailscanner at MANGO.ZW
Thu Nov 4 13:20:19 GMT 2004


Hi all

For information.

I could not find any reference to this issue in the archives, so contacted
the ClamAV list.  A message that looked as if it was infected with Klez
had a message.pif attachment.  When scanned, ClamAV reported:

LibClamAV Warning: Broken PE header detected.
message.pif: OK

----------- SCAN SUMMARY -----------
Known viruses: 26187
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.01 MB
I/O buffer size: 131072 bytes
Time: 28.546 sec (0 m 28 s)

The above is treated by MailScanner as uninfected by a virus, although
fortunately it was blocked because of filename and filetype rules.

It is possible for ClamAV to be forced to report such files as
Broken.Executable, by using the following option in clamav-wrapper:

        ScanOptions="--detect-broken"

That then allows more control over how to treat such messages.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).




More information about the MailScanner mailing list