clamav error..

Steen, Glenn Glenn.Steen at AP1.SE
Thu Jan 13 13:15:47 GMT 2005 

Hm, this seems to stem from use of either of the --deb  or --tar
flags to clamscan

# /usr/local/bin/clamscan --unzip --jar --tar --tempdir=/tmp/  -r
--disable-summary --stdout /root/test
/root/test/eigar.tgz: Eicar-Test-Signature FOUND
# /usr/local/bin/clamscan --unzip --jar --tar --tgz --tempdir=/tmp/  -r
--disable-summary --stdout /root/test
eicar.com
/tmp//clamav-4a46f84297cce730/eicar.com: Eicar-Test-Signature FOUND
/tmp//clamav-f89abe0f126b79e1/eigar.tgz: Infected Archive FOUND
(Real infected archive: /root/test/eigar.tgz)
# /usr/local/bin/clamscan --unzip --jar --tar --deb --tempdir=/tmp/  -r
--disable-summary --stdout /root/test
eicar.com
/tmp//clamav-ca45de3e1474260c/eicar.com: Eicar-Test-Signature FOUND
/tmp//clamav-46124680eea8a914/eigar.tgz: Infected Archive FOUND
(Real infected archive: /root/test/eigar.tgz)
#

One could of course see it as ... cosmetic... since you will actually
detect and block the "virus". Still a bit irritating:). In my case
(still 4.35.11 unfortunately) it seems to "lose track" of the last
line ...

   Subject: Test av AV med tgz arkiv
 MessageID: E619E23E06.25764
    Report: ClamAV: eigar.tgz contains Infected Archive 
            McAfee: /E619E23E06.25764/eigar.tgz/eigar/eicar.com
Found: EICAR test file NOT a virus.
            Bitdefender: Found virus EICAR-Test-File (not a virus) in
file eigar.tgz

Jan 13 13:12:01 mail MailScanner[17296]: New Batch: Scanning 1 messages,
1685 bytes
Jan 13 13:12:07 mail MailScanner[17296]: Virus and Content Scanning:
Starting
Jan 13 13:12:08 mail MailScanner[17296]: eicar.com
Jan 13 13:12:08 mail MailScanner[17296]:
/tmp/clamav.23964/clamav-5482f5d1da71d494/eicar.com:
Eicar-Test-Signature FOUND
Jan 13 13:12:08 mail MailScanner[17296]:
/var/spool/MailScanner/incoming/17296/./E619E23E06.25764/eigar.tgz:
Infected Archive FOUND
Jan 13 13:12:08 mail MailScanner[17296]: Virus Scanning: ClamAV found 2
infections
Jan 13 13:12:10 mail MailScanner[17296]:
/E619E23E06.25764/eigar.tgz/eigar/eicar.com        Found: EICAR test
file NOT a virus.
Jan 13 13:12:10 mail MailScanner[17296]: Virus Scanning: McAfee found 1
infections
Jan 13 13:12:11 mail MailScanner[17296]:
/var/spool/MailScanner/incoming/17296/./E619E23E06.25764/eigar.tgz=>eiga
r.tar=>eicar.com^Iinfected: EICAR-Test-File (not a virus)
Jan 13 13:12:11 mail MailScanner[17296]: Virus Scanning: Bitdefender
found 1 infections

(The process error for the semi-spurious "eicar.com" line is in separate
error log)

Looks a bit .. quirky in MW:-).

But apart from that, does it really do any harm?

-- Glenn

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Marcel Blenkers
> Sent: den 9 januari 2005 22:14
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: clamav error..
> 
> 
> Hi there,
> 
> hope everyone slipped through into the new year..
> 
> my question..
> 
> just tested to send me the eicar-testfile as tar.gz in two different
> files.
> one names *.tar.gz and one *.tgz
> 
> all worked fine..but still some error in the logfile, which made me
> think..
> 
> here are the errors:
> 
> Jan  9 22:10:38 marcel MailScanner[30889]: Virus and Content Scanning:
> Starting
> Jan  9 22:10:38 marcel MailScanner[30889]: eicar.com
> Jan  9 22:10:38 marcel MailScanner[30889]: ProcessClamAVOutput:
> unrecognised line "eicar.com". Please contact the authors!
> Jan  9 22:10:38 marcel MailScanner[30889]:
> /tmp/clamav.802/clamav-5d4b8ff291ddb019/eicar.com: 
> Eicar-Test-Signature
> FOUND
> Jan  9 22:10:38 marcel MailScanner[30889]:
> /tmp/clamav.802/clamav-a8e63d9ddfd8c9fe/eigar.tgz: Infected 
> Archive FOUND
> Jan  9 22:10:38 marcel MailScanner[30889]: (Real infected archive:
> /var/spool/MailScanner/incoming/30889/./j09LAUH6000794/eigar.tgz)
> 
> 
> and within the warning all virus-scanners reported eicar..except
> Clamscan..
> 
> At Sun Jan  9 22:10:41 2005 the virus scanner said:
>    ClamAV: eigar.tgz contains a virus
>    AntiVir: ALERT: [Eicar-Test-Signature virus] eigar.tgz --> 
> eigar.tar
> --> eicar.com <<< Contains code of the Eicar-Test-Signature virus
>    F-Prot: eigar.tgz->?->eicar.com  Infection: EICAR_Test_File
>    Bitdefender: Found virus EICAR-Test-File (not a virus) in file
> eigar.tgz
> 
> 
> i do not use the perl-module for clamscan..but the original programm..
> 
> maybe i should switch??
> 
> 
> greetings
> 
> Marcel
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list