UNKNOWN CLAMD RETURN
UxBoD
uxbod at splatnix.net
Thu Jul 19 12:35:33 IST 2007
Rick,
Here is the output :-
[root at bianchi tmp]# clamscan /tmp/eicar.com
/tmp/eicar.com: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 154131
Engine version: 0.91.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Time: 1.491 sec (0 m 1 s)
[root at bianchi tmp]# clamdscan /tmp/eicar.com
/tmp/eicar.com: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.000 sec (0 m 0 s)
But as it is the header then that is probably why it is not giving a filename that has been scanned.
----- Original Message -----
From: "Rick Cooper" <rcooper at dwford.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Thursday, July 19, 2007 12:27:04 PM (GMT) Europe/London
Subject: RE: UNKNOWN CLAMD RETURN
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On
> Behalf Of UxBoD
> Sent: Thursday, July 19, 2007 6:18 AM
> To: MailScanner discussion
> Subject: Re: UNKNOWN CLAMD RETURN
>
> Sorry here is what versions running :-
>
> MailScanner 4.62.3 (RPM)
> ClamAV 0.91/3697/Wed Jul 18 20:18:47 2007 (RPM)
>
> Cheers,
> ----- Original Message -----
> From: "UxBoD" <uxbod at splatnix.net>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Thursday, July 19, 2007 11:12:51 AM (GMT) Europe/London
> Subject: Re: UNKNOWN CLAMD RETURN
>
> I have added a couple of extra debug lines to SweepViruses.pm :-
>
> print "ERROR:: UNKNOWN CLAMD RETURN $results :: $ScanDir\n";
> print "ERROR2:: $rest\n";
> print "ERROR3:: $results\n";
>
> and get the following :-
>
> Jul 19 06:05:08 bianchi MailScanner[11482]: ERROR2::
> Jul 19 06:05:08 bianchi MailScanner[11482]: ERROR3::
> ./9F1F37CF28F.C25E5.header/Email.Hdr.Sanesecurity.07061900 FOUND
>
[...]
That line is really formated wrong, the filename is missing from the output.
Should be something like
./1IBU5l-0003RA-Ru/eicar.com/Eicar-Test-Signature FOUND
^ ^ ^ ^
Dot Child File rest
Could you scan an eicar test file from the command line with clamdscan and
see how the output looks?
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list