Hi,
The file http://www.roaringpenguin.com/msg-1212-47.zip is an EICAR
test virus in a deflate64-compressed zip file. I know that the built-in
zip decompressor doesn't handle this format, but the standard InfoZip
UNIX zip command does. So:
With ClamAV 0.87.1, the command:
clamscan --unzip msg-1212-47.zip
finds the EICAR, but with 0.88 it does not. I believe I found the
problem; below is a patch than makes 0.88 work. If Clam developers
could check it out to make sure there are no bad side effects, I'd
appreciate it.
Regards,
David.
diff -r -u clamav-0.88.PRISTINE/libclamav/scanners.c
clamav-0.88/libclamav/scanners.c
--- clamav-0.88.PRISTINE/libclamav/scanners.c 2006-01-05 10:24:08.000000000
-0500
+++ clamav-0.88/libclamav/scanners.c 2006-01-11 12:34:02.000000000 -0500
@@ -1457,8 +1457,12 @@
break;
case CL_TYPE_ZIP:
- if(SCAN_ARCHIVE)
- ret = cli_scanzip(desc, virname, scanned, root, limits,
options, arec, mrec);
+ if(SCAN_ARCHIVE) {
+ ret = cli_scanzip(desc, virname, scanned, root, limits,
options, arec, mrec);
+ if (ret == CL_EZIP) {
+ return ret;
+ }
+ }
break;
case CL_TYPE_GZ:
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
