On Thu, 30 Oct 2003 at 18:56:13 +0100, Riki Cubek wrote: > > > So you are concerned that only one virus was found by clamscan in the > > zip file, aren't you? > > No need to. This is a normal behaviour of clamscan. > > Yes, I was - and I'm still ! > > > When it finds a first infected file in the zip archive, it reports that > > the archive (as a whole) is infected (contains a virus). It's enough, > > checking the rest is a waste of time. The archive itself is infected, > > period. > > When I check an archive manually, i want the command line scanner to give > me detailed information about the file AND the files archived (at least by > option) - like all the other command line scanners do, or like clamscan > even does itself with .rar, .tar.gz or .tar-files. Isn't it normally that > users like me get unsure when all the scanners - clamscan included - make > the same output for all the archive-types, but only clamscan does a > special one with zip-files ? >
The way to get results of scanning of all files in a zip file is disabling built-in archive support in libclamav (--disable-archive) and enabling scanning with external unzip program (--unzip[=FULLPATH]). The examples of scanning a zip file contaning more than one infected file in the archive: 1) default way: $ clamscan Backdoor.Konik.06b.zip Backdoor.Konik.06b.zip: Trojan.Konik.06b-client FOUND ----------- SCAN SUMMARY ----------- Known viruses: 9902 Scanned directories: 0 Scanned files: 1 Infected files: 1 (only one virus is reported), 2) "enhanced" way: $ clamscan --disable-archive --unzip Backdoor.Konik.06b.zip Archive: /home/tomek/vir/Backdoor.Konik.06b.zip inflating: info_trojan.txt inflating: klient_konik.exe inflating: config.exe inflating: winamp.exe inflating: Achates.html inflating: register.reg /home/tomek/c995944d53c70058/info_trojan.txt: OK /home/tomek/c995944d53c70058/klient_konik.exe: Trojan.Konik.06b-client FOUND /home/tomek/c995944d53c70058/config.exe: Trojan.Konik.06b-config FOUND /home/tomek/c995944d53c70058/winamp.exe: Trojan.Konik.06b-server FOUND /home/tomek/c995944d53c70058/Achates.html: OK /home/tomek/c995944d53c70058/register.reg: OK /home/tomek/vir/Backdoor.Konik.06b.zip: Infected Archive FOUND ----------- SCAN SUMMARY ----------- Known viruses: 9902 Scanned directories: 1 Scanned files: 6 Infected files: 3 (all files and viruses are reported). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
