I'm also having the problem that Ron Snyder reported yesterday, where clamscan will mark a file as OK, but if I extract the attachment (just by base64-decoding it, NOT by unzipping it too), then clamscan properly recognizes the virus (in this case, SCO.A).
Actually clamscan seems to be having this problem with every single SCO.A virus I get, though I'm not sure it's limited to just this one.
I saved the email (directly out of my Imap Maildir) as "email", and the zip attachment (containing SCO.A) as "document.zip". Here's what I get with clamscan (version 0.67, after running freshclam):
> clamscan email email: OK
----------- SCAN SUMMARY ----------- Known viruses: 20381 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.03 MB I/O buffer size: 131072 bytes Time: 0.833 sec (0 m 0 s)
> clamscan document.zip document.zip: Worm.SCO.A FOUND
----------- SCAN SUMMARY ----------- Known viruses: 20381 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.02 MB I/O buffer size: 131072 bytes Time: 0.787 sec (0 m 0 s)
Any suggestions? Note that clamscan is successfully finding other viruses in my inbox, but it's missing all of the SCO ones, as far as I can tell. I have over 200 of them saved in a separate directory and clamscan misses all of those.
Thanks, Dominic
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
