"Jim Maul" <[EMAIL PROTECTED]> wrote on 18/03/2004 08:55:05:
> > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Thomas > > Lamy > > Sent: Wednesday, March 17, 2004 3:43 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV > > version devel-20040316 on OSX+CGPro > > > > > > Sorry, but IMHO a virus scanner on a Mac that doesn't handle BinHex is a > > piece of scrap. > > Clamav has a BinHex decoder, and it works. > > > > Is this enabled by default? I have been unable to find any way to enable > clamav to decode binhex attachments. Both binhex attachments from > testvirus.org get through my system so i made the assumption that binhex > support was lacking. I have clamav 0.67 called by amavisd-new called by postfix on my Fedora gateway, and it detected everything except Fragment and CLSID from www.testvirus.org. So that setup at least will decode BinHex attachments. However, when I tested devel-20040317 built on my 10.3.3 client machine, it failed to detect any .hqx encoded files. It detected AppleSingle and MacBinary encoded viruses, but not UUEncoded or BinHexed. I also tested on clamav 0.67 on the Fedora gateway, and it failed to detect binhex or uuencoded viruses either. I assume that is because amavisd-new is taking care of the decoding and only passing the decoded files onto clamav. There does seem to be some internal code to decode uu and hqx, but I can't get it to work. Here is the output of my scan testing on MacOS X 10.3.3. All files are the same, just encoded. .as is AppleSingle, .bin is MacBinary, .hqx is BinHex, .uu is UUEncoded. [white-dwarf:~/Incoming] jtrott% clamscan --detect-encrypted --recursive -v --debug doc LibClamAV debug: Loading databases from /sw/share/clamav LibClamAV debug: Loading /sw/share/clamav/daily.cvd LibClamAV debug: /sw/share/clamav/daily.cvd: CVD file detected LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 849c211f23b8e3d9a5cbdf48dc9b2bc8 LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /var/tmp//1bbd438c777f4a9c/COPYING LibClamAV debug: Unpacking /var/tmp//1bbd438c777f4a9c/viruses.db2 LibClamAV debug: Loading databases from /var/tmp//1bbd438c777f4a9c LibClamAV debug: Loading /var/tmp//1bbd438c777f4a9c/viruses.db2 LibClamAV debug: Initializing trie. LibClamAV debug: Loading /sw/share/clamav/main.cvd LibClamAV debug: /sw/share/clamav/main.cvd: CVD file detected LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = a20b254aa5f6b97dcafc115a63c8af4e LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /var/tmp//947c0ebe75b407b5/COPYING LibClamAV debug: Unpacking /var/tmp//947c0ebe75b407b5/viruses.db LibClamAV debug: Loading databases from /var/tmp//947c0ebe75b407b5 LibClamAV debug: Loading /var/tmp//947c0ebe75b407b5/viruses.db LibClamAV debug: Worm.Mydoom.F virus found in descriptor 5. doc/doc.scr: Worm.Mydoom.F FOUND LibClamAV debug: Worm.Mydoom.F virus found in descriptor 5. doc/doc.scr.as: Worm.Mydoom.F FOUND LibClamAV debug: Worm.Mydoom.F virus found in descriptor 5. doc/doc.scr.bin: Worm.Mydoom.F FOUND doc/doc.scr.hqx: OK doc/doc.scr.uu: OK ----------- SCAN SUMMARY ----------- Known viruses: 20486 Scanned directories: 1 Scanned files: 5 Infected files: 3 Data scanned: 0.18 MB I/O buffer size: 131072 bytes Time: 2.410 sec (0 m 2 s) > Jim Jim, probably your best bet at this stage is to install amavisd-new and get CG to use that instead of calling clamav directly. Email me if you need more info on how to do that. Thanks, JT ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
