On Wed, 08 Dec 2004 13:25:51 +1300 Jason Haar <[EMAIL PROTECTED]> wrote:
> Hi there > > I have a viral *.jar file that clamscan and clamdscan cannot find > anything wrong with, but if I run "clamscan --jar file.jar", it finds > the trojans. > > JAR files are meant to be ZIP files, but if I manually run unzip over > it I see: > > Archive: loaderadv50.jar > warning [loaderadv50.jar]: 262 extra bytes at beginning or within > zipfile > (attempting to process anyway) > testing: Counter.class OK > testing: Dummy.class OK > testing: Matrix.class OK > testing: Parser.class OK > No errors detected in compressed data of loaderadv50.jar. > > > So there is some junk in there that unzip skips over - but I'm > wondering if that same junk allows it to bypass clamscan/clamd's > standard methods of discovering if it's a JAR file? When I run > "clamscan --jar loaderadv50.zip", I see clamscan calling > "/usr/bin/unzip" - so I assume without that option, clamscan uses > internal unzip routines, and with it clamscan calls /usr/bin/unzip? We're not clairvoyants and can't help you without a sample. It was instructed a few posts ago how to submit a bug. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Dec 8 01:28:55 CET 2004
pgp9oSdMr6Akg.pgp
Description: PGP signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
