[EMAIL PROTECTED](Tomasz Kojm) 13.03.05 19:15
>On 13 Mar 2005 19:03:00 +0100
>Rainer Zocholl <[EMAIL PROTECTED]> wrote:
>> In the last line i wrote:
>>>>I used the command line:
>>>>"clamscan -ir --block-encrypted --block-max --detect-broken --unzip
>>>>--unrar --unarj --unzoo --lha --jar --deb --tar --tgz /home/ftp/"
>>
>> Does such command line really look like i haven't read the docs at
>> all?
>It looks like you have read the _manual_pages_ between lines.
# Usage
* Clam daemon
* Clamdscan
* Clamuko
* Output format
Question:
What of the 4 does not belong to the list?
Rigth!
"Output format" (the other 3 are prgrams)
ok opening it we see a surprise:
* clamscan
* clamd
futher prorgams.
And this are the only points of "Output format"...
But ok i think we are were have been 2h before:
http://www.clamav.net/doc/0.83/html/node28.html
There we could read:
clamscan by default writes all messages to stderr. Run it with --stdout
enabled to redirect them to the standard output.
What exactly should that help when i run clamscan with "nohup"
catching all outputs including stderr?
(I already assumed that, but it does not clarify what's special
with the output of libclamav)
When a virus is found its name is printed between the filename: and FOUND
strings. In case of archives the scanner depends on libclamav and only
prints the first virus found within an archive:
I only see the filename "inside" that zip.
Ah, sorry you mean that absoletly missleading TIP?
TIP: You can force clamscan to list all infected files in an archive
using -no-archive
(that disables transparent decompressors built into libclamav)
and external decompressors: -unzip -unrar....
[EMAIL PROTECTED]:/tmp$ clamscan --no-archive --unzip malware.zip
Archive: /tmp/malware.zip
inflating: test1.exe
inflating: test2.exe
inflating: test3.exe
/tmp/clamav-77e7bfdbb2d3872b/test1.exe: Worm.Mydoom.U FOUND
/tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND
/tmp/clamav-77e7bfdbb2d3872b/test3.exe: Worm.Nyxem.D FOUND
/tmp/malware.zip: Infected Archive FOUND
That's very mad logic to have to say "--no-archive" when i want to have
the archive names! Ouch.
I'm as user am not interessted to see how it is implemented...
Too the braces seems to be set wrong or a word is missing?
TIP: You can force clamscan to list all infected files in an
archive using -no-archive (that disables transparent decompressors
built into libclamav and external decompressors: -unzip -unrar...)
But that's not what i want!
I want all archives to BE unpacked!
and i want to see *archive* file names
and BOTH pathes and names, not
a) achive name and virus name
b) path inside archive and virus name
what i'm missing is:
c) archive name (and path) and path inside archive and virus name
In the man page there is not the slightest hint to that strange
behavior:
--no-archive
Disable archive support built in libclamav.
Again: I want to have archives extracted!
So i -of course- ignore that option.
Should it maybe read:
--no-archive
Disables built-in archive support of libclamav.
Instead always the external unarchivers are used by clamscan.
Allows clamscan to print out the archive name.
?
Mayby that option should be called:
--no-built-in-archiver
Please:
Next time simply post the URL you mean.
You have done a lot of work to the docs, that's good and i know
that's a lot of work!
But the doc is far from "done" and a simply RTFM is sufficient.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
