Re: [Clamav-users] clamdscan/clamd doesn't find a virus that clamscan does

Thu, 12 May 2005 13:36:28 -0700 

>>>>> "Tomasz" == Tomasz Kojm <[EMAIL PROTECTED]> writes:

    Tomasz> [EMAIL PROTECTED] wrote:

    >> LibClamAV debug: CVD -> No creation time in seconds (old file format)

    Tomasz> Your databases are outdated.

OK, it looks like clamscan tries to read the compiled in database
location even though clamd.conf specifies another location.  I tried
again specifying the correct database directory on the clamscan
command line and I still get similar results -- clamscan detects the
virus but clamdscan/clamd does not.

I've been using clamd with amavisd-new for about a year.  A couple
days ago I noticed that some viruses were getting through undetected
so I assumed that the undected viruses didn't have signatures in the
database yet, but found that they were.  I was running clamav-0.82 and
upgraded to clamav-0.85 to make sure that wasn't the problem.

Results from clamdscan/clamd:

root edoras[42]: clamdscan --config-file=/usr/local/etc/clamd-debug.conf 
email-doc.scr
/var/tmp/email-doc.scr: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.034 sec (0 m 0 s)

root edoras[3]: /usr/local/sbin/clamd -c /usr/local/etc/clamd-debug.conf 
LibClamAV debug: Setting /var/tmp as global temporary directory
LibClamAV debug: Loading databases from /var/db/clamav
LibClamAV debug: Loading /var/db/clamav/main.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 97483b1d8189548e820e8a3f4bef787b
LibClamAV debug: Decoded signature: 97483b1d8189548e820e8a3f4bef787b
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /var/tmp/clamav-8b4f0f5af299e78d/COPYING
LibClamAV debug: Unpacking /var/tmp/clamav-8b4f0f5af299e78d/main.db
LibClamAV debug: Unpacking /var/tmp/clamav-8b4f0f5af299e78d/main.hdb
LibClamAV debug: Unpacking /var/tmp/clamav-8b4f0f5af299e78d/main.ndb
LibClamAV debug: Unpacking /var/tmp/clamav-8b4f0f5af299e78d/main.zmd
LibClamAV debug: Unpacking /var/tmp/clamav-8b4f0f5af299e78d/main.fp
LibClamAV debug: Loading databases from /var/tmp/clamav-8b4f0f5af299e78d
LibClamAV debug: Loading /var/tmp/clamav-8b4f0f5af299e78d/main.db
LibClamAV debug: Initializing main node
LibClamAV debug: Initializing trie
LibClamAV debug: Initializing BM tables
LibClamAV debug: in cli_bm_init()
LibClamAV debug: BM: Number of indexes = 63744
LibClamAV debug: Loading /var/tmp/clamav-8b4f0f5af299e78d/main.hdb
LibClamAV debug: Initializing md5 list structure
LibClamAV debug: Loading /var/tmp/clamav-8b4f0f5af299e78d/main.ndb
LibClamAV debug: Loading /var/tmp/clamav-8b4f0f5af299e78d/main.zmd
LibClamAV debug: Loading /var/tmp/clamav-8b4f0f5af299e78d/main.fp
LibClamAV debug: Loading /var/db/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 28f45cc32498c82312899352df1686c3
LibClamAV debug: Decoded signature: 28f45cc32498c82312899352df1686c3
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /var/tmp/clamav-41cefdc1d3467a2b/COPYING
LibClamAV debug: Unpacking /var/tmp/clamav-41cefdc1d3467a2b/daily.db
LibClamAV debug: Unpacking /var/tmp/clamav-41cefdc1d3467a2b/daily.hdb
LibClamAV debug: Unpacking /var/tmp/clamav-41cefdc1d3467a2b/daily.ndb
LibClamAV debug: Loading databases from /var/tmp/clamav-41cefdc1d3467a2b
LibClamAV debug: Loading /var/tmp/clamav-41cefdc1d3467a2b/daily.db
LibClamAV debug: Loading /var/tmp/clamav-41cefdc1d3467a2b/daily.hdb
LibClamAV debug: Loading /var/tmp/clamav-41cefdc1d3467a2b/daily.ndb
LibClamAV debug: set stacksize to 262144
LibClamAV debug: Raw mode: No support for special files
LibClamAV debug: Type: 0, expected: 502 (Worm.Mytob.BN-1)
LibClamAV debug: Calculated MD5 checksum: aa11b5ec238c1de2c674da1418b4de69




Results from clamscan:

root edoras[40]: clamscan -d /var/db/clamav --debug /var/tmp/email-doc.scr
LibClamAV debug: Loading databases from /var/db/clamav
LibClamAV debug: Loading /var/db/clamav/main.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 97483b1d8189548e820e8a3f4bef787b
LibClamAV debug: Decoded signature: 97483b1d8189548e820e8a3f4bef787b
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /var/tmp//clamav-d908f00ebf7f81a3/COPYING
LibClamAV debug: Unpacking /var/tmp//clamav-d908f00ebf7f81a3/main.db
LibClamAV debug: Unpacking /var/tmp//clamav-d908f00ebf7f81a3/main.hdb
LibClamAV debug: Unpacking /var/tmp//clamav-d908f00ebf7f81a3/main.ndb
LibClamAV debug: Unpacking /var/tmp//clamav-d908f00ebf7f81a3/main.zmd
LibClamAV debug: Unpacking /var/tmp//clamav-d908f00ebf7f81a3/main.fp
LibClamAV debug: Loading databases from /var/tmp//clamav-d908f00ebf7f81a3
LibClamAV debug: Loading /var/tmp//clamav-d908f00ebf7f81a3/main.db
LibClamAV debug: Initializing main node
LibClamAV debug: Initializing trie
LibClamAV debug: Initializing BM tables
LibClamAV debug: in cli_bm_init()
LibClamAV debug: BM: Number of indexes = 63744
LibClamAV debug: Loading /var/tmp//clamav-d908f00ebf7f81a3/main.hdb
LibClamAV debug: Initializing md5 list structure
LibClamAV debug: Loading /var/tmp//clamav-d908f00ebf7f81a3/main.ndb
LibClamAV debug: Loading /var/tmp//clamav-d908f00ebf7f81a3/main.zmd
LibClamAV debug: Loading /var/tmp//clamav-d908f00ebf7f81a3/main.fp
LibClamAV debug: Loading /var/db/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 28f45cc32498c82312899352df1686c3
LibClamAV debug: Decoded signature: 28f45cc32498c82312899352df1686c3
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /var/tmp//clamav-000e3d84d2276d91/COPYING
LibClamAV debug: Unpacking /var/tmp//clamav-000e3d84d2276d91/daily.db
LibClamAV debug: Unpacking /var/tmp//clamav-000e3d84d2276d91/daily.hdb
LibClamAV debug: Unpacking /var/tmp//clamav-000e3d84d2276d91/daily.ndb
LibClamAV debug: Loading databases from /var/tmp//clamav-000e3d84d2276d91
LibClamAV debug: Loading /var/tmp//clamav-000e3d84d2276d91/daily.db
LibClamAV debug: Loading /var/tmp//clamav-000e3d84d2276d91/daily.hdb
LibClamAV debug: Loading /var/tmp//clamav-000e3d84d2276d91/daily.ndb
LibClamAV debug: Recognized DOS/W32 executable/library/driver file
LibClamAV debug: Worm.Mytob.BN-1 found in descriptor 5.
/var/tmp/email-doc.scr: Worm.Mytob.BN-1 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 34297
Engine version: 0.85
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.03 MB
Time: 4.723 sec (0 m 4 s)

-- Bob
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html

Reply via email to