hi, I'm using mod_clamav to scan HTTP download, everything work very well.
However ... When a virus is Zipped two time or more, the virus is not detected in the ziped file. The virus is detected only if it have been compressed one time. Mod_clamav use libclamav to detect virus. When I scan the same file ( compressed many time) directly with the command clamscan or clamdscan the virus is detected. how can I do to modify the level to which recursion is done to permit Libclamav or mod_clamav to detected the virus ? I'm using clamav version 0.85.1 thanks in advance ##################### output of clamscan ################ [EMAIL PROTECTED] home]# clamscan --debug eicarcom2.zip LibClamAV debug: Loading databases from /var/lib/clamav LibClamAV debug: Loading /var/lib/clamav/daily.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 9f7bc26942f70730ec6004eb83d40369 LibClamAV debug: Decoded signature: 9f7bc26942f70730ec6004eb83d40369 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-5fe2066129cb4c17/COPYING LibClamAV debug: Unpacking /tmp/clamav-5fe2066129cb4c17/daily.db LibClamAV debug: Unpacking /tmp/clamav-5fe2066129cb4c17/daily.hdb LibClamAV debug: Unpacking /tmp/clamav-5fe2066129cb4c17/daily.ndb LibClamAV debug: Unpacking /tmp/clamav-5fe2066129cb4c17/daily.fp LibClamAV debug: Loading databases from /tmp/clamav-5fe2066129cb4c17 LibClamAV debug: Loading /tmp/clamav-5fe2066129cb4c17/daily.db LibClamAV debug: Initializing main node LibClamAV debug: Initializing trie LibClamAV debug: Initializing BM tables LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Loading /tmp/clamav-5fe2066129cb4c17/daily.hdb LibClamAV debug: Initializing md5 list structure LibClamAV debug: Loading /tmp/clamav-5fe2066129cb4c17/daily.ndb LibClamAV debug: Loading /tmp/clamav-5fe2066129cb4c17/daily.fp LibClamAV debug: Loading /var/lib/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 97483b1d8189548e820e8a3f4bef787b LibClamAV debug: Decoded signature: 97483b1d8189548e820e8a3f4bef787b LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-039ac9495f5c7997/COPYING LibClamAV debug: Unpacking /tmp/clamav-039ac9495f5c7997/main.db LibClamAV debug: Unpacking /tmp/clamav-039ac9495f5c7997/main.hdb LibClamAV debug: Unpacking /tmp/clamav-039ac9495f5c7997/main.ndb LibClamAV debug: Unpacking /tmp/clamav-039ac9495f5c7997/main.zmd LibClamAV debug: Unpacking /tmp/clamav-039ac9495f5c7997/main.fp LibClamAV debug: Loading databases from /tmp/clamav-039ac9495f5c7997 LibClamAV debug: Loading /tmp/clamav-039ac9495f5c7997/main.db LibClamAV debug: Loading /tmp/clamav-039ac9495f5c7997/main.hdb LibClamAV debug: Loading /tmp/clamav-039ac9495f5c7997/main.ndb LibClamAV debug: Loading /tmp/clamav-039ac9495f5c7997/main.zmd LibClamAV debug: Loading /tmp/clamav-039ac9495f5c7997/main.fp LibClamAV debug: Recognized ZIP file LibClamAV debug: in scanzip() LibClamAV debug: Zip: eicar_com.zip, crc32: 0x31db20d1, encrypted: 0, compressed: 184, normal: 184, method: 0, ratio: 1 (max: 250) LibClamAV debug: Recognized ZIP file LibClamAV debug: in scanzip() LibClamAV debug: Zip: eicar.com, crc32: 0x6851cf3c, encrypted: 0, compressed: 68, normal: 68, method: 0, ratio: 1 (max: 250) LibClamAV debug: Eicar-Test-Signature found in descriptor 7. LibClamAV debug: Zip: Infected with Eicar-Test-Signature LibClamAV debug: Zip: Infected with Eicar-Test-Signature eicarcom2.zip: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 35057 Engine version: 0.85.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Time: 0.435 sec (0 m 0 s) [EMAIL PROTECTED] home]# _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
