Hello, Le samedi 4 Juin 2005 09:51, jcastanet a écrit : > this is the answer of andreas mueller, the person who have created > mod_clamav > as you can see, he told that this problem is a matter of Clamav !!!!!! > That why I have created a thread on this forum > You said that this problem is not the matter of Clamav. > Andreas Muller said this problem is not the mater of Mod_clamav > > We are playing PING-PONG game !!!!!!!!!!!!!!!!!!!!!!!!!!!!
I scanned an EICAR signature, rared and zipped 3 times, via mod_clamav. It works for me. Please check : - your configuration files (ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxCompressionRatio, ArchiveBlockEncrypted, ArchiveBlockMax) - ls -l /usr/local/lib/libclamav.* You should have only one version of libclamav with good symbolic links pointing to it. Best regards, Arnaud Jacques Consultant Sécurité Téléphone / Fax : +33-(0)3.44.39.76.46 Portable : +33-(0)6.24.40.95.03 E-mail : [EMAIL PROTECTED] Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois _______________________________ > > ################## andreas Mueller wrote to me #######################" > > > > Am 13.05.2005 um 15:49 schrieb Jean Philippe (EXT): > > * is it possible to configure mod_clamav or clamav (0.85) to detect > virus that are compressed many time. > > > > This is entirely a problem of clamav, as mod_clamav hands the file over > without modification to clamav for checking. Clamav is supposed to do any > extractions, maybe you need to modify the level to which recursion is done > (this is, if I remember correctly, a configuration parameter of clamav). > > > > Mit herzlichem Gruss > > > > Andreas Mller > > > > -- > > Dr. Andreas Mller, Beratung und Entwicklung > > CH-8852 Altendorf, Bubental 53, Switzerland > > Tel: +41 55 4621483 Fax: +41 55 4621485 > > Email: [EMAIL PROTECTED] > > > > ............... END ................... > > > > On Fri, 3 Jun 2005 11:17:18 +0200 > > "jcastanet" <[EMAIL PROTECTED]> wrote: > > hi, > > > > I'm using mod_clamav to scan HTTP download, everything work very well. > > > > However ... When a virus is Zipped two time or more, the virus is not > > detected in the ziped file. > > > > The virus is detected only if it have been compressed one time. > > > > Mod_clamav use libclamav to detect virus. > > Report this problem to mod_clamav folks and not here. > > > When I scan the same file ( compressed many time) directly with the > > command > > clamscan or clamdscan the virus is detected. _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
