Cevher wrote: > Hi list, > > Some zip files containing virus files are passed by milter. For example > there is a zip file that contains a file called data.src. > Clamav recognize data.src as Worm.Lovgate.R. > > $ clamscan data.zip > data.zip: Worm.Lovgate.R FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 38553 > Engine version: 0.86.2 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.09 MB > Time: 5.561 sec (0 m 5 s) > > clamdscan also recognize this. > $ clamdscan data.zip > /home/clamav/data.zip: Worm.Lovgate.R FOUND > > ----------- SCAN SUMMARY ----------- > Infected files: 1 > Time: 1.623 sec (0 m 1 s) > > ScanArchive is enabled in clamd.conf, when I unpack original zip file > and repack it with zip, clamav-milter recognize it (tgz and gz archives > recognized also). Milter just can't recognize original zip file where > compression seems %0.
Can you check the log and confirm that clamav-milter is the latest version? > We are using clamav-milter without --external option, whereas result is > same when clamav-milter is run with --external option. Strange that --external does the same, it should be just like using clamdscan. You could enable debuging for clamd and test to see if as an email message it's being scanned and goes through undetected. > My next question is about ScanArchive directive. Does anyone know how to > disable it. I did comment the ScanArchive directive in clamd.conf but it > didn't work. You need to set 2 options in clamd.conf (read "man clamd.conf" for details): DisableDefaultScanOptions ScanArchive no HTH -- René Berber _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
