-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SYPECom-AV-Dev wrote:
> When using "clamscan" to scan a specific file with a command line, I am > assuming that the name of the file alone can be the basis for a number of > positive matches for viruses, am I right? No. > Is there a way then to use the > command line interface to scan a file (with a modified temporary name), but > to also provide the file's real name so that document type-specific viruses > will be recognized? Not needed. It would be too easy for virus writers to just change the name and/or some property to trick defenses, so anti virus software doesn't care about that. > Context: In our Java-based system, files are stored in a particular storage > facility and cannot be scanned directly (because file data is placed within > bigger files that contain metadata on each included file). So, to scan files > with clamscan, we intend to extract individual file data to temporary files > (00001.temp, 00002.temp, and so on) in a central directory, and have clamscan > scan those files. But obviously, calling "clamscan ./tempdir/00001.temp" > would not tell clamscan what the real original file name is. We can't quite > use original names for temporary files because we'd have name conflicts all > the time (and we're not sure we want to store potentially-malicious files > with their name -and extension- intact on the server). With java you probably are using jars, which are just zip files which clamscan can decompress and check with no problem. The only problem I've seen with jars is that they usually have very long paths and lots of files, which break some of the usual limits for scanning, like ArchiveMaxFiles, ArchiveMaxFileSize, ArchiveMaxRecursion, Zip.ExceededFilesLimit. But you can change those limits, so it's really not a problem. - -- René Berber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) iD8DBQFGb2fnL3NNweKTRgwRCLO2AJ4vxIZYyvpVGtSOjMtv/B1AicZBDACglY0F bowJQuGvq9LpG7ZUrYtTtEU= =YeZB -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
