>> At 2:00 PM -0700 9/14/09, Bill Landry wrote: >>> > At 12:59 PM -0700 9/14/09, Bill Landry wrote: >>>>>Tom Shaw wrote: >>>>>> I am running ClamAV 0.95.2/9806/Mon Sep 14 14:37:58 2009 when I >>>>>> run >>>>>> clamscan on a file I get no detection yet when I submit the same >>>>>> file >>>>>> to >>>>>> virustotal (0.94.1/20090912) I get Trojan.Zbot-4583 detected. >>>>>> >>>>>> My clamav install has been operating fine for months on OSX 10.5. >>>>>> >>>>>> Ideas? >>>>> >>>>>Tom, what happens if you scan the file with clamdscan? >>>>> >>>>> clamdscan --fdpass file >>>>> >>>>>The reason I ask, is maybe you have to set the appropriate flags when >>>>>using clamscan vs clamdscan, as clamdscan uses clamd.conf for its >>>>> setting. >>>>> >>>>>Just a thought... >>>> >>>> >>>> Bill, I get detection from my signature but not clam's >>> >>>Could it be that your signature is triggering before ClamAV's? Have you >>>tried running the scan without your signature included to see if ClamD >>>will trigger? >> >> Hasn't triggered earlier than clamav's before. However I will try now. >> >> That's weird it did detect it then. Wish I knew the sequence clamav >> checks through the DB's. >> >> Is there a way to force clamscan to keep checking for all signatures? >> I tried clamdscan --help with no joy. > > According to Tomasz (see his message from earlier today), there is no way > to prioritize signatures unless you run more than one instance of clamd.
Oh, and signature processing stops at first hit. Bill _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
