Hi, I have a clamd(0.98.5) + cicap(0.3.5) + squidclamav(6.12) + squid(3.1.14) on a RHEL5 box. We use this as a virus scanning for scanning the files uploaded through a web form. It doesn't seem to work if I upload a png file Actually the png file is just the "eicar.com" file but I renamed it to "eicar.com.png" because the form only accept the .png files.
But it works beautifully when I upload the "eicarcom2.zip<http://www.eicar.org/download/eicarcom2.zip>" file (renamed to .png). We did an strace on the clamd PID and found that, 1. When I upload the eicar.com.png file it writes the tmp file with all HTML headers(including all the form field values) and the multipart part. Then scans it. Returns the stream OK result. 2. When I upload the zip file it correctly extract the zip file from the HTML POST request and create the tmp file using the just the multipart data only. So it works In the case #1 I find there are two req is going to clamd, it creates two tmp file, scans both and no virus found. In the case of #2 it only create one file and found the virus. Am not sure about is this something to do with the other components c-icap or squidclamav or squid. See attached files for the relevant part in strace for both cases. Regards Manoj Ramakrishnan DevOps Engineer | POS | P +61 2 8918 5906 | M 0416 128 308 _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
![[clamav-users] Clamav doesn't seem to work when we use HTTP POST with eicar.com.png file](/search?l=clamav-users@lists.clamav.net&q=subject:%22%5C%5Bclamav%5C-users%5C%5D+Clamav+doesn%27t+seem+to+work+when+we+use+HTTP+POST+with+eicar.com.png+file%22&o=newest){kind=link}
