On Thu, Mar 26, 2015 at 11:17PM, Dennis Peterson wrote: > > Forgot to include dmg files are as described when mounted - else they are > disk images (cpio). I don't know what the clam product does with unmounted > disk images. > > dp
That’s correct. There have been a handful (nine) .dmg hash signatures quite awhile ago and I’ve handled a couple of false positives, but there is no attempt to check the image contents which would almost certainly require mounting. I believe they are simply scanned as a generic file. -Al- > On 3/26/15 11:09 PM, Dennis Peterson wrote: >> The dmg files are logical structures. They are comprised of Unix directories >> and files and clam doesn't need to treat them differently than any other >> directory tree. if you have support compiled in for zip, RAR, TAR, and >> several other archiving formats it should decompose them and scan each of >> the the contents. You should be able to explore the log to see what clamXav >> did while scanning. >> >> dp >> >> On 3/26/15 10:44 PM, Jinwon Lee wrote: >>> Hi >>> >>> I am a new member. >>> >>> I am a Mac user and so I use ClamXav to scan my files. >>> >>> My question is: >>> >>> ‘Does ClamXav scan what’s inside Compressed files like .RAR, .zip…. and >>> Package files like .dmg?’ Because I feel ClamXav takes >>> considerably longer to scan the extracted file/s compared to the compressed >>> versions and wonder if it really scans them. >>> >>> Kind Regards >>> Jinwon _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
