clamd.conf does not affect the behavior of clamscan which is why you needed to run freshclam first to pull database to the default database location. Thus, there is a possibility that the databases may be mismatched though it's unlikely as the signature is still part of the current set. In order to change the clamscan directory from the default, you need to use the '-d' option.
clamscan -d [database directory] [sample] Secondly, the versions of ClamAV differ between the two test cases (ClamWin uses 0.99.1 and clamscan uses 0.99.2). However, there doesn't seem to be any engine changes that would affect the signature in question. Thirdly, it appears that ClamWin reports that it scans 85.88 MB while clamscan reports it scans 0 MB (both read 99.27 MB). It is possible that the engine is not scanning the file though the reason is uncertain. The reason could be deduced from comparing the debug logs. It might also be worth it to provide the logs here as well. Unfortunately, I'm not familiar with generating debug logs with ClamWin. clamscan will generate the debug log if you specify "--debug" to it on the command line. clamscan --debug [sample] For additional information on clamscan options, refer to the clamscan manpage or use the the "--help" option. clamscan --help Finally, if you suspect that this may be a bug, please report the issue to https://bugzilla.clamav.net and supply the appropriate samples. -Kevin On Wed, Jul 20, 2016 at 3:03 PM, Jay Gattuso <jay.gatt...@dia.govt.nz> wrote: > I’m trying to get clamd running as a service so I can fire files/streams > at it via pyclam. > > I’m working on win7. > > I have a test file that shows a Win.Trojan.URLspoof-2 warning. > > ClamWin: > > ----------- SCAN SUMMARY ----------- > Known viruses: 4660817 > Engine version: 0.99.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > > Data scanned: 85.88 MB > Data read: 99.27 MB (ratio 0.87:1) > Time: 10.720 sec (0 m 10 s) > > -------------------------------------- > Completed > -------------------------------------- > > ClamAV: > > C:\Program Files\clamav-amd64-0.99.2>freshclam > ClamAV update process started at Thu Jul 21 06:51:27 2016 > main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: > amishhammer) > daily.cvd is up to date (version: 21938, sigs: 447370, f-level: 63, > builder: neo) > bytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: > neo) > > C:\Program Files\clamav-amd64-0.99.2>clamscan > C:\Users\_____\Desktop\NLNZ-TI9 > 5846839-20160630231930-00008-kaiwae-z4.warc > > > ----------- SCAN SUMMARY ----------- > Known viruses: 4660817 > Engine version: 0.99.2 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.00 MB > Data read: 99.27 MB (ratio 0.00:1) > Time: 7.847 sec (0 m 7 s) > > clamscan wouldn’t work until I fired freshclam. > Clamd.conf points towards the clamwin db files. > The pyclam endgame also doesn’t find anything. I assume its working from > the clamav clamd service. > > > What am I missing? / What else do you need to know to help me trouble > shoot? > > > Jay Gattuso | Digital Preservation Analyst | Preservation, Research and > Consultancy > National Library of New Zealand | Te Puna Mātauranga o Aotearoa > PO Box 1467 Wellington 6140 New Zealand | +64 (0)4 474 3064 > jay.gatt...@dia.govt.nz<mailto:jay.gatt...@natlib.govt.nz> > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
