Am 12.12.2016 um 17:43 schrieb TR Shaw:
How does ClamAV decide to unpack an attachment? In particular this is in reference to the recent Locky attachments that are zips but have the attachment extension “dip”
clamav don't care about extensions as any other unix software [harry@rh:/downloads/test]$ clamscan test.zip test.zip: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 5276854 Engine version: 0.99.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 8.036 sec (0 m 8 s) [harry@rh:/downloads/test]$ mv test.zip test.nothing [harry@rh:/downloads/test]$ clamscan test.nothing test.nothing: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 5276854 Engine version: 0.99.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 7.537 sec (0 m 7 s) _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
