Thanks for the additional information. I wonder if the issue encountered here, then, is that certain .zip files fail to be extracted successfully. See: https://bugzilla.clamav.net/show_bug.cgi?id=12235 for a reported instance of this. More investigation will be needed to figure out why this is happening.
-Andrew On Wed, Feb 6, 2019 at 12:47 PM Scott Kitterman <deb...@kitterman.com> wrote: > Yes. Debian packages are built with yara support. > > Scott K > > On February 6, 2019 5:22:48 PM UTC, Arnaud Jacques < > webmas...@securiteinfo.com> wrote: > >Hello Andrew, > > > >I use clamav provided by debian 8.11 : > >dpkg -l|grep clam > >ii clamav 0.100.2+dfsg-0+deb8u1 amd64 > >anti-virus utility for Unix - command-line interface > >ii clamav-base 0.100.2+dfsg-0+deb8u1 all > > > >anti-virus utility for Unix - base package > >ii clamav-daemon 0.100.2+dfsg-0+deb8u1 > >amd64 anti-virus utility for Unix - scanner daemon > >ii clamav-freshclam 0.100.2+dfsg-0+deb8u1 > >amd64 anti-virus utility for Unix - virus database update > >utility > >ii clamdscan 0.100.2+dfsg-0+deb8u1 amd64 > >anti-virus utility for Unix - scanner client > >ii libclamav7 0.100.2+dfsg-0+deb8u1 amd64 > >anti-virus utility for Unix - libraryrt > >ii libclamunrar7 0.99-0+deb8u3 > >amd64 anti-virus utility for Unix - unrar support > > > >How to know if it is compiled with yara support ? clamscan --debug does > > > >not seem to provide the information. > > > >On > > > https://buildd.debian.org/status/package.php?p=clamav&suite=jessie-security > , > > > >there is "no logs" for amd64 > >o.O > >Other log files seems to show Debian compiles with yara support. > >For example : > > > https://buildd.debian.org/status/fetch.php?pkg=clamav&arch=i386&ver=0.100.2%2Bdfsg-0%2Bdeb8u1&stamp=1540398955&raw=0 > > > >Le 06/02/2019 à 17:32, Andrew Williams a écrit : > >> Hey Arnaud, > >> > >> I recently noticed a bug that causes .pwdb files to not be loaded > >from > >> the db directory when ClamAV is compiled without Yara support. Is > >> your ClamAV built with Yara support, and if not, can you try > >compiling > >> with Yara support and see whether this fixes the issue for you? This > > > >> issue will be fixed in an upcoming release. > >> > >> Thanks, > >> > >> -Andrew > >> Research Engineer > >> Malware Research Team > >> > >> On Wed, Feb 6, 2019 at 11:16 AM Arnaud Jacques > >> <webmas...@securiteinfo.com <mailto:webmas...@securiteinfo.com>> > >wrote: > >> > >> Hello, > >> > >> It seems .pwdb files does not work since version 0.100.2 (may be > >> since > >> 0.100.0). > >> It has this format : > >> > >> cat passwords.pwdb > >> ZipPasswordInfected;Engine:51-255;0;infected > >> > >> This file is in ClamAV databases directory (/var/lib/clamav/) and > >> ClamAV > >> does not detect malwares when Zip is protected by the "infected" > >> password. Manually unzipped, ClamAV is enable to detect the > >malware. > >> > >> Is the format of .pwdb files has changed since 0.100.x ? > >> Is it still supported on recent ClamAV version ? > >> > >> -- > >> Cordialement / Best regards, > >> > >> Arnaud Jacques > >> Gérant de SecuriteInfo.com > >> > >> Téléphone : +33-(0)3.44.39.76.46 > >> E-mail : a...@securiteinfo.com <mailto:a...@securiteinfo.com> > >> Site web : https://www.securiteinfo.com > >> Facebook : > >> https://www.facebook.com/pages/SecuriteInfocom/132872523492286 > >> Twitter : @SecuriteInfoCom > >> > >> Securiteinfo.com > >> La Sécurité Informatique - La Sécurité des Informations. > >> 266, rue de Villers > >> 60123 Bonneuil en Valois > >> > >> _______________________________________________ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net > ><mailto:clamav-users@lists.clamav.net> > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > >> > >> > >> _______________________________________________ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
