We've a really unexplainable behaviour related to clamdscan and tar. There's a tree of subdirs and files.
If I tar the complete tree and scan it with 'clamdscan -v --fdpass all.tar' an infected file is reported: 'Java.Trojan.Agent-36975 FOUND'. If I tar all subdirs of the first level in separate tars and scan them, all of them are reported OK. Same if I scan all files one by one. So where's the infected file report is coming from? Any ideas? Environment: # lsb_release -a LSB Version: n/a Distributor ID: openSUSE Description: openSUSE Leap 15.1 Release: 15.1 Codename: n/a # rpm -q -i clamav Name : clamav Version : 0.101.4 Release : lp151.205.1 Architecture: x86_64 Install Date: Mo 28 Okt 2019 16:03:42 CET Group : Productivity/Security Size : 2383988 License : GPL-2.0-only Signature : RSA/SHA256, Fr 25 Okt 2019 16:59:46 CEST, Key ID 69d1b2aaee3d166a Source RPM : clamav-0.101.4-lp151.205.1.src.rpm Build Date : Fr 25 Okt 2019 16:59:23 CEST Build Host : lamb53 Relocations : (not relocatable) Vendor : obs://build.opensuse.org/security URL : http://www.clamav.net Summary : Antivirus Toolkit _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
