I retract my retraction.
Original scan of test directory: $ clamscan -ir test/ test/eicar.com: Eicar-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 8584449 Engine version: 0.103.4 Scanned directories: 1 Scanned files: 6 Infected files: 1 Data scanned: 0.63 MB Data read: 333.32 MB (ratio 0.00:1) Time: 10.682 sec (0 m 10 s) Start Date: 2021:12:20 16:29:39 End Date: 2021:12:20 16:29:50 $ tar -cvf test.tar test/ $ tar -tvf test.tar | grep eicar -rw-rw-r-- XXXXX/XXXXX 69 2021-12-06 10:18 test/eicar.com $ clamscan -ir test.tar ----------- SCAN SUMMARY ----------- Known viruses: 8584449 Engine version: 0.103.4 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 333.34 MB (ratio 0.00:1) Time: 10.408 sec (0 m 10 s) Start Date: 2021:12:20 16:32:07 End Date: 2021:12:20 16:32:17 This is on RHEL8. If I do a simple tar of just the eicar.com file into a tar archive it detects on scanning the tar file. The above sample test directory has 5 other simple files including the eicar.com file. Thanks! ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Hart, Steven A. via clamav-users <clamav-users@lists.clamav.net> Sent: Monday, December 20, 2021 4:17:28 PM To: ClamAV users ML Cc: Hart, Steven A. Subject: Re: [clamav-users] [EXT] Re: clamscan tar archive APL external email warning: Verify sender clamav-users-boun...@lists.clamav.net before clicking links or attachments And now it's working for me too. Nice magic you have there! Problem solved.....I guess....so weird. Thanks ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Kris Deugau <kdeu...@vianet.ca> Sent: Monday, December 20, 2021 4:09:26 PM To: ClamAV users ML Subject: [EXT] Re: [clamav-users] clamscan tar archive APL external email warning: Verify sender clamav-users-boun...@lists.clamav.net before clicking links or attachments Hart, Steven A. via clamav-users wrote: > Hello all, > > > ClamAV documentation states that tar archives are supported. I've > created a small sample tar archive that includes an eicar sample. > Clamscan seems to only look at the tar archive as a single file and does > not hit on the eicar sample within. I've tried using the "-a" and > "--scan-archive=yes" flags with no improvements. I would appreciate > advice as to if clamscan can actively scan tar archives directly. WorksForMe(TM): kdeugau@ele:~/$ tar -c ~kdeugau/dev/eicar >testeicar.tar tar: Removing leading `/' from member names kdeugau@ele:~/$ clamscan /home/kdeugau/testeicar.tar: Eicar-Signature FOUND [...] kdeugau@ele:~/$ clamscan -V ClamAV 0.103.3/26393/Mon Dec 20 04:19:51 2021 (Debian package; only Debian testing and unstable have 0.103.4 so far, no sign of 0.104.) -kgd _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
