[Clamav-users] clamscan does not extract zip's
Hi, i hope now i can post. I have a problem with clamscan 0.6 on SuSe 8.2: I made a archive containing some directories, subdirectories and eicar.com-files. It works fine for .rar and .tar archives. But when i use it on the same package as zip, it checks only the zip as a file. (Scanned files: 1) and it detects only that one file. Other scanners are detecting them all, even clamscan when they are packed as rar or tar. It's not a zip-file-error - i tried many options, my unzip-tool works fine. clamscan --unzip -r aha.zip clamscan -r aha.zip clamscan aha.zip clamscan --mbox aha.zip ...and so on - always the same output I even tried chmod 777 on all the files and zipped it again... like I said, clamscan --tar aha.tar works fine, other scanners are detecting the files inside the zip, what can I do ? -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan does not extract zip's
clamscan --unzip -r aha.zip or clamscan -r aha.zip: /home/riki/temp/aha.zip: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 9888 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.294 sec (0 m 0 s) the same files and directories, as tar: clamscan --tar -r aha.tar: eicar.com nocheindir/ nocheindir/einText.txt testdir1/ testdir1/eicar.com testdir1/testdir2/ testdir1/testdir2/eicar.com testdir1/testdir2/einText.txt testdir1/testdir2/aha.com testdir1/einText.txt testdir1/aha.com /tmp/57764d91c2c6f6c7/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/testdir2/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/nocheindir/einText.txt: OK /home/riki/temp/aha.tar: Infected Archive FOUND --- SCAN SUMMARY --- Known viruses: 9888 Scanned directories: 4 Scanned files: 8 Infected files: 5 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.308 sec (0 m 0 s) -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ aha.zip Description: Zip archive
Re: [Clamav-users] clamscan does not extract zip's
clamscan --unzip -r aha.zip or clamscan -r aha.zip: /home/riki/temp/aha.zip: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 9888 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.294 sec (0 m 0 s) the same files and directories, as tar: clamscan --tar -r aha.tar: eicar.com nocheindir/ nocheindir/einText.txt testdir1/ testdir1/eicar.com testdir1/testdir2/ testdir1/testdir2/eicar.com testdir1/testdir2/einText.txt testdir1/testdir2/aha.com testdir1/einText.txt testdir1/aha.com /tmp/57764d91c2c6f6c7/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/testdir2/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/nocheindir/einText.txt: OK /home/riki/temp/aha.tar: Infected Archive FOUND --- SCAN SUMMARY --- Known viruses: 9888 Scanned directories: 4 Scanned files: 8 Infected files: 5 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.308 sec (0 m 0 s) -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan does not extract zip's
> Riki, I can see that you posted the zip file to the mailing list. > This is bad. Tomasz Kojm asked you to send it *to him*, not all the > list! Sorry, i thought only with eicar.com that would be ok (although I know that eicar.com is detected like real viruses !?!). I also thought I sent it (only) to Tomasz Kojm. > So you are concerned that only one virus was found by clamscan in the > zip file, aren't you? > No need to. This is a normal behaviour of clamscan. Yes, I was - and I'm still ! > When it finds a first infected file in the zip archive, it reports that > the archive (as a whole) is infected (contains a virus). It's enough, > checking the rest is a waste of time. The archive itself is infected, > period. When I check an archive manually, i want the command line scanner to give me detailed information about the file AND the files archived (at least by option) - like all the other command line scanners do, or like clamscan even does itself with .rar, .tar.gz or .tar-files. Isn't it normally that users like me get unsure when all the scanners - clamscan included - make the same output for all the archive-types, but only clamscan does a special one with zip-files ? -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan does not extract zip's
> The way to get results of scanning of all files in a zip file is > disabling built-in archive support in libclamav (--disable-archive) and > enabling scanning with external unzip program (--unzip[=FULLPATH]). > > The examples of scanning a zip file contaning more than one infected > file in the archive: > $ clamscan --disable-archive --unzip Backdoor.Konik.06b.zip > Archive: /home/tomek/vir/Backdoor.Konik.06b.zip > inflating: info_trojan.txt > inflating: klient_konik.exe > inflating: config.exe > inflating: winamp.exe > inflating: Achates.html > inflating: register.reg > /home/tomek/c995944d53c70058/info_trojan.txt: OK > /home/tomek/c995944d53c70058/klient_konik.exe: Trojan.Konik.06b-client > FOUND > /home/tomek/c995944d53c70058/config.exe: Trojan.Konik.06b-config FOUND > /home/tomek/c995944d53c70058/winamp.exe: Trojan.Konik.06b-server FOUND > /home/tomek/c995944d53c70058/Achates.html: OK > /home/tomek/c995944d53c70058/register.reg: OK > /home/tomek/vir/Backdoor.Konik.06b.zip: Infected Archive FOUND > > --- SCAN SUMMARY --- > Known viruses: 9902 > Scanned directories: 1 > Scanned files: 6 > Infected files: 3 > > (all files and viruses are reported). > Thanks, that's it ! Maybe with that option its not as fast as with built-in archive support - but that is what i'm searching for. -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamscan does not extract zip's
Hi, i don't even now how i can post on the newsgroup - i hope that's the right adress... I have a problem with clamscan 0.6 on SuSe 8.2: I made a archive containing some directories, subdirectories and eicar.com-files. It works fine for .rar and .tar archives. But when i use it on the same package as zip, it checks only the zip as a file. (Scanned files: 1) and it detects only that one file. Other scanners are detecting them all, even clamscan when they are packed as rar or tar. It's not a zip-file-error - i tried many options, my unzip-tool works fine. clamscan --unzip -r aha.zip clamscan -r aha.zip clamscan aha.zip clamscan --mbox aha.zip ...and so on - always the same output I even tried chmod 777 on all the files and zipped it again... like I said, clamscan --tar aha.tar works fine, other scanners are detecting the files inside the zip, what can I do ? -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
