On 2/17/2015 12:11 AM, Manoj Ramakrishnan wrote:
> Hi Al,
>
> Thanks for replying.
> It is exactly what I thought. But why is it different from ZIP file?
> I added extra characters in the beginning of the ZIP file but no issues in
> scanning that and finding eicar signature.
zip and gzip are very
On Tue, Feb 17, 2015 at 1:11 AM, Manoj Ramakrishnan <
manojramakrish...@nbnco.com.au> wrote:
> Hi Al,
>
> Thanks for replying.
> It is exactly what I thought. But why is it different from ZIP file?
> I added extra characters in the beginning of the ZIP file but no issues in
> scanning that and fin
There are a number of reasons for the differences in the detection cases.
The first of which is how ClamAV identifies the file type of file being
scanned. ClamAV determines the file type of a scanned file using the 'ftm'
signature files. The important signatures follow:
type:offset:magic:rtype:ty
Hi Kevin,
Very well explained. Thank you so much.
In the case of Case #6 I did not see any trace of "UNKNOWN COMMAND" either
in clamd terminal logs or strace.
Here is the terminal logs from clamd in debug mode.
$fds_poll_recv: timeout after 600 seconds
$Received POLLIN|POLLHUP on fd 6
$Got ne
On 18/02/15 6:09 AM, "Steven Morgan" wrote:
>On Tue, Feb 17, 2015 at 1:11 AM, Manoj Ramakrishnan <
>manojramakrish...@nbnco.com.au> wrote:
>
>> Hi Al,
>>
>> Thanks for replying.
>> It is exactly what I thought. But why is it different from ZIP file?
>> I added extra characters in the beginning o
On Tuesday, February 17, 2015 11:58:02 PM Manoj Ramakrishnan wrote:
> On 18/02/15 6:09 AM, "Steven Morgan" wrote:
> >On Tue, Feb 17, 2015 at 1:11 AM, Manoj Ramakrishnan <
> >
> >manojramakrish...@nbnco.com.au> wrote:
> >> Hi Al,
> >>
> >> Thanks for replying.
> >> It is exactly what I thought. Bu
On 2/17/15 3:58:02PM, Manoj Ramakrishnan wrote:
At the moment there is no settings in squidclamav to extract the
multipart form data and send only the attachment to clamd. As Kevin
mentioned, if clamd doesn't natively support parsing HTTP messages
then we need to find a way to pass correct data
Hi Scott,
I had a look at what havp does and am not sure it will fit with our
current design. Will do a spike to find out.
Our application stack has the following design
Client ==> Apache Reverse Proxy >(non scanning
urls)> Bunch of app servers
UmmmÅ the text diagram is not rendered as intended.
What I was trying to show is:
Client ---> Apache Reverse Proxy ---non scanning urls>bunch of
application servers
Client ---> Apache Reverse Proxy ---Scan a list of urls for virus in
client uploaded files --> Squid(act as a reverse proxy) +
