MJ wrote:
> We are using Clamav. It seems this error occurs occasionally. Following > are the logs of last 18 hours and this message appears 6 times during > this period. > Thanks, > MJ > ======== grep Decoding /var/log/syslog ======= > Jul 31 00:01:10 mailgate1 amavis[21254]: [ID 702911 mail.warning] > (21254-07) Decoding of p002 (Zip archive data, at least v1.0 to extract) > failed, leaving it unpacked: IO error: reading data : > Jul 31 01:52:40 mailgate1 amavis[23470]: [ID 702911 mail.warning] > (23470-01) Decoding of p002 (Zip archive data, at least v1.0 to extract) > failed, leaving it unpacked: IO error: reading data : > Jul 31 01:57:30 mailgate1 amavis[23490]: [ID 702911 mail.warning] > (23490-03) Decoding of p002 (Zip archive data, at least v1.0 to extract) > failed, leaving it unpacked: IO error: reading data : > Jul 31 01:57:45 mailgate1 amavis[23487]: [ID 702911 mail.warning] > (23487-03) Decoding of p002 (Zip archive data, at least v1.0 to extract) > failed, leaving it unpacked: IO error: reading data : > Jul 31 06:48:30 mailgate1 amavis[9114]: [ID 702911 mail.warning] > (09114-05) Decoding of p002 (Zip archive data, at least v1.0 to extract) > failed, leaving it unpacked: IO error: reading data : > Jul 31 07:47:50 mailgate1 amavis[10291]: [ID 702911 mail.warning] > (10291-09) Decoding of p002 (Zip archive data, at least v1.0 to extract) > failed, leaving it unpacked: IO error: reading data : > ===== End ======= > -----Original Message----- > From: Gary V [mailto:[EMAIL PROTECTED] > Sent: Sunday, July 31, 2005 6:14 PM > To: MJ > Cc: [email protected] > Subject: Re: [AMaViS-user] Decoding Problem > MJ wrote: >> Hi, >> Can someone help me why I have this error in my logs? >> amavis[23470]: [ID 702911 mail.warning] (23470-01) Decoding of p002 > (Zip >> archive data , at least v1.0 to extract) failed, leaving it unpacked: > IO >> error: reading data : >> Hi, >> Following is the output of perl -MArchive::Zip -e'print >> "$Archive::Zip::VERSION\n";' >> 1.16 >> Please advice. >> MJ > I would want to know what virus scanner (if any) you are using. Does > this happen every time you send a zip through? Can you find this > particular message and send it back through to see if it happens every > time. If it does not, then I wonder if the "IO error: reading data :" > message may be referring to a physical disk problem. I think there is a need to determine if this error is related to a message containing a particular .zip file, or whether this happens randomly to .zip files that are not related to each other. That would help to determine if a file has either by accident, or purposefully, been created to (once again) exploit a flaw in the unpacker code. If a sample could be obtained, it could be tested on other systems. I don't know if this is related to clamd or not. But even if it is not related, I would make sure you are using the latest versions of both ClamAV, and zlib. Earlier versions have known vulnerabilities. I would also be curious if command line clamscan and clamdscan were able to find a virus in the .zip file (or if they crash trying to scan them). Gary V ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
