[Clamav-devel] 0.96.2 scan discrepency/reliability in Mac OS X 10.4, 10.5 and 10.6.

Sat, 14 Aug 2010 05:56:28 -0700

all older versions and dependancies have been removed, config files updated per instructions. 

Tested on PowerPC and Intel based Macs with the same results.



TEST SCAN USING CLAMSCAN: clam.ea06.exe not detected

amavis-stats:/Volumes/Builds/8A428 root# sudo /save_clamav 1208
Saving clamav installation
Removing installed clamav
amavis-stats:/Volumes/Builds/8A428 root# which clamscan
/usr/local/bin/clamscan
amavis-stats:/Volumes/Builds/8A428 root# clamscan /var/clamav/php/*
/var/clamav/php/clam-aspack.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-fsg.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-mew.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-nsis.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-pespin.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-petite.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-upack.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-upx.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-v2.rar: ClamAV-Test-File FOUND
/var/clamav/php/clam-v3.rar: ClamAV-Test-File FOUND
/var/clamav/php/clam-wwpack.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-yc.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam.7z: ClamAV-Test-File FOUND
/var/clamav/php/clam.arj: ClamAV-Test-File FOUND
/var/clamav/php/clam.bin-be.cpio: ClamAV-Test-File FOUND
/var/clamav/php/clam.bin-le.cpio: ClamAV-Test-File FOUND
/var/clamav/php/clam.bz2.zip: ClamAV-Test-File FOUND
/var/clamav/php/clam.cab: ClamAV-Test-File FOUND
/var/clamav/php/clam.chm: ClamAV-Test-File FOUND
/var/clamav/php/clam.d64.zip: ClamAV-Test-File FOUND
/var/clamav/php/clam.ea05.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam.ea06.exe: OK
/var/clamav/php/clam.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.binhex: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.bz2: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.html: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.mbox.base64: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.mbox.uu: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.rtf: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.szdd: ClamAV-Test-File FOUND
/var/clamav/php/clam.impl.zip: ClamAV-Test-File FOUND
/var/clamav/php/clam.mail: ClamAV-Test-File FOUND
/var/clamav/php/clam.newc.cpio: ClamAV-Test-File FOUND
/var/clamav/php/clam.odc.cpio: ClamAV-Test-File FOUND
/var/clamav/php/clam.ole.doc: ClamAV-Test-File FOUND
/var/clamav/php/clam.pdf: ClamAV-Test-File FOUND
/var/clamav/php/clam.ppt: ClamAV-Test-File FOUND
/var/clamav/php/clam.sis: ClamAV-Test-File FOUND
/var/clamav/php/clam.tar.gz: ClamAV-Test-File FOUND
/var/clamav/php/clam.tnef: ClamAV-Test-File FOUND
/var/clamav/php/clam.zip: ClamAV-Test-File FOUND
/var/clamav/php/clam_IScab_ext.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam_IScab_int.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam_ISmsi_ext.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam_ISmsi_int.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam_cache_emax.tgz: ClamAV-Test-File FOUND

----------- SCAN SUMMARY -----------
Known viruses: 813867
Engine version: 0.96.2
Scanned directories: 0
Scanned files: 46
Infected files: 45
Data scanned: 13.04 MB
Data read: 6.21 MB (ratio 2.10:1)
Time: 13.118 sec (0 m 13 s)





TEST SCAN USING OLD CLAMSCAN: clam.ea06.exe is detected.
amavis-stats:/Volumes/Builds/8A428 root# sudo /restore_clamav 1208 DSTROOT=/old 
Using specified root of "/old"
Creating path tree in /old
Expanding in /old
Relinking libraries and binaries for updated root path
amavis-stats:/Volumes/Builds/8A428 root# sudo /old/usr/local/bin/ clamscan /var/clamav/php/* LibClamAV Warning: *********************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/ support/faq *** LibClamAV Warning: *********************************************************** LibClamAV Warning: *********************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/ support/faq *** LibClamAV Warning: *********************************************************** 
/var/clamav/php/clam-aspack.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-fsg.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-mew.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-nsis.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-pespin.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-petite.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-upack.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-upx.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-v2.rar: ClamAV-Test-File FOUND
/var/clamav/php/clam-v3.rar: ClamAV-Test-File FOUND
/var/clamav/php/clam-wwpack.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam-yc.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam.7z: ClamAV-Test-File FOUND
/var/clamav/php/clam.arj: ClamAV-Test-File FOUND
/var/clamav/php/clam.bin-be.cpio: ClamAV-Test-File FOUND
/var/clamav/php/clam.bin-le.cpio: ClamAV-Test-File FOUND
/var/clamav/php/clam.bz2.zip: ClamAV-Test-File FOUND
/var/clamav/php/clam.cab: ClamAV-Test-File FOUND
/var/clamav/php/clam.chm: ClamAV-Test-File FOUND
/var/clamav/php/clam.d64.zip: ClamAV-Test-File FOUND
/var/clamav/php/clam.ea05.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam.ea06.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.binhex: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.bz2: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.html: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.mbox.base64: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.mbox.uu: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.rtf: ClamAV-Test-File FOUND
/var/clamav/php/clam.exe.szdd: ClamAV-Test-File FOUND
/var/clamav/php/clam.impl.zip: ClamAV-Test-File FOUND
/var/clamav/php/clam.mail: ClamAV-Test-File FOUND
/var/clamav/php/clam.newc.cpio: ClamAV-Test-File FOUND
/var/clamav/php/clam.odc.cpio: ClamAV-Test-File FOUND
/var/clamav/php/clam.ole.doc: ClamAV-Test-File FOUND
/var/clamav/php/clam.pdf: ClamAV-Test-File FOUND
/var/clamav/php/clam.ppt: ClamAV-Test-File FOUND
/var/clamav/php/clam.sis: ClamAV-Test-File FOUND
/var/clamav/php/clam.tar.gz: ClamAV-Test-File FOUND
/var/clamav/php/clam.tnef: ClamAV-Test-File FOUND
/var/clamav/php/clam.zip: ClamAV-Test-File FOUND
/var/clamav/php/clam_IScab_ext.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam_IScab_int.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam_ISmsi_ext.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam_ISmsi_int.exe: ClamAV-Test-File FOUND
/var/clamav/php/clam_cache_emax.tgz: ClamAV-Test-File FOUND

----------- SCAN SUMMARY -----------
Known viruses: 813885
Engine version: 0.96
Scanned directories: 0
Scanned files: 46
Infected files: 46
Data scanned: 13.71 MB
Data read: 6.21 MB (ratio 2.16:1)
Time: 31.293 sec (0 m 31 s)
amavis-stats:/Volumes/Builds/8A428 root#




CONFIG FILES:

amavis-stats:/Volumes/Builds/8A428 root# which clamconf
/usr/local/bin/clamconf
amavis-stats:/Volumes/Builds/8A428 root#  clamconf
Checking configuration files in /private/etc/spam/clamav

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogClean disabled
LogSyslog = "yes"
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
ExtendedDetectionInfo disabled
PidFile = "/var/clamav/clamd.pid"
TemporaryDirectory = "/var/clamav/tmp"
DatabaseDirectory = "/var/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/clamav/clamd.sock"
LocalSocketGroup disabled
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "10"
ReadTimeout = "120"
CommandReadTimeout = "5"
SendBufTimeout = "500"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "20"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "600"
VirusEvent disabled
ExitOnOOM disabled
Foreground = "yes"
Debug = "yes"
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
ScanPDF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
MaxScanSize = "20971520"
MaxFileSize = "15728640"
MaxRecursion = "20"
MaxFiles = "1500"
ClamukoScanOnAccess disabled
ClamukoScannerCount = "3"
ClamukoScanOnOpen disabled
ClamukoScanOnClose disabled
ClamukoScanOnExec disabled
ClamukoIncludePath disabled
ClamukoExcludePath disabled
ClamukoMaxFileSize = "5242880"
DevACOnly disabled
DevACDepth disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "1048576"
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose = "yes"
PidFile = "/var/clamav/freshclam.pid"
DatabaseDirectory = "/var/clamav"
Foreground = "yes"
Debug = "yes"
AllowSupplementaryGroups = "yes"
UpdateLogFile = "/var/log/freshclam.log"
DatabaseOwner = "clamav"
Checks = "12"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "database.clamav.net"
MaxAttempts = "3"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/private/etc/spam/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing disabled
Bytecode = "yes"

clamav-milter.conf not found

Software settings
-----------------
Version: 0.96.2
Optional features supported: MEMPOOL IPv6 BIGSTACK AUTOIT_EA06 BZIP2 RAR
Database directory: /var/clamav
main.cvd: version 52, sigs: 704727, built on Mon Feb 15 09:54:51 2010
daily.cld: version 11546, sigs: 110146, built on Thu Aug 12 23:42:20 2010 
bytecode.cld: version 33, sigs: 8, built on Tue Aug 10 01:57:52 2010

Platform information
--------------------
uname: Darwin 8.11.0 Darwin Kernel Version 8.11.0: Wed Oct 10 18:26:00 PDT 2007; root Power Macintosh 
OS: darwin8.0, ARCH: ppc, CPU: powerpc
zlib version: 1.2.2 (1.2.3), compile flags: 55
platform id: 0x043136361400000000030300

Build information
-----------------
GNU C: 3.3 20030304 (Apple Computer, Inc. build 1809) (3.3.0)
CPPFLAGS: -I/usr/local/include
CFLAGS: -arch ppc -arch i386 -g -Os -pipe -pipe -no-cpp-precomp - arch ppc -arch i386 
CXXFLAGS: -arch ppc -arch i386 -g -Os  -pipe
LDFLAGS: -arch ppc -arch i386
Configure: '--prefix=/usr/local' '--mandir=/usr/share/man' '-- sysconfdir=/private/etc/spam/clamav' '--with-dbdir=/var/clamav' '-- with-datadir=/var/clamav' '--with-user=clamav' '--with-group=clamav' '--enable-shared' '--disable-static' '--enable-bigstack' '--enable- readdir_r' 'CFLAGS=-arch ppc -arch i386 -g -Os -pipe -pipe -no-cpp- precomp -arch ppc -arch i386' 'LDFLAGS=-arch ppc -arch i386 ' --enable-ltdl-convenience 
sizeof(void*) = 4
Engine flevel: 54, dconf: 54
amavis-stats:/Volumes/Builds/8A428 root#
I have clamdscan tied into coldfusion and the results are the same (it's a wrapper for clamdscan), in 0.96 there are no issues with detection, all files were properly detected but in 0.96.2 there are failures to detect.. 




-- Dale

Attachment: PGP.sig
Description: This is a digitally signed message part

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Reply via email to