On Wed, 1 Dec 2010 11:20:25 -0500
"David F. Skoll" <d...@roaringpenguin.com> wrote:
> Hi, All,
>
> If I strace clamdscan, I see this (relevant lines only):
>
> socket(PF_FILE, SOCK_STREAM, 0) = 3
> connect(3, {sa_family=AF_FILE,
> path="/var/spool/MIMEDefang/clamd.sock"}, 110) = 0 send(3,
> "zCONTSCAN /tmp/eicar-test\0", 26, 0) = 26 recv(3, "/tmp/eicar-test:
> Eicar-Test-Signature(8fd1f39c7e4cf58dfa8c0618364779c2:70) FOUND\0",
> 5120, 0) = 81 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136,
> 0), ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7725000 write(1,
> "/tmp/eicar-test: Eicar-Test-Signature FOUND\n", 44) =
> 44 /tmp/eicar-test: Eicar-Test-Signature FOUND
>
> So clamdscan receives the hash value but suppresses it client-side.
> Is this an intentional change?
That suppression was added for 0.96.4 I think, its not necessarely
needed for 0.96.5.
As I've shown you I get the proper virusname from clamd with telnet.
I still have the feeling that something is the old version, either
clamd was not restarted, or something symlink still points to 0.96.4.
> If so, I can deal with it.
>
> Regards,
>
> David.
>
>
>
>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
