On Wed, 1 Dec 2010 11:20:25 -0500 "David F. Skoll" <d...@roaringpenguin.com> wrote:
> Hi, All, > > If I strace clamdscan, I see this (relevant lines only): > > socket(PF_FILE, SOCK_STREAM, 0) = 3 > connect(3, {sa_family=AF_FILE, > path="/var/spool/MIMEDefang/clamd.sock"}, 110) = 0 send(3, > "zCONTSCAN /tmp/eicar-test\0", 26, 0) = 26 recv(3, "/tmp/eicar-test: > Eicar-Test-Signature(8fd1f39c7e4cf58dfa8c0618364779c2:70) FOUND\0", > 5120, 0) = 81 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, > 0), ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7725000 write(1, > "/tmp/eicar-test: Eicar-Test-Signature FOUND\n", 44) = > 44 /tmp/eicar-test: Eicar-Test-Signature FOUND > > So clamdscan receives the hash value but suppresses it client-side. > Is this an intentional change? That suppression was added for 0.96.4 I think, its not necessarely needed for 0.96.5. As I've shown you I get the proper virusname from clamd with telnet. I still have the feeling that something is the old version, either clamd was not restarted, or something symlink still points to 0.96.4. > If so, I can deal with it. > > Regards, > > David. > > > > > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net