On Thu, 30 Oct 2003 at 15:07:03 +0100, Tomasz Kojm wrote: > On Thu, 30 Oct 2003 14:42:59 +0100 (MET) > "Riki Cubek" <[EMAIL PROTECTED]> wrote: > > > the files inside the zip, what can I do ? > > Please send me that zip (or upload it to some site) for analysis. > > Tomasz Kojm
Riki, I can see that you posted the zip file to the mailing list. This is bad. Tomasz Kojm asked you to send it *to him*, not all the list! Moreover, as the file contains "viruses" (in fact, just test viruses, but anyway), the message was, of course, stopped by ClamAV and quarantined. So for future purposes: if you want to send some file for checking, you must zip it in another zip file, with password protection, and write that password in the body of the message (the best password for such purpose is "virus"). Anyway, I looked at the quarantined message and I can see that you wrote there: ======================================================================== clamscan --unzip -r aha.zip or clamscan -r aha.zip: /home/riki/temp/aha.zip: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 9888 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.294 sec (0 m 0 s) the same files and directories, as tar: clamscan --tar -r aha.tar: eicar.com nocheindir/ nocheindir/einText.txt testdir1/ testdir1/eicar.com testdir1/testdir2/ testdir1/testdir2/eicar.com testdir1/testdir2/einText.txt testdir1/testdir2/aha.com testdir1/einText.txt testdir1/aha.com /tmp/57764d91c2c6f6c7/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/eicar.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/testdir2/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/testdir2/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/testdir1/einText.txt: OK /tmp/57764d91c2c6f6c7/testdir1/aha.com: Eicar-Test-Signature FOUND /tmp/57764d91c2c6f6c7/nocheindir/einText.txt: OK /home/riki/temp/aha.tar: Infected Archive FOUND ----------- SCAN SUMMARY ----------- Known viruses: 9888 Scanned directories: 4 Scanned files: 8 Infected files: 5 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.308 sec (0 m 0 s) =========================================================================== So you are concerned that only one virus was found by clamscan in the zip file, aren't you? No need to. This is a normal behaviour of clamscan. When it finds a first infected file in the zip archive, it reports that the archive (as a whole) is infected (contains a virus). It's enough, checking the rest is a waste of time. The archive itself is infected, period. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
