Nigel,
I found difference in these 2 cases.
On the second PC (WinXP with installed Cygwin) this code
bread = read(desc, magic, MAGIC_BUFFER_SIZE);
returns bread=13 instead of 14 (#define MAGIC_BUFFER_SIZE 14)
and later failed to pass this check:
if (bread != MAGIC_BUFFER_SIZE) {
as result, cli_magic_scandesc do not call the cl_filetype
and scan this zip file w/o extracting, as not archive.
Do not know, why this happens (13 :). Just commented out
this "if (bread" fragment, recompiled, and now this works
for all tested Worm.SCO.A infected files on this PC.
G:\temp\clamav1\bin>clamdscan.exe
"G:\temp\clamav1\bin\!3289!1114431587!2.eml"
G:\temp\clamav1\bin\!3289!1114431587!2.eml: Worm.SCO.A FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.230 sec (0 m 0 s)
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
