On Wed, 29 Sep 2004, Brandon Knitter wrote:
I'm unsure what type of camera originally took the pictures. But the original pictures DO NOT show as having a virus. After I put it through ImageMagick's "convert" (I make thumbnails) it then thinks it has the virus.
Now, I'm pretty sure that ImageMagick isn't injecting a virus as many of the other thumbnails I make do not with the same exact binary report no virus.
Could you, and everyone else who has seen a false JPEG.Comment, please re-run the scans? I just discovered something EXTREMELY disturbing:
I just upgraded to 0.80rc3 on a RH9 machine. As a test of clamav, I went into my public_html directory and did a clamscan -r. It found one of my images to contain the virus:
[EMAIL PROTECTED] public_html]# clamscan -r . ./Asia_Pics/New Folder/dsc_0009.jpg: Exploit.JPEG.Comment FOUND
But later scans didn't show a problem with it: [EMAIL PROTECTED] New Folder]# clamscan dsc_0009.jpg dsc_0009.jpg: OK [EMAIL PROTECTED] New Folder]# clamscan -r . ./dsc_0009.jpg: OK [EMAIL PROTECTED] public_html]# clamscan "./Asia_Pics/New Folder/dsc_0009.jpg" ./Asia_Pics/New Folder/dsc_0009.jpg: OK [EMAIL PROTECTED] public_html]# clamscan -r Asia_Pics/ Asia_Pics//New Folder/dsc_0009.jpg: OK [EMAIL PROTECTED] public_html]# clamscan -r . ./Asia_Pics/New Folder/dsc_0009.jpg: OK
And no, the file didn't change between scans: [EMAIL PROTECTED] public_html]# ls -l "./Asia_Pics/New Folder/dsc_0009.jpg" -r-xr-xr-x 1 menscher astro 347067 Jan 10 2004 ./Asia_Pics/New Folder/dsc_0009.jpg
If I had to guess, I'd say clamscan has some uninitialized memory that's causing occasional false positives. If anyone can suggest an alternative explanation, or a way I could debug this further, I'd love to help. Problem is, I can't reproduce the false positive anymore.
Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=-
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
