>It certainly doesn't appear to. I am not sure why, though. Attached is
>a diff of the outputs of your run and a run here of clamscan (0.85,
>though). Maybe somebody else can spot the problem.
>
> LibClamAV debug: fileblobDestroy: textpart
> LibClamAV debug: cli_mbox returning 0
>+LibClamAV debug: Recognized ZIP file
>+LibClamAV debug: in scanzip()
>+LibClamAV debug: Zip: help.doc .exe=
>, crc32: 0x3fcc001f, encrypted: 0, compressed: 150514, normal: 155156, meth=
>od: 8, ratio: 1 (max: 250)
>+LibClamAV debug: Recognized DOS/W32 executable/library/driver file
>+LibClamAV debug: Worm.Bagz.D found in descriptor 7.
>+LibClamAV debug: Zip: Infected with Worm.Bagz.D
Yeah, I get the same extra log entries when I check the false positive
file using clamdscan. The first extra message comes from the routine
cli_filetype() in libclamav/filetypes.c, a fairly simple routine that
just checks a buffer against magic numbers in a table. No idea why
this would fail sometimes.
---
Jef
Jef Poskanzer [EMAIL PROTECTED] http://www.acme.com/jef/
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
