The problem is that I'm using libclamav directly (not clamd), and I
dont't have the entire zip file. While the file is sent over the
network, passing through my firewall, I'm catching the packets, storing
each one and scanning using cl_scandesc from libclamav. Catch it?
Samuel Benzaquen wrote:
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Eric Scopinho
Long Question:
I'm doing some tests with libipq (kind of userspace packet filter).
I get network packets, write them in small temp files and scan using
cl_scandesc from libclamav, if a virus is founded, drop the packet. It
seems to work fine, but the problem happens whem an zipped infected file
has sent over the net.
Someone could give any idea how to handle that?
Clamd can handle it alone. If ScanArchive is active, it will unpack the file
and scan recursively inside.
-Samuel
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
