[Clamav-users] clamav problem

Wed, 27 Jul 2005 07:39:16 -0700 

Hi,

with this header:

Return-Path: <xxxxxxxxxxxxxxxxxxxxxxxx>
Delivered-To: xxxxxxxxxxxxxxxxxxxxxxx
Received: (qmail 21525 invoked by uid 89); 25 Jul 2005 20:50:41 -0000
Received: by simscan 1.1.0 ppid: 21403, pid: 21408, t: 5.7753s
         Received: from unknown (HELO 127.0.0.1) (xxxxxxxxxxxxxxx)
  by xxxxxxxxxxxxxxxxx with SMTP; 25 Jul 2005 20:50:35 -0000
SUBJECT: re: please
FROM: xxxxxxxxxxxxxxxxxxxxxxxx
TO: xxxxxxxxxxxxxxxxxxxxxxxxxxx
DATE: [[ lun, 25 lug 2005 22.50.42 ]]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--------bound--"
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on xxxxxxxxxxxxxxxxx
X-Spam-Level:
X-Spam-Status: No, score=0.7 required=5.0 tests=INVALID_DATE,
 MIME_MISSING_BOUNDARY,NO_REAL_NAME autolearn=disabled version=3.0.3

----------bound--
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello,
 Your email was received.
YOUR REPLY IS URGENT!
Please view the attached text file for instructions.
Regards,
User
----------bound--
Content-Type: application/x-msdownload; name="payment.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="payment.zip"


clamav doesn't detect Worm.Bagz.E  present in payment.zip .




DEBUG:

clamscan --debug mess
LibClamAV debug: Loading databases from /usr/local/share/clamav
LibClamAV debug: Loading /usr/local/share/clamav/main.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 7c497735a7e1a3e15dde75832bef48f3
LibClamAV debug: Decoded signature: 7c497735a7e1a3e15dde75832bef48f3
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/clamav-311c43bb14cea756/COPYING
LibClamAV debug: Unpacking /tmp/clamav-311c43bb14cea756/main.db
LibClamAV debug: Unpacking /tmp/clamav-311c43bb14cea756/main.hdb
LibClamAV debug: Unpacking /tmp/clamav-311c43bb14cea756/main.ndb
LibClamAV debug: Unpacking /tmp/clamav-311c43bb14cea756/main.zmd
LibClamAV debug: Unpacking /tmp/clamav-311c43bb14cea756/main.fp
LibClamAV debug: Loading databases from /tmp/clamav-311c43bb14cea756
LibClamAV debug: Loading /tmp/clamav-311c43bb14cea756/main.db
LibClamAV debug: Initializing main node
LibClamAV debug: Initializing trie
LibClamAV debug: Initializing BM tables
LibClamAV debug: in cli_bm_init()
LibClamAV debug: BM: Number of indexes = 63744
LibClamAV debug: Loading /tmp/clamav-311c43bb14cea756/main.hdb
LibClamAV debug: Initializing md5 list structure
LibClamAV debug: Loading /tmp/clamav-311c43bb14cea756/main.ndb
LibClamAV debug: Loading /tmp/clamav-311c43bb14cea756/main.zmd
LibClamAV debug: Loading /tmp/clamav-311c43bb14cea756/main.fp
LibClamAV debug: Loading /usr/local/share/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = a3680e1d73d83ed4d7d2a1f55f7ff629
LibClamAV debug: Decoded signature: a3680e1d73d83ed4d7d2a1f55f7ff629
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/clamav-7849308bc192dd13/COPYING
LibClamAV debug: Unpacking /tmp/clamav-7849308bc192dd13/daily.db
LibClamAV debug: Unpacking /tmp/clamav-7849308bc192dd13/daily.hdb
LibClamAV debug: Unpacking /tmp/clamav-7849308bc192dd13/daily.ndb
LibClamAV debug: Loading databases from /tmp/clamav-7849308bc192dd13
LibClamAV debug: Loading /tmp/clamav-7849308bc192dd13/daily.db
LibClamAV debug: Loading /tmp/clamav-7849308bc192dd13/daily.hdb
LibClamAV debug: Loading /tmp/clamav-7849308bc192dd13/daily.ndb
LibClamAV debug: Recognized Maildir file
LibClamAV debug: Starting cli_scanmail(), mrec == 1, arec == 0
LibClamAV debug: in mbox()
LibClamAV debug: parseEmailFile
LibClamAV debug: parseEmailFile: check 'Return-Path:
<xxxxxxxxxxxxxxxxxxxxxxxx>' contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'Delivered-To:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'Received: (qmail 21525 invoked by
uid 89); 25 Jul 2005 20:50:41 -0000' contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'Received: by simscan 1.1.0 ppid:
21403, pid: 21408, t: 5.7753s' contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'Received: from unknown (HELO
127.0.0.1) (xxxxxxxxxxxx)' contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check '  by mxavas4.aruba.it with SMTP; 25
Jul 2005 20:50:35 -0000' contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'SUBJECT: re: please' contMarker 0
fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'FROM: xxxxxxxxxxx contMarker 0
fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'TO: xxxxxxxxxxxxxxxxxxxx contMarker
0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'DATE: [[ lun, 25 lug 2005
22.50.42 ]]' contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'MIME-Version: 1.0' contMarker 0
fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'Content-Type: multipart/mixed;
boundary="--------bound--"' contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailHeader 'Content-Type: multipart/mixed;
boundary="--------bound--"'
LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' multipart/mixed;
boundary="--------bound--"'
LibClamAV debug: messageSetMimeType: 'multipart'
LibClamAV debug: mimeArgs = ' boundary="--------bound--"'
LibClamAV debug: Add arguments ' boundary="--------bound--"'
LibClamAV debug: parseEmailFile: check 'X-Spam-Checker-Version: SpamAssassin
3.0.3 (2005-04-27) on xxxxxxxxxxxxxxxx contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'X-Spam-Level: ' contMarker 0
fullline 0x(nil)
LibClamAV debug: parseEmailFile: check 'X-Spam-Status: No, score=0.7
required=5.0 tests=INVALID_DATE,' contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check '
MIME_MISSING_BOUNDARY,NO_REAL_NAME autolearn=disabled version=3.0.3'
contMarker 0 fullline 0x(nil)
LibClamAV debug: parseEmailFile: check '' contMarker 0 fullline 0x(nil)
LibClamAV debug: End of header information
LibClamAV debug: getline_from_mbox: buffer overflow stopped
LibClamAV debug: parseEmailFile: return
LibClamAV debug: in parseEmailBody
LibClamAV debug: Parsing mail file
LibClamAV debug: mimeType = 5
LibClamAV debug: Content-type 'multipart' handler
LibClamAV debug: boundaryStart: found --------bound-- in ----------bound--
LibClamAV debug: Now read in part 0
LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type:
text/plain; charset=us-ascii'
LibClamAV debug: parseEmailHeader 'Content-Type: text/plain;
charset=us-ascii'
LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' text/plain;
charset=us-ascii'
LibClamAV debug: messageSetMimeType: 'text'
LibClamAV debug: mimeArgs = ' charset=us-ascii'
LibClamAV debug: Add arguments ' charset=us-ascii'
LibClamAV debug: Discarding unwanted argument 'charset=us-ascii'
LibClamAV debug: Multipart 0: About to parse folded header
'Content-Transfer-Encoding: 7bit'
LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: 7bit'
LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg='
7bit'
LibClamAV debug: messageSetEncoding: '7bit'
LibClamAV debug: Encoding type 1 is "7bit"
LibClamAV debug: Multipart 0: End of header information
LibClamAV debug: boundaryStart: found --------bound-- in ----------bound--
LibClamAV debug: Part 0 has 6 lines
LibClamAV debug: Now read in part 1
LibClamAV debug: Multipart 1: About to parse folded header 'Content-Type:
application/x-msdownload; name="payment.zip"'
LibClamAV debug: parseEmailHeader 'Content-Type: application/x-msdownload;
name="payment.zip"'
LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg='
application/x-msdownload; name="payment.zip"'
LibClamAV debug: messageSetMimeType: 'application'
LibClamAV debug: mimeArgs = ' name="payment.zip"'
LibClamAV debug: Add arguments ' name="payment.zip"'
LibClamAV debug: Multipart 1: About to parse folded header
'Content-Transfer-Encoding: base64'
LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: base64'
LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg='
base64'
LibClamAV debug: messageSetEncoding: 'base64'
LibClamAV debug: Encoding type 1 is "base64"
LibClamAV debug: Multipart 1: About to parse folded header
'Content-Disposition: attachment; filename="payment.zip"'
LibClamAV debug: parseEmailHeader 'Content-Disposition: attachment;
filename="payment.zip"'
LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg='
attachment; filename="payment.zip"'
LibClamAV debug: Multipart 1: End of header information
LibClamAV debug: Part 1 has 0 lines
LibClamAV debug: The message has 2 parts
LibClamAV debug: Find out the multipart type (mixed)
LibClamAV debug: Mixed message with 2 parts
LibClamAV debug: Mixed message part 0 is of type 6
LibClamAV debug: Mixed message text part disposition ""
LibClamAV debug: Mime subtype "plain"
LibClamAV debug: Adding part to main message
LibClamAV debug: Adding to non mime-part
LibClamAV debug: Mixed message part 1 is of type 1
LibClamAV debug: messageToFileblob
LibClamAV debug: Save non mime and/or text/plain part
LibClamAV debug: blobSetFilename: textpart
LibClamAV debug: fileblobSetFilename:
mkstemp(/tmp/clamav-b01ceb95419d528a/textpartXXXXXX)
LibClamAV debug: Saving attachment as
/tmp/clamav-b01ceb95419d528a/textpartldu61h
LibClamAV debug: fileblobDestroy: textpart
LibClamAV debug: cli_mbox returning 0
LibClamAV debug: Calculated MD5 checksum: 4e705b982d60971ac1d68591f7b49c8d
LibClamAV debug: Calculated MD5 checksum: 3f8068be6c38c2fc6d125f9f86cf444b
mess: OK

----------- SCAN SUMMARY -----------
Known viruses: 37150
Engine version: 0.86.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.09 MB
Time: 0.594 sec (0 m 0 s)

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html

Reply via email to