Hi list, Some zip files containing virus files are passed by milter. For example there is a zip file that contains a file called data.src. Clamav recognize data.src as Worm.Lovgate.R.
$ clamscan data.zip data.zip: Worm.Lovgate.R FOUND ----------- SCAN SUMMARY ----------- Known viruses: 38553 Engine version: 0.86.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.09 MB Time: 5.561 sec (0 m 5 s) clamdscan also recognize this. $ clamdscan data.zip /home/clamav/data.zip: Worm.Lovgate.R FOUND ----------- SCAN SUMMARY ----------- Infected files: 1 Time: 1.623 sec (0 m 1 s) ScanArchive is enabled in clamd.conf, when I unpack original zip file and repack it with zip, clamav-milter recognize it (tgz and gz archives recognized also). Milter just can't recognize original zip file where compression seems %0. We are using clamav-milter without --external option, whereas result is same when clamav-milter is run with --external option. My next question is about ScanArchive directive. Does anyone know how to disable it. I did comment the ScanArchive directive in clamd.conf but it didn't work. OS:Linux ClamAv version:0.86.2 Any help would be very much appreciated. -- Cevher Cemal Bozkur +-+-+-+-+-+-+-+-+-+ YÖRE NET Teknoloji Tel:+90 212 234 00 90 _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
