is clamscan not unpacking cab-archive inside a multivolume rar-archive?
When I tried clamscan with --unrar option on a multivolume rar archive
containing a large .cab -file (196M) and a few other files,
then the cabfile did not seem to get unpacked for scanning.
At least looks that way according to the output of
"Scanned files:" and "Data scanned:" in scan summary.
Is this expected behaviour in archives of this size,
or have I missed the right options?
Or am I just confused by numbers in the output?
Anyway, worked around by first unpack then scan.
Sorry if this is wellknown, I have tried to search the lists.
Have also tried scanning with and without these options:
--max-files=50000 --max-space=8000000000
What options do I need to use?
The rest of this mail is details:
---------------------------------
System:
clamscan -V; ClamAV 0.86.2/1012/Fri Aug 12 14:05:42 2005
uname -mrsp; FreeBSD 5.4-RELEASE-p6 i386 i386
all programs on machine installed from ports and kept uptodate.
the rar-archive:
$ ls /rarfiledir/ | wc -l
47
$ du -sh /rarfiledir/
209M /rarfiledir/
First I scanned the rar archive files:
$ clamscan --unrar=/usr/local/bin/unrar /rarfiledir/*
----------- SCAN SUMMARY -----------
Known viruses: 38554
Engine version: 0.86.2
Scanned directories: 7
Scanned files: 83
Infected files: 0
Data scanned: 419.82 MB
Time: 480.860 sec (8 m 0 s)
Size of "Data scanned:" indicates it scanned both the rar-files itself and
the files inside.
then unpacked the rar-archive to my current directory:
$ unrar x /rarfiledir/filename.rar
$ find . -type f |wc -l
36
$ du -sh
208M .
then scanned the current directory (.cab -file and friends):
$ clamscan -r
----------- SCAN SUMMARY -----------
Known viruses: 38554
Engine version: 0.86.2
Scanned directories: 7
Scanned files: 36
Infected files: 0
Data scanned: 628.57 MB
Time: 732.693 sec (12 m 12 s)
This is output when scanning only the cabfile:
----------- SCAN SUMMARY -----------
Known viruses: 38554
Engine version: 0.86.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 616.73 MB
Time: 757.689 sec (12 m 37 s)
Size of "Data scanned:" might indicate it scanned both the cabfile itself
and files inside. The number of "Scanned files:" however is not counting
number of files inside the cab-file.
last, after unpacking the cab manually, scanned its contents:
----------- SCAN SUMMARY -----------
Known viruses: 38554
Engine version: 0.86.2
Scanned directories: 1
Scanned files: 2097
Infected files: 0
Data scanned: 471.37 MB
Time: 770.086 sec (12 m 50 s)
--
Regards from Lars
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
