René Berber yazmış: >Cevher wrote: > > >>Hi list, >> >>Some zip files containing virus files are passed by milter. For example >>there is a zip file that contains a file called data.src. >>Clamav recognize data.src as Worm.Lovgate.R. >> >>$ clamscan data.zip >>data.zip: Worm.Lovgate.R FOUND >> >>----------- SCAN SUMMARY ----------- >>Known viruses: 38553 >>Engine version: 0.86.2 >>Scanned directories: 0 >>Scanned files: 1 >>Infected files: 1 >>Data scanned: 0.09 MB >>Time: 5.561 sec (0 m 5 s) >> >>clamdscan also recognize this. >>$ clamdscan data.zip >>/home/clamav/data.zip: Worm.Lovgate.R FOUND >> >>----------- SCAN SUMMARY ----------- >>Infected files: 1 >>Time: 1.623 sec (0 m 1 s) >> >>ScanArchive is enabled in clamd.conf, when I unpack original zip file >>and repack it with zip, clamav-milter recognize it (tgz and gz archives >>recognized also). Milter just can't recognize original zip file where >>compression seems %0. >> >> > >Can you check the log and confirm that clamav-milter is the latest version? > > > >>We are using clamav-milter without --external option, whereas result is >>same when clamav-milter is run with --external option. >> >> > >Strange that --external does the same, it should be just like using clamdscan. >You could enable debuging for clamd and test to see if as an email message it's >being scanned and goes through undetected. > > > >>My next question is about ScanArchive directive. Does anyone know how to >>disable it. I did comment the ScanArchive directive in clamd.conf but it >>didn't work. >> >> > >You need to set 2 options in clamd.conf (read "man clamd.conf" for details): > >DisableDefaultScanOptions >ScanArchive no > >HTH > > This issue seems to be fixed in clamav 0.87. :)
-- Cevher Cemal Bozkur +-+-+-+-+-+-+-+-+-+ YÖRE NET Teknoloji Tel:+90 212 234 00 90 _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
