Noel Jones wrote:
At 04:21 AM 7/19/2006, Maren Leizaola wrote:
Hi,
I have 2 machines running FreeBSD 5.4 and 6.1 runinig Clamav 0.88
and 088.3 respectively and I find that any virus in a zip file is not
found.
I am not sure if this has been broken and we just didn't get virus in
zip files or it recently broke.
I want to know how can I tell if ClamAv is calling unzip. How can I
find out where it is trying to call unzip from?
Everything seems fine apart from this problem.
Unzip code is built into clamav, and is on by default.
With "clamscan" zip scanning is disabled by the -no-archive and the
various -max-* command line options. You can also specify an external
unzip program with -unzip=/some/path/to/unzip, but you shouldn't use
this, use the built-in unzip instead.
With "clamdscan" zip scanning is controlled by the various Archive*
parameters in clamd.conf and is enabled by default. And make sure you
haven't set DisableDefaultScanOptions.
I just re-tested and confirmed it's working on my FreeBSD 5.5 and 6.1
with 0.88.
I am using clamd and it is not doing the unziping... maybe I did
something to the clamd.conf
here is a diff of the default clamd.conf and my clamd.conf
diff clamd.conf clamd.conf.default
61c61
< TemporaryDirectory /var/tmp
---
> #TemporaryDirectory /var/tmp
100c100
< StreamMaxLength 120M
---
> #StreamMaxLength 20M
150c150
< # Stop deamon when libclamav reports out of memory condition.
---
> # Stop daemon when libclamav reports out of memory condition.
196c196
< ScanOLE2
---
> #ScanOLE2
219c219
< ScanHTML
---
> #ScanHTML
228c228
< ScanArchive
---
> #ScanArchive
235c235
< ScanRAR
---
> #ScanRAR
243c243
< ArchiveMaxFileSize 100M
---
> #ArchiveMaxFileSize 15M
any suggestions how I can debug what clamd is doing?
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
