At 06:51 AM 7/26/2006, Maren Leizaola wrote:
Unzip code is built into clamav, and is on by default.
Is there any way to debug this? to find out what Clamav is
actually doing?
How do I get it to log what actions it is taking?
For clamd, the clamd.conf option Debug writes extra logging
to the normal log file.
For clamscan, use --debug.
When I scan an eicar.zip file, the output looks like:
# clamscan --debug eicar.zip
LibClamAV debug: Loading databases from /var/db/clamav
... snipped ~40 lines about unpacking/verifying databases ...
... the important part is near the end ...
LibClamAV debug: Recognized ZIP file
LibClamAV debug: in scanzip()
LibClamAV debug: Zip: eicar.txt, crc32: 0x1dd02bdb, offset:
0, encrypted: 0, compressed: 69, normal: 69, method: 0,
ratio: 1 (max: 250)
LibClamAV debug: Eicar-Test-Signature found in descriptor 5.
LibClamAV debug: Zip: Infected with Eicar-Test-Signature
eicar.zip: Eicar-Test-Signature FOUND
--
Noel Jones
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
