Forget to include debug output:
LibClamAV debug: Phishing: looking up in whitelist:
http://mail.sxdtdx.edu.cn/.eBay.com/link.php:http://cgi4.ebay.com/ws/eBayISAPI.dll?AccountConfirmco_partnerId=2&pUserId=&siteid=0&pageType;
host-only:0
LibClamAV debug: Looking up in regex_list:
http://mail.sxdtdx.edu.cn/.eBay.com/link.php:http://cgi4.ebay.com/ws/eBayISAPI.dll?AccountConfirmco_partnerId=2&pUserId=&siteid=0&pageType/
LibClamAV debug: Lookup result: not in regex list
LibClamAV debug: Looking up in regex_list:
http://mail.sxdtdx.edu.cn/.eBay.com/link.php:http://cgi4.ebay.com/ws/eBayISAPI.dll?AccountConfirmco_partnerId=2&pUserId=&siteid=0&pageType
LibClamAV debug: Lookup result: not in regex list
LibClamAV debug: Looking up in regex_list: cgi4.ebay.com
LibClamAV debug: Got a match: cgi4.ebay.com with :ebay.com
LibClamAV debug: Lookup result: in regex list
LibClamAV debug: Phishing: looking up in whitelist:
mail.sxdtdx.edu.cn:cgi4.ebay.com; host-only:1
LibClamAV debug: Looking up in regex_list: mail.sxdtdx.edu.cn:cgi4.ebay.com/
LibClamAV debug: Lookup result: not in regex list
It hangs here.
> I have been running clamAV 0.91.2 software on our Solaris email server
> for a few weeks and all has been well, but I have noticed in the last
> few days that "clamscan" does not end on a specific HTML email.
>
> I have caught the email and run clamscan by hand on the file and this
> what happens:
>
> # /usr/local/clamav0912/bin/clamscan --verbose -r --stdout --infected ./Work
> Scanning ./Work/INPUTMBOX
>
> Strangely when I run it with the older version the program works:
>
> # /usr/local/clamav0902/bin/clamscan --verbose -r --stdout --infected ./Work
> Scanning ./Work/INPUTMBOX
> ----------- SCAN SUMMARY -----------
> Known viruses: 118783
> Engine version: 0.90.2
> Scanned directories: 1
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.02 MB
> Time: 44.042 sec (0 m 44 s)
>
> When I run it via truss it the last few lines look like:
> 12517: write(1, " S c a n n i n g . / W".., 26) = 26
> 12517: open("./Work/INPUTMBOX", O_RDONLY) = 4
> 12517: fxstat(2, 4, 0x080453A0) = 0
> 12517: lseek(4, 0, SEEK_SET) = 0
> 12517: read(4, " F r o m m e s s a g e".., 256) = 256
> 12517: lseek(4, 0, SEEK_SET) = 0
> 12517: times(0x08044F00) = 424043996
> ....
> 12517: times(0x08044F00) = 424043996
> 12517: times(0x08044F00) = 424043996
> 12517: mkdir("/var/tmp//clamav-7d9a1d4a6e4a6578dc28281bbe429acc", 0700) = 0
> 12517: dup(4) = 5
> 12517: fcntl(5, F_GETFD, 0x00000004) = 0
> 12517: llseek(5, 0, SEEK_CUR) = 0
> 12517: llseek(5, 0, SEEK_SET) = 0
> 12517: fstat64(5, 0x08043B60) = 0
> 12517: fstat64(5, 0x08043AA0) = 0
> 12517: ioctl(5, TCGETA, 0x08043B34) Err#25 ENOTTY
> 12517: read(5, " F r o m m e s s a g e".., 8192) = 7501
> 12517: read(5, 0x09F9079C, 8192) = 0
> 12517: llseek(5, 0, SEEK_CUR) = 7501
> 12517: close(5) = 0
> 12517: sysconfig(_CONFIG_PAGESIZE) = 4096
>
>
> I have run it on a few Solaris platforms with the same results....
>
> Thanks
>
> Andrew
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
