On 2010-05-28 23:47, Marvin Blackburn wrote: > On Wed, 26 May 2010 22:08:02 +0300, Török Edwin <[email protected]> > wrote: > > >> You can use -v to print the file scanned even if it is clean, then look >> for the last 'Scanning' line before the Warning: line. >> >>> >>> ----------- SCAN SUMMARY ----------- >>> Known viruses: 785760 >>> Engine version: 0.96 >>> Scanned directories: 17869 >>> Scanned files: 136783 >>> Infected files: 0 >>> Data scanned: 7862.58 MB >>> Data read: 65657.98 MB (ratio 0.12:1) >>> Time: 2301.814 sec (38 m 21 s) >>> -- end script Tue May 25 01:48:23 EDT 2010 >>> >>> this is running against a linux server. > > I used the -v and captured the output. > It turned out to be an installation file for xmarks that I had > downloaded to a windows directory that I have cifs mounted to my linux > system. >
Thanks opened a bug here: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2049 Looks like it tries to extract a file twice, and the 2nd time it extracts a corrupted file. That is where the warning comes from: it is indeed trying to scan a broken PE file. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
