Thanks Steve for this reply; this is helpful. On my machine clamscan could also detect an XZ file when I used sigtool to create an MD5 signature for a file putting it into an .mdb file, and then ran clamscan with the -d argument to load from that file. (In fact I made a signature from a PDF file in the .tar.xz archive and ran clamscan on that archive; it reported the file as infected)
I have done some more investigation, and it seems that clamscan detects XZ files except when the daily database (daily.cvd or daily.cld) is being loaded. I ran it with -d arguments to load various databases from the default signature directory /var/lib/clamav, and if I loaded main.cvd, bytecode.cvd or both it would detect XZ files, but I loaded daily.cvd or anything including this it wouldn't detect them. If I move the daily.cvd file out of /var/lib/clamav and then run clamscan without any --database= arguments it detects XZ files happily and finds viruses within them. If I copy daily.cvd to a different directory and run clamscan with a -d argument to load it, clamscan won't recognise XZ files, so it seems to be something in the daily file which is throwing it. Bill. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
