Re: [clamav-users] clamdscan versus clamscan detection

Thu, 31 Mar 2022 03:18:53 -0700 

On 31.03.22 11:02, Petr Jurášek via clamav-users wrote:

https://www.mail-archive.com/clamav-users@lists.clamav.net/msg51769.html
It's the same situation. Vir is detected, but file is "clean", you can see it in summary. 

looks like that. I completely missed it.

% clamscan intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
/home/uhlar/intamldeosreitlu.xls: OK

Infected files: 0

% clamscan -z intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND

Infected files: 1

funny that -z option causes clamdscan to find the file in subsqeuent scana:

% clamdscan intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: OK

Infected files: 0

% clamdscan -z intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND

Infected files: 1

% clamdscan intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND

Infected files: 2




Dne 31. 03. 22 v 10:55 Matus UHLAR - fantomas napsal(a):
I have received a file that is not detected by clamdscan, but is by clamscan: 

% clamdscan /home/uhlar/intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: OK

% clamscan /home/uhlar/intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND 
/home/uhlar/intamldeosreitlu.xls: OK

file permissions seem not to be the problem (file is publicly readable)
This is debian 11 installation, I have regenerated clamd.conf via "dpkg-reconfigure clamav-daemon" and I can't find out which options to change to make clamdscan detect the file. 

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to