On 31.03.22 11:02, Petr Jurášek via clamav-users wrote:
https://www.mail-archive.com/clamav-users@lists.clamav.net/msg51769.html
It's the same situation. Vir is detected, but file is "clean", you can
see it in summary.
looks like that. I completely missed it.
% clamscan intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
/home/uhlar/intamldeosreitlu.xls: OK
Infected files: 0
% clamscan -z intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
Infected files: 1
funny that -z option causes clamdscan to find the file in subsqeuent scana:
% clamdscan intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: OK
Infected files: 0
% clamdscan -z intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
Infected files: 1
% clamdscan intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND
Infected files: 2
Dne 31. 03. 22 v 10:55 Matus UHLAR - fantomas napsal(a):
I have received a file that is not detected by clamdscan, but is by
clamscan:
% clamdscan /home/uhlar/intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: OK
% clamscan /home/uhlar/intamldeosreitlu.xls
/home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0
FOUND
/home/uhlar/intamldeosreitlu.xls: OK
file permissions seem not to be the problem (file is publicly readable)
This is debian 11 installation, I have regenerated clamd.conf via
"dpkg-reconfigure clamav-daemon" and I can't find out which options
to change to make clamdscan detect the file.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml