On Tuesday, February 17, 2015 11:58:02 PM Manoj Ramakrishnan wrote:
On 18/02/15 6:09 AM, Steven Morgan smor...@sourcefire.com wrote:
On Tue, Feb 17, 2015 at 1:11 AM, Manoj Ramakrishnan
manojramakrish...@nbnco.com.au wrote:
Hi Al,
Thanks for replying.
It is exactly what I thought.
On 18/02/15 6:09 AM, Steven Morgan smor...@sourcefire.com wrote:
On Tue, Feb 17, 2015 at 1:11 AM, Manoj Ramakrishnan
manojramakrish...@nbnco.com.au wrote:
Hi Al,
Thanks for replying.
It is exactly what I thought. But why is it different from ZIP file?
I added extra characters in the
UmmmÅ the text diagram is not rendered as intended.
What I was trying to show is:
Client --- Apache Reverse Proxy ---non scanning urlsbunch of
application servers
Client --- Apache Reverse Proxy ---Scan a list of urls for virus in
client uploaded files -- Squid(act as a reverse proxy) +
On 2/17/15 3:58:02PM, Manoj Ramakrishnan wrote:
At the moment there is no settings in squidclamav to extract the
multipart form data and send only the attachment to clamd. As Kevin
mentioned, if clamd doesn't natively support parsing HTTP messages
then we need to find a way to pass correct
Hi Scott,
I had a look at what havp does and am not sure it will fit with our
current design. Will do a spike to find out.
Our application stack has the following design
Client == Apache Reverse Proxy (non scanning
urls) Bunch of app servers
On 2/17/2015 12:11 AM, Manoj Ramakrishnan wrote:
Hi Al,
Thanks for replying.
It is exactly what I thought. But why is it different from ZIP file?
I added extra characters in the beginning of the ZIP file but no issues in
scanning that and finding eicar signature.
zip and gzip are very
There are a number of reasons for the differences in the detection cases.
The first of which is how ClamAV identifies the file type of file being
scanned. ClamAV determines the file type of a scanned file using the 'ftm'
signature files. The important signatures follow:
On Tue, Feb 17, 2015 at 1:11 AM, Manoj Ramakrishnan
manojramakrish...@nbnco.com.au wrote:
Hi Al,
Thanks for replying.
It is exactly what I thought. But why is it different from ZIP file?
I added extra characters in the beginning of the ZIP file but no issues in
scanning that and finding
Hi Steve,
Thanks for the reply. Really appreciated
I tried your suggestion and it mostly works when we use the clamdscan
command except some cases like modified gzip, other types like tar, bz2.
Will explain below.
Dowloaded these two files
wget http://www.eicar.org/download/eicar.com
wget
Hi Al,
Thanks for replying.
It is exactly what I thought. But why is it different from ZIP file?
I added extra characters in the beginning of the ZIP file but no issues in
scanning that and finding eicar signature.
Also curious to see why is it not working in case #4 and #6?
Regards
Manoj
10 matches
Mail list logo