Weird! Clamav Antivirus

Posted by Planet Malaysia on July 6, 2006

advertisement

I was using Clamav Antivirus for some times/years for my email server, desktop, file server, and etc.

Today I found a weird problem on my [tag]clamav[/tag] [tag]antivirus[/tag] [tag]server[/tag].

I have a zip file said ‘abc.zip’ which contain a password protected.

[user1@planetmy user1]# clamdscan abc.zip
/home/user1/abc.zip: Encrypted.Zip FOUND

———– SCAN SUMMARY ———–
Infected files: 1
Time: 0.906 sec (0 m 0 s)

[user1@planetmy user1]# clamscan abc.zip
abc.zip: OK

———– SCAN SUMMARY ———–
Known viruses: 60859
Engine version: 0.88.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 2.32 MB
Time: 2.938 sec (0 m 2 s)

WTH? Which one is accurate/correct?

After google for a while a found the solution.

$vi /etc/clamd.conf

(insert “#” infront of ArchiveBlockEncrypted)

Restart ClamAV Services
$/etc/init.d/clamd restart

[user1@planetmy user1]# clamdscan abc.zip
/home/user1/abc.zip: OK

———– SCAN SUMMARY ———–
Infected files: 0
Time: 0.906 sec (0 m 0 s)

[user1@planetmy user1]# clamscan abc.zip
abc.zip: OK

———– SCAN SUMMARY ———–
Known viruses: 60859
Engine version: 0.88.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 2.32 MB
Time: 2.938 sec (0 m 2 s)

I did tried send to my [tag]Gmail[/tag] and [tag]Yahoo[/tag] mail account but only Yahoo accept that ‘abc.zip’ attachment email and Gmail detected as [tag]virus[/tag] [tag]mail[/tag].

Hmm, can anyone tell me is Google Mail used clamdscan as well?

Possibly Related Posts:


« Bank

Categories Open Source, Personal

MyKid »

Comments

4 Responses to “Weird! Clamav Antivirus”

  1. ShaolinTiger on July 6th, 2006 6:37 pm

    “/home/user1/abc.zip: Encrypted.Zip FOUND”

    It doesn’t say virus, it just rejects because it can’t check inside the zip, Gmail is using a similar system as it scans recursively inside compressed files.

    Say if you try and send an .exe inside a .zip it will reject.

  2. colbert on July 7th, 2006 5:01 pm

    how do I join so that my posts gets updated here?

  3. Planet Malaysia on July 7th, 2006 11:04 pm

    Can you goto Planet Malaysia main page – http://www.planetmy.com and click “Join Us” at top right corner? TQ

  4. NOname on July 11th, 2006 5:59 pm

    Because the ClamAV cant scan inside the .Zip files, such as like compression files, so it will infected, but no virus listed !

Leave a Reply




Planet Malaysia
  • Follow us on Twitter


    • web www.planetmy.com