On 6/10/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > Use the SCAN command of clamd. You can modify clamdscan to use SCAN > instead of CONTSCAN.
Woops, sorry my mistake then. My particular application is for a scanning rather large files that are infrequently uploaded (a couple a day, max). Because they are larger .zips, and infrequent, and a few other considerations, I was using clamscan and was hoping the feature could be added to that. I haven't even looked at clamdscan for a while and didn't remember that feature (woops, I should have looked -- I only looked at clamscan), still I thought I rember thinking it was needed way back when. I suppose I was thinking of clamscan back then too. I actually had problems with clamd when I looked at it a few months ago (0.80), but I'll have to try it again to see if it works better for me now. I only hope that other idea to perhaps modify scanning order to prioritize more suspicious file types first has some merit, but that is not always possible with pipes and such. I had other ideas. Way back, when there were new encrypted zip files, I thought it would be easy to detect them without being able to or needing to unzip them by just by looking at the file length and the CRC32. Different passwords would change the encrypted data, but not the CRC32 or the length. It might also be possible to detect suspicious .com files similar to email addresses ([EMAIL PROTECTED]) or to urls (www.z.com). Other suspicious files like zips with encrypted executables with lots of spaces to pad and hide the real file extension far right could also be used to find new viruses. These methods could be used to find encrypted files without needing to unzip them, but these options are more for when you turn on heuristics as other antivirus programs call them. Thanks for the consideration. Good work. _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html