Hi,
I am observing this problem for more than a year now [1] but recently
noted that some improvements have been made in clamscan when it tries
to scan a virus within an unsupported archive format, for instance a
BZip2 compressed zip file (compression mode 12):
# clamscan /home/roal/clam/clam_BZip2.zip; echo Exit code: $?
/home/roal/clam/clam_BZip2.zip: Zip module failure
----------- SCAN SUMMARY -----------
Known viruses: 40345
Engine version: 0.87
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Time: 0.709 sec (0 m 0 s)
Exit code: 0
^-- !!!
Older clamscan versions additionally printed
'/home/roal/clam/clam_BZip2.zip: OK' which has now been eleminated.
However, the exit code is still zero, meaning the scanned file has
been clean. In fact, it is a virus. Why does clamscan not give an exit
code greater than one, indicating failure? I consider this really a
security problem, since people may think they are clear although there
may exist some potentially infected files.
[1] reported for instance here:
http://article.gmane.org/gmane.comp.security.virus.clamav.devel/1742
If it is useful, here is the debug output:
# clamscan --debug /home/roal/clam/clam_BZip2.zip; echo Exit code: $?
LibClamAV debug: Loading databases from /var/clamav
LibClamAV debug: Loading /var/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 27616801b11ec5836698b0ff4dff7d1e
LibClamAV debug: Decoded signature: 27616801b11ec5836698b0ff4dff7d1e
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/clamav-0c59778db7b597ba/COPYING
LibClamAV debug: Unpacking /tmp/clamav-0c59778db7b597ba/daily.db
LibClamAV debug: Unpacking /tmp/clamav-0c59778db7b597ba/daily.hdb
LibClamAV debug: Unpacking /tmp/clamav-0c59778db7b597ba/daily.ndb
LibClamAV debug: Loading databases from /tmp/clamav-0c59778db7b597ba
LibClamAV debug: Loading /tmp/clamav-0c59778db7b597ba/daily.db
LibClamAV debug: Initializing main node
LibClamAV debug: Initializing trie
LibClamAV debug: Initializing BM tables
LibClamAV debug: in cli_bm_init()
LibClamAV debug: BM: Number of indexes = 63744
LibClamAV debug: Loading /tmp/clamav-0c59778db7b597ba/daily.hdb
LibClamAV debug: Initializing md5 list structure
LibClamAV debug: Loading /tmp/clamav-0c59778db7b597ba/daily.ndb
LibClamAV debug: Loading /var/clamav/main.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = dd026d955913149ab4455e98a7e41c22
LibClamAV debug: Decoded signature: dd026d955913149ab4455e98a7e41c22
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/COPYING
LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/main.db
LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/main.hdb
LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/main.ndb
LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/main.zmd
LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/main.fp
LibClamAV debug: Loading databases from /tmp/clamav-bf9c361cc1df10d7
LibClamAV debug: Loading /tmp/clamav-bf9c361cc1df10d7/main.db
LibClamAV debug: Loading /tmp/clamav-bf9c361cc1df10d7/main.hdb
LibClamAV debug: Loading /tmp/clamav-bf9c361cc1df10d7/main.ndb
LibClamAV debug: Loading /tmp/clamav-bf9c361cc1df10d7/main.zmd
LibClamAV debug: Loading /tmp/clamav-bf9c361cc1df10d7/main.fp
LibClamAV debug: Recognized ZIP file
LibClamAV debug: in scanzip()
LibClamAV debug: Zip: clam.exe, crc32: 0xef073cfd, offset: 0, encrypted: 0,
compressed: 348, normal: 544, method: 12, ratio: 1 (max: 250)
LibClamAV debug: ZzipLib: Unsupported compression mode (12)
LibClamAV debug: Zip: Can't open file clam.exe
LibClamAV debug: Calculated MD5 checksum: 879ac518d351ac3ba22c9d54bd17174b
/home/roal/clam/clam_BZip2.zip: Zip module failure
LibClamAV debug: Recognized ZIP file
LibClamAV debug: Calculated MD5 checksum: 879ac518d351ac3ba22c9d54bd17174b
--rob.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
