Hi, I am observing this problem for more than a year now [1] but recently noted that some improvements have been made in clamscan when it tries to scan a virus within an unsupported archive format, for instance a BZip2 compressed zip file (compression mode 12):
# clamscan /home/roal/clam/clam_BZip2.zip; echo Exit code: $? /home/roal/clam/clam_BZip2.zip: Zip module failure ----------- SCAN SUMMARY ----------- Known viruses: 40345 Engine version: 0.87 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Time: 0.709 sec (0 m 0 s) Exit code: 0 ^-- !!! Older clamscan versions additionally printed '/home/roal/clam/clam_BZip2.zip: OK' which has now been eleminated. However, the exit code is still zero, meaning the scanned file has been clean. In fact, it is a virus. Why does clamscan not give an exit code greater than one, indicating failure? I consider this really a security problem, since people may think they are clear although there may exist some potentially infected files. [1] reported for instance here: http://article.gmane.org/gmane.comp.security.virus.clamav.devel/1742 If it is useful, here is the debug output: # clamscan --debug /home/roal/clam/clam_BZip2.zip; echo Exit code: $? LibClamAV debug: Loading databases from /var/clamav LibClamAV debug: Loading /var/clamav/daily.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 27616801b11ec5836698b0ff4dff7d1e LibClamAV debug: Decoded signature: 27616801b11ec5836698b0ff4dff7d1e LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-0c59778db7b597ba/COPYING LibClamAV debug: Unpacking /tmp/clamav-0c59778db7b597ba/daily.db LibClamAV debug: Unpacking /tmp/clamav-0c59778db7b597ba/daily.hdb LibClamAV debug: Unpacking /tmp/clamav-0c59778db7b597ba/daily.ndb LibClamAV debug: Loading databases from /tmp/clamav-0c59778db7b597ba LibClamAV debug: Loading /tmp/clamav-0c59778db7b597ba/daily.db LibClamAV debug: Initializing main node LibClamAV debug: Initializing trie LibClamAV debug: Initializing BM tables LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Loading /tmp/clamav-0c59778db7b597ba/daily.hdb LibClamAV debug: Initializing md5 list structure LibClamAV debug: Loading /tmp/clamav-0c59778db7b597ba/daily.ndb LibClamAV debug: Loading /var/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = dd026d955913149ab4455e98a7e41c22 LibClamAV debug: Decoded signature: dd026d955913149ab4455e98a7e41c22 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/COPYING LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/main.db LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/main.hdb LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/main.ndb LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/main.zmd LibClamAV debug: Unpacking /tmp/clamav-bf9c361cc1df10d7/main.fp LibClamAV debug: Loading databases from /tmp/clamav-bf9c361cc1df10d7 LibClamAV debug: Loading /tmp/clamav-bf9c361cc1df10d7/main.db LibClamAV debug: Loading /tmp/clamav-bf9c361cc1df10d7/main.hdb LibClamAV debug: Loading /tmp/clamav-bf9c361cc1df10d7/main.ndb LibClamAV debug: Loading /tmp/clamav-bf9c361cc1df10d7/main.zmd LibClamAV debug: Loading /tmp/clamav-bf9c361cc1df10d7/main.fp LibClamAV debug: Recognized ZIP file LibClamAV debug: in scanzip() LibClamAV debug: Zip: clam.exe, crc32: 0xef073cfd, offset: 0, encrypted: 0, compressed: 348, normal: 544, method: 12, ratio: 1 (max: 250) LibClamAV debug: ZzipLib: Unsupported compression mode (12) LibClamAV debug: Zip: Can't open file clam.exe LibClamAV debug: Calculated MD5 checksum: 879ac518d351ac3ba22c9d54bd17174b /home/roal/clam/clam_BZip2.zip: Zip module failure LibClamAV debug: Recognized ZIP file LibClamAV debug: Calculated MD5 checksum: 879ac518d351ac3ba22c9d54bd17174b --rob. _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html