Greeting,The type of FILE you reference would help. Would this file by chance be a mime encoded email message? Either way,
I just installed Clam on a Linux server. After installation, I run #clamscan /usr/local/share/clamav/test, it found the virus, the output like this:
--------------------------------------------------------------------- /usr/local/share/clamav/test/test1: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/README: OK /usr/local/share/clamav/test/rarfail.rar: RAR module failure. /usr/local/share/clamav/test/rarfail.rar: OK /usr/local/share/clamav/test/debugm.c: OK /usr/local/share/clamav/test/test1.bz2: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/test2.zip: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/test3.rar: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/test2.badext: ClamAV-Test-Signature FOUND
----------- SCAN SUMMARY ----------- Known viruses: 21303 Scanned directories: 1 Scanned files: 8 Infected files: 5 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.726 sec (0 m 0 s)
---------------------------------------------------------------------
But when I scanned a file with virus, it found nothing. I scanned the file using clamav online specimen scanner (http://www.gietl.com/test-clamav/), it said "found something: Worm.SomeFool.Gen-1"
I listed signature names in my virus signature database by running #sigtool --list-sigs, and found "Worm.SomeFool.Gen-1" in it.
so why clamscan could not catch the virus in the file? Any idea?
use the option:
-m (-mbox, treat file as a message file)
or
clamscan --helpVernon
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
