Hello, this is my first post here so be gentle...
Clamscan does not find some attachments in some types of mail. Most attachments are, but not all. This have me somewhat concerned, since the receiving email client will not be as ignorant :( Seems like it is related to how a buggy(?), attached jpeg picture is scanned. Complete debug ķutput is attached, a brief version regarding the interesting part is below. After the bad jpeg has been scanned, the next attachment is not scanned nor identified at all. Problem is that this is the virus/trojan... I can not find any references to this when searching the mailinglist archives... In short: 1) virus attachment IS NOT identified when the jpeg attachment is present 2) virus attachment IS identified if same mail w/o jpeg is scanned The actual JPEG is available if anyone want to take a closer look. Thanks in advance, //Daniel Version: 0.83 with latest virus definitions: ClamAV update process started at Thu Mar 17 11:04:40 2005 main.cvd is up to date (version: 30, sigs: 31086, f-level: 4, builder: tkojm) daily.cvd is up to date (version: 765, sigs: 550, f-level: 4, builder: diego) Debug output when virus attachment IS NOT identified below. LibClamAV debug: Loading databases from /usr/local/share/clamav LibClamAV debug: Loading /usr/local/share/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 486d65d0e35f87e7bca148052cdc6e67 LibClamAV debug: Decoded signature: 486d65d0e35f87e7bca148052cdc6e67 LibClamAV debug: Digital signature is correct. [...snip...] LibClamAV debug: Recognized Raw mail file LibClamAV debug: Starting cli_scanmail(), mrec == 1, arec == 0 [...snip...] LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: parseEmailFile: check 'Content-ID: <me2.jpeg>' contMarker 0 [...snip...] LibClamAV debug: blobSetFilename: me2.jpeg [...snip...] LibClamAV debug: Saving attachment as /tmp/clamav-7f65e4c3ef347566/me2.jpegMXVP6t LibClamAV debug: Exported 45597 bytes using enctype 2 LibClamAV debug: 1 trailing bytes to export LibClamAV debug: base64chars = 1 (? @ @) LibClamAV debug: Saving main message as attachment LibClamAV debug: 0 multiparts found LibClamAV debug: Not found uuencoded file LibClamAV debug: Saving text part to scan LibClamAV debug: Force mime encoding to application LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: messageToFileblob LibClamAV debug: parseEmailBody() returning 1 LibClamAV debug: cli_mbox returning 0 LibClamAV debug: Recognized JPEG file LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: Calculated MD5 checksum: 9c8d6e9fc73551b964a4da30733eb0ee LibClamAV debug: Calculated MD5 checksum: 5e5085fa8a38559b7866489c22f21159 LibClamAV debug: Calculated MD5 checksum: 69dcbc50c67caee1452809adb335748a z.notfound: OK ----------- SCAN SUMMARY ----------- Known viruses: 31635 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.16 MB I/O buffer size: 131072 bytes Time: 1.006 sec (0 m 1 s)
LibClamAV debug: Loading databases from /usr/local/share/clamav LibClamAV debug: Loading /usr/local/share/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 486d65d0e35f87e7bca148052cdc6e67 LibClamAV debug: Decoded signature: 486d65d0e35f87e7bca148052cdc6e67 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-2e195b5732268cfa/COPYING LibClamAV debug: Unpacking /tmp/clamav-2e195b5732268cfa/main.db LibClamAV debug: Unpacking /tmp/clamav-2e195b5732268cfa/main.hdb LibClamAV debug: Unpacking /tmp/clamav-2e195b5732268cfa/main.ndb LibClamAV debug: Loading databases from /tmp/clamav-2e195b5732268cfa LibClamAV debug: Loading /tmp/clamav-2e195b5732268cfa/main.db LibClamAV debug: Initializing main node LibClamAV debug: Initializing trie LibClamAV debug: Initializing BM tables LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Loading /tmp/clamav-2e195b5732268cfa/main.hdb LibClamAV debug: Initializing md5 list structure LibClamAV debug: Loading /tmp/clamav-2e195b5732268cfa/main.ndb LibClamAV debug: Loading /usr/local/share/clamav/daily.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 29fda05728608a6bd19ef557e0f7efca LibClamAV debug: Decoded signature: 29fda05728608a6bd19ef557e0f7efca LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-f8d32065f23c8b72/COPYING LibClamAV debug: Unpacking /tmp/clamav-f8d32065f23c8b72/daily.db LibClamAV debug: Unpacking /tmp/clamav-f8d32065f23c8b72/daily.hdb LibClamAV debug: Unpacking /tmp/clamav-f8d32065f23c8b72/daily.ndb LibClamAV debug: Unpacking /tmp/clamav-f8d32065f23c8b72/daily.zmd LibClamAV debug: Loading databases from /tmp/clamav-f8d32065f23c8b72 LibClamAV debug: Loading /tmp/clamav-f8d32065f23c8b72/daily.db LibClamAV debug: Loading /tmp/clamav-f8d32065f23c8b72/daily.hdb LibClamAV debug: Loading /tmp/clamav-f8d32065f23c8b72/daily.ndb LibClamAV debug: Recognized Raw mail file LibClamAV debug: Starting cli_scanmail(), mrec == 1, arec == 0 LibClamAV debug: in mbox() LibClamAV debug: parseEmailFile LibClamAV debug: parseEmailFile: check 'Received: from [1.2.3.4] by banana (Virus SMTP 2.0)' contMarker 0 LibClamAV debug: parseEmailFile: check ' with SMTP id 25635423; Tue Oct 05 04:48 PDT 2004' contMarker 0 LibClamAV debug: parseEmailFile: check 'Date: Tue, 05 Oct 2004 07:42:55 -0500' contMarker 0 LibClamAV debug: parseEmailFile: check 'To: [EMAIL PROTECTED]' contMarker 0 LibClamAV debug: parseEmailFile: check 'Subject: Hello!' contMarker 0 LibClamAV debug: parseEmailFile: check 'From: [EMAIL PROTECTED]' contMarker 0 LibClamAV debug: parseEmailFile: check 'Message-Id: <[EMAIL PROTECTED]>' contMarker 0 LibClamAV debug: parseEmailFile: check 'Mime-Version: 1.0' contMarker 0 LibClamAV debug: parseEmailFile: check 'Content-Type: multipart/mixed;' contMarker 0 LibClamAV debug: parseEmailFile: check ' boundary="--------mktekjuonfbmlaqzwhlr"' contMarker 1 LibClamAV debug: parseEmailFile: check ' ' contMarker 0 LibClamAV debug: parseEmailHeader 'Content-Type: multipart/mixed; boundary="--------mktekjuonfbmlaqzwhlr" ' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' multipart/mixed; boundary="--------mktekjuonfbmlaqzwhlr" ' LibClamAV debug: messageSetMimeType: 'multipart' LibClamAV debug: mimeArgs = ' boundary="--------mktekjuonfbmlaqzwhlr" ' LibClamAV debug: Add arguments ' boundary="--------mktekjuonfbmlaqzwhlr" ' LibClamAV debug: parseEmailFile: check '----------mktekjuonfbmlaqzwhlr' contMarker 0 LibClamAV debug: parseEmailFile: check 'Content-Type: text/html; charset="us-ascii"' contMarker 0 LibClamAV debug: parseEmailHeader 'Content-Type: text/html; charset="us-ascii"' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' text/html; charset="us-ascii"' LibClamAV debug: messageSetMimeType: 'text' LibClamAV debug: mimeArgs = ' charset="us-ascii"' LibClamAV debug: Add arguments ' charset="us-ascii"' LibClamAV debug: Discarding unwanted argument 'charset' LibClamAV debug: parseEmailFile: check 'Content-Transfer-Encoding: 7bit' contMarker 0 LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: 7bit' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' 7bit' LibClamAV debug: messageSetEncoding: '7bit' LibClamAV debug: Encoding type 1 is "7bit" LibClamAV debug: parseEmailFile: check '' contMarker 0 LibClamAV debug: End of header information LibClamAV debug: parseEmailFile: return LibClamAV debug: in parseEmailBody LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 6 LibClamAV debug: 0 multiparts found LibClamAV debug: Not found uuencoded file LibClamAV debug: Found a bounce message with no header LibClamAV debug: blobSetFilename: bounce LibClamAV debug: fileblobSetFilename: mkstemp(/tmp/clamav-7bca776a45519ebc/bounceXXXXXX) LibClamAV debug: Saving attachment as /tmp/clamav-7bca776a45519ebc/bounceMJFuGj LibClamAV debug: parseEmailBody() returning 1 LibClamAV debug: cli_mbox returning 0 LibClamAV debug: Recognized Raw mail file LibClamAV debug: Starting cli_scanmail(), mrec == 2, arec == 0 LibClamAV debug: in mbox() LibClamAV debug: parseEmailFile LibClamAV debug: parseEmailFile: check 'Received: by clamd (bounce)' contMarker 0 LibClamAV debug: parseEmailFile: check 'Content-Transfer-Encoding: base64' contMarker 0 LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: base64' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' base64' LibClamAV debug: messageSetEncoding: 'base64' LibClamAV debug: Encoding type 1 is "base64" LibClamAV debug: parseEmailFile: check 'Content-Disposition: attachment; filename="me2.jpeg"' contMarker 0 LibClamAV debug: parseEmailHeader 'Content-Disposition: attachment; filename="me2.jpeg"' LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' attachment; filename="me2.jpeg"' LibClamAV debug: Force mime encoding to application LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: parseEmailFile: check 'Content-ID: <me2.jpeg>' contMarker 0 LibClamAV debug: parseEmailFile: check '' contMarker 0 LibClamAV debug: End of header information LibClamAV debug: parseEmailFile: return LibClamAV debug: in parseEmailBody LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 2 LibClamAV debug: blobSetFilename: me2.jpeg LibClamAV debug: fileblobSetFilename: mkstemp(/tmp/clamav-7f65e4c3ef347566/me2.jpegXXXXXX) LibClamAV debug: Saving attachment as /tmp/clamav-7f65e4c3ef347566/me2.jpegMXVP6t LibClamAV debug: Exported 45597 bytes using enctype 2 LibClamAV debug: 1 trailing bytes to export LibClamAV debug: base64chars = 1 (? @ @) LibClamAV debug: Saving main message as attachment LibClamAV debug: 0 multiparts found LibClamAV debug: Not found uuencoded file LibClamAV debug: Saving text part to scan LibClamAV debug: Force mime encoding to application LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: messageToFileblob LibClamAV debug: parseEmailBody() returning 1 LibClamAV debug: cli_mbox returning 0 LibClamAV debug: Recognized JPEG file LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: Eliminated false positive match of Exploit.JPEG.Comment LibClamAV debug: Calculated MD5 checksum: 9c8d6e9fc73551b964a4da30733eb0ee LibClamAV debug: Calculated MD5 checksum: 5e5085fa8a38559b7866489c22f21159 LibClamAV debug: Calculated MD5 checksum: 69dcbc50c67caee1452809adb335748a z.notfound: OK ----------- SCAN SUMMARY ----------- Known viruses: 31635 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.16 MB I/O buffer size: 131072 bytes Time: 1.006 sec (0 m 1 s)
LibClamAV debug: Loading databases from /usr/local/share/clamav LibClamAV debug: Loading /usr/local/share/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 486d65d0e35f87e7bca148052cdc6e67 LibClamAV debug: Decoded signature: 486d65d0e35f87e7bca148052cdc6e67 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-8eedc31c0e67f83f/COPYING LibClamAV debug: Unpacking /tmp/clamav-8eedc31c0e67f83f/main.db LibClamAV debug: Unpacking /tmp/clamav-8eedc31c0e67f83f/main.hdb LibClamAV debug: Unpacking /tmp/clamav-8eedc31c0e67f83f/main.ndb LibClamAV debug: Loading databases from /tmp/clamav-8eedc31c0e67f83f LibClamAV debug: Loading /tmp/clamav-8eedc31c0e67f83f/main.db LibClamAV debug: Initializing main node LibClamAV debug: Initializing trie LibClamAV debug: Initializing BM tables LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Loading /tmp/clamav-8eedc31c0e67f83f/main.hdb LibClamAV debug: Initializing md5 list structure LibClamAV debug: Loading /tmp/clamav-8eedc31c0e67f83f/main.ndb LibClamAV debug: Loading /usr/local/share/clamav/daily.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 29fda05728608a6bd19ef557e0f7efca LibClamAV debug: Decoded signature: 29fda05728608a6bd19ef557e0f7efca LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-a583d3ba8a788117/COPYING LibClamAV debug: Unpacking /tmp/clamav-a583d3ba8a788117/daily.db LibClamAV debug: Unpacking /tmp/clamav-a583d3ba8a788117/daily.hdb LibClamAV debug: Unpacking /tmp/clamav-a583d3ba8a788117/daily.ndb LibClamAV debug: Unpacking /tmp/clamav-a583d3ba8a788117/daily.zmd LibClamAV debug: Loading databases from /tmp/clamav-a583d3ba8a788117 LibClamAV debug: Loading /tmp/clamav-a583d3ba8a788117/daily.db LibClamAV debug: Loading /tmp/clamav-a583d3ba8a788117/daily.hdb LibClamAV debug: Loading /tmp/clamav-a583d3ba8a788117/daily.ndb LibClamAV debug: Recognized Raw mail file LibClamAV debug: Starting cli_scanmail(), mrec == 1, arec == 0 LibClamAV debug: in mbox() LibClamAV debug: parseEmailFile LibClamAV debug: parseEmailFile: check 'Received: from [1.2.3.4] by banana (Virus SMTP 2.0)' contMarker 0 LibClamAV debug: parseEmailFile: check ' with SMTP id 25635423; Tue Oct 05 04:48 PDT 2004' contMarker 0 LibClamAV debug: parseEmailFile: check 'Date: Tue, 05 Oct 2004 07:42:55 -0500' contMarker 0 LibClamAV debug: parseEmailFile: check 'To: [EMAIL PROTECTED]' contMarker 0 LibClamAV debug: parseEmailFile: check 'Subject: Hello!' contMarker 0 LibClamAV debug: parseEmailFile: check 'From: [EMAIL PROTECTED]' contMarker 0 LibClamAV debug: parseEmailFile: check 'Message-Id: <[EMAIL PROTECTED]>' contMarker 0 LibClamAV debug: parseEmailFile: check 'Mime-Version: 1.0' contMarker 0 LibClamAV debug: parseEmailFile: check 'Content-Type: multipart/mixed;' contMarker 0 LibClamAV debug: parseEmailFile: check ' boundary="--------mktekjuonfbmlaqzwhlr"' contMarker 1 LibClamAV debug: parseEmailFile: check ' ' contMarker 0 LibClamAV debug: parseEmailHeader 'Content-Type: multipart/mixed; boundary="--------mktekjuonfbmlaqzwhlr" ' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' multipart/mixed; boundary="--------mktekjuonfbmlaqzwhlr" ' LibClamAV debug: messageSetMimeType: 'multipart' LibClamAV debug: mimeArgs = ' boundary="--------mktekjuonfbmlaqzwhlr" ' LibClamAV debug: Add arguments ' boundary="--------mktekjuonfbmlaqzwhlr" ' LibClamAV debug: parseEmailFile: check '----------mktekjuonfbmlaqzwhlr' contMarker 0 LibClamAV debug: parseEmailFile: check 'Content-Type: text/html; charset="us-ascii"' contMarker 0 LibClamAV debug: parseEmailHeader 'Content-Type: text/html; charset="us-ascii"' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' text/html; charset="us-ascii"' LibClamAV debug: messageSetMimeType: 'text' LibClamAV debug: mimeArgs = ' charset="us-ascii"' LibClamAV debug: Add arguments ' charset="us-ascii"' LibClamAV debug: Discarding unwanted argument 'charset' LibClamAV debug: parseEmailFile: check 'Content-Transfer-Encoding: 7bit' contMarker 0 LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: 7bit' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' 7bit' LibClamAV debug: messageSetEncoding: '7bit' LibClamAV debug: Encoding type 1 is "7bit" LibClamAV debug: parseEmailFile: check '' contMarker 0 LibClamAV debug: End of header information LibClamAV debug: parseEmailFile: return LibClamAV debug: in parseEmailBody LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 6 LibClamAV debug: 0 multiparts found LibClamAV debug: Not found uuencoded file LibClamAV debug: Found a bounce message with no header LibClamAV debug: blobSetFilename: bounce LibClamAV debug: fileblobSetFilename: mkstemp(/tmp/clamav-31582027417dd0e6/bounceXXXXXX) LibClamAV debug: Saving attachment as /tmp/clamav-31582027417dd0e6/bounceVj4Oah LibClamAV debug: parseEmailBody() returning 1 LibClamAV debug: cli_mbox returning 0 LibClamAV debug: Recognized Raw mail file LibClamAV debug: Starting cli_scanmail(), mrec == 2, arec == 0 LibClamAV debug: in mbox() LibClamAV debug: parseEmailFile LibClamAV debug: parseEmailFile: check 'Received: by clamd (bounce)' contMarker 0 LibClamAV debug: parseEmailFile: check 'Content-Transfer-Encoding: base64' contMarker 0 LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: base64' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' base64' LibClamAV debug: messageSetEncoding: 'base64' LibClamAV debug: Encoding type 1 is "base64" LibClamAV debug: parseEmailFile: check 'Content-Disposition: attachment; filename="Readme.cpl"' contMarker 0 LibClamAV debug: parseEmailHeader 'Content-Disposition: attachment; filename="Readme.cpl"' LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' attachment; filename="Readme.cpl"' LibClamAV debug: Force mime encoding to application LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: parseEmailFile: check '' contMarker 0 LibClamAV debug: End of header information LibClamAV debug: parseEmailFile: return LibClamAV debug: in parseEmailBody LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 2 LibClamAV debug: blobSetFilename: Readme.cpl LibClamAV debug: fileblobSetFilename: mkstemp(/tmp/clamav-ecde0f5f51a68c6a/Readme.cplXXXXXX) LibClamAV debug: Saving attachment as /tmp/clamav-ecde0f5f51a68c6a/Readme.cplwG9mpr LibClamAV debug: Exported 40536 bytes using enctype 2 LibClamAV debug: 2 trailing bytes to export LibClamAV debug: base64chars = 2 (+ ? @) LibClamAV debug: Saving main message as attachment LibClamAV debug: 0 multiparts found LibClamAV debug: Not found uuencoded file LibClamAV debug: Saving text part to scan LibClamAV debug: Force mime encoding to application LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: messageToFileblob LibClamAV debug: parseEmailBody() returning 1 LibClamAV debug: cli_mbox returning 0 LibClamAV debug: Recognized DOS/W32 executable/library/driver file LibClamAV debug: Worm.Bagle.AC found in descriptor 7. z.z: Worm.Bagle.AC FOUND ----------- SCAN SUMMARY ----------- Known viruses: 31635 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.04 MB I/O buffer size: 131072 bytes Time: 0.936 sec (0 m 0 s)
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html