Rick Macdougall wrote:
> René Berber wrote:
>> man clamdscan:
>> [snip]
>> RETURN CODES
>> 0 : No virus found.
>>
>> 1 : Virus(es) found.
>>
>> 2 : An error occured.
>
> Thanks,
>
> One place I didn't look that I should have but still, is a password
> protected zip file considered an error ? I can't really allow scans
> that return a 2 to pass through (well I can but I don't think it's a
> good idea).
It depends on your policy for password-protected archives. Think of 0/1/2 as
No/Yes/Maybe (where Maybe includes the subcases "I can't tell because I can't
unencrypt the file" and "I can't tell because I wasn't able to allocate memory"
and "I can't tell because...")
You could adopt a policy that "yes, password-protected zip files can be assumed
to be viruses" with the following clamd.conf option:
ArchiveBlockEncrypted
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
