Rick Macdougall wrote: > René Berber wrote: >> man clamdscan: >> [snip] >> RETURN CODES >> 0 : No virus found. >> >> 1 : Virus(es) found. >> >> 2 : An error occured. > > Thanks, > > One place I didn't look that I should have but still, is a password > protected zip file considered an error ? I can't really allow scans > that return a 2 to pass through (well I can but I don't think it's a > good idea).
It depends on your policy for password-protected archives. Think of 0/1/2 as No/Yes/Maybe (where Maybe includes the subcases "I can't tell because I can't unencrypt the file" and "I can't tell because I wasn't able to allocate memory" and "I can't tell because...") You could adopt a policy that "yes, password-protected zip files can be assumed to be viruses" with the following clamd.conf option: ArchiveBlockEncrypted Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg," _______________________________________________ http://lurker.clamav.net/list/clamav-users.html