Hello,
I have a problem to understand the report of clamscan tool applied on
a tar file :
ll /tmp/baert.tar (~250MB)
-rw-rw-r-- 1 backuppc backuppc 282142720 Feb 2 17:55 /tmp/baert.tar
when I untar the file /tmp/baert.tar and scan the dirs/files :
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[EMAIL PROTECTED] fff]$ clamscan -i -r Local\ Settings/
Local Settings/Temp/ICD3.tmp/MediaTicketsInstaller.ocx:
Trojan.Downloader.Mediatickets-3 FOUND
Local Settings/Temp/ICD5.tmp/MediaTicketsInstaller.ocx:
Trojan.Downloader.Mediatickets-3 FOUND
Local Settings/Temp/ICD4.tmp/MediaTicketsInstaller.ocx:
Trojan.Downloader.Mediatickets-3 FOUND
Local Settings/Temp/ICD2.tmp/MediaTicketsInstaller.ocx:
Trojan.Downloader.Mediatickets-3 FOUND
Local Settings/Temp/ICD1.tmp/MediaTicketsInstaller.ocx:
Trojan.Downloader.Mediatickets-3 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 42108
Engine version: 0.88
Scanned directories: 85
Scanned files: 2411
Infected files: 5
Data scanned: 249.91 MB
Time: 50.934 sec (0 m 50 s)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if I scan directly the tar file :
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
clamscan /tmp/baert.tar
LibClamAV Error: cli_untar: only standard TAR files are currently supported
/tmp/baert.tar: Trojan.Downloader.Mediatickets-3 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 42108
Engine version: 0.88
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 25.62 MB
Time: 5.589 sec (0 m 5 s)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
If I scan directly the tar file with the devel engine :
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[clamav-devel-latest]# clamscan/clamscan /tmp/baert.tar
/tmp/baert.tar: Trojan.Downloader.Mediatickets-3 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 42108
Engine version: devel-20060202
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.51 MB
Time: 2.427 sec (0 m 2 s)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Somebody can explain me the output...
why the 'Data scanned' are so different ?
must I untar the archive before analyse it ?
must I use the devel version to analyse a tar file ?
thank in advance
regards
jmb
--
-------------------------------------------------------------------
Dr Ir Jean-Michel Beuken | University of Louvain-La-Neuve
Computer Scientist | CISM, Bat P. Curie
UCL PowerComputing Manager | 1, Rue du Compas
| 1348 Louvain-La-Neuve
| BELGIUM
-------------------------------------------------------------------
Tel : +32 10473570 Fax : +32 10473452
HTTP://www.mapr.ucl.ac.be/~beuken
-------------------------------------------------------------------
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
