Ravi wrote:
Hi,
Looking forward for comments and suggestions for the below reported issue
from the community.
Well, to answer your original question, it looks to me like the test is
doing exactly what it's supposed to. Core dumps would quite reasonably
contain executable chunks, but may not contain the complete executable,
or may come out with wrong code entry points, and so they are "broken"
when assumed to be executable files.
For your use case you should probably either turn this test off, or
adjust your filter system glue layer to handle this result differently.
Whether you can do the latter depends on how you call Clam.
-kgd
On Oct 27, 2017 4:09 PM, "Ravi" <ravi...@gmail.com> wrote:
Hi,
We are seeing instances when customer uploads his zip files which contains
core files/core dumps during scanning ClamAV is treating some of them as
“Heuristics.Broken.Executable FOUND”. Currently we have turned-on this
check in the clamd.conf as below.
*# With this option clamav will try to detect broken executables (both PE
and*
*# ELF) and mark them as Broken.Executable.*
*# Default: no*
*DetectBrokenExecutables yes*
The question is why ClamAV is treating core files/core dumps as
“Heuristics.Broken.Executable FOUND”. Is it safe to turn-off this setting
for ClamAV? or is there way to skip these checks for core files/core dumps
in ClamAV?
Thanks
Ravi
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
