Hi All, I decided to try an older build of ClamAV since my virus.cfg matches everyone elses. The difference in outputs lies in the sosdg.org ClamAV versions.
The older version 0.84rc2-2 produces the proper output for DLAnalyzer. 10/25/2006 19:07:52.875 q4148041a01064bf4.smd Virus scanner 2 reports exit code of 1 10/25/2006 19:07:52.875 q4148041a01064bf4.smd Scanner 2: Virus= Html.Phishing.Rock.Sanesecurity.06050500 Attachment= [14] O The latest version 0.88.4-1 will produce an incorrect output that DLAnalyzer is not able to compile: 10/26/2006 12:38:28.828 q38cc128a00b2b1ba.smd Virus scanner 3 reports exit code of 1 10/26/2006 12:38:28.843 q38cc128a00b2b1ba.smd Scanner 3: Virus= Attachment= [14] O 10/26/2006 12:38:28.843 q38cc128a00b2b1ba.smd File(s) are INFECTED [ Html.Phishing.Pay.Gen358.Sanesecurity.06091502: 1] Thanks to all how provided suggestions. Eddie :) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang Sent: Wednesday, October 25, 2006 8:44 PM To: declude.virus@declude.com Subject: [Declude.Virus] RE: Differences in reporting of ClamAV And ClamWin. Hi All, I am stumpted. I am trying to run ClamAV to take advantage of clamdscan.exe for speed and performance, but I am unable to gather statistics for use with DLAnalyzer. Looking closer at the logs, I find a slight variation between the 2 products. ClamWin reports the phish/virus on the same line as virus=. However with ClamAV, the Virus= is blank, and the phish/virus is on the next line. ClamAV is from www.sosdg.org version 0.88.4-1, and ClamWin is from www.clamwin.net version 0.88.5. Any suggestions to ClamAV (Scanner3) would be greatly appreciated. Sincerely, Eddie. ========================================= SCANFILE2 C:\imail\declude\runclamscan.exe log=2 c:\Progra~1\clamwin\bin\clamscan.exe --verbose --database="C:\Docume~1\Alluse~1\.clamwin\db" --tempdir="c:\temp" --no-summary --max-ratio 0 -l report.txt VIRUSCODE2 1 REPORT2 FOUND # SCANFILE3 C:\imail\declude\runclamscan.exe log=2 C:\clamav-devel\bin\clamdscan.exe --quiet --log-verbose --no-summary --max-ratio 0 -l report.txt VIRUSCODE3 1 REPORT3 FOUND ========================================== 10/25/2006 19:07:52.875 q4148041a01064bf4.smd Virus scanner 2 reports exit code of 1 10/25/2006 19:07:52.875 q4148041a01064bf4.smd Scanner 2: Virus= Html.Phishing.Rock.Sanesecurity.06050500 Attachment= [14] O 10/25/2006 19:07:59.578 q4148041a01064bf4.smd Virus scanner 3 reports exit code of 1 10/25/2006 19:07:59.578 q4148041a01064bf4.smd Scanner 3: Virus= Attachment= [14] O 10/25/2006 19:07:59.578 q4148041a01064bf4.smd File(s) are INFECTED [ Html.Phishing.Rock.Sanesecurity.06050500: 1] ========================================== --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.