Re: [clamav-users] ClamXav and Compressed Files
Forgot to include dmg files are as described when mounted - else they are disk images (cpio). I don't know what the clam product does with unmounted disk images. dp On 3/26/15 11:09 PM, Dennis Peterson wrote: The dmg files are logical structures. They are comprised of Unix directories and files and clam doesn't need to treat them differently than any other directory tree. if you have support compiled in for zip, RAR, TAR, and several other archiving formats it should decompose them and scan each of the the contents. You should be able to explore the log to see what clamXav did while scanning. dp On 3/26/15 10:44 PM, Jinwon Lee wrote: Hi I am a new member. I am a Mac user and so I use ClamXav to scan my files. My question is: ‘Does ClamXav scan what’s inside Compressed files like .RAR, .zip…. and Package files like .dmg?’Because I feel ClamXav takes considerably longer to scan the extracted file/s compared to the compressed versions and wonder if it really scans them. Kind Regards Jinwon ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamXav and Compressed Files
On Thu, Mar 26, 2015 at 11:17PM, Dennis Peterson wrote: Forgot to include dmg files are as described when mounted - else they are disk images (cpio). I don't know what the clam product does with unmounted disk images. dp That’s correct. There have been a handful (nine) .dmg hash signatures quite awhile ago and I’ve handled a couple of false positives, but there is no attempt to check the image contents which would almost certainly require mounting. I believe they are simply scanned as a generic file. -Al- On 3/26/15 11:09 PM, Dennis Peterson wrote: The dmg files are logical structures. They are comprised of Unix directories and files and clam doesn't need to treat them differently than any other directory tree. if you have support compiled in for zip, RAR, TAR, and several other archiving formats it should decompose them and scan each of the the contents. You should be able to explore the log to see what clamXav did while scanning. dp On 3/26/15 10:44 PM, Jinwon Lee wrote: Hi I am a new member. I am a Mac user and so I use ClamXav to scan my files. My question is: ‘Does ClamXav scan what’s inside Compressed files like .RAR, .zip…. and Package files like .dmg?’Because I feel ClamXav takes considerably longer to scan the extracted file/s compared to the compressed versions and wonder if it really scans them. Kind Regards Jinwon ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamXav and Compressed Files
The dmg files are logical structures. They are comprised of Unix directories and files and clam doesn't need to treat them differently than any other directory tree. if you have support compiled in for zip, RAR, TAR, and several other archiving formats it should decompose them and scan each of the the contents. You should be able to explore the log to see what clamXav did while scanning. dp On 3/26/15 10:44 PM, Jinwon Lee wrote: Hi I am a new member. I am a Mac user and so I use ClamXav to scan my files. My question is: ‘Does ClamXav scan what’s inside Compressed files like .RAR, .zip…. and Package files like .dmg?’Because I feel ClamXav takes considerably longer to scan the extracted file/s compared to the compressed versions and wonder if it really scans them. Kind Regards Jinwon ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamXav and Compressed Files
For fastest, most efficient answers to questions such as these, visit the ClamXav Forum http://www.clamxav.com/BB/. This mail-list is for users of the ClamAV® scan engine on all platforms. -Al- On Thu, Mar 26, 2015 at 10:44PM, Jinwon Lee wrote: Hi I am a new member. I am a Mac user and so I use ClamXav to scan my files. My question is: ‘Does ClamXav scan what’s inside Compressed files like .RAR, .zip…. and Package files like .dmg?’Because I feel ClamXav takes considerably longer to scan the extracted file/s compared to the compressed versions and wonder if it really scans them. Kind Regards Jinwon ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam-AV reverts to prior (mis)configuration after each reboot
I have both clamd and clamav-milter installed on my CentOS 7 machine. For ease of use, I've got bth configured to use one id, 'clamav'. This means I use two different directories, /var/run/clamav and /var/run/clamav-milter, owned by user clamav and set to permissions 711, to hold the socket/pid files. This is all working well, as far as I can tell. However, I've had a number of reboots recently, and after each one the following happens: * The clamav directory (/var/run/clamav) is deleted. * The clamav-milter directory (/var/run/clamav-milter) is changed to owner clmilt. The conf files do NOT change. Therefore, I get an error (misleading, at that) for clamav-milter. Clamav seems to start, but does not create a socket file, and so the milter can't find it (and can't create its own run file in a directory it doesn't own. Does this make sense to anyone? On 26.03.15 16:40, Bryan Burke wrote: It does, in fact. On RHEL7 (and variants), /var/run is now a symlink to /run, which is a tmpfs, so it is always cleared on reboot. it's the same on debian 7 and apparently other systems. For persistent application data, you should put things in /var/lib, e.g. /var/lib/clamav. note that /var/run/clamav and /var/run/clamav-milter are NOT persistent and should not be treated as such. they are apparently created by system startup scripts, you should look there. I have /var/run/clamav (in fact /run/clamav) used by all: milter, freshclam and clamd, all startup scripts create them if it does not exist (verified now), with owner settable in /etc/default/clamav-* -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamXav and Compressed Files
Dmg scanning was added a couple of versions back. -- Joel Esler Sent from my iPhone On Mar 27, 2015, at 3:11 AM, Al Varnell alvarn...@mac.commailto:alvarn...@mac.com wrote: On Thu, Mar 26, 2015 at 11:17PM, Dennis Peterson wrote: Forgot to include dmg files are as described when mounted - else they are disk images (cpio). I don't know what the clam product does with unmounted disk images. dp That’s correct. There have been a handful (nine) .dmg hash signatures quite awhile ago and I’ve handled a couple of false positives, but there is no attempt to check the image contents which would almost certainly require mounting. I believe they are simply scanned as a generic file. -Al- On 3/26/15 11:09 PM, Dennis Peterson wrote: The dmg files are logical structures. They are comprised of Unix directories and files and clam doesn't need to treat them differently than any other directory tree. if you have support compiled in for zip, RAR, TAR, and several other archiving formats it should decompose them and scan each of the the contents. You should be able to explore the log to see what clamXav did while scanning. dp On 3/26/15 10:44 PM, Jinwon Lee wrote: Hi I am a new member. I am a Mac user and so I use ClamXav to scan my files. My question is: ‘Does ClamXav scan what’s inside Compressed files like .RAR, .zip…. and Package files like .dmg?’Because I feel ClamXav takes considerably longer to scan the extracted file/s compared to the compressed versions and wonder if it really scans them. Kind Regards Jinwon ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml