Re: [clamav-users] scanning mp3-files with clamscan
> On Jul 9, 2017, at 1:21 PM, G.W. Haywood wrote:
>
> Hi there,
>
> On Sun, 9 Jul 2017, Rosika wrote:
>
>> I want to scan an mp3-file (about 60 MB in size).
>> Yet I get the message: "Data scanned: 0.00 MB"
>> ...
>> Is there any way of scanning mp3-files with clamscan?
>
> Try compressing the file with gzip first:
>
> cat file | gzip | clamscan -
I got a bit interested, so decided to write a quick yara script:
rule mp3_test {
meta:
description = "Find ID3 string at beginning of file"
strings:
$id3 = {49 44 33 03}
condition:
$id3 at 0
}
Sort of strange, that yara is catching it, but clamav isn’t.
Erics-Mac-Pro:temp eric$ clamscan -d mp3.yara ./
./.DS_Store: OK
./01 For Fruits Basket - TV Edit.mp3: OK
./01 Prologue-(Apprehension).mp3: OK
./01 The Ultimate -Naked mix -.mp3: OK
./01 Visitor.mp3: OK
./1-01 101_Book I Line 1 'Of Man's First Disobedience & The Fruit'.mp3: OK
./mp3.yara: OK
--- SCAN SUMMARY ---
Known viruses: 1
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 7
Infected files: 0
Data scanned: 0.01 MB
Data read: 31.84 MB (ratio 0.00:1)
Time: 0.092 sec (0 m 0 s)
Erics-Mac-Pro:temp eric$ yara mp3.yara ./
mp3_test .//01 For Fruits Basket - TV Edit.mp3
mp3_test .//01 Visitor.mp3
mp3_test .//01 Prologue-(Apprehension).mp3
mp3_test .//01 The Ultimate -Naked mix -.mp3
mp3_test .//1-01 101_Book I Line 1 'Of Man's First Disobedience & The Fruit’.mp3
Just wondering if this is a limitation of ClamAV, or am I doing something wrong?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Re: [clamav-users] scanning mp3-files with clamscan
Hi there, On Sun, 9 Jul 2017, Rosika wrote: I want to scan an mp3-file (about 60 MB in size). Yet I get the message: "Data scanned: 0.00 MB" ... Is there any way of scanning mp3-files with clamscan? Try compressing the file with gzip first: cat file | gzip | clamscan - -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV comparison
Hi there, On Sun, 9 Jul 2017, Michael Jeung wrote: Re: ClamAV comparison ... A cursory survey of published AV comparisons shows ClamAV being outperformed by a lot of other (commercial) products. ... In terms of efficacy, these comparisons seem to rank ClamAV very poorly. :( Having used ClamAV for more than a decade, this matches my experience. Now and then I've posted a few statistics here, search the archives. I'm curious if anyone knows the reason why? Are these tests conducted fairly? Do the commercial products - like Sophos or BitDefender - have better virus definitions? I do not know the answers to these questions. I do suspect that some organizations apply far more resources, both to the crafting of code in their products and to the production of definitions, than SourceFire in the case of ClamAV. It has to be said that SourceFire sells commercial products with which a free version of ClamAV might be seen as competing. My use of ClamAV is possibly not typical, in that my main reason for using it is access to the so-called 'third-party' signature databases. For a rather broad definition of 'malicious' these are very effective in my experience in detecting malicious email content. It's possible that the comparisons which you mention ignored third-party signatures, and even the threats which they address, and that the results might otherwise have been different. The Sanesecurity databases, to single out one particularly good provider, do a pretty good job for me. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] scanning mp3-files with clamscan
Hi, I want to scan an mp3-file (about 60 MB in size). My command is: clamscan /home/rosika/Schreibtisch/Dokumente/Hörspiele/Sherlock_Holmes/hörspiel.mp3 Yet I get the message: "Data scanned: 0.00 MB" First I thought that the file was too large, so I used a new command: clamscan --max-filesize=300M --max-scansize=300M /home/rosika/Schreibtisch/Dokumente/Hörspiele/Sherlock_Holmes/hörspiel.mp3 But this didn´t work either. In the meantime I think that´s due to the nature of the respective file. The file being mp3. Could this be the case? I also tried: dd if=/home/rosika/Schreibtisch/Dokumente/Hörspiele/Sherlock_Holmes/hörspiel.mp3 | clamscan - Output: 126592+1 Datensätze ein 126592+1 Datensätze aus 64815503 bytes (65 MB, 62 MiB) copied, 10,9642 s, 5,9 MB/s stdin: OK --- SCAN SUMMARY --- Known viruses: 6299938 Engine version: 0.99.2 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 61.81 MB (ratio 0.00:1) Time: 11.596 sec (0 m 11 s) Is there any way of scanning mp3-files with clamscan? Greetings. Rosika ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
