- Original Message -
From: Johnny Stork [EMAIL PROTECTED]
To: clamav-users@lists.clamav.net
Cc: mailto:dan.mcdonald@austinenergy.com
Sent: Wednesday, July 20, 2005 1:02 PM
Subject: RE: [Clamav-users] AES-256 Encryption? (sorry about previous
top-post)
-Original Message-
From: Johnny Stork
Sent: July 18, 2005 7:34 AM
To: clamav-users@lists.clamav.net
Subject: RE: [Clamav-users] AES-256 Encryption?
The version intsall is zlib-devel 1.2.1.2-1.1. Is that where my problem is?
-Original Message-
From: Daniel J McDonald [mailto:[EMAIL PROTECTED]
Sent: July 15, 2005 12:57 PM
To: ClamAV users ML
Subject: RE: [Clamav-users] AES-256 Encryption?
On Fri, 2005-07-15 at 11:40 -0700, Johnny Stork wrote:
I just upgraded clamav to 0.86.1 but the AES-128 and AES-256 encrypted
files still dont pass through? Its a RHEL4 system. Any other
suggestions? or maybe a setting I have missed?
What version of zlib-devel do you have on the box you built it on?
- Original Message -
From: Daniel J McDonald
Sent: Wed Jul 06 2005 11:14:58 GMT-0700 (Pacific Daylight Time)
To: ClamAV users ML
Subject: Re: [Clamav-users] AES-256 Encryption?
On Wed, 2005-07-06 at 10:32 -0700, Johnny Stork wrote:
How can I permit AES-256 encrypted zip files to pass through, or
possibly
get scanned, with calmav running on a RHES4 box? I just noticed
various
emails lost due to attached winzip 9 AES-256 encrypted files?
Upgrade to 0.86.1
___
http://lurker.clamav.net/list/clamav-users.html
___
http://lurker.clamav.net/list/clamav-users.html
Others also appear to be having this same problem and it only appears with
the aes-128 or aes-256 encrypted files. Running clamdscan returns the
folowing (2.0.zip is the version 2 encryption).
Is there a solution to this?
[EMAIL PROTECTED] mnt]# clamdscan -v *.zip
/mnt/2.0.zip: OK
/mnt/aes-128.zip: Zip module failure ERROR
/mnt/aes-256.zip: Zip module failure ERROR
--- SCAN SUMMARY ---
Infected files: 0
Time: 0.004 sec (0 m 0 s)
[EMAIL PROTECTED] mnt]#
___
http://lurker.clamav.net/list/clamav-users.html
Hi john,
I've tested 3 files with encryption in winzip 9.0 with the 3 methods there
(2.0, 128, 256) and I don't have no problems.
Bellow the tests.
server:/home/junior# clamdscan -v teste*.zip
/home/junior/teste2.0.zip: OK
/home/junior/teste_128.zip: OK
/home/junior/teste_256.zip: OK
I don't no why the files in http://200.161.4.170/zip clamav cause error.
In attach I put the output error with clamav debug.
Thanks
Marcos Dutra
hidrocarbono:/tmp# clamdscan
LibClamAV debug: Calculated MD5 checksum: cb5cf0008337bf89bc46cbd862e05861
Tue Jul 19 17:25:37 2005 -
/tmp/orbit-marcelo/bonobo-activation-server-ior: OK
LibClamAV debug: Small data (0 bytes)
Tue Jul 19 17:25:37 2005 -
/tmp/orbit-marcelo/bonobo-activation-register.lock: OK
LibClamAV debug: Calculated MD5 checksum: 3927bf910f87a9120c8eb102cf4f1000
Tue Jul 19 17:25:37 2005 - /tmp/.X0-lock: OK
LibClamAV debug: Recognized ZIP file
LibClamAV debug: in scanzip()
LibClamAV debug: Zip: FERRAZ/CLI1.DBF, crc32: 0xdf591c3c, encrypted: 0,
compressed: 2077, normal: 12094, method: 6, ratio: 5 (max: 250)
LibClamAV debug: Zip: Incorrectly decompressed (0 != 12094)
LibClamAV debug: Calculated MD5 checksum: 00aed3411b1ababd3658fb04fce968d5
/tmp/Dbf.zip: Zip module failure ERROR
Tue Jul 19 17:25:37 2005 - /tmp/Dbf.zip: Zip module failure ERROR
LibClamAV debug: Recognized ZIP file
LibClamAV debug: in scanzip()
LibClamAV debug: Zip: ARQCOM/M/FIC1.M, crc32: 0x37e3dfbe, encrypted:
0, compressed: 220, normal: 573, method: 6, ratio: 2 (max: 250)
LibClamAV debug: Zip: Incorrectly decompressed (0 != 573)
LibClamAV debug: Calculated MD5 checksum: 07cf2d352d3e9f0d7e569fe7a3138d26
/tmp/Cpa.zip: Zip module failure ERROR
Tue Jul 19 17:25:37 2005 - /tmp/Cpa.zip: Zip module failure ERROR
LibClamAV debug: Calculated MD5 checksum: 7cd4f9967912131a9a56f31c43e9
Tue Jul 19 17:25:37 2005 - /tmp/gconfd-marcelo/lock/ior: OK
LibClamAV debug: Recognized ZIP file
LibClamAV debug: in scanzip()
LibClamAV debug: Zip: FERRAZ/PRO5.DBF, crc32: 0x5af0cfef, encrypted: 0,
compressed: 766120, normal: 6895619, method: 6, ratio: 9 (max: 250)
LibClamAV debug: Zip: Incorrectly decompressed (0 != 6895619)
LibClamAV debug: Calculated MD5 checksum: a2101c8aff69c862ff80dea4e1f1d191
/tmp/Pro5.zip: Zip module failure ERROR
Tue Jul 19 17:25:38 2005 - /tmp/Pro5.zip: Zip module failure ERROR
LibClamAV debug: Recognized OLE2 container file
LibClamAV debug: in cli_scanole2()
LibClamAV debug: in cli_ole2_extract()
LibClamAV debug: mmap'ed file
LibClamAV debug:
Magic: 0xLibClamAV debug: d0LibClamAV debug:
cfLibClamAV debug: 11LibClamAV debug: e0LibClamAV debug: a1LibClamAV
debug: b1LibClamAV debug: 1aLibClamAV debug: e1LibClamAV debug:
LibClamAV debug: CLSID