from:"Marcos Dutra"

Re: [Clamav-users] Problem with zip password

2005-07-20 Thread Marcos Dutra

- Original Message - 
From: Tomasz Papszun [EMAIL PROTECTED]

To: Marcos Dutra [EMAIL PROTECTED]
Sent: Wednesday, July 20, 2005 7:37 AM
Subject: Re: [Clamav-users] Problem with zip password

On Tue, 19 Jul 2005 at 18:24:57 -0300, Marcos Dutra wrote:

Hi Jim,

I use Debian 3.0 woody, but I tested in Debian 3.1 too.
The version of zlib in Debian 3.0 is Version: 1:1.1.4-1.0 and Debian 3.1 
is

Version: 1:1.2.2-4

I think is not zlib problem, because some zip protected files pass with
sucess in clamav.

Best Regards.

Marcos Dutra

- Original Message - 
From: Jim Maul [EMAIL PROTECTED]

To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Tuesday, July 19, 2005 3:51 PM
Subject: Re: [Clamav-users] Problem with zip password

Marcos Dutra wrote:
Hi guys,

I use actually clamav 0.86.1 version in my e-mail server, but I have
problems with zip files protected by password.

I made a test with clamdscan -v *.zip and the result is:

clamdscan -v *.zip
/home/ricardo/Cpa.zip: Zip module failure ERROR
/home/ricardo/Dbf.zip: Zip module failure ERROR

I posted the zip file in this url:

http://200.161.4.170/zip

Thanks for advice.

Marcos Dutra

Your probably going to get a ton of replies that ask which version of 
zlib

you are running.  Might want to post that now.

-Jim
___
http://lurker.clamav.net/list/clamav-users.html

___
http://lurker.clamav.net/list/clamav-users.html

Please, don't top-post - reply _below_ previous messages, not above
them.
http://www.catb.org/~esr/jargon/html/T/top-post.html

Remove unneeded fragments of previous messages - especially commercial
footers, mailing list footers, long signatures.

http://www.xs4all.nl/~hanb/documents/quotingguide.html
http://www.netmeister.org/news/learn2quote.html

--
Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net   http://www.ClamAV.net/   A GPL virus scanner

Sorry, I will not make more this.

Then, I think my server don't have library problem, but the message with 
this files are blocked by clamav.

Any suggestion?

Best regards

Marcos Dutra

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] AES-256 Encryption? (sorry about previous top-post)

2005-07-20 Thread Marcos Dutra



- Original Message - 
From: Johnny Stork [EMAIL PROTECTED]

To: clamav-users@lists.clamav.net
Cc: mailto:dan.mcdonald@austinenergy.com
Sent: Wednesday, July 20, 2005 1:02 PM
Subject: RE: [Clamav-users] AES-256 Encryption? (sorry about previous 
top-post)





-Original Message-
From: Johnny Stork
Sent: July 18, 2005 7:34 AM
To: clamav-users@lists.clamav.net
Subject: RE: [Clamav-users] AES-256 Encryption?


The version intsall is zlib-devel 1.2.1.2-1.1. Is that where my problem is?

-Original Message-
From: Daniel J McDonald [mailto:[EMAIL PROTECTED]
Sent: July 15, 2005 12:57 PM
To: ClamAV users ML
Subject: RE: [Clamav-users] AES-256 Encryption?


On Fri, 2005-07-15 at 11:40 -0700, Johnny Stork wrote:


I just upgraded clamav to 0.86.1 but the AES-128 and AES-256 encrypted
files still dont pass through? Its a RHEL4 system. Any other
suggestions? or maybe a setting I have missed?


What version of zlib-devel do you have on the box you built it on?


- Original Message -
From: Daniel J McDonald
Sent: Wed Jul 06 2005 11:14:58 GMT-0700 (Pacific Daylight Time)
To: ClamAV users ML
Subject: Re: [Clamav-users] AES-256 Encryption?

On Wed, 2005-07-06 at 10:32 -0700, Johnny Stork wrote:
How can I permit AES-256 encrypted zip files to pass through, or 
 possibly
get scanned, with calmav running on a RHES4 box? I just noticed 
 various

emails lost due to attached winzip 9 AES-256 encrypted files?

Upgrade to 0.86.1



___
http://lurker.clamav.net/list/clamav-users.html
___
http://lurker.clamav.net/list/clamav-users.html


Others also appear to be having this same problem and it only appears with 
the aes-128 or aes-256 encrypted files. Running clamdscan returns the 
folowing (2.0.zip is the version 2 encryption).


Is there a solution to this?

[EMAIL PROTECTED] mnt]# clamdscan -v *.zip
/mnt/2.0.zip: OK
/mnt/aes-128.zip: Zip module failure ERROR
/mnt/aes-256.zip: Zip module failure ERROR

--- SCAN SUMMARY ---
Infected files: 0
Time: 0.004 sec (0 m 0 s)
[EMAIL PROTECTED] mnt]#
___
http://lurker.clamav.net/list/clamav-users.html


Hi john,

I've tested 3 files with encryption in winzip 9.0 with the 3 methods there 
(2.0, 128, 256) and I don't have no problems.


Bellow the tests.

server:/home/junior# clamdscan -v teste*.zip
/home/junior/teste2.0.zip: OK
/home/junior/teste_128.zip: OK
/home/junior/teste_256.zip: OK

I don't no why the files in http://200.161.4.170/zip clamav cause error.
In attach I put the output error with clamav debug.

Thanks

Marcos Dutra


hidrocarbono:/tmp# clamdscan
LibClamAV debug: Calculated MD5 checksum: cb5cf0008337bf89bc46cbd862e05861
Tue Jul 19 17:25:37 2005 - 
/tmp/orbit-marcelo/bonobo-activation-server-ior: OK

LibClamAV debug: Small data (0 bytes)
Tue Jul 19 17:25:37 2005 - 
/tmp/orbit-marcelo/bonobo-activation-register.lock: OK

LibClamAV debug: Calculated MD5 checksum: 3927bf910f87a9120c8eb102cf4f1000
Tue Jul 19 17:25:37 2005 - /tmp/.X0-lock: OK
LibClamAV debug: Recognized ZIP file
LibClamAV debug: in scanzip()
LibClamAV debug: Zip: FERRAZ/CLI1.DBF, crc32: 0xdf591c3c, encrypted: 0, 
compressed: 2077, normal: 12094, method: 6, ratio: 5 (max: 250)

LibClamAV debug: Zip: Incorrectly decompressed (0 != 12094)
LibClamAV debug: Calculated MD5 checksum: 00aed3411b1ababd3658fb04fce968d5
/tmp/Dbf.zip: Zip module failure ERROR
Tue Jul 19 17:25:37 2005 - /tmp/Dbf.zip: Zip module failure ERROR
LibClamAV debug: Recognized ZIP file
LibClamAV debug: in scanzip()
LibClamAV debug: Zip: ARQCOM/M/FIC1.M, crc32: 0x37e3dfbe, encrypted: 
0, compressed: 220, normal: 573, method: 6, ratio: 2 (max: 250)

LibClamAV debug: Zip: Incorrectly decompressed (0 != 573)
LibClamAV debug: Calculated MD5 checksum: 07cf2d352d3e9f0d7e569fe7a3138d26
/tmp/Cpa.zip: Zip module failure ERROR
Tue Jul 19 17:25:37 2005 - /tmp/Cpa.zip: Zip module failure ERROR
LibClamAV debug: Calculated MD5 checksum: 7cd4f9967912131a9a56f31c43e9
Tue Jul 19 17:25:37 2005 - /tmp/gconfd-marcelo/lock/ior: OK
LibClamAV debug: Recognized ZIP file
LibClamAV debug: in scanzip()
LibClamAV debug: Zip: FERRAZ/PRO5.DBF, crc32: 0x5af0cfef, encrypted: 0, 
compressed: 766120, normal: 6895619, method: 6, ratio: 9 (max: 250)

LibClamAV debug: Zip: Incorrectly decompressed (0 != 6895619)
LibClamAV debug: Calculated MD5 checksum: a2101c8aff69c862ff80dea4e1f1d191
/tmp/Pro5.zip: Zip module failure ERROR
Tue Jul 19 17:25:38 2005 - /tmp/Pro5.zip: Zip module failure ERROR
LibClamAV debug: Recognized OLE2 container file
LibClamAV debug: in cli_scanole2()
LibClamAV debug: in cli_ole2_extract()
LibClamAV debug: mmap'ed file
LibClamAV debug:
Magic:  0xLibClamAV debug: d0LibClamAV debug: 
cfLibClamAV debug: 11LibClamAV debug: e0LibClamAV debug: a1LibClamAV 
debug: b1LibClamAV debug: 1aLibClamAV debug: e1LibClamAV debug:
LibClamAV debug: CLSID

[Clamav-users] Problem with zip password

2005-07-19 Thread Marcos Dutra

Hi guys,

I use actually clamav 0.86.1 version in my e-mail server, but I have problems 
with zip files protected by password.

I made a test with clamdscan -v *.zip and the result is:

clamdscan -v *.zip
/home/ricardo/Cpa.zip: Zip module failure ERROR
/home/ricardo/Dbf.zip: Zip module failure ERROR

I posted the zip file in this url:

http://200.161.4.170/zip

Thanks for advice.

Marcos Dutra
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Problem with zip password

2005-07-19 Thread Marcos Dutra


Hi Jim,

I use Debian 3.0 woody, but I tested in Debian 3.1 too.
The version of zlib in Debian 3.0 is Version: 1:1.1.4-1.0 and Debian 3.1 is 
Version: 1:1.2.2-4


I think is not zlib problem, because some zip protected files pass with 
sucess in clamav.


Best Regards.

Marcos Dutra

- Original Message - 
From: Jim Maul [EMAIL PROTECTED]

To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Tuesday, July 19, 2005 3:51 PM
Subject: Re: [Clamav-users] Problem with zip password



Marcos Dutra wrote:

Hi guys,

I use actually clamav 0.86.1 version in my e-mail server, but I have 
problems with zip files protected by password.


I made a test with clamdscan -v *.zip and the result is:

clamdscan -v *.zip
/home/ricardo/Cpa.zip: Zip module failure ERROR
/home/ricardo/Dbf.zip: Zip module failure ERROR

I posted the zip file in this url:

http://200.161.4.170/zip

Thanks for advice.

Marcos Dutra



Your probably going to get a ton of replies that ask which version of zlib 
you are running.  Might want to post that now.


-Jim
___
http://lurker.clamav.net/list/clamav-users.html



___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] zip error

2005-06-09 Thread Marcos Dutra

Hi people,

Recently I upgrade clamav to versioon 0.85-1 but I have problems with zip with 
passord. Clamav log is /home/ricardo/BAK_SIQUEIRA_EADV_05-05-23.zip: Zip module 
failure ERROR, and I need to solve it.

Any suggestions?

The zip file is locate at http://200.161.4.170/zip

Thanks

Marcos
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Problem with zip password

Re: [Clamav-users] AES-256 Encryption? (sorry about previous top-post)

[Clamav-users] Problem with zip password

Re: [Clamav-users] Problem with zip password

[Clamav-users] zip error

5 matches

Site Navigation

Mail list logo

Footer information