Victor Yu wrote:
Greeting,
I just installed Clam on a Linux server. After installation, I run #clamscan
/usr/local/share/clamav/test, it found the virus, the output like this:
-
/usr/local/share/clamav/test/test1: ClamAV-Test-Signature FOUND
/usr/local/share/clamav/test/README: OK
/usr/local/share/clamav/test/rarfail.rar: RAR module failure.
/usr/local/share/clamav/test/rarfail.rar: OK
/usr/local/share/clamav/test/debugm.c: OK
/usr/local/share/clamav/test/test1.bz2: ClamAV-Test-Signature FOUND
/usr/local/share/clamav/test/test2.zip: ClamAV-Test-Signature FOUND
/usr/local/share/clamav/test/test3.rar: ClamAV-Test-Signature FOUND
/usr/local/share/clamav/test/test2.badext: ClamAV-Test-Signature FOUND
--- SCAN SUMMARY ---
Known viruses: 21303
Scanned directories: 1
Scanned files: 8
Infected files: 5
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 0.726 sec (0 m 0 s)
-
But when I scanned a file with virus, it found nothing. I scanned the file
using clamav online specimen scanner (http://www.gietl.com/test-clamav/), it
said "found something: Worm.SomeFool.Gen-1"
I listed signature names in my virus signature database by running #sigtool
--list-sigs, and found "Worm.SomeFool.Gen-1" in it.
so why clamscan could not catch the virus in the file? Any idea?
The type of FILE you reference would help. Would this file by chance
be a mime encoded email message? Either way,
use the option:
-m (-mbox, treat file as a message file)
or
clamscan --help
Vernon
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
