Hi Al,
Thanks for replying.
It is exactly what I thought. But why is it different from ZIP file?
I added extra characters in the beginning of the ZIP file but no issues in
scanning that and finding eicar signature.
Also curious to see why is it not working in case #4 and #6?
Regards
Manoj
O
On Mon, Feb 16, 2015 at 05:27 PM, Manoj Ramakrishnan wrote:
>
> Case 4: Opened the gz file(in Case #2) in vi editor and add a character
> say "a" at the beginning of the file and scan it using clamdscan. Not
> WORKING
That would be correct. The signature specifies an offset of zero, so adding
a
Hi Steve,
Thanks for the reply. Really appreciated
I tried your suggestion and it mostly works when we use the clamdscan
command except some cases like modified gzip, other types like tar, bz2.
Will explain below.
Dowloaded these two files
wget http://www.eicar.org/download/eicar.com
wget http
Manoj,
Seem like this should work. What happens if you scan your tar and tar.gz
files just using clamscan?
You can run your clamd in debug mode by setting "Foreground yes" and "Debug
yes" in clamd.conf, then run clamd from a terminal window. This may give
you an indication about why clamd does no
Hi there,
On Mon, 16 Feb 2015, Alex Regan wrote:
Specifically, can someone tell me if the following are legitimate
senders or if they should be blocked anyway?
From: "Enterprise Guide"
From: Fred Pryor Seminars/CareerTrack
From: TravelMole Daily UK Newswire
I'm hoping someone has an opinio
Hi,
I'm using the sanesecurity rules with clamav on fedora20. I'm hoping
it's okay to ask sanesecurity questions here.
I'm finding that it's very frequently hitting on fakedate, causing the
message to be quarantined, and wondered what other people's experiences
were with this one rule.
X-A
