[clamav-users] Finding infections in a tar-ball

[Dennis Peterson]

On 4/17/14, 8:10 AM, David Raynor wrote:
> Though inconsistent, it is less interesting then it may appear. The scanning 
> behavior is the same. Both return a clean disposition if limits are reached 
> and no signatures alert, including a message at debug level describing which 
> limit was exceeded. The only difference is that the xz scan (written more 
> recently) also logs a warning at the point when the limit is reached in the 
> middle of scanning the archive, and the gz scan (written less recently) does 
> not. Dave R. 
Inconsistencies like this are interesting because they reflect sloppy design. I 
stated earlier in a post that the error message was present based on my faith in 
the product being consistent. Another reader was perplexed because of a 
different experience. My faith in consistency of the design was misplaced. This 
should never have passed peer review. The response from the "team" is that they 
are considering a notification. I suggest you do the right thing regards 
consistency and make the product less interesting by so doing.

dp