[clamav-users] [SUSPECTED SPAM] Re: Calamav cannot scan tar file and gzip files?
njones at megan.vbhcs.org
Tue Feb 17 13:23:36 EST 2015
On 2/17/2015 12:11 AM, Manoj Ramakrishnan wrote:
> Hi Al,
> Thanks for replying.
> It is exactly what I thought. But why is it different from ZIP file?
> I added extra characters in the beginning of the ZIP file but no issues in
> scanning that and finding eicar signature.
zip and gzip are very different formats. I suppose you added your
random character at a point where unzip ignored it.
> Also curious to see why is it not working in case #4 and #6?
Either broke the eicar file with leading or trailing characters, or
maybe the squid plugin didn't recognize the file as a gzip. Use the
clam debug tools to examine the files extracted and scanned.
The eicar signature is *very* specific, anchored at both the
beginning and end allowing only for a few extra spaces at the end of
the payload, no other extra characters.
More information about the clamav-users