[clamav-users] [SUSPECTED SPAM] Re: Calamav cannot scan tar file and gzip files?

Noel Jones njones at megan.vbhcs.org
Tue Feb 17 13:23:36 EST 2015


On 2/17/2015 12:11 AM, Manoj Ramakrishnan wrote:
> Hi Al,
> 
> Thanks for replying.
> It is exactly what I thought. But why is it different from ZIP file?
> I added extra characters in the beginning of the ZIP file but no issues in
> scanning that and finding eicar signature.

zip and gzip are very different formats.  I suppose you added your
random character at a point where unzip ignored it.


> 
> Also curious to see why is it not working in case #4 and #6?

Either broke the eicar file with leading or trailing characters, or
maybe the squid plugin didn't recognize the file as a gzip.  Use the
clam debug tools to examine the files extracted and scanned.

The eicar signature is *very* specific, anchored at both the
beginning and end allowing only for a few extra spaces at the end of
the payload, no other extra characters.



More information about the clamav-users mailing list