[clamav-users] ClamXav and Compressed Files

Al Varnell alvarnell at mac.com
Fri Mar 27 03:10:21 EDT 2015

On Thu, Mar 26, 2015 at 11:17PM, Dennis Peterson wrote:
> Forgot to include dmg files are as described when mounted - else they are disk images (cpio). I don't know what the clam product does with unmounted disk images.
> dp

That’s correct.  There have been a handful (nine) .dmg hash signatures quite awhile ago and I’ve handled a couple of false positives, but there is no attempt to check the image contents which would almost certainly require mounting.  I believe they are simply scanned as a generic file.


> On 3/26/15 11:09 PM, Dennis Peterson wrote:
>> The dmg files are logical structures. They are comprised of Unix directories and files and clam doesn't need to treat them differently than any other directory tree. if you have support compiled in for zip, RAR, TAR, and several other archiving formats it should decompose them and scan each of the the contents. You should be able to explore the log to see what clamXav did while scanning.
>> dp
>> On 3/26/15 10:44 PM, Jinwon Lee wrote:
>>> Hi
>>> I am a new member.
>>> I am a Mac user and so I use ClamXav to scan my files.
>>> My question is:
>>> ‘Does ClamXav scan what’s inside Compressed files like .RAR, .zip…. and Package files like .dmg?’    Because I feel ClamXav takes
>>> considerably longer to scan the extracted file/s compared to the compressed versions and wonder if it really scans them.
>>> Kind Regards
>>> Jinwon

More information about the clamav-users mailing list