[clamav-users] ClamXav and Compressed Files
Joel Esler (jesler)
jesler at cisco.com
Fri Mar 27 07:45:05 EDT 2015
Dmg scanning was added a couple of versions back.
Sent from my iPhone
On Mar 27, 2015, at 3:11 AM, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:
On Thu, Mar 26, 2015 at 11:17PM, Dennis Peterson wrote:
Forgot to include dmg files are as described when mounted - else they are disk images (cpio). I don't know what the clam product does with unmounted disk images.
That’s correct. There have been a handful (nine) .dmg hash signatures quite awhile ago and I’ve handled a couple of false positives, but there is no attempt to check the image contents which would almost certainly require mounting. I believe they are simply scanned as a generic file.
On 3/26/15 11:09 PM, Dennis Peterson wrote:
The dmg files are logical structures. They are comprised of Unix directories and files and clam doesn't need to treat them differently than any other directory tree. if you have support compiled in for zip, RAR, TAR, and several other archiving formats it should decompose them and scan each of the the contents. You should be able to explore the log to see what clamXav did while scanning.
On 3/26/15 10:44 PM, Jinwon Lee wrote:
I am a new member.
I am a Mac user and so I use ClamXav to scan my files.
My question is:
‘Does ClamXav scan what’s inside Compressed files like .RAR, .zip…. and Package files like .dmg?’ Because I feel ClamXav takes
considerably longer to scan the extracted file/s compared to the compressed versions and wonder if it really scans them.
Help us build a comprehensive ClamAV guide:
More information about the clamav-users