[clamav-users] ClamXav and Compressed Files

Dennis Peterson dennispe at inetnw.com
Fri Mar 27 11:25:53 EDT 2015


Are the image files scanned as a single binary or are they burst like other 
archives into discreet files and then scanned? I guess the question really is 
against what would signatures be written when dealing with disk images.

dp

On 3/27/15 4:45 AM, Joel Esler (jesler) wrote:
> Dmg scanning was added a couple of versions back.
>
> --
> Joel Esler
> Sent from my iPhone
>
> On Mar 27, 2015, at 3:11 AM, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:
>
>
> On Thu, Mar 26, 2015 at 11:17PM, Dennis Peterson wrote:
>
> Forgot to include dmg files are as described when mounted - else they are disk images (cpio). I don't know what the clam product does with unmounted disk images.
>
> dp
>
> That’s correct.  There have been a handful (nine) .dmg hash signatures quite awhile ago and I’ve handled a couple of false positives, but there is no attempt to check the image contents which would almost certainly require mounting.  I believe they are simply scanned as a generic file.
>
> -Al-
>
> On 3/26/15 11:09 PM, Dennis Peterson wrote:
> The dmg files are logical structures. They are comprised of Unix directories and files and clam doesn't need to treat them differently than any other directory tree. if you have support compiled in for zip, RAR, TAR, and several other archiving formats it should decompose them and scan each of the the contents. You should be able to explore the log to see what clamXav did while scanning.
>
> dp
>
> On 3/26/15 10:44 PM, Jinwon Lee wrote:
> Hi
>
> I am a new member.
>
> I am a Mac user and so I use ClamXav to scan my files.
>
> My question is:
>
> ‘Does ClamXav scan what’s inside Compressed files like .RAR, .zip…. and Package files like .dmg?’    Because I feel ClamXav takes
> considerably longer to scan the extracted file/s compared to the compressed versions and wonder if it really scans them.
>
> Kind Regards
> Jinwon
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml




More information about the clamav-users mailing list