[clamav-users] ClamXav and Compressed Files

Dennis Peterson dennispe at inetnw.com
Sun Mar 29 00:50:52 EDT 2015

On 3/28/15 6:48 PM, Al Varnell wrote:
> On Sat, Mar 28, 2015 at 06:35 PM, Jinwon Lee wrote:
>> Thanks for the responses. I am not a computer expert so I might not fully understand
>> all that has been discussed but it sounds like ClamXav extracts(decompose?) archive files like zip, RAR and then scan.  But with .dmg
>> file it is uncertain that it does the same thing.
>> It sounds like ClamXav is not ‘complete’ yet.
> Again, we are discussing the ClamAV® scan engine here which is used by ClamXav but is not the same thing.  ClamXav is just the user interface that allows you to use the scan engine on your computer.
> Perhaps I wasn’t clear on the results of my testing, but they indicate that the scan engine will not look at the contents of a .dmg file until you mount it on your desktop.  It’s not so much that it’s incomplete, but I would have to guess that it’s not possible to do so.  The scan may identify the .dmg file itself as one known to contain malware, depending on whether or not a sample was previously received and a signature prepared for it.
> -Al-
It should be possible to use cpio to extract the contents to a stream and feed 
that into the ClamAV engine but the Windows people may be challenged to 
replicate it without a posix tool kit.

For the wider audience: Remember that ClamAV is a cross-platform tool and it is 
not likely that all platforms will have essential tools to burst a file system 
image from another system.  That said, cpio is a UNIX primitive and I can't 
recall ever seeing a UNIX/derivative OS that didn't have it, and worked on 
first-gen UNIX well over thirty years ago. Nor have I ever seen a Windows system 
where it was an included utility. And that is why it is important to know what 
is compiled into some of these cross-platform utilities we all depend on.


More information about the clamav-users mailing list