[clamav-users] ClamXav and Compressed Files

Jinwon Lee alfaginon at me.com
Sun Mar 29 01:43:13 EDT 2015


Thanks for that.  I guess ‘Hash Value’ refers to the ClamAV identifying the .dmg as a known file that contains virus/es.

Jinwon

> On 29/03/2015, at 2:48 pm, Al Varnell <alvarnell at mac.com> wrote:
> 
> 
> On Sat, Mar 28, 2015 at 06:35 PM, Jinwon Lee wrote:
>> 
>> Thanks for the responses. I am not a computer expert so I might not fully understand
>> all that has been discussed but it sounds like ClamXav extracts(decompose?) archive files like zip, RAR and then scan.  But with .dmg
>> file it is uncertain that it does the same thing. 
>> 
>> It sounds like ClamXav is not ‘complete’ yet.
> 
> Again, we are discussing the ClamAV® scan engine here which is used by ClamXav but is not the same thing.  ClamXav is just the user interface that allows you to use the scan engine on your computer.
> 
> Perhaps I wasn’t clear on the results of my testing, but they indicate that the scan engine will not look at the contents of a .dmg file until you mount it on your desktop.  It’s not so much that it’s incomplete, but I would have to guess that it’s not possible to do so.  The scan may identify the .dmg file itself as one known to contain malware, depending on whether or not a sample was previously received and a signature prepared for it.
> 
> 
> -Al-
> -- 
> Al Varnell
> Mountain View, CA
> 
> 
> 
> 
> 
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml




More information about the clamav-users mailing list