[clamav-users] ClamXav and Compressed Files

Joel Esler (jesler) jesler at cisco.com
Mon Mar 30 10:15:31 EDT 2015


On Mar 29, 2015, at 7:57 AM, Dennis Peterson <dennispe at inetnw.com<mailto:dennispe at inetnw.com>> wrote:

On 3/29/15 4:55 AM, TR Shaw wrote:
On Mar 29, 2015, at 1:45 AM, Dennis Peterson <dennispe at inetnw.com<mailto:dennispe at inetnw.com>> wrote:

On 3/28/15 10:43 PM, Jinwon Lee wrote:
Thanks for that.  I guess ‘Hash Value’ refers to the ClamAV identifying the .dmg as a known file that contains virus/es.

Jinwon


That was the case too for password protected zip files. If you can't burst the contents you condemn the wrapper.

Not entirely complete as you can tell ClamAV to mark encrypted zip and rar's as viruses without having a "sig".
Many milters will do the same without invoking clamav, so that's of limited value.

A feature is a feature to someone.  Not everyone finds it useful, but for the 10 people that do, it’s the most important thing to them.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group



More information about the clamav-users mailing list