[clamav-users] Question on attachments
Reindl Harald
h.reindl at thelounge.net
Mon Dec 12 16:52:42 UTC 2016
Am 12.12.2016 um 17:43 schrieb TR Shaw:
> How does ClamAV decide to unpack an attachment?
>
> In particular this is in reference to the recent Locky attachments that are zips but have the attachment extension “dip”
clamav don't care about extensions as any other unix software
[harry at rh:/downloads/test]$ clamscan test.zip
test.zip: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 5276854
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 8.036 sec (0 m 8 s)
[harry at rh:/downloads/test]$ mv test.zip test.nothing
[harry at rh:/downloads/test]$ clamscan test.nothing
test.nothing: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 5276854
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 7.537 sec (0 m 7 s)
More information about the clamav-users
mailing list