[clamav-users] Encrypted archives detects only with streaming?
Igor Ovsyannikov
kamish at outlook.com
Fri Feb 16 12:01:19 UTC 2018
Hello.
I wanted ClamAV daemon to block encrypted files/archives, so I added `ArchiveBlockEncrypted yes` into config. But it works only with `--stream` flag in clamdscan:
# clamdscan encrypted.zip
/.../encrypted.zip: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)
# clamdscan --stream encrypted.zip
/.../encrypted.zip: Heuristics.Encrypted.Zip FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 1.104 sec (0 m 1 s)
# clamd --version
ClamAV 0.99.3/24320/Fri Feb 16 12:20:55 2018
ClamAV and clamdscan runs on the same Linux machine and communicates through UNIX socket.
Does anyone faced this situation? Is this by design or something, or it's a bug and I better send this mail to clamav-devel?
More information about the clamav-users
mailing list