[clamav-users] unexplainable tar behaviour

Steffen Sledz sledz at dresearch-fe.de
Tue Oct 29 03:27:31 EDT 2019

We've a really unexplainable behaviour related to clamdscan and tar.

There's a tree of subdirs and files.

If I tar the complete tree and scan it with 'clamdscan  -v --fdpass all.tar' an infected file is reported: 'Java.Trojan.Agent-36975 FOUND'.

If I tar all subdirs of the first level in separate tars and scan them, all of them are reported OK. Same if I scan all files one by one.

So where's the infected file report is coming from? Any ideas?


# lsb_release -a
LSB Version:    n/a
Distributor ID: openSUSE
Description:    openSUSE Leap 15.1
Release:        15.1
Codename:       n/a
# rpm -q -i clamav
Name        : clamav
Version     : 0.101.4
Release     : lp151.205.1
Architecture: x86_64
Install Date: Mo 28 Okt 2019 16:03:42 CET
Group       : Productivity/Security
Size        : 2383988
License     : GPL-2.0-only
Signature   : RSA/SHA256, Fr 25 Okt 2019 16:59:46 CEST, Key ID 69d1b2aaee3d166a
Source RPM  : clamav-0.101.4-lp151.205.1.src.rpm
Build Date  : Fr 25 Okt 2019 16:59:23 CEST
Build Host  : lamb53
Relocations : (not relocatable)
Vendor      : obs://build.opensuse.org/security
URL         : http://www.clamav.net
Summary     : Antivirus Toolkit

More information about the clamav-users mailing list