[clamav-users] unexplainable tar behaviour
Steffen Sledz
sledz at dresearch-fe.de
Tue Oct 29 07:27:31 UTC 2019
We've a really unexplainable behaviour related to clamdscan and tar.
There's a tree of subdirs and files.
If I tar the complete tree and scan it with 'clamdscan -v --fdpass all.tar' an infected file is reported: 'Java.Trojan.Agent-36975 FOUND'.
If I tar all subdirs of the first level in separate tars and scan them, all of them are reported OK. Same if I scan all files one by one.
So where's the infected file report is coming from? Any ideas?
Environment:
# lsb_release -a
LSB Version: n/a
Distributor ID: openSUSE
Description: openSUSE Leap 15.1
Release: 15.1
Codename: n/a
# rpm -q -i clamav
Name : clamav
Version : 0.101.4
Release : lp151.205.1
Architecture: x86_64
Install Date: Mo 28 Okt 2019 16:03:42 CET
Group : Productivity/Security
Size : 2383988
License : GPL-2.0-only
Signature : RSA/SHA256, Fr 25 Okt 2019 16:59:46 CEST, Key ID 69d1b2aaee3d166a
Source RPM : clamav-0.101.4-lp151.205.1.src.rpm
Build Date : Fr 25 Okt 2019 16:59:23 CEST
Build Host : lamb53
Relocations : (not relocatable)
Vendor : obs://build.opensuse.org/security
URL : http://www.clamav.net
Summary : Antivirus Toolkit
More information about the clamav-users
mailing list