[clamav-users] [EXT] Re: clamscan tar archive
Hart, Steven A.
Steven.Hart at jhuapl.edu
Mon Dec 20 21:35:29 UTC 2021
I retract my retraction.
Original scan of test directory:
$ clamscan -ir test/
test/eicar.com: Eicar-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8584449
Engine version: 0.103.4
Scanned directories: 1
Scanned files: 6
Infected files: 1
Data scanned: 0.63 MB
Data read: 333.32 MB (ratio 0.00:1)
Time: 10.682 sec (0 m 10 s)
Start Date: 2021:12:20 16:29:39
End Date: 2021:12:20 16:29:50
$ tar -cvf test.tar test/
$ tar -tvf test.tar | grep eicar
-rw-rw-r-- XXXXX/XXXXX 69 2021-12-06 10:18 test/eicar.com
$ clamscan -ir test.tar
----------- SCAN SUMMARY -----------
Known viruses: 8584449
Engine version: 0.103.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 333.34 MB (ratio 0.00:1)
Time: 10.408 sec (0 m 10 s)
Start Date: 2021:12:20 16:32:07
End Date: 2021:12:20 16:32:17
This is on RHEL8. If I do a simple tar of just the eicar.com file into a tar archive it detects on scanning the tar file. The above sample test directory has 5 other simple files including the eicar.com file.
Thanks!
________________________________
From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Hart, Steven A. via clamav-users <clamav-users at lists.clamav.net>
Sent: Monday, December 20, 2021 4:17:28 PM
To: ClamAV users ML
Cc: Hart, Steven A.
Subject: Re: [clamav-users] [EXT] Re: clamscan tar archive
APL external email warning: Verify sender clamav-users-bounces at lists.clamav.net before clicking links or attachments
And now it's working for me too. Nice magic you have there!
Problem solved.....I guess....so weird.
Thanks
________________________________
From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Kris Deugau <kdeugau at vianet.ca>
Sent: Monday, December 20, 2021 4:09:26 PM
To: ClamAV users ML
Subject: [EXT] Re: [clamav-users] clamscan tar archive
APL external email warning: Verify sender clamav-users-bounces at lists.clamav.net before clicking links or attachments
Hart, Steven A. via clamav-users wrote:
> Hello all,
>
>
> ClamAV documentation states that tar archives are supported. I've
> created a small sample tar archive that includes an eicar sample.
> Clamscan seems to only look at the tar archive as a single file and does
> not hit on the eicar sample within. I've tried using the "-a" and
> "--scan-archive=yes" flags with no improvements. I would appreciate
> advice as to if clamscan can actively scan tar archives directly.
WorksForMe(TM):
kdeugau at ele:~/$ tar -c ~kdeugau/dev/eicar >testeicar.tar
tar: Removing leading `/' from member names
kdeugau at ele:~/$ clamscan
/home/kdeugau/testeicar.tar: Eicar-Signature FOUND
[...]
kdeugau at ele:~/$ clamscan -V
ClamAV 0.103.3/26393/Mon Dec 20 04:19:51 2021
(Debian package; only Debian testing and unstable have 0.103.4 so far,
no sign of 0.104.)
-kgd
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20211220/39e913e1/attachment.htm>
More information about the clamav-users
mailing list