Hey Arnaud,

I recently noticed a bug that causes .pwdb files to not be loaded from the db directory when ClamAV is compiled without Yara support. Is your ClamAV built with Yara support, and if not, can you try compiling with Yara support and see whether this fixes the issue for you? This issue will be fixed in an upcoming release.

Thanks,

-Andrew

Research Engineer

Malware Research Team

On Wed, Feb 6, 2019 at 11:16 AM Arnaud Jacques <webmaster@securiteinfo.com> wrote:

Hello,

It seems .pwdb files does not work since version 0.100.2 (may be since
0.100.0).
It has this format :

cat passwords.pwdb
ZipPasswordInfected;Engine:51-255;0;infected

This file is in ClamAV databases directory (/var/lib/clamav/) and ClamAV
does not detect malwares when Zip is protected by the "infected"
password. Manually unzipped, ClamAV is enable to detect the malware.

Is the format of .pwdb files has changed since 0.100.x ?
Is it still supported on recent ClamAV version ?

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml