Hi Ged &  ClamAV Users,

you are right about eicar, the unofficial signatures are detected in a .ar archive format.
Beside of this, unfortunately, real malware code and eicar is not detected in a .tar.gz (gzip) inside of an .ar archive file (like .deb packages are).

How to reproduce:

- Download my testfile gimp_2.10.30-1build1_amd64_eicar_and_realmalware.deb (6MB) (download here at your own risk!) and run a scan like this:
- wget https://seafile.schroeffu.ch/f/876b201b6d614d66a87e/?dl=1 -O /tmp/gimp_2.10.30-1build1_amd64_eicar_and_realmalware.deb && clamdscan -z /tmp/gimp_2.10.30-1build1_amd64_eicar_and_realmalware.deb (no virus found) *1) 
- unpack & scan gzip file (data.tar.zst) inside, now this way unpacked .ar archive, viruses are found inside .tar.zst (gzip):
- ar x /tmp/gimp_2.10.30-1build1_amd64_eicar_and_realmalware.deb && clamdscan -z /tmp/data.tar.zst (virus will be found) *2) 

--> Is this my handling failure, like not configured scan archive-in-archive, or a bugreport worth?

https://seafile.schroeffu.ch/f/876b201b6d614d66a87e/?dl=1https://seafile.schroeffu.ch/f/876b201b6d614d66a87e/?dl=1https://seafile.schroeffu.ch/f/876b201b6d614d66a87e/?dl=1https://seafile.schroeffu.ch/f/876b201b6d614d66a87e/?dl=1https://seafile.schroeffu.ch/f/876b201b6d614d66a87e/?dl=1https://seafile.schroeffu.ch/f/876b201b6d614d66a87e/?dl=1

*1)

clamdscan -z gimp_2.10.30-1build1_amd64_eicar_and_realmalware.deb
/tmp/gimp/gimp2/gimp3/gimp_2.10.30-1build1_amd64_eicar3/gimp4/gimp_2.10.30-1build1_amd64_eicar_and_realmalware.deb: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 3.508 sec (0 m 3 s)
Start Date: 2022:07:11 10:11:49
End Date: 2022:07:11 10:11:53

*2)

clamdscan -z data.tar.zst
/tmp/gimp/gimp2/gimp3/gimp_2.10.30-1build1_amd64_eicar3/gimp4/data.tar.zst: Win.Dropper.Corebot-7599208-0 FOUND
/tmp/gimp/gimp2/gimp3/gimp_2.10.30-1build1_amd64_eicar3/gimp4/data.tar.zst: {HEX}EICAR.TEST.3.UNOFFICIAL FOUND
/tmp/gimp/gimp2/gimp3/gimp_2.10.30-1build1_amd64_eicar3/gimp4/data.tar.zst: {HEX}EICAR.TEST.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 21.519 sec (0 m 21 s)
Start Date: 2022:07:11 10:11:18
End Date: 2022:07:11 10:11:39