Discussion:
eicar_com.zip is not scanned inside a rar file
Siranjeevi
2012-09-17 11:05:51 UTC
Permalink
Hi All,

I am testing to get the scan report for zip, war, rar and other archive
types.

When i do scan eicar_com.zip alone, Clamdscan shows the result
as:*/root/clamav/eicar_com.zip: Eicar-Test-Signature FOUND
*

But when i put it in zip and scan it in the way, it is passing the result.
Whether clamav supports scanning zip, rar and other archive file types.

Please give me reasons why it is not scanned.

- Regards,
*R.Siranjeevi** **| MCA @ PSG Tech*
---------------------------------------------------------------------------------
"Count the flowers of your garden, NOT the leafs which falls away! "
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Siranjeevi
2012-09-17 11:27:43 UTC
Permalink
I found out one reason that i have added the eicar_com.zip file inside a
33MB zip file. So clamdscan was unable to scan.

I have Made changes in /etc/clamd.conf as follows :

LogFile /var/log/clamav/clamd.log
LogFileMaxSize 10M
LogTime yes
LogSyslog yes
DatabaseDirectory /var/lib/clamav
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
TCPAddr <*Linux_Box_IP*>
MaxConnectionQueueLength 30
User clamav
AllowSupplementaryGroups yes
ScanPE yes
ScanELF yes
DetectBrokenExecutables yes
ScanOLE2 yes
ScanPDF yes
ScanMail yes
ScanPartialMessages yes
ScanHTML yes
ScanArchive yes
ArchiveBlockEncrypted no
MaxScanSize 0
MaxFileSize 0
MaxFiles 0


I want to scan all type of file extension. And i have no size limits
because i am confident about the users who are registered in my website.
Please help me out configuring the settings. I need to scan recursively
inside the directories for all files.

When i do changes in clamd.conf, then it should be reflected in clamdscan
know.

Thanks in advance. :)
Post by Siranjeevi
Hi All,
I am testing to get the scan report for zip, war, rar and other archive
types.
When i do scan eicar_com.zip alone, Clamdscan shows the result as:*/root/clamav/eicar_com.zip: Eicar-Test-Signature FOUND
*
But when i put it in zip and scan it in the way, it is passing the
result. Whether clamav supports scanning zip, rar and other archive file
types.
Please give me reasons why it is not scanned.
- Regards,
---------------------------------------------------------------------------------
"Count the flowers of your garden, NOT the leafs which falls away! "
--
Regards,
*R.Siranjeevi** **| MCA @ PSG Tech*
---------------------------------------------------------------------------------
"Count the flowers of your garden, NOT the leafs which falls away! "
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Loading...