We've a really unexplainable behaviour related to clamdscan and tar.
There's a tree of subdirs and files.
If I tar the complete tree and scan it with 'clamdscan -v --fdpass all.tar' an infected file is reported: 'Java.Trojan.Agent-36975 FOUND'.
If I tar all subdirs of the first level in separate tars and scan them, all of them are reported OK. Same if I scan all files one by one.
So where's the infected file report is coming from? Any ideas?
Environment:
# lsb_release -a
LSB Version: n/a
Distributor ID: openSUSE
Description: openSUSE Leap 15.1
Release: 15.1
Codename: n/a
# rpm -q -i clamav
Name : clamav
Version : 0.101.4
Release : lp151.205.1
Architecture: x86_64
Install Date: Mo 28 Okt 2019 16:03:42 CET
Group : Productivity/Security
Size : 2383988
License : GPL-2.0-only
Signature : RSA/SHA256, Fr 25 Okt 2019 16:59:46 CEST, Key ID 69d1b2aaee3d166a
Source RPM : clamav-0.101.4-lp151.205.1.src.rpm
Build Date : Fr 25 Okt 2019 16:59:23 CEST
Build Host : lamb53
Relocations : (not relocatable)
Vendor : obs://build.opensuse.org/security
URL : http://www.clamav.net
Summary : Antivirus Toolkit
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
There's a tree of subdirs and files.
If I tar the complete tree and scan it with 'clamdscan -v --fdpass all.tar' an infected file is reported: 'Java.Trojan.Agent-36975 FOUND'.
If I tar all subdirs of the first level in separate tars and scan them, all of them are reported OK. Same if I scan all files one by one.
So where's the infected file report is coming from? Any ideas?
Environment:
# lsb_release -a
LSB Version: n/a
Distributor ID: openSUSE
Description: openSUSE Leap 15.1
Release: 15.1
Codename: n/a
# rpm -q -i clamav
Name : clamav
Version : 0.101.4
Release : lp151.205.1
Architecture: x86_64
Install Date: Mo 28 Okt 2019 16:03:42 CET
Group : Productivity/Security
Size : 2383988
License : GPL-2.0-only
Signature : RSA/SHA256, Fr 25 Okt 2019 16:59:46 CEST, Key ID 69d1b2aaee3d166a
Source RPM : clamav-0.101.4-lp151.205.1.src.rpm
Build Date : Fr 25 Okt 2019 16:59:23 CEST
Build Host : lamb53
Relocations : (not relocatable)
Vendor : obs://build.opensuse.org/security
URL : http://www.clamav.net
Summary : Antivirus Toolkit
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml