Hi there,
On Mon, 7 Sep 2020, Ankur Sharma via clamav-users wrote:
> I am trying to scan MP3,MP4 and JPEG files through ClamAV. But it always
> says - Data Scanned as 0.0 MB.
>
> Can you please suggest how can I scan it.
Not without information about your system, your ClamAV installation,
what you are using to do the scan and exactly how you are using it.
We have no idea what your configuration looks like. You haven't told
us whether you're using clamscan, or clamdscan, or clamav-milter, or
something else to scan the files. You haven't told us what version of
ClamAV you're using, and you haven't told us how it was installed.
You haven't even told us what operating system you're using.
Some of this information will be provided by the 'clamconf' utility,
and I've included below the output from one of my own servers. Please
run the utility yourself and take a look at its output. You might try
to compare it with the output below. If you find nothing which seems
wrong to you (but note that I'm using a development version of ClamAV,
and I do not use clamav-milter, so differences there can be expected)
then post it here together with any more information that you think we
might find useful -- such as the command that you used to try to scan
your image files.
clamconf output:
8<----------------------------------------------------------------------
$ clamconf --config-dir /etc/mail/clamav
Checking configuration files in /etc/mail/clamav
Config file: clamd.conf
-----------------------
AlertExceedsMax = "yes"
PreludeEnable disabled
PreludeAnalyzerName disabled
LogFile disabled
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime disabled
LogClean = "yes"
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
LogVerbose disabled
LogRotate disabled
ExtendedDetectionInfo disabled
PidFile = "/var/run/clamav/clamd.pid"
TemporaryDirectory = "/EXPORTS/clamav/tmp/tcp3"
DatabaseDirectory = "/EXPORTS/clamav/databases"
OfficialDatabaseOnly disabled
LocalSocket disabled
LocalSocketGroup disabled
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket = "3313"
TCPAddr = "192.168.44.7"
MaxConnectionQueueLength = "200"
StreamMaxLength = "52428800"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "10"
ReadTimeout = "120"
CommandReadTimeout = "30"
SendBufTimeout = "500"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "20"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "9996"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM = "yes"
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "5000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA = "yes"
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertEncrypted = "yes"
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "100000"
PCRERecMatchLimit = "2000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch = "yes"
PhishingAlwaysBlockCloak = "yes"
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "1048576"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate disabled
PidFile disabled
DatabaseDirectory = "/EXPORTS/clamav/databases"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "2"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.uk.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/usr/local/etc/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "600"
ReceiveTimeout = "1800"
SafeBrowsing = "yes"
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.103.0-rc2
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 LIBXML2 PCRE2 ICONV JSON RAR
Database information
--------------------
Database directory: /EXPORTS/clamav/databases
[3rd Party] malwarehash.hsb: 771 sigs
[3rd Party] urlhaus.ndb: 6318 sigs
[3rd Party] junk.ndb: 60005 sigs
[3rd Party] malware.expert.hdb: 1 sig
[3rd Party] lott.ndb: 2335 sigs
[3rd Party] winnow_extended_malware.hdb: 245 sigs
[3rd Party] spear.ndb: 1 sig
[3rd Party] phish.ndb: 27994 sigs
[3rd Party] spamimg.hdb: 199 sigs
safebrowsing.cvd: version 49191, sigs: 2213119, built on Mon Nov 11 00:03:56 2019
bytecode.cvd: version 331, sigs: 94, built on Thu Sep 19 17:12:33 2019
[3rd Party] Sanesecurity_spam.yara: 46 sigs
[3rd Party] winnow_phish_complete_url.ndb: 54 sigs
[3rd Party] Sanesecurity_sigtest.yara: 54 sigs
[3rd Party] winnow_malware_links.ndb: 133 sigs
daily.cld: version 25922, sigs: 4273573, built on Sun Sep 6 14:39:20 2020
[3rd Party] rogue.hdb: 2990 sigs
[3rd Party] MiscreantPunch099-Low.ldb: 1199 sigs
[3rd Party] hackingteam.hsb: 435 sigs
[3rd Party] porcupine.ndb: 6965 sigs
[3rd Party] winnow.complex.patterns.ldb: 3 sigs
[3rd Party] porcupine.hsb: 2200 sigs
[3rd Party] foxhole_js.cdb: 48 sigs
[3rd Party] spamattach.hdb: 14 sigs
[3rd Party] sanesecurity.ftm: 170 sigs
[3rd Party] jurlbla.ndb: 1580 sigs
[3rd Party] bofhland_malware_URL.ndb: 4 sigs
[3rd Party] jurlbl.ndb: 20037 sigs
[3rd Party] scamnailer.ndb: 19038 sigs
[3rd Party] winnow_malware.hdb: 293 sigs
[3rd Party] winnow_spam_complete.ndb: 26 sigs
[3rd Party] spam.ldb: 2 sigs
[3rd Party] shelter.ldb: 48 sigs
[3rd Party] bofhland_phishing_URL.ndb: 72 sigs
[3rd Party] winnow_bad_cw.hdb: 1 sig
[3rd Party] blurl.ndb: 884 sigs
[3rd Party] foxhole_js.ndb: 4 sigs
[3rd Party] badmacro.ndb: 589 sigs
[3rd Party] crdfam.clamav.hdb: 1 sig
[3rd Party] bofhland_cracked_URL.ndb: 40 sigs
[3rd Party] spearl.ndb: 1 sig
[3rd Party] phishtank.ndb: 13778 sigs
main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 13:56:15 2019
[3rd Party] foxhole_generic.cdb: 211 sigs
[3rd Party] foxhole_filename.cdb: 2609 sigs
[3rd Party] winnow_extended_malware_links.ndb: 1 sig
[3rd Party] scam.ndb: 12731 sigs
Total number of signatures: 11235818
Platform information
--------------------
uname: Linux 4.19.97-v7l+ #1294 SMP Thu Jan 30 13:21:14 GMT 2020 armv7l
OS: linux-gnueabihf, ARCH: arm, CPU: armv7l
Full OS version: Raspbian GNU/Linux 10 (buster)
zlib version: 1.2.11 (1.2.11), compile flags: 55
platform id: 0x0a5178780400000000080300
Build information
-----------------
GNU C: 8.3.0 (8.3.0)
CPPFLAGS:
CFLAGS: -g -O2 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2
LDFLAGS:
Configure: --enable-ltdl-convenience
sizeof(void*) = 4
Engine flevel: 120, dconf: 120
8<----------------------------------------------------------------------
Here's the output from a couple of commands I used just now to scan
some image files. Note that I rsynced the directory to the clamd
server especially for this exercise -- normally I would never do such
a thing with ClamAV, as I only use it to scan mail using a milter (not
clamav-milter). For the sake of brevity in this mail I've edited some
of the filenames but that's of no consequence.
clamscan output:
8<----------------------------------------------------------------------
$ clamscan ./images/astronomy/planets/Pluto/*
/home/ged/images/astronomy/planets/Pluto/101830883-ce7063f83463.jpg: OK
/home/ged/images/astronomy/planets/Pluto/20151109_SternSlide05.jpg: OK
/home/ged/images/astronomy/planets/Pluto/charon.jpg: OK
/home/ged/images/astronomy/planets/Pluto/nh-pluto_crop.jpg: OK
/home/ged/images/astronomy/planets/Pluto/nh-pluto-mountains-plains.png: OK
/home/ged/images/astronomy/planets/Pluto/nh-pluto-mountain-range.png: OK
/home/ged/images/astronomy/planets/Pluto/PIA19880.jpg: OK
/home/ged/images/astronomy/planets/Pluto/PIA20291.jpg: OK
/home/ged/images/astronomy/planets/Pluto/PIA20544.jpg: OK
/home/ged/images/astronomy/planets/Pluto/PIA21590.jpg: OK
----------- SCAN SUMMARY -----------
Known viruses: 11257994
Engine version: 0.103.0-rc2
Scanned directories: 0
Scanned files: 11
Infected files: 0
Data scanned: 2.39 MB
Data read: 2.37 MB (ratio 1.01:1)
Time: 68.760 sec (1 m 8 s)
Start Date: 2020:09:07 08:46:17
End Date: 2020:09:07 08:47:25
$
8<----------------------------------------------------------------------
clamdscan output:
8<----------------------------------------------------------------------
$ clamdscan ./images/astronomy/planets/Pluto/*
/home/ged/./images/astronomy/planets/Pluto/101830883-ce7063f83463.jpg: OK
/home/ged/./images/astronomy/planets/Pluto/20151109_SternSlide05.jpg: OK
/home/ged/./images/astronomy/planets/Pluto/charon.jpg: OK
/home/ged/./images/astronomy/planets/Pluto/nh-pluto_crop.jpg: OK
/home/ged/./images/astronomy/planets/Pluto/nh-pluto-mountains-plains.png: OK
/home/ged/./images/astronomy/planets/Pluto/nh-pluto-mountain-range.png: OK
/home/ged/./images/astronomy/planets/Pluto/PIA19880.jpg: OK
/home/ged/./images/astronomy/planets/Pluto/PIA20291.jpg: OK
/home/ged/./images/astronomy/planets/Pluto/PIA20544.jpg: OK
/home/ged/./images/astronomy/planets/Pluto/PIA21590.jpg: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.083 sec (0 m 0 s)
Start Date: 2020:09:07 08:51:30
End Date: 2020:09:07 08:51:30
$
8<----------------------------------------------------------------------
Note that both the scan commands above were run as an unprivileged
user (my own account on the server), not as root or the 'clamav' user.
Please note also that my list address only accepts mail from the list.
HTH
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml