[Clamav-users] Anomaly when scanning a tar.gz file

From: Paul Kosinski <clamav_at_nospam>
Date: Sat Apr 04 2009 - 23:21:10 GMT
To: clamav-users@lists.clamav.net

Hi,

I noticed the following anomaly when scanning a tar.gz file compared to scanning the result of untarring it. Scanning the tar.gz file results in less "data read" than scanning the files which it expands to (as one would expect), but the "data scanned" amount is *much* more for the tar.gz file than for the resultant files in the directory tree.

Does this indicate some problem with the way clamav handles compressed files, or is it some peculiarity of this tar.gz file?

Paul Kosinski

09:51:08 user@host:~/src/openssl> clamscan -ri openssl-0.9.8k/

SCAN SUMMARY ----------- Known viruses: 537879 Engine version: 0.95 Scanned directories: 134 Scanned files: 2003 Infected files: 0 Data scanned: 13.86 MB Data read: 12.99 MB (ratio 1.07:1) Time: 10.665 sec (0 m 10 s)

09:51:24 user@host:~/src/openssl> clamscan openssl-0.9.8k.tar.gz openssl-0.9.8k.tar.gz: OK

SCAN SUMMARY ----------- Known viruses: 537879 Engine version: 0.95 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 35.54 MB Data read: 3.67 MB (ratio 9.68:1) Time: 14.661 sec (0 m 14 s)
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

This message: [ Message body ]
Next message: Nathan Brink: "Re: [Clamav-users] Anomaly when scanning a tar.gz file"
Previous message: Tom Shaw: "Re: [Clamav-users] clamd didnt act on SIGTERM"
Next in thread: Nathan Brink: "Re: [Clamav-users] Anomaly when scanning a tar.gz file"
Reply: Nathan Brink: "Re: [Clamav-users] Anomaly when scanning a tar.gz file"
Reply: Sarocet: "Re: [Clamav-users] Anomaly when scanning a tar.gz file"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]