Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 6 subscribers
  • Views 2549 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Detection fail inside archive

MarcM.

Hi!

I installed the free linux version. Updated and made a file with eicar test signature for testing.

savscan had no issue to detect the file, but it missed when zipped:

------------------------

/temp# savscan eicar.com.txt
SAVScan virus detection utility
Version 5.16.0 [Linux/Intel]
Virus data version 5.20, October 2015
Includes detection for 10071693 viruses, Trojans and worms
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

System time 06:41:05 PM, System date 16 October 2015

IDE directory is: /opt/sophos-av/lib/sav

Quick Scanning

>>> Virus 'EICAR-AV-Test' found in file eicar.com.txt

1 file scanned in 9 seconds.
1 virus was discovered.
1 file out of 1 was infected.
If you need further advice regarding any detections please visit our
Threat Center at: www.sophos.com/.../threat-center.aspx
End of Scan.
-----------------

now the same file zipped:

/temp# savscan vtest.zip -archive
SAVScan virus detection utility
Version 5.16.0 [Linux/Intel]
Virus data version 5.20, October 2015
Includes detection for 10071693 viruses, Trojans and worms
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

System time 06:46:31 PM, System date 16 October 2015
Command line qualifiers are: -archive

IDE directory is: /opt/sophos-av/lib/sav

Quick Scanning


1 file scanned in 8 seconds.
No viruses were discovered.
End of Scan.

-----------

verfication with clamav:

/temp# clamscan vtest.zip
vtest.zip: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 4030432
Engine version: 0.98.7
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 18.015 sec (0 m 18 s)
--------------

here is my configuration:

/opt/sophos-av/bin# ./savconfig -v
Email: root@localhost
EmailDemandSummaryIfThreat: true
EmailLanguage: English
EmailNotifier: true
EmailServer: localhost:25
EnableOnStart: false
ExclusionEncodings: UTF-8
                    EUC-JP
                    ISO-8859-1
LogMaxSizeMB: 100
NotifyOnUpdate: false
PrimaryUpdateSourcePath: sophos:
PrimaryUpdateUsername: ********
PrimaryUpdatePassword: ********
SendErrorEmail: true
SendThreatEmail: true
UINotifier: true
UIpopupNotification: true
UIttyNotification: true
UpdatePeriodMinutes: 60
NamedScans Not configured
LiveProtection: disabled
ScanArchives: enabled

Can you help me, what do i wrong? Any help is appreciated!

many thanks

Marc



This thread was automatically locked due to age.
Unfiltered HTML