ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
why is only one infection reported if there are more..?
Duncan Mac Leod


Joined: 12 May 2008
Posts: 3
Reply with quote
i have a mail file on disc with multiple attachments.

there are two different viruses in different attachments but only the first is reported via command-line scanner! why ?

if i send the viruses separately (one in each mail) they are detected correctly, so the scanner works...

but why is the report of infections limited to one for multiple infected attachments ?

can this be fixed soon ?

thank you in advance,
Duncan
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4360
Location: USA
Reply with quote
Shortly after I started using ClamWin, I heard that it quit scanning a file after it found the first infection. I have not heard anything about changing this. I suspect this is the way the Clam AV scanning engine used by ClamWin works, and, if that is the case, there's probably not much the ClamWin developers can do about it.

It might be interesting to see how this scan logic compares with other AVs. Is there any chance you could upload the attachment to Jotti at http://virusscan.jotti.org/ on the Web or Virus Total at http://www.virustotal.com/ on the Web and see if they find multiple infections. I suspect they will not.

Regards,
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
Clamwin uses ClamAV engine which is an email gateway scanner. Therefore ClamAV is targeted at efficiently removing infected emails and does not disinfect files files or individual attachments.

If a container file such as zip archive or rfc822 email file contain more than one virus, then detecting the first virus is sufficient for the purpose of marking the whole file as infected.

I understand you might want to delete the attachments manually from the email message, but my advise is to delete the whole message if at least one file is infected.

I hope it does make sense
View user's profileSend private message
why is only one infection reported if there are more..?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic