ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
ClamWin Free Antivirus Forum Index » Virus Scanner
Reply to topic
CL_EFORMAT: Bad format or broken data ERROR
jlchristi


Joined: 10 Jul 2012
Posts: 0
Post Posted: Tue Jul 10, 2012 12:45 pm Reply with quote
There seems to be an issue when scanning NSIS packaged binaries. When I first tried scanning via the GUI, the results showed no files scanned and I always had errors. There was no indication what the error was, so I tried scanning from the command line using the verbose option and received "CL_EFORMAT: Bad format or broken data ERROR". Below are snippets from scanning two different files using the '--debug' option.

Code:

...
LibClamAV debug: ------------------------------------
LibClamAV debug: EntryPoint offset: 0xf01 (3841)
LibClamAV debug: Bytecode executing hook id 259 (2 hooks)
LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed
LibClamAV debug: Bytecode executing hook id 257 (3 hooks)
LibClamAV debug: Bytecode: executing bytecode 32 (lsig matched)
LibClamAV debug: Bytecode 32: executing in JIT mode
LibClamAV debug: bytecode finished in 0 us
LibClamAV debug: Bytecode 32 returned 0
LibClamAV debug: Bytecode: executed 1 bytecodes for this hook
LibClamAV debug: cache_add: 55a723e125afbc9b3a41d46f41749068 (level 0)
LibClamAV debug: cli_magic_scandesc: returning 0  at line 2422
LibClamAV debug: NSIS: bad stream at ..\..\..\..\libclamav\nsis\nulsft.c:351
LibClamAV debug: cli_magic_scandesc: returning 26  at line 2372
LibClamAV debug: cli_magic_scandesc: returning 26  at line 2372
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up
LibClamAV debug: entconv: Destroying iconv pool:02DE5AD8
LibClamAV debug: entconv: closing iconv:00516BD8

C:\Users\jlc\Downloads\install\ClamWinPortable_0.97.5_English.paf.exe: CL_EFORMAT: Bad format or broken data ERROR

----------- SCAN SUMMARY -----------
Known viruses: 1267565
Engine version: 0.97.5
Scanned directories: 0
Scanned files: 0
Infected files: 0
Total errors: 1
Data scanned: 8.52 MB
Data read: 7.95 MB (ratio 1.07:1)
Time: 5.117 sec (0 m 5 s)


Code:

...
LibClamAV debug: NSIS signature found at 47104
LibClamAV debug: in scannulsft()
LibClamAV debug: NSIS: Header info - Flags=0, Header size=45e6, Archive size=1039cc
LibClamAV debug: NSIS: solid compression detected
LibClamAV debug: NSIS: bad stream at ..\..\..\..\libclamav\nsis\nulsft.c:351
LibClamAV debug: cli_magic_scandesc: returning 26  at line 2372
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up

C:\Users\jlc\Downloads\install\7z920.exe: CL_EFORMAT: Bad format or broken data ERROR

----------- SCAN SUMMARY -----------
Known viruses: 1267565
Engine version: 0.97.5
Scanned directories: 0
Scanned files: 0
Infected files: 0
Total errors: 1
Data scanned: 1.06 MB
Data read: 1.06 MB (ratio 1.00:1)
Time: 6.662 sec (0 m 6 s)


I am running ClamWin 0.97.5 with the latest DB updates. Anyone have any ideas? Thanks.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Post Posted: Tue Jul 10, 2012 4:38 pm Reply with quote
Thanks for the info. I have told the developers about this. Since installing ClamWin version .97.5 I have noticed some errors in my scheduled scans but did not bother to look into it. Normally the only errors I have are pagefile and hiberfile not able to open. I think this is more than likely a Clam AV problem.

Regards,
View user's profileSend private message
tizef


Joined: 24 Feb 2012
Posts: 0
Location: France
Post Posted: Wed Jul 11, 2012 11:10 pm Reply with quote
GuitarBob wrote:
I think this is more than likely a Clam AV problem.

This known issue should be fixed in the 0.97.6 release -- please take a look here.


Last edited by tizef on Sat Mar 23, 2013 8:40 pm; edited 1 time in total
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Post Posted: Thu Jul 12, 2012 12:43 am Reply with quote
Thanks for the info. I noticed that the error didn't appear when I took .chm out of my ClamWin extensions. I have never seen much malware using that extension anyway.

Regards,
View user's profileSend private message
Re: CL_EFORMAT: Bad format or broken data ERROR
jon albert


Joined: 14 Sep 2016
Posts: 0
Location: Georgia
Post Posted: Wed Sep 14, 2016 9:28 am Reply with quote
jlchristi wrote:
There seems to be an issue when scanning NSIS packaged binaries. When I first tried scanning via the GUI, the results showed no files scanned and I always had errors. There was no indication what the error was, so I tried scanning from the command line using the verbose option and received "CL_EFORMAT: Bad format or broken data ERROR". Below are snippets from scanning two different files using the '--debug' option.

Code:

...
LibClamAV debug: ------------------------------------
LibClamAV debug: EntryPoint offset: 0xf01 (3841)
LibClamAV debug: Bytecode executing hook id 259 (2 hooks)
LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed
LibClamAV debug: Bytecode executing hook id 257 (3 hooks)
LibClamAV debug: Bytecode: executing bytecode 32 (lsig matched)
LibClamAV debug: Bytecode 32: executing in JIT mode
LibClamAV debug: bytecode finished in 0 us
LibClamAV debug: Bytecode 32 returned 0
LibClamAV debug: Bytecode: executed 1 bytecodes for this hook
LibClamAV debug: cache_add: 55a723e125afbc9b3a41d46f41749068 (level 0)
LibClamAV debug: cli_magic_scandesc: returning 0  at line 2422
LibClamAV debug: NSIS: bad stream at ..\..\..\..\libclamav\nsis\nulsft.c:351
LibClamAV debug: cli_magic_scandesc: returning 26  at line 2372
LibClamAV debug: cli_magic_scandesc: returning 26  at line 2372
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up
LibClamAV debug: entconv: Destroying iconv pool:02DE5AD8
LibClamAV debug: entconv: closing iconv:00516BD8

C:\Users\jlc\Downloads\install\ClamWinPortable_0.97.5_English.paf.exe: CL_EFORMAT: Bad format or broken data ERROR

----------- SCAN SUMMARY -----------
Known viruses: 1267565
Engine version: 0.97.5
Scanned directories: 0
Scanned files: 0
Infected files: 0
Total errors: 1
Data scanned: 8.52 MB
Data read: 7.95 MB (ratio 1.07:1)
Time: 5.117 sec (0 m 5 s)


Code:

...
LibClamAV debug: NSIS signature found at 47104
LibClamAV debug: in scannulsft()
LibClamAV debug: NSIS: Header info - Flags=0, Header size=45e6, Archive size=1039cc
LibClamAV debug: NSIS: solid compression detected
LibClamAV debug: NSIS: bad stream at ..\..\..\..\libclamav\nsis\nulsft.c:351
LibClamAV debug: cli_magic_scandesc: returning 26  at line 2372
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up

C:\Users\jlc\Downloads\install\7z920.exe: CL_EFORMAT: Bad format or broken data ERROR

----------- SCAN SUMMARY -----------
Known viruses: 1267565
Engine version: 0.97.5
Scanned directories: 0
Scanned files: 0
Infected files: 0
Total errors: 1
Data scanned: 1.06 MB
Data read: 1.06 MB (ratio 1.00:1)
Time: 6.662 sec (0 m 6 s)


I am running ClamWin 0.97.5 with the latest DB updates. Anyone have any ideas? Thanks.


I am getting same kind of error with no fix at all!
View user's profileSend private message
CL_EFORMAT: Bad format or broken data ERROR
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 1 of 1  
  
  
ClamWin Free Antivirus Forum Index » Virus Scanner
 Reply to topic