|
x9A3A8x
| Joined: 22 Feb 2017 |
| Posts: 0 |
| Location: Greece |
|
|
 Posted: Wed Feb 22, 2017 11:23 am |
|
 |
 |
|
|
Hello, when I scan a zip file that has 5 files with 5 different viruses, the program found only detects 1 virus.
Why is this happening?
Thank you
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Wed Feb 22, 2017 1:59 pm |
|
|
|
|
|
The Clam AV scanning engine used by ClamWin is probably not scanning more than a certain number of zipped layers. Just make sure that you have configured ClamWin to enable scanning in archives, and it will go as far as it can. Anyway, a zipped file is probably not going to do damage until/unless it is opened. I haven't seen a self-unarchiving file in years.
Also make sure that you have enabled ClamWin to scan Word documents.
Thanks for using ClamWin!
|
|
|
|
ROCKNROLLKID
| Joined: 23 Sep 2013 |
| Posts: 0 |
| Location: **UNKNOWN** |
|
|
| Posted: Wed Feb 22, 2017 7:45 pm |
|
|
|
|
|
ClamAV/ClamWins archive scan is customization. Just go into settings, under Archives, and set the settings to higher values and see if they get detected then. It could be maybe no signature in the database for those other 4 malware samples.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Thu Feb 23, 2017 1:16 am |
|
|
|
|
|
RRK I don't think the customization has anything to do with the number of times a file is zipped--it only applies to the number of sub-archives. If you try to download some of those EICAR files that hare zipped XX number of times, the Clam AV engine seems unable to detect anything after a while. Seems it me it can only handle about 4 times zipped.
Regards,
UPDATE:
I just zipped an EICAR file 5 times, and it was still detected by ClamWin. Think I got ClamWin confused with Clam Sentinel because Clam Sentinel does not scan within zipped files and has no option to do so.
Regards,
|
|
|
|
x9A3A8x
| Joined: 22 Feb 2017 |
| Posts: 0 |
| Location: Greece |
|
|
| Posted: Thu Feb 23, 2017 5:50 pm |
|
|
|
|
|
Thank you for the direct answers .
I modified the settings of the program clamwin , but I used the default settings it had . It is not so important for all levels of compression because 5 files infected by 5 different viruses that you just do compress (zip) it then detects 1 virus .
Because I don't know if it's a matter of configuration or a problem of the current version, I hope at some point to find a solution.
(Yandex translate)
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Thu Feb 23, 2017 7:04 pm |
|
|
|
|
|
I finally see what you are talking about!
ClamWin (with the Clam AV engine) does not scan a file after it finds the first virus. If you have it set to quarantine, it will quarantine the entire file, so that is okay--even though it does not scan for any more viruses. They will all be quarantined if they are in the same zipped file.
Thanks for using ClamWin! Remember, however, that you should use it as a backup scanner to a real-time antivirus because it does not scan in reak-time
Regards,
|
|
|
