mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-24 04:43:18 +00:00
173 lines
7.1 KiB
HTML
173 lines
7.1 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
|
|
<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
|
|
original version by: Nikos Drakos, CBLU, University of Leeds
|
|
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
|
|
* with significant contributions from:
|
|
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>Archives and compressed files</TITLE>
|
|
<META NAME="description" CONTENT="Archives and compressed files">
|
|
<META NAME="keywords" CONTENT="clamdoc">
|
|
<META NAME="resource-type" CONTENT="document">
|
|
<META NAME="distribution" CONTENT="global">
|
|
|
|
<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
|
|
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
|
|
|
|
<LINK REL="STYLESHEET" HREF="clamdoc.css">
|
|
|
|
<LINK REL="next" HREF="node23.html">
|
|
<LINK REL="previous" HREF="node21.html">
|
|
<LINK REL="up" HREF="node18.html">
|
|
<LINK REL="next" HREF="node23.html">
|
|
</HEAD>
|
|
|
|
<BODY >
|
|
|
|
<DIV CLASS="navigation"><!--Navigation Panel-->
|
|
<A NAME="tex2html632"
|
|
HREF="node23.html">
|
|
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next"
|
|
SRC="/usr/share/latex2html/icons/next.png"></A>
|
|
<A NAME="tex2html628"
|
|
HREF="node18.html">
|
|
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up"
|
|
SRC="/usr/share/latex2html/icons/up.png"></A>
|
|
<A NAME="tex2html622"
|
|
HREF="node21.html">
|
|
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous"
|
|
SRC="/usr/share/latex2html/icons/prev.png"></A>
|
|
<A NAME="tex2html630"
|
|
HREF="node1.html">
|
|
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents"
|
|
SRC="/usr/share/latex2html/icons/contents.png"></A>
|
|
<BR>
|
|
<B> Next:</B> <A NAME="tex2html633"
|
|
HREF="node23.html">Mail files</A>
|
|
<B> Up:</B> <A NAME="tex2html629"
|
|
HREF="node18.html">Usage</A>
|
|
<B> Previous:</B> <A NAME="tex2html623"
|
|
HREF="node21.html">Clamuko</A>
|
|
<B> <A NAME="tex2html631"
|
|
HREF="node1.html">Contents</A></B>
|
|
<BR>
|
|
<BR></DIV>
|
|
<!--End of Navigation Panel-->
|
|
|
|
<H2><A NAME="SECTION00044000000000000000">
|
|
Archives and compressed files</A>
|
|
</H2>
|
|
All ClamAV scanners depend on LibClamAV. It has a built-in support for the
|
|
following formats:
|
|
|
|
<UL>
|
|
<LI>Zip
|
|
</LI>
|
|
<LI>Gzip
|
|
</LI>
|
|
<LI>Bzip2
|
|
</LI>
|
|
<LI>RAR (2.0 only)
|
|
|
|
</LI>
|
|
</UL>
|
|
Archive types are determined by magic number tests.<A NAME="tex2html79"
|
|
HREF="footnode.html#foot418"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A> You need the zlib library
|
|
for the Zip/Gzip support. Zip archives are accessed with the zziplib
|
|
library by Guido Draheim and Tomi Ollila. RAR support is based on the
|
|
UniquE RAR File Library by Christian Scheurer and Johannes Winkelmann.
|
|
Both of them are included and slightly modified in the clamav sources.
|
|
Unrarlib supports RAR 2.0 archives only and according to Christian
|
|
the new format (introduced in WinRAR 3.0) will never be supported
|
|
(however clamscan can scan WinRAR 3.0 archives, see below). Due to
|
|
security reasons clamd only scans archives supported by libclamav and
|
|
can't use external programs. Clamscan is more clever and can switch to
|
|
the external unpacker when the built-in decompresor fails:
|
|
<PRE>
|
|
$ clamscan --unrar test-failure.rar
|
|
/home/zolw/Clam/test/test-failure.rar: RAR module failure.
|
|
|
|
UNRAR 3.00 freeware Copyright (c) 1993-2002 Eugene Roshal
|
|
|
|
|
|
Extracting from /home/zolw/Clam/test/test-failure.rar
|
|
|
|
Extracting test1 OK
|
|
All OK
|
|
/tmp/44694f5b2665d2f4/test1: ClamAV-Test-Signature FOUND
|
|
/home/zolw/Clam/test/test-failure.rar: Infected Archive FOUND
|
|
</PRE>
|
|
<SPAN CLASS="textit"><SPAN CLASS="textbf">TIP:</SPAN> You can force clamscan to list all infected files
|
|
in archive using -disable-archive (it disables the built-in
|
|
transparent decompressors) and -unzip -unrar...</SPAN>.
|
|
<BR> <SPAN CLASS="textbf">If the scanner runs on a superuser level unpackers are
|
|
executed with <SPAN CLASS="textit">clamav</SPAN> privileges what makes the process far more
|
|
secure.</SPAN> It also assures the <SPAN CLASS="textit">clamav</SPAN> user has read access
|
|
to all files. <SPAN CLASS="textbf">You must enable recursive scanning with the -r
|
|
option (-recursive) in order to scan a whole content of an
|
|
archive (including subdirectories)</SPAN>, this option is also (usually) required
|
|
to scan nested archive. External unpackers supported:
|
|
<BR>
|
|
<P>
|
|
|
|
<SPAN CLASS="textbf">-unzip: </SPAN> Usually you don't need this option because Zip format is
|
|
supported by libclamav. However it may be useful if libclamav
|
|
fails to unzip some file. clamscan was tested with
|
|
<SPAN CLASS="textit">UnZip 5.41 of 16 April 2000, by Info-ZIP</SPAN>.
|
|
<BR> <SPAN CLASS="textbf">-unrar: </SPAN> Tested with <SPAN CLASS="textit">UNRAR 3.00 freeware</SPAN>.
|
|
<BR> <SPAN CLASS="textbf">-arj: </SPAN> Tested with <SPAN CLASS="textit">arj 3.10b</SPAN>.
|
|
<BR> <SPAN CLASS="textbf">-zoo: </SPAN> Tested with <SPAN CLASS="textit">zoo 2.1</SPAN>.
|
|
<BR> <SPAN CLASS="textbf">-lha: </SPAN> Tested with <SPAN CLASS="textit">LHa for Unix V 1.14e</SPAN>.
|
|
<BR> <SPAN CLASS="textbf">-jar: </SPAN> clamscan uses <SPAN CLASS="textit">unzip</SPAN> for .jar files. Tested with
|
|
<SPAN CLASS="textit">UnZip 5.41 of 16 April 2000, by Info-ZIP</SPAN>.
|
|
<BR> <SPAN CLASS="textbf">-tar: </SPAN> This option enables support for non-compressed archives. Tested
|
|
with <SPAN CLASS="textit">GNU tar 1.13.17</SPAN>.
|
|
<BR> <SPAN CLASS="textbf">-deb: </SPAN> This option enables support for debian binary packages. Tested with
|
|
<SPAN CLASS="textit">GNU ar
|
|
<BR>
|
|
2.12.90.0.14</SPAN>. Implies -tgz , but doesn't
|
|
conflict with -tgz=FULLPATH
|
|
<BR> <SPAN CLASS="textbf">-tgz: </SPAN> This option supports .tar.gz and .tgz files. You need <SPAN CLASS="textit">GNU
|
|
tar</SPAN>, on non-Linux system you probably have it installed as
|
|
<SPAN CLASS="textit">gtar</SPAN> and if it can be found in <SPAN CLASS="textit">$PATH</SPAN> please use
|
|
-tgz=gtar to tell clamscan to use <SPAN CLASS="textit">gtar</SPAN> instead of
|
|
<SPAN CLASS="textit">tar</SPAN>. Otherwise please supply a full path with -tgz
|
|
<BR>
|
|
<P>
|
|
|
|
<DIV CLASS="navigation"><HR>
|
|
<!--Navigation Panel-->
|
|
<A NAME="tex2html632"
|
|
HREF="node23.html">
|
|
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next"
|
|
SRC="/usr/share/latex2html/icons/next.png"></A>
|
|
<A NAME="tex2html628"
|
|
HREF="node18.html">
|
|
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up"
|
|
SRC="/usr/share/latex2html/icons/up.png"></A>
|
|
<A NAME="tex2html622"
|
|
HREF="node21.html">
|
|
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous"
|
|
SRC="/usr/share/latex2html/icons/prev.png"></A>
|
|
<A NAME="tex2html630"
|
|
HREF="node1.html">
|
|
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents"
|
|
SRC="/usr/share/latex2html/icons/contents.png"></A>
|
|
<BR>
|
|
<B> Next:</B> <A NAME="tex2html633"
|
|
HREF="node23.html">Mail files</A>
|
|
<B> Up:</B> <A NAME="tex2html629"
|
|
HREF="node18.html">Usage</A>
|
|
<B> Previous:</B> <A NAME="tex2html623"
|
|
HREF="node21.html">Clamuko</A>
|
|
<B> <A NAME="tex2html631"
|
|
HREF="node1.html">Contents</A></B> </DIV>
|
|
<!--End of Navigation Panel-->
|
|
<ADDRESS>
|
|
Tomasz Kojm
|
|
2004-07-22
|
|
</ADDRESS>
|
|
</BODY>
|
|
</HTML>
|