HTTP Anti-Virus Proxy :: View topic - SCANERROR ClamAV: Zip module failure

12/11/2006 16:22:28 127.0.0.1 GET 200 http://heanet.dl.sourceforge.net/sourceforge/monkeystudio/qt4ds-src-2006.1.0.0RC2c.zip 307+698460 SCANERROR ClamAV: Zip module failure

12/11/2006 16:22:17 (127.0.0.1) Could not send body to browser

USER havp
GROUP havp
PIDFILE /var/run/havp/havp.pid
SERVERNUMBER 16
MAXSERVERS 100
ACCESSLOG /var/log/havp/access.log
ERRORLOG /var/log/havp/havp.log
LOG_OKS true
LOGLEVEL 1
SCANTEMPFILE /var/spool/havp/havp-XXXXXX
TEMPDIR /tmp
DBRELOAD 60
PARENTPROXY 127.0.0.1
PARENTPORT 3128
PORT 6666
BIND_ADDRESS 127.0.0.1
TEMPLATEPATH /etc/havp/templates/de
WHITELISTFIRST true
WHITELIST /etc/havp/whitelist
BLACKLIST /etc/havp/blacklist
FAILSCANERROR true
SCANIMAGES false
MAXSCANSIZE 1000000
STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS
ENABLECLAMLIB true
CLAMDBDIR /var/lib/clamav
CLAMBLOCKENCRYPTED false
CLAMBLOCKMAX false
ENABLECLAMD false
ENABLEFPROT false
ENABLEAVG false
ENABLEAVESERVER false
ENABLESOPHIE false
ENABLETROPHIE false
ENABLENOD32 false
ENABLEAVAST false

http_port 127.0.0.1:8080
http_port 127.0.0.1:3128
acl from_client myport 8080
acl from_havp myport 3128
cache_peer 127.0.0.1 parent 6666 0 no-query no-digest no-netdb-exchange default
cache_peer proxy.mdcc-fun.de parent 8080 0 default
icp_port 0
htcp_port 0
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl ope_network src 192.168.1.0/24
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
cache_peer_access 127.0.0.1 deny CONNECT
cache_peer_access 127.0.0.1 deny from_havp
cache_peer_access 127.0.0.1 allow all
cache_peer_access proxy.mdcc-fun.de allow all
never_direct allow all
always_direct allow CONNECT
http_access allow localhost
http_access allow ope_network
http_access deny all
http_reply_access allow all
icp_access allow all
always_direct allow from_havp
never_direct allow all
cache_dir aufs /var/cache/squid3 812 16 256
maximum_object_size 32768 KB
coredump_dir /var/spool/squid3
shutdown_lifetime 5 seconds
half_closed_clients off
pipeline_prefetch on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
no_cache deny localhost
no_cache deny CONNECT
no_cache allow all
refresh_pattern -i \.(jpe?g|gif|png|ico)$ 43200 100% 43200
refresh_pattern -i \.(zip|rar|arj|cab|exe)$ 43200 100% 43200
refresh_pattern windowsupdate.com/.*\.(cab|exe)$ 43200 100% 43200
refresh_pattern download.microsoft.com/.*\.(cab|exe)$ 43200 100% 43200
refresh_pattern -i \.(cgi|asp|php|fcgi)$ 0 20% 60
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
request_header_access Cache-Control deny all
request_header_access Keep-Alive deny all
request_header_access User-Agent deny all
reply_header_access From deny all
reply_header_access Referer deny all
reply_header_access Server deny all
reply_header_access User-Agent deny all
reply_header_access WWW-Authenticate deny all
reply_header_access Link deny all
header_replace User-Agent Mozilla/5.0

$ clamscan qt4ds-src-2006.1.0.0RC2c.zip
LibClamAV Warning: ********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html ***
LibClamAV Warning: ********************************************************
qt4ds-src-2006.1.0.0RC2c.zip: Zip module failure

----------- SCAN SUMMARY -----------
Known viruses: 76703
Engine version: 0.88.5
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 1.58 MB
Time: 4.047 sec (0 m 4 s)
$ unzip -t qt4ds-src-2006.1.0.0RC2c.zip |tail -n 1
No errors detected in compressed data of qt4ds-src-2006.1.0.0RC2c.zip.

$ clamscan --unzip=unzip qt4ds-src-2006.1.0.0RC2c.zip |tail -n10
LibClamAV Warning: ********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html ***
LibClamAV Warning: ********************************************************
/usr/src/qt4ds-src-2006.1.0.0RC2c.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 76703
Engine version: 0.88.5
Scanned directories: 45
Scanned files: 344
Infected files: 0
Data scanned: 2.71 MB
Time: 6.706 sec (0 m 6 s)

Author:	olaf [ 12 Nov 2006 18:35 ]
Post subject:	SCANERROR ClamAV: Zip module failure
Hi, have some problems on download, I've got: Code: 12/11/2006 16:22:28 127.0.0.1 GET 200 http://heanet.dl.sourceforge.net/sourceforge/monkeystudio/qt4ds-src-2006.1.0.0RC2c.zip 307+698460 SCANERROR ClamAV: Zip module failure and Code: 12/11/2006 16:22:17 (127.0.0.1) Could not send body to browser on my sandwich squid/havp/squid proxy chain. The file size is 683K. Here my havp.config: Code: USER havp GROUP havp PIDFILE /var/run/havp/havp.pid SERVERNUMBER 16 MAXSERVERS 100 ACCESSLOG /var/log/havp/access.log ERRORLOG /var/log/havp/havp.log LOG_OKS true LOGLEVEL 1 SCANTEMPFILE /var/spool/havp/havp-XXXXXX TEMPDIR /tmp DBRELOAD 60 PARENTPROXY 127.0.0.1 PARENTPORT 3128 PORT 6666 BIND_ADDRESS 127.0.0.1 TEMPLATEPATH /etc/havp/templates/de WHITELISTFIRST true WHITELIST /etc/havp/whitelist BLACKLIST /etc/havp/blacklist FAILSCANERROR true SCANIMAGES false MAXSCANSIZE 1000000 STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS ENABLECLAMLIB true CLAMDBDIR /var/lib/clamav CLAMBLOCKENCRYPTED false CLAMBLOCKMAX false ENABLECLAMD false ENABLEFPROT false ENABLEAVG false ENABLEAVESERVER false ENABLESOPHIE false ENABLETROPHIE false ENABLENOD32 false ENABLEAVAST false Dateisystem Größe Benut Verf Ben% Eingehängt auf /var/havp.img 16M 156K 16M 1% /var/spool/hav The problem should not be related to unsufficent disk space. What's happended here? I'm using HAVP Version 0.82 on debian/etch. Here my squid 3.0 config: Code: http_port 127.0.0.1:8080 http_port 127.0.0.1:3128 acl from_client myport 8080 acl from_havp myport 3128 cache_peer 127.0.0.1 parent 6666 0 no-query no-digest no-netdb-exchange default cache_peer proxy.mdcc-fun.de parent 8080 0 default icp_port 0 htcp_port 0 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl ope_network src 192.168.1.0/24 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports cache_peer_access 127.0.0.1 deny CONNECT cache_peer_access 127.0.0.1 deny from_havp cache_peer_access 127.0.0.1 allow all cache_peer_access proxy.mdcc-fun.de allow all never_direct allow all always_direct allow CONNECT http_access allow localhost http_access allow ope_network http_access deny all http_reply_access allow all icp_access allow all always_direct allow from_havp never_direct allow all cache_dir aufs /var/cache/squid3 812 16 256 maximum_object_size 32768 KB coredump_dir /var/spool/squid3 shutdown_lifetime 5 seconds half_closed_clients off pipeline_prefetch on hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY no_cache deny localhost no_cache deny CONNECT no_cache allow all refresh_pattern -i \.(jpe?g\|gif\|png\|ico)$ 43200 100% 43200 refresh_pattern -i \.(zip\|rar\|arj\|cab\|exe)$ 43200 100% 43200 refresh_pattern windowsupdate.com/.\.(cab\|exe)$ 43200 100% 43200 refresh_pattern download.microsoft.com/.\.(cab\|exe)$ 43200 100% 43200 refresh_pattern -i \.(cgi\|asp\|php\|fcgi)$ 0 20% 60 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 request_header_access Via deny all request_header_access X-Forwarded-For deny all request_header_access Cache-Control deny all request_header_access Keep-Alive deny all request_header_access User-Agent deny all reply_header_access From deny all reply_header_access Referer deny all reply_header_access Server deny all reply_header_access User-Agent deny all reply_header_access WWW-Authenticate deny all reply_header_access Link deny all header_replace User-Agent Mozilla/5.0 Thanks Olaf

Author:	hege [ 12 Nov 2006 22:23 ]
Post subject:
If you download it manually and run clamscan, you will see the same error. It has some strange format, so clamav fails. You can just whitelist it or unset FAILSCANERROR.

Author:	olaf [ 13 Nov 2006 20:54 ]
Post subject:
hege wrote: If you download it manually and run clamscan, you will see the same error. It has some strange format, so clamav fails. You can just whitelist it or unset FAILSCANERROR. Mmh: Code: $ clamscan qt4ds-src-2006.1.0.0RC2c.zip LibClamAV Warning: ****************************************************** LibClamAV Warning: * This version of the ClamAV engine is outdated. * LibClamAV Warning: * DON'T PANIC! Read http://www.clamav.net/faq.html * LibClamAV Warning: **************************************************** qt4ds-src-2006.1.0.0RC2c.zip: Zip module failure ----------- SCAN SUMMARY ----------- Known viruses: 76703 Engine version: 0.88.5 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 1.58 MB Time: 4.047 sec (0 m 4 s) $ unzip -t qt4ds-src-2006.1.0.0RC2c.zip \|tail -n 1 No errors detected in compressed data of qt4ds-src-2006.1.0.0RC2c.zip. and: Code: $ clamscan --unzip=unzip qt4ds-src-2006.1.0.0RC2c.zip \|tail -n10 LibClamAV Warning: **************************************************** LibClamAV Warning: * This version of the ClamAV engine is outdated. * LibClamAV Warning: * DON'T PANIC! Read http://www.clamav.net/faq.html * LibClamAV Warning: ****************************************************** /usr/src/qt4ds-src-2006.1.0.0RC2c.zip: OK ----------- SCAN SUMMARY ----------- Known viruses: 76703 Engine version: 0.88.5 Scanned directories: 45 Scanned files: 344 Infected files: 0 Data scanned: 2.71 MB Time: 6.706 sec (0 m 6 s) Any ideas how to use this command line option? Thanks Olaf

Author:	hege [ 13 Nov 2006 21:00 ]
Post subject:
olaf wrote: $ clamscan --unzip=unzip qt4ds-src-2006.1.0.0RC2c.zip \|tail -n10 Any ideas how to use this command line option? Unfortunately no.. It wouldn't be very efficient to call unzip from HAVP.

HTTP Anti-Virus Proxy http://havp.hege.li/forum/

SCANERROR ClamAV: Zip module failure http://havp.hege.li/forum/viewtopic.php?f=3&t=184	Page 1 of 1

Page 1 of 1	All times are UTC + 2 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/