Some tests later ...
I made the settings of clamd and libclamav as similar as possible, clamd:
Code:
Wed Aug 6 10:46:01 2008 -> Listening daemon: PID: 6851
Wed Aug 6 10:46:01 2008 -> Limits: Global size limit set to 104857600 bytes.
Wed Aug 6 10:46:01 2008 -> Limits: File size limit set to 26214400 bytes.
Wed Aug 6 10:46:01 2008 -> Limits: Recursion level limit set to 16.
Wed Aug 6 10:46:01 2008 -> Limits: Files limit set to 10000.
and libclamav (havp.config):
Code:
CLAMMAXSCANSIZE 100
CLAMMAXFILESIZE 25
CLAMMAXRECURSION 16
CLAMMAXFILES 10000
HAVP runs with ClamAV library:
Code:
06/08/2008 10:46:07 === Starting HAVP Version: 0.89
06/08/2008 10:46:07 Running as user: havp, group: havp
06/08/2008 10:46:08 --- Initializing ClamAV Library Scanner
06/08/2008 10:46:08 ClamAV: Using database directory: /var/log/copfilter/default/opt/clamav/virdb
06/08/2008 10:46:21 ClamAV: Loaded 457951 signatures (engine 0.93.3)
06/08/2008 10:46:21 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
06/08/2008 10:46:21 --- All scanners initialized
06/08/2008 10:46:21 Process ID: 7054
And now the "infection" is found and the download of the update pack is truncated
Code:
06/08/2008 10:48:48 127.0.0.1 GET 200 http://argos66.free.fr/copfilter/update-copfilter-1.8.tar.gz 303+7740583 VIRUS ClamAV: Exploit.WMF.Gen-1
May be you've never seen a man happier on a broken download!
Thanks for your help on these issues and for filing the bug report to the ClamAV team!
Cheers