Hi,
I'm using
HAVP as a parent proxy for squid. It's working great for most common cases.
I started my testes with simple virus files and everything was working nice.
Now I'm stuck with zip files. If I download one zip file with only the virus inside,
HAVP detects it and it works as it should.
If I put more files inside the zip along with the exe virus, it does not detect anything.
I have tried configuring
HAVP with clamav and with clamd, both have the same problem.
My system it's centos 5.2, and the versions of the software are:
- havp-0.89-2
- clamd-0.94-1.el5.rf
- clamav-0.94-1.el5.rf
LOGS:
==> /var/log/havp/access.log <==
18/11/2008 12:51:57 127.0.0.1 GET 200
http://xxx.xxx.xxx.xxx/test_virus.zip 260+7323474 OK
==> shell <==
# clamscan test_virus.zip
test_virus.zip: Worm.SomeFool.P FOUND
----------- SCAN SUMMARY -----------
Known viruses: 463741
Engine version: 0.94
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 14.79 MB
Time: 3.908 sec (0 m 3 s)
==> shell <==
# clamdscan test_virus.zip
//test_virus.zip: Worm.SomeFool.P FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 2.133 sec (0 m 2 s)
==> havp.conf <==
LOGLEVEL 1
PORT 8085
KEEPBACKBUFFER 100000
DISABLELOCKINGFOR ClamAV:BinHex ClamAV:PDF ClamAV:ZIP
ENABLECLAMLIB false
CLAMMAXSCANSIZE 100
CLAMMAXFILES 10000
CLAMMAXFILESIZE 50
CLAMMAXRECURSION 16
ENABLECLAMD true
CLAMDSOCKET /tmp/clamd.socket
ENABLEFPROT false
ENABLEAVG false
ENABLEAVESERVER false
ENABLESOPHIE false
ENABLETROPHIE false
ENABLENOD32 false
ENABLEAVAST false
ENABLEARCAVIR false
ENABLEDRWEB false
FILE:
http://www.flyupload.com/get?fid=264461365Can anyone help me out on this? Probably I'm doing something wrong.
Thanks very much,