4 Replies Latest reply: Oct 22, 2013 3:05 AM by rackroyd RSS

    Command Line Scanner is not scanning all files but no issues logged in Linux

    mtoback

      We have a set of zip files that we are scanning using the Linux Command Line Virus Scanner. If we scan one file the result is the total files is always one more than the number of files scanned (i.e. unzip it and you see one less file scanned than the number of files in the zip file).

       

      I've turned on all of the logging I can find documented and everything comes back with "is OK" at the end.

       

      There is some reason to believe that these zip files may have password protected files buried in them but we have no way of knowing where they are as the only indication we get is that one file is not scanned.

       

      Has anyone encounted anything like this?

       

      michael

        • 1. Re: Command Line Scanner is not scanning all files but no issues logged in Linux
          Ex_Brit

          Moved from home products to Business > MAC & Linux Products for better support.

          • 2. Re: Command Line Scanner is not scanning all files but no issues logged in Linux
            rackroyd

            Sounds normal tbh.


            Assuming use of the --unzip parameter, if you turn on verbose logging (--verbose) you should see that for a zip file containing, say three files you get:

             

            1. Scan of the overall zip at the top-level (not opened)
                 Scan then opens the zip and…
                      2. Scan of file#1 in the zip
                      3. Scan of file#2 in the zip
                      4. Scan of file#3 in the zip

             

            So total files scanned=4, the zip itself and the three files within.

             

            If the zip cannot be opened for some reason (unrecognised file type/corrupt/encrypted) then you only get the scan of the overall zip at the top-level and not the content.

            • 3. Re: Command Line Scanner is not scanning all files but no issues logged in Linux
              mtoback

              Thanks Rackroyd,

               

              This is my problem.

               

              I run --unzip --verbose --summary

               

              Everything comes up "OK", except it reports that it processed one file and did not scan it. But there is no indication whatsoever what the problem is

               

              It is only if I unzip it and scan the problem file within the zip file directly that I can generate an error telling me it could scan not it, but it does not tell me why.

              • 4. Re: Command Line Scanner is not scanning all files but no issues logged in Linux
                rackroyd

                It could be any number of reasons.

                 

                For example:

                 

                1. Archive applications are not as strict at what defines a 'valid' archive and can often reconstruct corruption in either the zip header or directory allowing the file to be extracted.

                The AV-Engine+dat is much stricter on what constitutes a valid archive (as you might expect). inconsistencies may = something bad, so the product errs on the side of caution.

                 

                2. The archive format may be zip, but a compression type is used that is not recognised.

                 

                Either way you will not get detail why, even after extraction & scanning as we don't go into that level of detail.

                The only way to know for sure why a file may have issues being scanned is to submit it to McAfee Labs for evaluation.

                You should submit the zip and the extracted file in the zip explaining what your scan report shows.

                 

                Under no circumstances post the file to the forum. Suspicious files need to be handled appropriately.

                 

                Thanks.