windowsclamavclam

ClamAV clamscan not scanning for infected files present inside an archived file


I am testing ClamAV to detect viruses on machine.

I am running clamscan -r -i "Path to folder containing archive that has infected file"

It fails to detect the infected file present inside the archive file. If I have the infected file outside of the zip, it is detecting the file.

I have created clamd.conf / clamav.conf in the scanner folder that has scan-archive set to yes.


Solution

  • Your zip file might be bigger than default values. Add these options as well for running the scan.

    --max-filesize=#n
    Extract and scan at most #n bytes from each archive. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB)
    
    --max-scansize=#n
    Extract and scan at most #n bytes from each archive. The size the archive plus the sum of the sizes of all files within archive count toward the scan size. For example, a 1M uncompressed archive containing a single 1M inner file counts as 2M toward max-scansize. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 100 MB, max: <4 GB)
    
    --max-files=#n
    Extract at most #n files from each scanned file (when this is an archive, a document or another kind of container). This option protects your system against DoS attacks (default: 10000)
    
    

    refs: https://manpages.ubuntu.com/manpages/xenial/man1/clamscan.1.html