FreeBSD Bugzilla – Attachment 144003 Details for
Bug 191250
Stop in /usr/ports/security/clamav: 3 of 7 tests failed
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
test-suite.log
test-suite.log (text/x-log), 407.83 KB, created by
peo
on 2014-06-21 17:55:05 UTC
(
hide
)
Description:
test-suite.log
Filename:
MIME Type:
Creator:
peo
Created:
2014-06-21 17:55:05 UTC
Size:
407.83 KB
patch
obsolete
> > >============================================== > ClamAV 0.98.2: unit_tests/test-suite.log >============================================== > >3 of 7 tests failed. (6 tests were not run). > >.. contents:: :depth: 2 > > >FAIL: check_clamav (exit: 1) >============================ > >Running suite(s): cl_api > cli > jsnorm > str > regex > disasm > unique > matchers > htmlnorm > bytecode >97%: Checks: 983, Failures: 24, Errors: 0 >check_clamav.c:178:F:cl_scan:test_cl_scandesc:20: cl_scandesc failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:178:F:cl_scan:test_cl_scandesc:38: cl_scandesc failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:201:F:cl_scan:test_cl_scandesc_allscan:20: cl_scandesc_allscan failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:201:F:cl_scan:test_cl_scandesc_allscan:38: cl_scandesc_allscan failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:227:F:cl_scan:test_cl_scanfile:20: cl_scanfile failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:227:F:cl_scan:test_cl_scanfile:38: cl_scanfile failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:250:F:cl_scan:test_cl_scanfile_allscan:20: cl_scanfile_allscan failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:250:F:cl_scan:test_cl_scanfile_allscan:38: cl_scanfile_allscan failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:323:F:cl_scan:test_cl_scandesc_callback:20: cl_scanfile failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:323:F:cl_scan:test_cl_scandesc_callback:38: cl_scanfile failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:347:F:cl_scan:test_cl_scandesc_callback_allscan:20: cl_scanfile_allscan failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:347:F:cl_scan:test_cl_scandesc_callback_allscan:38: cl_scanfile_allscan failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:275:F:cl_scan:test_cl_scanfile_callback:20: cl_scanfile_cb failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:275:F:cl_scan:test_cl_scanfile_callback:38: cl_scanfile_cb failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:299:F:cl_scan:test_cl_scanfile_callback_allscan:20: cl_scanfile_cb_allscan failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:299:F:cl_scan:test_cl_scanfile_callback_allscan:38: cl_scanfile_cb_allscan failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:516:F:cl_scan:test_cl_scanmap_callback_handle:20: cl_scanmap_callback failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:516:F:cl_scan:test_cl_scanmap_callback_handle:38: cl_scanmap_callback failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:543:F:cl_scan:test_cl_scanmap_callback_handle_allscan:20: cl_scanmap_callback_allscan failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:543:F:cl_scan:test_cl_scanmap_callback_handle_allscan:38: cl_scanmap_callback_allscan failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:575:F:cl_scan:test_cl_scanmap_callback_mem:20: cl_scanmap_callback failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:575:F:cl_scan:test_cl_scanmap_callback_mem:38: cl_scanmap_callback failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected >check_clamav.c:609:F:cl_scan:test_cl_scanmap_callback_mem_allscan:20: cl_scanmap_callback failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: No viruses detected >check_clamav.c:609:F:cl_scan:test_cl_scanmap_callback_mem_allscan:38: cl_scanmap_callback failed for /usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: No viruses detected > >SKIP: check_unit_vg.sh (exit: 77) >================================= > >*** valgrind tests skipped by default, use 'make check VG=1' to activate > >FAIL: check1_clamscan.sh (exit: 42) >=================================== > >LibClamAV debug: searching for unrar, user-searchpath: /usr/local/lib >LibClamAV debug: searching for unrar: libclamunrar_iface.so.6.1.22 not found >LibClamAV debug: searching for unrar: libclamunrar_iface.so.6 not found >LibClamAV debug: searching for unrar: libclamunrar_iface.so not found >LibClamAV debug: searching for unrar: libclamunrar_iface.a not found >LibClamAV Warning: Cannot dlopen libclamunrar_iface: file not found - unrar support unavailable >LibClamAV debug: Initialized 0.98.3 engine >LibClamAV debug: Initializing phishcheck module >LibClamAV debug: Phishcheck: Compiling regex: ^ *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$ >LibClamAV debug: Phishcheck module initialized >LibClamAV debug: Bytecode initialized in JIT mode >LibClamAV debug: test-db/test.hdb loaded >LibClamAV debug: Initializing engine->root[0] >LibClamAV debug: Initialising AC pattern matcher of root[0] >LibClamAV debug: cli_initroots: Initializing BM tables of root[0] >LibClamAV debug: Initializing engine->root[1] >LibClamAV debug: Initialising AC pattern matcher of root[1] >LibClamAV debug: cli_initroots: Initializing BM tables of root[1] >LibClamAV debug: Initializing engine->root[2] >LibClamAV debug: Initialising AC pattern matcher of root[2] >LibClamAV debug: Initializing engine->root[3] >LibClamAV debug: Initialising AC pattern matcher of root[3] >LibClamAV debug: Initializing engine->root[4] >LibClamAV debug: Initialising AC pattern matcher of root[4] >LibClamAV debug: Initializing engine->root[5] >LibClamAV debug: Initialising AC pattern matcher of root[5] >LibClamAV debug: Initializing engine->root[6] >LibClamAV debug: Initialising AC pattern matcher of root[6] >LibClamAV debug: Initializing engine->root[7] >LibClamAV debug: Initialising AC pattern matcher of root[7] >LibClamAV debug: Initializing engine->root[8] >LibClamAV debug: Initialising AC pattern matcher of root[8] >LibClamAV debug: Initializing engine->root[9] >LibClamAV debug: Initialising AC pattern matcher of root[9] >LibClamAV debug: Initializing engine->root[10] >LibClamAV debug: Initialising AC pattern matcher of root[10] >LibClamAV debug: Initializing engine->root[11] >LibClamAV debug: Initialising AC pattern matcher of root[11] >LibClamAV debug: Initializing engine->root[12] >LibClamAV debug: Initialising AC pattern matcher of root[12] >LibClamAV debug: Loaded 139 filetype definitions >LibClamAV debug: Using filter for trie 0 >LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 67 (reloff: 1, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 32 >LibClamAV debug: Using filter for trie 1 >LibClamAV debug: Matcher[1]: PE: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 >LibClamAV debug: Matcher[2]: OLE2: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[3]: HTML: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Using filter for trie 4 >LibClamAV debug: Matcher[4]: MAIL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[6]: ELF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Using filter for trie 7 >LibClamAV debug: Matcher[7]: ASCII: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[10]: PDF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[11]: FLASH: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[12]: JAVA: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Dynamic engine configuration settings: >LibClamAV debug: -------------------------------------- >LibClamAV debug: Module PE: On >LibClamAV debug: * Submodule PARITE: On >LibClamAV debug: * Submodule KRIZ: On >LibClamAV debug: * Submodule MAGISTR: On >LibClamAV debug: * Submodule POLIPOS: On >LibClamAV debug: * Submodule MD5SECT: On >LibClamAV debug: * Submodule UPX: On >LibClamAV debug: * Submodule FSG: On >LibClamAV debug: * Submodule SWIZZOR: On >LibClamAV debug: * Submodule PETITE: On >LibClamAV debug: * Submodule PESPIN: On >LibClamAV debug: * Submodule YC: On >LibClamAV debug: * Submodule WWPACK: On >LibClamAV debug: * Submodule NSPACK: On >LibClamAV debug: * Submodule MEW: On >LibClamAV debug: * Submodule UPACK: On >LibClamAV debug: * Submodule ASPACK: On >LibClamAV debug: * Submodule CATALOG: On >LibClamAV debug: * Submodule DISABLECERT: ** Off ** >LibClamAV debug: * Submodule DUMPCERT: ** Off ** >LibClamAV debug: * Submodule MATCHICON: On >LibClamAV debug: Module ELF: On >LibClamAV debug: Module MACHO: On >LibClamAV debug: Module ARCHIVE: On >LibClamAV debug: * Submodule RAR: On >LibClamAV debug: * Submodule ZIP: On >LibClamAV debug: * Submodule GZIP: On >LibClamAV debug: * Submodule BZIP: On >LibClamAV debug: * Submodule ARJ: On >LibClamAV debug: * Submodule SZDD: On >LibClamAV debug: * Submodule CAB: On >LibClamAV debug: * Submodule CHM: On >LibClamAV debug: * Submodule OLE2: On >LibClamAV debug: * Submodule TAR: On >LibClamAV debug: * Submodule CPIO: On >LibClamAV debug: * Submodule BINHEX: On >LibClamAV debug: * Submodule SIS: On >LibClamAV debug: * Submodule NSIS: On >LibClamAV debug: * Submodule AUTOIT: On >LibClamAV debug: * Submodule ISHIELD: On >LibClamAV debug: * Submodule 7zip: On >LibClamAV debug: * Submodule ISO9660: On >LibClamAV debug: * Submodule DMG: On >LibClamAV debug: * Submodule XAR: On >LibClamAV debug: * Submodule HFSPLUS: On >LibClamAV debug: * Submodule XZ: On >LibClamAV debug: Module DOCUMENT: On >LibClamAV debug: * Submodule HTML: On >LibClamAV debug: * Submodule RTF: On >LibClamAV debug: * Submodule PDF: On >LibClamAV debug: * Submodule SCRIPT: On >LibClamAV debug: * Submodule HTMLSKIPRAW: On >LibClamAV debug: * Submodule JSNORM: On >LibClamAV debug: * Submodule SWF: On >LibClamAV debug: Module MAIL: On >LibClamAV debug: * Submodule MBOX: On >LibClamAV debug: * Submodule TNEF: On >LibClamAV debug: Module OTHER: On >LibClamAV debug: * Submodule UUENCODED: On >LibClamAV debug: * Submodule SCRENC: On >LibClamAV debug: * Submodule RIFF: On >LibClamAV debug: * Submodule JPEG: On >LibClamAV debug: * Submodule CRYPTFF: On >LibClamAV debug: * Submodule DLP: On >LibClamAV debug: * Submodule MYDOOMLOG: On >LibClamAV debug: * Submodule PREFILTERING: On >LibClamAV debug: * Submodule PDFNAMEOBJ: On >LibClamAV debug: * Submodule PRTNINTXN: On >LibClamAV debug: Module PHISHING On >LibClamAV debug: * Submodule ENGINE: On >LibClamAV debug: * Submodule ENTCONV: On >LibClamAV debug: Module BYTECODE On >LibClamAV debug: * Submodule INTERPRETER: On >LibClamAV debug: * Submodule JIT X86: On >LibClamAV debug: * Submodule JIT PPC: On >LibClamAV debug: * Submodule JIT ARM: ** Off ** >LibClamAV debug: Module STATS Off >LibClamAV debug: pool memory used: 5.878 MB >LibClamAV debug: No bytecodes loaded, not running builtin test >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 2bf6c8403b5b0a6ccdcfc7c7a434507c is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 6 >LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x200 >LibClamAV debug: SizeOfInitializedData: 0x400 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x5001 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x8000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x2000 0x2000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x600 0x600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x3000 0x3000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x800 0x800 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .clam >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x4000 0x4000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .aspack >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2000 0x2000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x1200 0x1200 >LibClamAV debug: PointerToRawData: 0xc00 0xc00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 5 >LibClamAV debug: Section name: .adata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x7000 0x7000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x1e00 0x1e00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc01 (3073) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Aspack: unpacking block rva:2000 - sz:200 >LibClamAV debug: Aspack: unpacking block rva:3058 - sz:1a8 >LibClamAV debug: Aspack: unpacking block rva:4000 - sz:1000 >LibClamAV debug: Aspack: successfully rebuilt >LibClamAV debug: Aspack: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 4a4477a6d2d866b38806e9bfa5a6bb2e is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 16864 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 4a4477a6d2d866b38806e9bfa5a6bb2e:17408:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 2bf6c8403b5b0a6ccdcfc7c7a434507c:7680:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: c6ccf4ddbccbcaa01b441690a329d1b0 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 6112 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: c6ccf4ddbccbcaa01b441690a329d1b0:6656:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 6b39b93ff222f7b979337faae602c6cf is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 12 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 2 >LibClamAV debug: TimeDateStamp: Thu Jan 1 01:00:00 1970 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 0 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x200 >LibClamAV debug: SizeOfInitializedData: 0x0 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x63ff >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x7000 >LibClamAV debug: SizeOfHeaders: 0x200 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: MEW >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5000 0x5000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x0 0x0 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: ÃuÃÂëà >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x418 0x418 >LibClamAV debug: PointerToRawData: 0x200 0x200 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x5ff (1535) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression >LibClamAV debug: MEW: found MEW characteristics FFFF9D50 + 000063FF + 5 = 00000154 >LibClamAV debug: MEW: Win9x compatibility was set! >LibClamAV debug: MEW: ssize 00001000 dsize 00005000 offdiff: 0000001c >LibClamAV debug: MEW: 1048 (00000418) bytes read >LibClamAV debug: MEW unpacking section 0 (0x425f4028->0x425ef000) >LibClamAV debug: MEW unpacking section 1 (0x425f40fd->0x425f001c) >LibClamAV debug: MEW unpacking section 2 (0x425f4137->0x425f1058) >LibClamAV debug: MEW unpacking section 3 (0x425f419d->0x425f2e6c) >LibClamAV debug: MEW unpacking section 4 (0x425f4316->0x425f3f89) >LibClamAV debug: MEW: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: eb55c7b07f6c22b7c09ea52a8eeaddec is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ZIP-SFX at 17004 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ZIP/ZIP-SFX signature found at 17004 >LibClamAV debug: in cli_unzip_single >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp//clamav-6ea32a6ba2b9454cb49b3178efebaa45.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: eb55c7b07f6c22b7c09ea52a8eeaddec:21504:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 6b39b93ff222f7b979337faae602c6cf:1560:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 3527d9af6c885b7a469ced2fa4890dc6 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type NSIS at 46084 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: NSIS signature found at 46080 >LibClamAV debug: in scannulsft() >LibClamAV debug: NSIS: Header info - Flags=0, Header size=1105, Archive size=54d >LibClamAV debug: NSIS: solid compression not detected >LibClamAV debug: NSIS: bzip2 0 - lzma 2 - zlib 0 >LibClamAV debug: NSIS: Successully extracted file #1 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: NSIS: Successully extracted file #2 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 3527d9af6c885b7a469ced2fa4890dc6:47437:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 517cb11c1ae9e0c119e7699d65b71d05 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Thu Jan 1 01:00:00 1970 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 0 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x200 >LibClamAV debug: SizeOfInitializedData: 0x400 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x5087 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x82c3 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: KuNgBiM >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: KuNgBiM >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x2000 0x2000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x600 0x600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x3000 0x3000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x800 0x800 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: KuNgBiM >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x4000 0x4000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: KuNgBiM >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x32c3 0x4000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x3400 0x3400 >LibClamAV debug: PointerToRawData: 0xc00 0xc00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc87 (3207) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: in unspin >LibClamAV debug: spin: Key8 is 91, Len is 11fe >LibClamAV debug: spin: Key is 47b3f060, Len is 5a0 >LibClamAV debug: spin: Key32 is 3523a0f5 - XORbitmap is b >LibClamAV debug: spin: Decrypting sects (xor) >LibClamAV debug: spin: done >LibClamAV debug: spin: Key is 43a806db, Len is 180 >LibClamAV debug: spin: POLY1 len is 1a1 >LibClamAV debug: spin: POLYbitmap is b - decrypting sects (poly) >LibClamAV debug: spin: done >LibClamAV debug: spin: Compression bitmap is 8 >LibClamAV debug: spin: Not growing sect0 >LibClamAV debug: spin: Not growing sect1 >LibClamAV debug: spin: Not growing sect2 >LibClamAV debug: spin: Growing sect3: was 200 will be 1000 >LibClamAV debug: spin: decompression complete >LibClamAV debug: PEspin: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: ea58113cd88ec4715020f5189529d35b is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 6112 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: ea58113cd88ec4715020f5189529d35b:6656:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 517cb11c1ae9e0c119e7699d65b71d05:16384:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 2891f5b98be269b9f6ffbbb2c84ae4f4 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 240 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x200 >LibClamAV debug: SizeOfInitializedData: 0x400 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x5042 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x6000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2000 0x2000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0x800 0x800 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x3000 0x3000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xe00 0xe00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x4000 0x4000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x0 0x0 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .petite >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2cc 0x1000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x400 0x400 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x442 (1090) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression >LibClamAV debug: UPX: NRV2B decompressor failed >LibClamAV debug: UPX: NRV2D decompressor failed >LibClamAV debug: UPX: NRV2E decompressor failed >LibClamAV debug: UPX: All decompressors failed >LibClamAV debug: Petite: v2.2 compression detected >LibClamAV debug: Petite: Found petite code in sect2(2000). Let's strip it. >LibClamAV debug: Petite: Encrypted EP: dfed1249 | Array of imports: 205c >LibClamAV debug: Petite: Old EP: 1020 >LibClamAV debug: Petite: Sections dump: >LibClamAV debug: Petite: .SECT0 RVA:1000 VSize:1000 ROffset: 0, RSize:f7 >LibClamAV debug: Petite: .SECT1 RVA:2000 VSize:2000 ROffset: f7, RSize:123 >LibClamAV debug: Petite: .SECT2 RVA:4000 VSize:ffc ROffset: 21a, RSize:ffc >LibClamAV debug: Petite: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 8a2bf11929515746f3df244a4ac91c7c is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ZIP-SFX at 5740 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ZIP/ZIP-SFX signature found at 5740 >LibClamAV debug: in cli_unzip_single >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp//clamav-a86c08cee07fec198bd6a66adc7b0c36.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 8a2bf11929515746f3df244a4ac91c7c:6144:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 2891f5b98be269b9f6ffbbb2c84ae4f4:4096:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 832fd1026a13e16686b55e855bb559df is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 16 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 3 >LibClamAV debug: TimeDateStamp: Sat Jan 24 00:39:42 2004 >LibClamAV debug: SizeOfOptionalHeader: 148 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 76 >LibClamAV debug: MinorLinkerVersion: 111 >LibClamAV debug: SizeOfCode: 0x694c6461 >LibClamAV debug: SizeOfInitializedData: 0x72617262 >LibClamAV debug: SizeOfUninitializedData: 0x4179 >LibClamAV debug: AddressOfEntryPoint: 0x1018 >LibClamAV debug: BaseOfCode: 0x10 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0xf000 >LibClamAV debug: SizeOfHeaders: 0x200 >LibClamAV debug: NumberOfRvaAndSizes: 10 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: PSÿëëçà >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5000 0x5000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x1f0 0x200 >LibClamAV debug: PointerToRawData: 0x10 0x0 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8000 0x8000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x53c 0x53c >LibClamAV debug: PointerToRawData: 0x200 0x200 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: oP@ >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0xe000 0xe000 >LibClamAV debug: SizeOfRawData: 0x1f0 0x200 >LibClamAV debug: PointerToRawData: 0x10 0x0 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x18 (24) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Upack characteristics found. >LibClamAV debug: Upack: var set >LibClamAV debug: Upack: EP: 00000018 original: 00000020 || 00401020 >LibClamAV debug: Upack: Context Bits parameter used with lzma: 05, 1c00 >LibClamAV debug: Upack: data initialized, before upack lzma call! >LibClamAV debug: > p0: 0x425f00ae > p1: ffffffff > p2: 00000000 >LibClamAV debug: state[0] = ffffffff >LibClamAV debug: state[1] = 00000000 >LibClamAV debug: state[2] = 00000001 >LibClamAV debug: state[3] = 00000001 >LibClamAV debug: state[4] = 00000001 >LibClamAV debug: state[5] = 00000001 >LibClamAV debug: Upack: loops: 00000002 search value: 00 >LibClamAV debug: Upack: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: de4f18d10798acf90ab81dc899dffb14 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ZIP-SFX at 16492 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ZIP/ZIP-SFX signature found at 16492 >LibClamAV debug: in cli_unzip_single >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp//clamav-679abb7e8782a4eece3438a82ffd2ef7.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: de4f18d10798acf90ab81dc899dffb14:17408:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 832fd1026a13e16686b55e855bb559df:1852:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: Authenticode: 1499bd7d2ac0d8cfde925171efb020ff69711410 >LibClamAV debug: in asn1_check_mscat (offset: 2884) >LibClamAV debug: in asn1_parse_mscat >LibClamAV debug: asn1_parse_mscat: failed to read pkcs#7 entry >LibClamAV debug: asn1_parse_mscat: failed to parse catalog >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: e77295fd480b05f9d22bd9e4f86c5cf3 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 3 >LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x1000 >LibClamAV debug: SizeOfInitializedData: 0x1000 >LibClamAV debug: SizeOfUninitializedData: 0x5000 >LibClamAV debug: AddressOfEntryPoint: 0x6320 >LibClamAV debug: BaseOfCode: 0x6000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x8000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: UPX0 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5000 0x5000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: UPX1 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x7000 0x7000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x720 (1824) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression >LibClamAV debug: UPX: Looks like a NRV2B decompression routine >LibClamAV debug: UPX: PE structure rebuilt from compressed file >LibClamAV debug: UPX: Successfully decompressed >LibClamAV debug: ***** Scanning decompressed file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 3b03bc19b1f39587a0650c7b6fe35d38 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 19936 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 3b03bc19b1f39587a0650c7b6fe35d38:20480:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: e77295fd480b05f9d22bd9e4f86c5cf3:3072:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized RAR file >LibClamAV debug: cache_check: 240d23b090c954b017a73850af036178 is negative >LibClamAV debug: Matched signature for file type RAR-SFX at 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 240d23b090c954b017a73850af036178 (level 0) >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized RAR file >LibClamAV debug: cache_check: f43c0b75c55428c5e84d6b40214ead41 is negative >LibClamAV debug: Matched signature for file type RAR-SFX at 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: f43c0b75c55428c5e84d6b40214ead41 (level 0) >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 1cce7fa3d68fdb429da830618c1ebfee is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ZIP-SFX at 2569 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ZIP/ZIP-SFX signature found at 2569 >LibClamAV debug: in cli_unzip_single >LibClamAV debug: cli_unzip: lh - fname out of file >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x200 >LibClamAV debug: SizeOfInitializedData: 0x400 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x5000 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x6000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xf7 0x1000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x122 0x1000 >LibClamAV debug: VirtualAddress: 0x2000 0x2000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x600 0x600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x200 0x1000 >LibClamAV debug: VirtualAddress: 0x3000 0x3000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x800 0x800 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .clam >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x4000 0x4000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .WWP32 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2b7 0x1000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x400 0x400 >LibClamAV debug: PointerToRawData: 0xc00 0xc00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc00 (3072) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: in wwunpack >LibClamAV debug: WWP: src: 4000, szd: 18c, srcend: 188 - 0 >LibClamAV debug: WWPack: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 7b8cd3dd6a198ec191afce0206665d2d is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ZIP-SFX at 20076 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ZIP/ZIP-SFX signature found at 20076 >LibClamAV debug: in cli_unzip_single >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp//clamav-4c2a640b1c46654be9dd52bdb1849a6c.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 7b8cd3dd6a198ec191afce0206665d2d:20480:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 1cce7fa3d68fdb429da830618c1ebfee:4096:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 7f8a72eb63173c80729ebb8c9999d9db is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x1000 >LibClamAV debug: SizeOfInitializedData: 0x1000 >LibClamAV debug: SizeOfUninitializedData: 0x5000 >LibClamAV debug: AddressOfEntryPoint: 0x8060 >LibClamAV debug: BaseOfCode: 0x6000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0xa000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: UPX0 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5000 0x5000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: UPX1 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x7000 0x7000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: yC >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2000 0x2000 >LibClamAV debug: VirtualAddress: 0x8000 0x8000 >LibClamAV debug: SizeOfRawData: 0xc52 0xc52 >LibClamAV debug: PointerToRawData: 0xc00 0xc00 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc60 (3168) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression >LibClamAV debug: UPX: NRV2B decompressor failed >LibClamAV debug: UPX: NRV2D decompressor failed >LibClamAV debug: UPX: NRV2E decompressor failed >LibClamAV debug: UPX: All decompressors failed >LibClamAV debug: 3,200,2923,0 >LibClamAV debug: yC: offset: 0, length: b6b >LibClamAV debug: yC: decrypting decryptor on sect 3 >LibClamAV debug: yC: decrypting sect1 >LibClamAV debug: yC: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 8822fca1f7b0cb5506f15f8088956197 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 3 >LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x1000 >LibClamAV debug: SizeOfInitializedData: 0x1000 >LibClamAV debug: SizeOfUninitializedData: 0x5000 >LibClamAV debug: AddressOfEntryPoint: 0x0 >LibClamAV debug: BaseOfCode: 0x6000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x8000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: UPX0 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5000 0x5000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: UPX1 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x7000 0x7000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x0 (0) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression >LibClamAV debug: UPX: no luck - scanning for PE >LibClamAV debug: UPX: PE structure rebuilt from compressed file >LibClamAV debug: UPX: Successfully decompressed with NRV2B >LibClamAV debug: ***** Scanning decompressed file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 3b03bc19b1f39587a0650c7b6fe35d38 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 19936 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 3b03bc19b1f39587a0650c7b6fe35d38:20480:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 8822fca1f7b0cb5506f15f8088956197:3072:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: FP SIGNATURE: 7f8a72eb63173c80729ebb8c9999d9db:6226:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized 7zip file >LibClamAV debug: cache_check: 30cc73fe9ec56e474c4d19c57ffe0546 is negative >LibClamAV debug: cli_7unz: extracting clam.exe >LibClamAV debug: CDBNAME:CL_TYPE_7Z:0:clam.exe:0:544:0:0:4010228989:0x0 >LibClamAV debug: cli_7unz: Saving to /tmp//clamav-e453cd2e6f2a5301efe7ae314bd6394b.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: cli_7unz: completed successfully >LibClamAV debug: FP SIGNATURE: 30cc73fe9ec56e474c4d19c57ffe0546:362:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ARJ file >LibClamAV debug: cache_check: f58327b03afd2a727c3329ba3c0947a7 is negative >LibClamAV debug: in cli_scanarj() >LibClamAV debug: in cli_unarj_open >LibClamAV debug: Header Size: 44 >LibClamAV debug: ARJ Main File Header >LibClamAV debug: First Header Size: 34 >LibClamAV debug: Version: 11 >LibClamAV debug: Min version: 1 >LibClamAV debug: Host OS: 2 >LibClamAV debug: Flags: 0x10 >LibClamAV debug: Security version: 0 >LibClamAV debug: File type: 2 >LibClamAV debug: Filename: clam.arj >LibClamAV debug: Comment: >LibClamAV debug: Extended header size: 0 >LibClamAV debug: in cli_unarj_prepare_file >LibClamAV debug: Header Size: 56 >LibClamAV debug: ARJ File Header >LibClamAV debug: First Header Size: 46 >LibClamAV debug: Version: 11 >LibClamAV debug: Min version: 1 >LibClamAV debug: Host OS: 2 >LibClamAV debug: Flags: 0x10 >LibClamAV debug: Method: 1 >LibClamAV debug: File type: 0 >LibClamAV debug: File type: 232 >LibClamAV debug: Compressed size: 269 >LibClamAV debug: Original size: 544 >LibClamAV debug: Filename: clam.exe >LibClamAV debug: Comment: >LibClamAV debug: Extended header size: 0 >LibClamAV debug: CDBNAME:CL_TYPE_ARJ:269:clam.exe:269:544:0:1:0:0x0 >LibClamAV debug: in cli_unarj_extract_file >LibClamAV debug: Filename: /tmp//clamav-b41aa6ace718ec934a43b8db12371c46.tmp/file.uar >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: ARJ: infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ARJ: Exit code: 1 >LibClamAV debug: FP SIGNATURE: f58327b03afd2a727c3329ba3c0947a7:393:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized CPIO OLD BINARY BE file >LibClamAV debug: cache_check: f418df91fafd06fde1a23269d37959b4 is negative >LibClamAV debug: CPIO: -- File 1 -- >LibClamAV debug: CPIO: Name: clam.exe >LibClamAV debug: CPIO: Filesize: 544 >LibClamAV debug: CDBNAME:CL_TYPE_CPIO_OLD:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_map_scan: [36, +544) >LibClamAV debug: cli_map_scandesc: [0, +1024), [36, +544) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: f418df91fafd06fde1a23269d37959b4:1024:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized CPIO OLD BINARY LE file >LibClamAV debug: cache_check: 72de8ccfc183c86eadd52f5f571d0fd7 is negative >LibClamAV debug: CPIO: -- File 1 -- >LibClamAV debug: CPIO: Name: clam.exe >LibClamAV debug: CPIO: Filesize: 544 >LibClamAV debug: CDBNAME:CL_TYPE_CPIO_OLD:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_map_scan: [36, +544) >LibClamAV debug: cli_map_scandesc: [0, +1024), [36, +544) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 72de8ccfc183c86eadd52f5f571d0fd7:1024:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ZIP file >LibClamAV debug: cache_check: 879ac518d351ac3ba22c9d54bd17174b is negative >LibClamAV debug: in cli_unzip >LibClamAV debug: cli_unzip: central @182 >LibClamAV debug: cli_unzip: ch - flags 0 - method c - csize 15c - usize 220 - flen 8 - elen 0 - clen 0 - disk 0 - off 0 >LibClamAV debug: cli_unzip: ch - fname: clam.exe >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:348:ef073cfd:12:1:1 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:348:clam.exe:348:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp//clamav-7f22506c8688ddf936fb79f005642a1b.tmp/zip.000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 879ac518d351ac3ba22c9d54bd17174b:462:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS CAB file >LibClamAV debug: cache_check: 05b9642706a9fc730b8371d239a9b8f9 is negative >LibClamAV debug: in cli_scanmscab() >LibClamAV debug: CAB: -------------- Cabinet file ---------------- >LibClamAV debug: CAB: Cabinet length: 621 >LibClamAV debug: CAB: Folders: 1 >LibClamAV debug: CAB: Files: 1 >LibClamAV debug: CAB: File format version: 1.3 >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 69 >LibClamAV debug: CAB: Folder compression method: 0 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: CAB: File record 0 >LibClamAV debug: CAB: File name: clam*exe >LibClamAV debug: CAB: File offset: 0 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:clam*exe:0:544:0:1:0:0x0 >LibClamAV debug: CAB: Extracting file clam*exe to /tmp//clamav-f87de668246814f0274e52388100fc28.tmp, size 544, max_size: 26214400 >LibClamAV debug: CAB: Compression method: STORED >LibClamAV debug: CAB: Length from header 544 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 05b9642706a9fc730b8371d239a9b8f9:621:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS CHM file >LibClamAV debug: cache_check: e938c5e5e17caf5177e5d205ae01524f is negative >LibClamAV debug: in cli_scanmschm() >LibClamAV debug: in cli_chm_open >LibClamAV debug: ---- ITSF ---- >LibClamAV debug: Signature: ITSF >LibClamAV debug: Version: 3 >LibClamAV debug: Header len: 96 >LibClamAV debug: Lang ID: 1045 >LibClamAV debug: Sec0 offset: 96 >LibClamAV debug: Sec0 len: 24 >LibClamAV debug: Dir offset: 120 >LibClamAV debug: Dir len: 4180 >LibClamAV debug: Data offset: 4300 > >LibClamAV debug: ---- ITSP ---- >LibClamAV debug: Signature: ITSP >LibClamAV debug: Version: 1 >LibClamAV debug: Block len: 4096 >LibClamAV debug: Block idx int: 2 >LibClamAV debug: Index depth: 1 >LibClamAV debug: Index root: -1 >LibClamAV debug: Index head: 0 >LibClamAV debug: Index tail: 0 >LibClamAV debug: Num Blocks: 1 >LibClamAV debug: Lang ID: 1033 > >LibClamAV debug: in read_chunk >LibClamAV debug: found CHM_SYS_CONTENT_NAME >LibClamAV debug: found CHM_SYS_CONTROL_NAME >LibClamAV debug: found CHM_SYS_RESETTABLE_NAME >LibClamAV debug: ---- Control ---- >LibClamAV debug: Length: 6 >LibClamAV debug: Signature: LZXC >LibClamAV debug: Version: 2 >LibClamAV debug: Reset Interval: 65536 >LibClamAV debug: Window Size: 65536 >LibClamAV debug: Cache Size: 1 > >LibClamAV debug: ---- Content ---- >LibClamAV debug: Offset: 8688 >LibClamAV debug: Length: 2214 > >LibClamAV debug: ---- Reset Table ---- >LibClamAV debug: Num Entries: 1 >LibClamAV debug: Entry Size: 8 >LibClamAV debug: Table Offset: 40 >LibClamAV debug: Uncom Len: 9094 >LibClamAV debug: Com Len: 2214 >LibClamAV debug: Frame Len: 32768 > >LibClamAV debug: Compressed offset: 8688 >LibClamAV debug: lzx_decompress: end frame = 3 >LibClamAV debug: lzx_decompress: current frame = 0 >LibClamAV debug: lzx_decompress: current frame = 1 >LibClamAV debug: lzx_decompress: bad block type (0x0) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in read_chunk >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: b7d7abe6f39d65408fc0edaae672a845 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: b7d7abe6f39d65408fc0edaae672a845 (level 0) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 9439224e9b1b5a9bb3177cf28460c75c is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 9439224e9b1b5a9bb3177cf28460c75c (level 0) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 840fa05eb051a0834e4515abe67c3e5d is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 840fa05eb051a0834e4515abe67c3e5d (level 0) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 139bd3ec257b12c8c193af09698a2ab5 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 139bd3ec257b12c8c193af09698a2ab5 (level 0) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 264c1275ab9797e4390e88f74ac70392 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 264c1275ab9797e4390e88f74ac70392 (level 0) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 8ef5b3b3e78935dc9eb82193022a05c3 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 8ef5b3b3e78935dc9eb82193022a05c3 (level 0) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Small data (0 bytes) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3006 (no post, no cache) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 285c3651f007aa8237ae2fa4eb24b9b8 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 285c3651f007aa8237ae2fa4eb24b9b8 (level 0) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Small data (4 bytes) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3006 (no post, no cache) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Small data (4 bytes) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3006 (no post, no cache) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: Matched signature for file type HTML data at 48 >LibClamAV debug: cache_check: f78cc15cc20f59e543742138902d407d is negative >LibClamAV debug: in cli_scanhtml() >LibClamAV debug: cli_scanhtml: using tempdir /tmp//clamav-82a5677acc196babefc951a1243f76e6.tmp >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: f78cc15cc20f59e543742138902d407d (level 0) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: Matched signature for file type HTML data at 48 >LibClamAV debug: cache_check: 353eb087a36a4f630680f48e8deae3a8 is negative >LibClamAV debug: in cli_scanhtml() >LibClamAV debug: cli_scanhtml: using tempdir /tmp//clamav-4bfa22880c311cdbc0ddf59855d85ed1.tmp >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 353eb087a36a4f630680f48e8deae3a8 (level 0) >LibClamAV debug: in cli_chm_prepare_file >LibClamAV debug: in cli_chm_extract_file >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: CHM: infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: CHM: Exit code: 1 >LibClamAV debug: FP SIGNATURE: e938c5e5e17caf5177e5d205ae01524f:10950:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ZIP file >LibClamAV debug: cache_check: 66e86fe942aea488a6ca46d3d2c007fd is negative >LibClamAV debug: in cli_unzip >LibClamAV debug: cli_unzip: central @136 >LibClamAV debug: cli_unzip: ch - flags 2 - method 9 - csize 110 - usize 220 - flen 8 - elen 24 - clen 0 - disk 0 - off 0 >LibClamAV debug: cli_unzip: ch - fname: clam.exe >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:272:ef073cfd:9:1:1 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:272:clam.exe:272:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp//clamav-6b97be66f2cdb0dfe7d17f00ddd19dc8.tmp/zip.000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 66e86fe942aea488a6ca46d3d2c007fd:422:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 6b2324ea0df473777f58ca8d59d53ea5 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 809, rva: 893c8 >LibClamAV debug: cli_peheader: parsing version info @ rva 893c8 (1/1) >LibClamAV debug: VersionInfo (31ee2): 'FileVersion'='3, 2, 4, 9' - VI:460069006c006500560065007200730069006f006e000000000033002c00200032002c00200034002c002000 >LibClamAV debug: VersionInfo (31f1a): 'CompiledScript'='AutoIt v3 Script : 3, 2, 4, 9' - VI:43006f006d00700069006c006500640053006300720069007000740000004100750074006f0049007400200076003300200053006300720069007000740020003a00200033002c00200032002c00200034002c00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type AUTOIT at 206848 >LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 64 >LibClamAV debug: AUTOIT signature found at 206848 >LibClamAV debug: in scanautoit() >LibClamAV debug: autoit: magic string '>AUTOIT UNICODE SCRIPT<' >LibClamAV debug: autoit: original filename 'C:\DOCUME~1\acab\IMPOST~1\Temp\autD.tmp' >LibClamAV debug: autoit: compressed size: 1112 >LibClamAV debug: autoit: advertised uncompressed size 57e6 >LibClamAV debug: autoit: ref chksum: 2142245d >LibClamAV debug: autoit: file is compressed >LibClamAV debug: autoit: uncompressed size again: 57e6 >LibClamAV debug: autoit: file successfully extracted >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized UTF-16LE character data >LibClamAV debug: entconv: Encoding UTF-16LE >LibClamAV debug: entconv: iconv:registering atexit >LibClamAV debug: entconv: Initializing iconv pool:0x42417180 >LibClamAV debug: entconv: iconv not found in cache, for encoding:UTF-16LE >LibClamAV debug: entconv: Internal iconv >LibClamAV debug: entconv: iconv_open(),for:UTF-16LE -> 0x4241f670 >LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 >LibClamAV debug: cache_check: 144d97bc59d6944c6cf31e3fca78f432 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 144d97bc59d6944c6cf31e3fca78f432 (level 0) >LibClamAV debug: autoit: magic string 'C:\clam.exe' >LibClamAV debug: autoit: original filename 'C:\clam.exe' >LibClamAV debug: autoit: compressed size: 132 >LibClamAV debug: autoit: advertised uncompressed size 220 >LibClamAV debug: autoit: ref chksum: 204d611b >LibClamAV debug: autoit: file is compressed >LibClamAV debug: autoit: uncompressed size again: 220 >LibClamAV debug: autoit: file successfully extracted >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 6b2324ea0df473777f58ca8d59d53ea5:211738:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 21d1acd7ff5a8ff24b08d07be6f47709 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 809, rva: 9a4e8 >LibClamAV debug: cli_peheader: parsing version info @ rva 9a4e8 (1/1) >LibClamAV debug: VersionInfo (3d31e): 'FileVersion'='3, 2, 8, 1' - VI:460069006c006500560065007200730069006f006e000000000033002c00200032002c00200038002c002000 >LibClamAV debug: VersionInfo (3d356): 'CompiledScript'='AutoIt v3 Script : 3, 2, 8, 1' - VI:43006f006d00700069006c006500640053006300720069007000740000004100750074006f0049007400200076003300200053006300720069007000740020003a00200033002c00200032002c00200038002c00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type AUTOIT at 252928 >LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 64 >LibClamAV debug: AUTOIT signature found at 252928 >LibClamAV debug: in scanautoit() >LibClamAV debug: fpu: Floating point little endian detected. >LibClamAV debug: autoit: magic string '>>>AUTOIT SCRIPT<<<' >LibClamAV debug: autoit: original filename 'C:\DOCUME~1\acab\IMPOST~1\Temp\aut7.tmp' >LibClamAV debug: autoit: compressed size: 1156 >LibClamAV debug: autoit: advertised uncompressed size 4dd1 >LibClamAV debug: autoit: ref chksum: f7b40440 >LibClamAV debug: autoit: file is compressed >LibClamAV debug: autoit: uncompressed size again: 4dd1 >LibClamAV debug: autoit: script has got 331 lines >LibClamAV debug: autoit: script successfully extracted >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 8903cae272bf36a778c2f361ba282d42 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 8903cae272bf36a778c2f361ba282d42 (level 0) >LibClamAV debug: autoit: magic string 'C:\clam.exe' >LibClamAV debug: autoit: original filename 'C:\clam.exe' >LibClamAV debug: autoit: compressed size: 130 >LibClamAV debug: autoit: advertised uncompressed size 220 >LibClamAV debug: autoit: ref chksum: 74306db2 >LibClamAV debug: autoit: file is compressed >LibClamAV debug: autoit: uncompressed size again: 220 >LibClamAV debug: autoit: file successfully extracted >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 21d1acd7ff5a8ff24b08d07be6f47709:257960:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized BinHex file >LibClamAV debug: cache_check: 2ac43b63da9af01c299936b345746126 is negative >LibClamAV debug: in cli_binhex >LibClamAV debug: cli_binhex: decoding 'clam.exe' - 544 bytes of data to /tmp//clamav-8859083c9911d3a992543d80ea0409cd.tmp - 1 bytes or resources to /tmp//clamav-444e9d27e64e80720a38c8f2996990d6.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 2ac43b63da9af01c299936b345746126:833:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized BZip file >LibClamAV debug: cache_check: 6fd6a864ed39180892e6f2e75a0c497f is negative >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: Bzip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: FP SIGNATURE: 6fd6a864ed39180892e6f2e75a0c497f:348:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: Matched signature for file type HTML data >LibClamAV debug: cache_check: 7aede91f6a4399ebc923e196ae01530f is negative >LibClamAV debug: in cli_scanhtml() >LibClamAV debug: cli_scanhtml: using tempdir /tmp//clamav-d1abe38edbbcdbc0557edf3947fda6cd.tmp >LibClamAV debug: RFC2397 data file: /tmp//clamav-d1abe38edbbcdbc0557edf3947fda6cd.tmp/rfc2397/clamav-f85f355d55cf556bf35dbe033abcd8f3.tmp >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MBox file >LibClamAV debug: cache_check: f8c0f87349a4318a414ea00b11643c5b is negative >LibClamAV debug: Starting cli_scanmail(), recursion = 2 >LibClamAV debug: in mbox() >LibClamAV debug: Extract attachments from email 1 >LibClamAV debug: parseEmailHeaders >LibClamAV debug: parseEmailHeaders: check 'From html-normalise' >LibClamAV debug: parseEmailHeaders: check 'Content-type: application/octet-stream;base64' >LibClamAV debug: parseEmailHeader 'Content-type: application/octet-stream;base64' >LibClamAV debug: parseMimeHeader: cmd='Content-type', arg=' application/octet-stream;base64' >LibClamAV debug: messageSetMimeType: 'application' >LibClamAV debug: mimeArgs = 'base64' >LibClamAV debug: Add arguments 'base64' >LibClamAV debug: Can't parse header "base64" >LibClamAV debug: parseEmailHeaders: check 'Content-transfer-encoding: base64' >LibClamAV debug: parseEmailHeader 'Content-transfer-encoding: base64' >LibClamAV debug: parseMimeHeader: cmd='Content-transfer-encoding', arg=' base64' >LibClamAV debug: messageSetEncoding: 'base64' >LibClamAV debug: Encoding type 1 is "base64" >LibClamAV debug: parseEmailHeaders: check '' >LibClamAV debug: End of header information >LibClamAV debug: newline_in_header, check "TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFiDAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExMAENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkABAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAEAAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0AEAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA==" >LibClamAV debug: parseEmailHeaders: finished with headers, moving body >LibClamAV debug: parseEmailHeaders: return >LibClamAV debug: in parseEmailBody, 0 files saved so far >LibClamAV debug: Parsing mail file >LibClamAV debug: mimeType = 1 >LibClamAV debug: messageToFileblob >LibClamAV debug: messageExport: numberOfEncTypes == 1 >LibClamAV debug: messageExport: enctype 0 is 2 >LibClamAV debug: Attachment sent with no filename >LibClamAV debug: messageAddArgument, arg='name=attachment' >LibClamAV debug: blobSetFilename: attachment >LibClamAV debug: fileblobSetFilename: file attachment saved to /tmp//clamav-ea18e86ade5398401fbfcc8234b22d09.tmp/clamav-8e6d388baef38050d559ecd6e65eee4f.tmp >LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFiDAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExMAENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkABAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAEAAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0AEAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' >LibClamAV debug: Exported 543 bytes using enctype 2 >LibClamAV debug: 2 trailing bytes to export >LibClamAV debug: base64chars = 2 (0 @ @) >LibClamAV debug: Saving main message as attachment >LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:attachment:544:544:0:0:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: /tmp//clamav-ea18e86ade5398401fbfcc8234b22d09.tmp/clamav-8e6d388baef38050d559ecd6e65eee4f.tmp is infected >LibClamAV debug: fileblobDestructiveDestroy: /tmp//clamav-ea18e86ade5398401fbfcc8234b22d09.tmp/clamav-8e6d388baef38050d559ecd6e65eee4f.tmp >LibClamAV debug: parseEmailBody() returning 3 >LibClamAV debug: cli_mbox returning 1 >LibClamAV debug: FP SIGNATURE: f8c0f87349a4318a414ea00b11643c5b:829:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: FP SIGNATURE: 7aede91f6a4399ebc923e196ae01530f:782:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MBox file >LibClamAV debug: cache_check: da3221bb1a6b9547dbe894d4483c5032 is negative >LibClamAV debug: Starting cli_scanmail(), recursion = 1 >LibClamAV debug: in mbox() >LibClamAV debug: Extract attachments from email 1 >LibClamAV debug: parseEmailHeaders >LibClamAV debug: parseEmailHeaders: check 'From test@example.com Thu Jul 31 13:49:50 2008' >LibClamAV debug: parseEmailHeaders: check 'From: test@example.com' >LibClamAV debug: parseEmailHeaders: check 'MIME-Version: 1.0' >LibClamAV debug: parseEmailHeaders: check 'Content-Type: Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: parseEmailHeader 'Content-Type: Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: messageSetMimeType: 'Application' >LibClamAV debug: mimeArgs = ' name="clam.exe"' >LibClamAV debug: Add arguments ' name="clam.exe"' >LibClamAV debug: messageAddArgument, arg='name=clam.exe' >LibClamAV debug: parseEmailHeaders: check 'Content-Transfer-Encoding: Base64' >LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: Base64' >LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' Base64' >LibClamAV debug: messageSetEncoding: 'Base64' >LibClamAV debug: Encoding type 1 is "Base64" >LibClamAV debug: parseEmailHeaders: check '' >LibClamAV debug: End of header information >LibClamAV debug: newline_in_header, check "TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" >LibClamAV debug: parseEmailHeaders: finished with headers, moving body >LibClamAV debug: parseEmailHeaders: return >LibClamAV debug: in parseEmailBody, 0 files saved so far >LibClamAV debug: Parsing mail file >LibClamAV debug: mimeType = 1 >LibClamAV debug: messageToFileblob >LibClamAV debug: messageExport: numberOfEncTypes == 1 >LibClamAV debug: messageExport: enctype 0 is 2 >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp//clamav-92f7afec5312f77c18a2736f5dbbebef.tmp/clamav-382f1ce054cb06a846eb4e21f6fc4118.tmp >LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFi' >LibClamAV debug: sanitiseBase64 'DAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExM' >LibClamAV debug: sanitiseBase64 'AENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkA' >LibClamAV debug: sanitiseBase64 'BAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAE' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0A' >LibClamAV debug: sanitiseBase64 'EAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' >LibClamAV debug: Exported 543 bytes using enctype 2 >LibClamAV debug: 2 trailing bytes to export >LibClamAV debug: base64chars = 2 (0 @ @) >LibClamAV debug: Saving main message as attachment >LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:clam.exe:544:544:0:0:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: /tmp//clamav-92f7afec5312f77c18a2736f5dbbebef.tmp/clamav-382f1ce054cb06a846eb4e21f6fc4118.tmp is infected >LibClamAV debug: fileblobDestructiveDestroy: /tmp//clamav-92f7afec5312f77c18a2736f5dbbebef.tmp/clamav-382f1ce054cb06a846eb4e21f6fc4118.tmp >LibClamAV debug: parseEmailBody() returning 3 >LibClamAV debug: cli_mbox returning 1 >LibClamAV debug: FP SIGNATURE: da3221bb1a6b9547dbe894d4483c5032:919:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MBox file >LibClamAV debug: cache_check: 69a26d9c8eda12094e588f66bf85b212 is negative >LibClamAV debug: Starting cli_scanmail(), recursion = 1 >LibClamAV debug: in mbox() >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp//clamav-c84df4cee4fac36c90a1134281d4c2ec.tmp/clamav-4053685ae734c83403cf56769177881d.tmp >LibClamAV debug: uudecode clam.exe >LibClamAV debug: fileblobDestroy: /tmp//clamav-c84df4cee4fac36c90a1134281d4c2ec.tmp/clamav-4053685ae734c83403cf56769177881d.tmp >LibClamAV debug: Extract attachments from email 1 >LibClamAV debug: parseEmailHeaders >LibClamAV debug: parseEmailHeaders: check 'From test@example.com Thu Jul 31 13:51:21 2008' >LibClamAV debug: parseEmailHeaders: check 'From: test@example.com' >LibClamAV debug: parseEmailHeaders: check 'MIME-Version: 1.0' >LibClamAV debug: parseEmailHeaders: check 'Content-Type: Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: parseEmailHeader 'Content-Type: Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: messageSetMimeType: 'Application' >LibClamAV debug: mimeArgs = ' name="clam.exe"' >LibClamAV debug: Add arguments ' name="clam.exe"' >LibClamAV debug: messageAddArgument, arg='name=clam.exe' >LibClamAV debug: parseEmailHeaders: check 'Content-Transfer-Encoding: x-uuencode' >LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: x-uuencode' >LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' x-uuencode' >LibClamAV debug: messageSetEncoding: 'x-uuencode' >LibClamAV debug: Encoding type 1 is "x-uuencode" >LibClamAV debug: parseEmailHeaders: check '' >LibClamAV debug: End of header information >LibClamAV debug: newline_in_header, check "e" >LibClamAV debug: parseEmailHeaders: finished with headers, moving body >LibClamAV debug: parseEmailHeaders: return >LibClamAV debug: in parseEmailBody, 0 files saved so far >LibClamAV debug: Parsing mail file >LibClamAV debug: mimeType = 1 >LibClamAV debug: messageToFileblob >LibClamAV debug: messageExport: numberOfEncTypes == 1 >LibClamAV debug: messageExport: enctype 0 is 5 >LibClamAV debug: messageExport: treat uuencode as text/plain >LibClamAV debug: messageSetEncoding: 'base64' >LibClamAV debug: Encoding type 2 is "base64" >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp//clamav-c84df4cee4fac36c90a1134281d4c2ec.tmp/clamav-73a7eae728cc590cd1d388cce3d40dcb.tmp >LibClamAV debug: textToFileBlob to clam.exe, destroy = 0 >LibClamAV debug: fileblobDestroy: /tmp//clamav-c84df4cee4fac36c90a1134281d4c2ec.tmp/clamav-73a7eae728cc590cd1d388cce3d40dcb.tmp >LibClamAV debug: messageExport: enctype 1 is 2 >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp//clamav-c84df4cee4fac36c90a1134281d4c2ec.tmp/clamav-8ba7af78b670d98fffb52769cbc111a4.tmp >LibClamAV debug: sanitiseBase64 'e' >LibClamAV debug: Exported 0 bytes using enctype 2 >LibClamAV debug: 1 trailing bytes to export >LibClamAV debug: base64chars = 1 (@ @ @) >LibClamAV debug: Saving main message as attachment >LibClamAV debug: fileblobScan, ctx == NULL >LibClamAV debug: fileblobDestroy: /tmp//clamav-c84df4cee4fac36c90a1134281d4c2ec.tmp/clamav-8ba7af78b670d98fffb52769cbc111a4.tmp >LibClamAV debug: Saving text part to scan, rc = 1 >LibClamAV debug: messageAddArgument, arg='filename=textportion' >LibClamAV debug: Force mime encoding to application >LibClamAV debug: messageSetMimeType: 'application' >LibClamAV debug: messageToFileblob >LibClamAV debug: parseEmailBody() returning 1 >LibClamAV debug: cli_mbox returning 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 69a26d9c8eda12094e588f66bf85b212:960:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized RTF file >LibClamAV debug: cache_check: 04cf3829d62e39af9ac138a38ed73117 is negative >LibClamAV debug: in cli_scanrtf() >LibClamAV debug: RTF: waiting for magic >LibClamAV debug: RTF: description length:8 >LibClamAV debug: RTF: in WAIT_DESC >LibClamAV debug: Preparing to dump rtf embedded object, description:Package >LibClamAV debug: RTF: next state: wait_data_size >LibClamAV debug: RTF: in WAIT_DATA_SIZE >LibClamAV debug: Dumping rtf embedded object of size:639 >LibClamAV debug: RTF: next state: DUMP_DATA >LibClamAV debug: RTF:Scanning embedded object:/tmp//clamav-1bf97b94e9d1e9e3711eedf7202fa413.tmp/clamav-6a0e47081a47b3b64279759c461bf9e4.tmp >LibClamAV debug: Decoding ole object >LibClamAV debug: cli_decode_ole_object: decoding to /tmp//clamav-60f2788fbfb1b32a9275685fc05d81d1.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 04cf3829d62e39af9ac138a38ed73117:20255:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized compress.exed file >LibClamAV debug: cache_check: e24d74f1524609277d2af5b497121a41 is negative >LibClamAV debug: in cli_scanszdd() >LibClamAV debug: MSEXPAND: File size from header: 544 >LibClamAV debug: MSEXPAND: Decompressed into /tmp//clamav-c974e14938dcb9eb7717b1baff17a229.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: e24d74f1524609277d2af5b497121a41:308:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ZIP file >LibClamAV debug: cache_check: 0048ab72da0177e75e852bdce3fdd69e is negative >LibClamAV debug: in cli_unzip >LibClamAV debug: cli_unzip: central @13e >LibClamAV debug: cli_unzip: ch - flags 0 - method 6 - csize 118 - usize 220 - flen 8 - elen 0 - clen 0 - disk 0 - off 0 >LibClamAV debug: cli_unzip: ch - fname: CLAM.EXE >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:CLAM.EXE:544:280:ef073cfd:6:1:1 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:280:CLAM.EXE:280:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp//clamav-9581b7991f8a23738b47ac7c125f9669.tmp/zip.000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 0048ab72da0177e75e852bdce3fdd69e:394:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 2ede2afebefe66b71744584bbfd004c9 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: Matched signature for file type ISO9660 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ISO9660 signature found at 32768 >LibClamAV debug: in cli_scaniso >LibClamAV debug: cli_scaniso: Raw sector size: 2048 >LibClamAV debug: cli_scaniso: Block size: 2048 >LibClamAV debug: cli_scaniso: Volume descriptor version: 1 >LibClamAV debug: cli_scaniso: System: LINUX >LibClamAV debug: cli_scaniso: Volume: CDROM >LibClamAV debug: cli_scaniso: Volume space size: 0xb0 blocks >LibClamAV debug: cli_scaniso: Volume 1 of 1 >LibClamAV debug: cli_scaniso: Volume Set: >LibClamAV debug: cli_scaniso: Publisher: >LibClamAV debug: cli_scaniso: Data Preparer: >LibClamAV debug: cli_scaniso: Application: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM >LibClamAV debug: cli_scaniso: Volume creation time: 2011-11-22 19:06:50 >LibClamAV debug: cli_scaniso: Volume modification time: 2011-11-22 19:06:50 >LibClamAV debug: cli_scaniso: Volume expiration time: 0000-00-00 00:00:00 >LibClamAV debug: cli_scaniso: Volume effective time: 2011-11-22 19:06:50 >LibClamAV debug: cli_scaniso: Path table size: 0x16 >LibClamAV debug: cli_scaniso: LSB Path Table: 0x13 >LibClamAV debug: cli_scaniso: Opt LSB Path Table: 0x0 >LibClamAV debug: cli_scaniso: MSB Path Table: 0x15 >LibClamAV debug: cli_scaniso: Opt MSB Path Table: 0x0 >LibClamAV debug: cli_scaniso: File Structure Version: 1 >LibClamAV debug: iso_parse_dir: Directory 'DIR': off 18 - size 800 - flags 2 - unit size 0 - gap size 0 - volume 1 >LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:2048:DIR:2048:2048:0:0:0:0x0 >LibClamAV debug: iso_parse_dir: File 'CLAM.EXE': off 19 - size 220 - flags 0 - unit size 0 - gap size 0 - volume 1 >LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:544:CLAM.EXE:544:544:0:0:0:0x0 >LibClamAV debug: iso_scan_file: dumping to /tmp//clamav-5b520c8558cb2789806d302bd68cb30a.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 1024 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 2ede2afebefe66b71744584bbfd004c9:360448:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized Exim mail file >LibClamAV debug: cache_check: a57a8f14a6d5a0ec8d373d646ce1f88a is negative >LibClamAV debug: Starting cli_scanmail(), recursion = 1 >LibClamAV debug: in mbox() >LibClamAV debug: parseEmailFile >LibClamAV debug: parseEmailFile: check 'From: ClamAV' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'To: ClamAV' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'Subject: ClamAV Test File' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'Message-ID: <20080603232833.1aeaf8f1@ClamAV>' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'Organization: ClamAV' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'Mime-Version: 1.0' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'Content-Type: multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' fullline 0x0 >LibClamAV debug: parseEmailHeader 'Content-Type: multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' >LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' >LibClamAV debug: messageSetMimeType: 'multipart' >LibClamAV debug: mimeArgs = ' boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' >LibClamAV debug: Add arguments ' boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' >LibClamAV debug: messageAddArgument, arg='boundary=MP_/6OvrPH9HEPZRUCVu6uT=Fey' >LibClamAV debug: parseEmailFile: check '' fullline 0x0 >LibClamAV debug: End of header information >LibClamAV debug: newline_in_header, check "--MP_/6OvrPH9HEPZRUCVu6uT=Fey" >LibClamAV debug: getline_from_mbox: fmap need failed >LibClamAV debug: parseEmailFile: return >LibClamAV debug: in parseEmailBody, 0 files saved so far >LibClamAV debug: Parsing mail file >LibClamAV debug: mimeType = 5 >LibClamAV debug: Content-type 'multipart' handler >LibClamAV debug: boundaryStart: found MP_/6OvrPH9HEPZRUCVu6uT=Fey in --MP_/6OvrPH9HEPZRUCVu6uT=Fey >LibClamAV debug: Now read in part 0 >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type: text/plain; charset=US-ASCII' >LibClamAV debug: parseEmailHeader 'Content-Type: text/plain; charset=US-ASCII' >LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' text/plain; charset=US-ASCII' >LibClamAV debug: messageSetMimeType: 'text' >LibClamAV debug: mimeArgs = ' charset=US-ASCII' >LibClamAV debug: Add arguments ' charset=US-ASCII' >LibClamAV debug: messageAddArgument, arg='charset=US-ASCII' >LibClamAV debug: Discarding unwanted argument 'charset=US-ASCII' >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Transfer-Encoding: 7bit' >LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: 7bit' >LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' 7bit' >LibClamAV debug: messageSetEncoding: '7bit' >LibClamAV debug: Encoding type 1 is "7bit" >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Disposition: inline' >LibClamAV debug: parseEmailHeader 'Content-Disposition: inline' >LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' inline' >LibClamAV debug: messageAddArgument, arg='filename=unknown' >LibClamAV debug: Multipart 0: End of header information >LibClamAV debug: boundaryStart: found MP_/6OvrPH9HEPZRUCVu6uT=Fey in --MP_/6OvrPH9HEPZRUCVu6uT=Fey >LibClamAV debug: Part 0 has 1 lines, rc = 1 >LibClamAV debug: Mixed message part 0 is of type 6 >LibClamAV debug: Mixed message text part disposition "inline" >LibClamAV debug: Mime subtype "plain" >LibClamAV debug: Treating inline as attachment >LibClamAV debug: messageToFileblob >LibClamAV debug: messageExport: numberOfEncTypes == 1 >LibClamAV debug: messageExport: enctype 0 is 0 >LibClamAV debug: messageSetEncoding: 'base64' >LibClamAV debug: Encoding type 2 is "base64" >LibClamAV debug: blobSetFilename: unknown >LibClamAV debug: fileblobSetFilename: file unknown saved to /tmp//clamav-7021147a5d36a6ea5ef4a8a02b063ceb.tmp/clamav-8b1e74c2b4a4812e492e6a5b07f79f0f.tmp >LibClamAV debug: textToFileBlob to unknown, destroy = 0 >LibClamAV debug: fileblobDestroy: /tmp//clamav-7021147a5d36a6ea5ef4a8a02b063ceb.tmp/clamav-8b1e74c2b4a4812e492e6a5b07f79f0f.tmp >LibClamAV debug: messageExport: enctype 1 is 2 >LibClamAV debug: blobSetFilename: unknown >LibClamAV debug: fileblobSetFilename: file unknown saved to /tmp//clamav-7021147a5d36a6ea5ef4a8a02b063ceb.tmp/clamav-63c4155962a8a6f0149f4d2bca5ff97f.tmp >LibClamAV debug: sanitiseBase64 'This is a ClamAV test file with embedded clam.exe' >LibClamAV debug: Exported 30 bytes using enctype 2 >LibClamAV debug: CDBNAME:CL_TYPE_MAIL:30:unknown:30:30:0:0:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 8fe7d75a1adb2d661f9f622b32fb503b is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 8fe7d75a1adb2d661f9f622b32fb503b (level 0) >LibClamAV debug: /tmp//clamav-7021147a5d36a6ea5ef4a8a02b063ceb.tmp/clamav-63c4155962a8a6f0149f4d2bca5ff97f.tmp is clean >LibClamAV debug: fileblobDestructiveDestroy: /tmp//clamav-7021147a5d36a6ea5ef4a8a02b063ceb.tmp/clamav-63c4155962a8a6f0149f4d2bca5ff97f.tmp >LibClamAV debug: Now read in part 0 >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type: application/x-ms-dos-executable; name=clam.exe' >LibClamAV debug: parseEmailHeader 'Content-Type: application/x-ms-dos-executable; name=clam.exe' >LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' application/x-ms-dos-executable; name=clam.exe' >LibClamAV debug: messageSetMimeType: 'application' >LibClamAV debug: mimeArgs = ' name=clam.exe' >LibClamAV debug: Add arguments ' name=clam.exe' >LibClamAV debug: messageAddArgument, arg='name=clam.exe' >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Transfer-Encoding: base64' >LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: base64' >LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' base64' >LibClamAV debug: messageSetEncoding: 'base64' >LibClamAV debug: Encoding type 1 is "base64" >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Disposition: attachment; filename=clam.exe' >LibClamAV debug: parseEmailHeader 'Content-Disposition: attachment; filename=clam.exe' >LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' attachment; filename=clam.exe' >LibClamAV debug: messageAddArgument, arg='filename=clam.exe' >LibClamAV debug: Multipart 0: End of header information >LibClamAV debug: Part 0 has 11 lines, rc = 1 >LibClamAV debug: Mixed message part 0 is of type 1 >LibClamAV debug: messageToFileblob >LibClamAV debug: messageExport: numberOfEncTypes == 1 >LibClamAV debug: messageExport: enctype 0 is 2 >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp//clamav-7021147a5d36a6ea5ef4a8a02b063ceb.tmp/clamav-01faeb1cb235621c05cb6e1c787b1dde.tmp >LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFi' >LibClamAV debug: sanitiseBase64 'DAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExM' >LibClamAV debug: sanitiseBase64 'AENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkA' >LibClamAV debug: sanitiseBase64 'BAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAE' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0A' >LibClamAV debug: sanitiseBase64 'EAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' >LibClamAV debug: Exported 543 bytes using enctype 2 >LibClamAV debug: 2 trailing bytes to export >LibClamAV debug: base64chars = 2 (0 @ @) >LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:clam.exe:544:544:0:0:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: /tmp//clamav-7021147a5d36a6ea5ef4a8a02b063ceb.tmp/clamav-01faeb1cb235621c05cb6e1c787b1dde.tmp is infected >LibClamAV debug: fileblobDestructiveDestroy: /tmp//clamav-7021147a5d36a6ea5ef4a8a02b063ceb.tmp/clamav-01faeb1cb235621c05cb6e1c787b1dde.tmp >LibClamAV debug: The message has 0 parts >LibClamAV debug: cli_mbox returning 1 >LibClamAV debug: FP SIGNATURE: a57a8f14a6d5a0ec8d373d646ce1f88a:1337:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized CPIO NEWC file >LibClamAV debug: cache_check: 0ad868ed626c3cdcd924d83d1dd85ead is negative >LibClamAV debug: CPIO: -- File 1 -- >LibClamAV debug: CPIO: Name: clam.exe >LibClamAV debug: CPIO: Filesize: 544 >LibClamAV debug: CDBNAME:CL_TYPE_CPIO_NEWC:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_map_scan: [120, +544) >LibClamAV debug: cli_map_scandesc: [0, +1024), [120, +544) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 0ad868ed626c3cdcd924d83d1dd85ead:1024:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized CPIO ODC file >LibClamAV debug: cache_check: b874713310858f4299be1b41d31e4674 is negative >LibClamAV debug: CPIO: -- File 1 -- >LibClamAV debug: CPIO: Name: clam.exe >LibClamAV debug: CPIO: Filesize: 544 >LibClamAV debug: CDBNAME:CL_TYPE_CPIO_ODC:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_map_scan: [85, +544) >LibClamAV debug: cli_map_scandesc: [0, +1024), [85, +544) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: b874713310858f4299be1b41d31e4674:1024:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized OLE2 container file >LibClamAV debug: cache_check: 72f471de3952aa10e0c729443ad7f65e is negative >LibClamAV debug: in cli_scanole2() >LibClamAV debug: in cli_ole2_extract() >LibClamAV debug: >Magic: 0xLibClamAV debug: d0LibClamAV debug: cfLibClamAV debug: 11LibClamAV debug: e0LibClamAV debug: a1LibClamAV debug: b1LibClamAV debug: 1aLibClamAV debug: e1LibClamAV debug: >LibClamAV debug: CLSID: {LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: } >LibClamAV debug: Minor version: 0x3e >LibClamAV debug: DLL version: 0x3 >LibClamAV debug: Byte Order: -2 >LibClamAV debug: Big Block Size: 9 >LibClamAV debug: Small Block Size: 6 >LibClamAV debug: BAT count: 1 >LibClamAV debug: Prop start: 18 >LibClamAV debug: SBAT cutoff: 4096 >LibClamAV debug: SBat start: 20 >LibClamAV debug: SBat block count: 1 >LibClamAV debug: XBat start: -2 >LibClamAV debug: XBat block count: 0 > >LibClamAV debug: Max block number: 248 >LibClamAV debug: OLE2: VBA project found >LibClamAV debug: OLE2: root entry [root] b size:0x00000f80 flags:0x00000000 >LibClamAV debug: OLE2: _5_summaryinformation [file] b size:0x0000019c flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_summaryinformation' to '/tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/8f77ea59a4794f91b39913db2e55f3fc_0' >LibClamAV debug: OLE2: _5_documentsummaryinformation [file] b size:0x0000011c flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_documentsummaryinformation' to '/tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/c94e3926fdf7b9e624cba640b87b17a8_0' >LibClamAV debug: OLE2: worddocument [file] b size:0x0000102e flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping 'worddocument' to '/tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/126ea3fd0ff7f18c9c5eec0c07398c49_0' >LibClamAV debug: OLE2: 1table [file] r size:0x00000847 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '1table' to '/tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/0e2af3cf7b22050354734d7eb56b80d3_0' >LibClamAV debug: OLE2: objectpool [dir ] b size:0x00000000 flags:0x00000000 >LibClamAV debug: OLE2 dir entry: /tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/000003 >LibClamAV debug: OLE2: _1279313719 [dir ] b size:0x00000000 flags:0x00000000 >LibClamAV debug: OLE2 dir entry: /tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/000003/000004 >LibClamAV debug: OLE2: _1_compobj [file] b size:0x00000052 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/000003/000004/88144fbcb62650fa72c360688f4772c7_0' >LibClamAV debug: OLE2: _3_objinfo [file] b size:0x00000006 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_3_objinfo' to '/tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/000003/000004/b716b79df7921f86c7532913ba9e5562_0' >LibClamAV debug: OLE2: _1_ole10native [file] r size:0x00000255 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole10native' to '/tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/000003/000004/e74f5f7bbf0b77708bc591157d708d3d_0' >LibClamAV debug: OLE2: _1_ole [file] b size:0x00000014 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole' to '/tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/000003/000004/4d5f109dc1c0609112df3a2e6f747fea_0' >LibClamAV debug: OLE2: _1_compobj [file] r size:0x00000075 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/88144fbcb62650fa72c360688f4772c7_1' >LibClamAV debug: OLE2: data [file] b size:0x00001000 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping 'data' to '/tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/8d777f385d3dfec8815d20f7496026dc_0' >LibClamAV debug: VBADir: /tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp >LibClamAV debug: wm_readdir: macro offset: 0x41c0000 >LibClamAV debug: wm_readdir: macro len: 0x160000 > >LibClamAV debug: wm_readdir: read macro_info failed >LibClamAV debug: VBADir: /tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/000003 >LibClamAV debug: VBADir: /tmp//clamav-e56f1e0120afe8a4d3fca30bf1da70c8.tmp/000003/000004 >LibClamAV debug: cli_decode_ole_object: decoding to /tmp//clamav-1d8eac9dabc3a5f7b1527147122e7759.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 72f471de3952aa10e0c729443ad7f65e:16384:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized PDF document file >LibClamAV debug: cache_check: f6a7821809bff648e8dbd72f027f3850 is negative >LibClamAV debug: in cli_pdf(/tmp//clamav-706fcda0f918779f1cbb8c2a50155bfc.tmp) >LibClamAV debug: cli_pdf: did not find valid xref >LibClamAV debug: Bytecode executing hook id 258 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_pdf: found 1 0 obj @26 >LibClamAV debug: cli_pdf: found 2 0 obj @100 >LibClamAV debug: cli_pdf: found 3 0 obj @270 >LibClamAV debug: cli_pdf: found 4 0 obj @338 >LibClamAV debug: cli_pdf: found 5 0 obj @1719 >LibClamAV debug: cli_pdf: found 6 0 obj @1925 >LibClamAV debug: cli_pdf: found 7 0 obj @1963 >LibClamAV debug: cli_pdf: found 8 0 obj @2016 >LibClamAV debug: cli_pdf: found 9 0 obj @2054 >LibClamAV debug: cli_pdf: found 10 0 obj @2484 >LibClamAV debug: cli_pdf: found 11 0 obj @2773 >LibClamAV debug: cli_pdf: found 12 0 obj @5181 >LibClamAV debug: cli_pdf: found 13 0 obj @5283 >LibClamAV debug: cli_pdf: found 14 0 obj @5308 >LibClamAV debug: cli_pdf: found 15 0 obj @5729 >LibClamAV debug: cli_pdf: found 16 0 obj @6391 >LibClamAV debug: cli_pdf: found 17 0 obj @6474 >LibClamAV debug: cli_pdf: 1 0 obj flags: 02 >LibClamAV debug: cli_pdf: 2 0 obj flags: 02 >LibClamAV debug: cli_pdf: 3 0 obj flags: 02 >LibClamAV debug: cli_pdf: 4 0 obj flags: 03 >LibClamAV debug: cli_pdf: found Contents stored in indirect object 14 0 >LibClamAV debug: cli_pdf: 5 0 obj flags: 800002 >LibClamAV debug: cli_pdf: 6 0 obj flags: 02 >LibClamAV debug: cli_pdf: 7 0 obj flags: 02 >LibClamAV debug: cli_pdf: 8 0 obj flags: 02 >LibClamAV debug: cli_pdf: 9 0 obj flags: 02 >LibClamAV debug: cli_pdf: 10 0 obj flags: 20002 >LibClamAV debug: cli_pdf: 11 0 obj flags: 10023 >LibClamAV debug: cli_pdf: 12 0 obj flags: 02 >LibClamAV debug: cli_pdf: 13 0 obj: no dictionary >LibClamAV debug: cli_pdf: 14 0 obj flags: 1010023 >LibClamAV debug: cli_pdf: 15 0 obj flags: 07 >LibClamAV debug: cli_pdf: 16 0 obj flags: 02 >LibClamAV debug: cli_pdf: 17 0 obj flags: 1000002 >LibClamAV debug: Bytecode executing hook id 258 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_pdf: (parsed hooks) returned 0 >LibClamAV debug: pdf_extract_obj: obj 1 0 >LibClamAV debug: pdf_extract_obj: obj 2 0 >LibClamAV debug: pdf_extract_obj: obj 3 0 >LibClamAV debug: pdf_extract_obj: obj 4 0 >LibClamAV debug: cli_pdf: dumping obj 4 0 >LibClamAV debug: cli_pdf: extracted 1287 bytes 4 0 obj to /tmp//clamav-706fcda0f918779f1cbb8c2a50155bfc.tmp/pdf00 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: afeb29d29db00e7b0a56c1095a45152c is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: afeb29d29db00e7b0a56c1095a45152c (level 0) >LibClamAV debug: Bytecode executing hook id 258 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: pdf_extract_obj: obj 5 0 >LibClamAV debug: pdf_extract_obj: obj 6 0 >LibClamAV debug: pdf_extract_obj: obj 7 0 >LibClamAV debug: pdf_extract_obj: obj 8 0 >LibClamAV debug: pdf_extract_obj: obj 9 0 >LibClamAV debug: pdf_extract_obj: obj 10 0 >LibClamAV debug: pdf_extract_obj: obj 11 0 >LibClamAV debug: cli_pdf: dumping obj 11 0 >LibClamAV debug: cli_pdf: deflate len 2305 (orig 2305) >LibClamAV debug: cli_pdf: extracted 2957 bytes 11 0 obj to /tmp//clamav-706fcda0f918779f1cbb8c2a50155bfc.tmp/pdf01 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 00caa7c99f05f5c47d95c516d38c6f1e is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 00caa7c99f05f5c47d95c516d38c6f1e (level 0) >LibClamAV debug: Bytecode executing hook id 258 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: pdf_extract_obj: obj 12 0 >LibClamAV debug: pdf_extract_obj: obj 13 0 >LibClamAV debug: pdf_extract_obj: obj 14 0 >LibClamAV debug: cli_pdf: dumping obj 14 0 >LibClamAV debug: cli_pdf: length is in indirect object 13 0 >LibClamAV debug: cli_pdf: deflate len 334 (orig 334) >LibClamAV debug: cli_pdf: extracted 662 bytes 14 0 obj to /tmp//clamav-706fcda0f918779f1cbb8c2a50155bfc.tmp/pdf02 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: d6ceddd633b1dcc23e459f9579bde3b5 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: d6ceddd633b1dcc23e459f9579bde3b5 (level 0) >LibClamAV debug: Bytecode executing hook id 258 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_pdf: dumping contents 14 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 33af3356d8761430f7c7c76d93613f9a is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 33af3356d8761430f7c7c76d93613f9a (level 0) >LibClamAV debug: pdf_extract_obj: obj 15 0 >LibClamAV debug: cli_pdf: dumping obj 15 0 >LibClamAV debug: cli_pdf: extracted 544 bytes 15 0 obj to /tmp//clamav-706fcda0f918779f1cbb8c2a50155bfc.tmp/pdf03 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: cli_pdf: returning 1 >LibClamAV debug: FP SIGNATURE: f6a7821809bff648e8dbd72f027f3850:7277:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized OLE2 container file >LibClamAV debug: cache_check: 5cc36bead5044641bf74a209721220df is negative >LibClamAV debug: in cli_scanole2() >LibClamAV debug: in cli_ole2_extract() >LibClamAV debug: >Magic: 0xLibClamAV debug: d0LibClamAV debug: cfLibClamAV debug: 11LibClamAV debug: e0LibClamAV debug: a1LibClamAV debug: b1LibClamAV debug: 1aLibClamAV debug: e1LibClamAV debug: >LibClamAV debug: CLSID: {LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: } >LibClamAV debug: Minor version: 0x3e >LibClamAV debug: DLL version: 0x3 >LibClamAV debug: Byte Order: -2 >LibClamAV debug: Big Block Size: 9 >LibClamAV debug: Small Block Size: 6 >LibClamAV debug: BAT count: 1 >LibClamAV debug: Prop start: 1 >LibClamAV debug: SBAT cutoff: 4096 >LibClamAV debug: SBat start: 2 >LibClamAV debug: SBat block count: 1 >LibClamAV debug: XBat start: -2 >LibClamAV debug: XBat block count: 0 > >LibClamAV debug: Max block number: 520 >LibClamAV debug: OLE2: VBA project found >LibClamAV debug: OLE2: root entry [root] r size:0x00000c80 flags:0x00000000 >LibClamAV debug: OLE2: _5_summaryinformation [file] b size:0x00005500 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_summaryinformation' to '/tmp//clamav-7f66614092a8418e3769015b3a2fbb3c.tmp/8f77ea59a4794f91b39913db2e55f3fc_0' >LibClamAV debug: OLE2: powerpoint document [file] b size:0x0000143e flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping 'powerpoint document' to '/tmp//clamav-7f66614092a8418e3769015b3a2fbb3c.tmp/87320d137f01f7b183eb533a1de6c62a_0' >LibClamAV debug: OLE2: _5_documentsummaryinformation [file] r size:0x00000238 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_documentsummaryinformation' to '/tmp//clamav-7f66614092a8418e3769015b3a2fbb3c.tmp/c94e3926fdf7b9e624cba640b87b17a8_0' >LibClamAV debug: OLE2: pictures [file] b size:0x000009ce flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping 'pictures' to '/tmp//clamav-7f66614092a8418e3769015b3a2fbb3c.tmp/9ed98e5c3e9685aa3de82c99009a2ed3_0' >LibClamAV debug: OLE2: current user [file] r size:0x0000002c flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping 'current user' to '/tmp//clamav-7f66614092a8418e3769015b3a2fbb3c.tmp/031e0a965ce78208b44b47340128ed45_0' >LibClamAV debug: VBADir: /tmp//clamav-7f66614092a8418e3769015b3a2fbb3c.tmp >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x0f >LibClamAV debug: instance: 0x00 >LibClamAV debug: type: 0x03e8 >LibClamAV debug: length: 0x000004dc >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x0f >LibClamAV debug: instance: 0x00 >LibClamAV debug: type: 0x03f8 >LibClamAV debug: length: 0x00000a46 >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x0f >LibClamAV debug: instance: 0x00 >LibClamAV debug: type: 0x03ee >LibClamAV debug: length: 0x0000020c >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x00 >LibClamAV debug: instance: 0x01 >LibClamAV debug: type: 0x1011 >LibClamAV debug: length: 0x000002b0 >LibClamAV debug: length: 684 >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x00 >LibClamAV debug: instance: 0x00 >LibClamAV debug: type: 0x1772 >LibClamAV debug: length: 0x00000014 >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x00 >LibClamAV debug: instance: 0x00 >LibClamAV debug: type: 0x0ff5 >LibClamAV debug: length: 0x0000001c >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: read ppt_header failed >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized OLE2 container file >LibClamAV debug: cache_check: 34bbee039661ffefe723e4c053c4349e is negative >LibClamAV debug: in cli_scanole2() >LibClamAV debug: in cli_ole2_extract() >LibClamAV debug: >Magic: 0xLibClamAV debug: d0LibClamAV debug: cfLibClamAV debug: 11LibClamAV debug: e0LibClamAV debug: a1LibClamAV debug: b1LibClamAV debug: 1aLibClamAV debug: e1LibClamAV debug: >LibClamAV debug: CLSID: {LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: } >LibClamAV debug: Minor version: 0x3e >LibClamAV debug: DLL version: 0x3 >LibClamAV debug: Byte Order: -2 >LibClamAV debug: Big Block Size: 9 >LibClamAV debug: Small Block Size: 6 >LibClamAV debug: BAT count: 1 >LibClamAV debug: Prop start: 2 >LibClamAV debug: SBAT cutoff: 4096 >LibClamAV debug: SBat start: 4 >LibClamAV debug: SBat block count: 1 >LibClamAV debug: XBat start: -2 >LibClamAV debug: XBat block count: 0 > >LibClamAV debug: Max block number: 56 >LibClamAV debug: OLE2: VBA project found >LibClamAV debug: OLE2: root entry [root] r size:0x000003c0 flags:0x00000000 >LibClamAV debug: OLE2: _1_ole10native [file] b size:0x00000307 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole10native' to '/tmp//clamav-b5ce80df66c95e8781cc2e1b44b08978.tmp/e74f5f7bbf0b77708bc591157d708d3d_0' >LibClamAV debug: OLE2: _1_compobj [file] r size:0x0000004c flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/tmp//clamav-b5ce80df66c95e8781cc2e1b44b08978.tmp/88144fbcb62650fa72c360688f4772c7_0' >LibClamAV debug: VBADir: /tmp//clamav-b5ce80df66c95e8781cc2e1b44b08978.tmp >LibClamAV debug: cli_decode_ole_object: decoding to /tmp//clamav-39a566deac5acab8a476345c3bb55705.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 34bbee039661ffefe723e4c053c4349e:4096:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: FP SIGNATURE: 5cc36bead5044641bf74a209721220df:33793:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: Matched signature for file type SIS at 8 >LibClamAV debug: cache_check: 9af10e8bc42125f1b471a69e0104e09e is negative >LibClamAV debug: in scansis() >LibClamAV debug: SIS: UIDS 1000000 10003a12 10000419 - 73854f24 >LibClamAV debug: SIS: Application name: >LibClamAV debug: Name (UK English - @146, len 8) >LibClamAV debug: SIS: Provides: >LibClamAV debug: Name (UK English - @146, len 8) >LibClamAV debug: SIS: Depends on: >LibClamAV debug: UID: 101f6f88 v. 0.0.0 > aka: >LibClamAV debug: Series60ProductID (UK English - @124, len 34) >LibClamAV debug: SIS: Package is compressed >LibClamAV debug: SIS: Pkgtype: 0 >LibClamAV debug: SIS: File details: > Options: 0 > Type: simple >LibClamAV debug: Original filename: C:\Users\zolw\AppData\Local\Temp\MKS0\clam.exe >LibClamAV debug: Installed to: !:\clam.exe >LibClamAV debug: Unpacking lang#0 - ptr:14e csize:106 osize:220 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 9af10e8bc42125f1b471a69e0104e09e:596:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 4e05da42c0edfad9adc8103c1319a39f is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: d67efc70fcf79eca10063916930e446f is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-ab97cc000abe9d30956369fbc7eee3f7.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 6032, [13620 in octal] >LibClamAV debug: cli_untar: Checksum 6032 is valid. >LibClamAV debug: cli_untar: size = 40 >LibClamAV debug: cli_untar: skipping entry >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: Candidate checksum = 5489, [12561 in octal] >LibClamAV debug: cli_untar: Checksum 5489 is valid. >LibClamAV debug: cli_untar: size = 544 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-ab97cc000abe9d30956369fbc7eee3f7.tmp/tar01 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: cli_untar: pos = 2560 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: d67efc70fcf79eca10063916930e446f:10240:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: FP SIGNATURE: 4e05da42c0edfad9adc8103c1319a39f:486:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized TNEF file >LibClamAV debug: cache_check: 9417e3d9e9e227fc029204a23d2b5bf1 is negative >LibClamAV debug: message tag 0x9006, type 0x8, length 4 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x9006, type 0x8, length 4 >LibClamAV debug: message tag 0x9007, type 0x6, length 8 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x9007, type 0x6, length 8 >LibClamAV debug: message tag 0x8008, type 0x7, length 24 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x8008, type 0x7, length 24 >LibClamAV debug: message tag 0x800d, type 0x4, length 2 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x800d, type 0x4, length 2 >LibClamAV debug: message tag 0x8004, type 0x1, length 48 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x8004, type 0x1, length 48 >LibClamAV debug: message tag 0x9, type 0x4, length 2 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x9, type 0x4, length 2 >LibClamAV debug: message tag 0x8006, type 0x3, length 14 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x8006, type 0x3, length 14 >LibClamAV debug: message tag 0x8020, type 0x2, length 52 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x8020, type 0x2, length 52 >LibClamAV debug: message tag 0x9004, type 0x6, length 124 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x9004, type 0x6, length 124 >LibClamAV debug: message tag 0x9003, type 0x6, length 2892 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x9003, type 0x6, length 2892 >LibClamAV debug: message tag 0x9002, type 0x6, length 14 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x9002, type 0x6, length 14 >LibClamAV debug: TNEF - unsupported attachment tag 0x9002 type 0x6 length 14 >LibClamAV debug: message tag 0x8013, type 0x3, length 14 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x8013, type 0x3, length 14 >LibClamAV debug: TNEF - unsupported attachment tag 0x8013 type 0x3 length 14 >LibClamAV debug: message tag 0x800f, type 0x6, length 544 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x800f, type 0x6, length 544 >LibClamAV debug: message tag 0x8010, type 0x1, length 9 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x8010, type 0x1, length 9 >LibClamAV debug: TNEF filename clam.exe >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp//clamav-33e8d59dc0c98c7b6754c5bc8267f25b.tmp/clamav-d8baedea11a6ca2eaa390c9114622766.tmp >LibClamAV debug: message tag 0x8011, type 0x6, length 5624 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x8011, type 0x6, length 5624 >LibClamAV debug: TNEF - unsupported attachment tag 0x8011 type 0x6 length 5624 >LibClamAV debug: message tag 0x9005, type 0x6, length 180 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x9005, type 0x6, length 180 >LibClamAV debug: TNEF - unsupported attachment tag 0x9005 type 0x6 length 180 >LibClamAV debug: tnef_header: ignoring trailing newline >LibClamAV debug: cli_tnef: flushing final data >LibClamAV debug: fileblobDestroy: /tmp//clamav-33e8d59dc0c98c7b6754c5bc8267f25b.tmp/clamav-d8baedea11a6ca2eaa390c9114622766.tmp >LibClamAV debug: cli_tnef: returning 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 9417e3d9e9e227fc029204a23d2b5bf1:9738:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ZIP file >LibClamAV debug: cache_check: 37ee24a41abc0fdbe8ee342ededf33ef is negative >LibClamAV debug: in cli_unzip >LibClamAV debug: cli_unzip: central @13b >LibClamAV debug: cli_unzip: ch - flags 0 - method 8 - csize 100 - usize 220 - flen 8 - elen d - clen 0 - disk 0 - off 0 >LibClamAV debug: cli_unzip: ch - fname: clam.exe >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:1:1 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp//clamav-c0d9783a81f659ce2cdcc00ea79e3ed5.tmp/zip.000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 37ee24a41abc0fdbe8ee342ededf33ef:404:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: a54c20ccd89a41329f3feeca0df4a8b3 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 >LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) >LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500 >LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400 >LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500 >LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type CAB-SFX at 476556 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 115236 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: e7d69e3a0825c65b215b0ed482a3f089 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type CAB-SFX at 361320 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: CAB/CAB-SFX signature found at 361320 >LibClamAV debug: in cli_scanmscab() >LibClamAV debug: CAB: -------------- Cabinet file ---------------- >LibClamAV debug: CAB: Cabinet length: 543349 >LibClamAV debug: CAB: Folders: 1 >LibClamAV debug: CAB: Files: 13 >LibClamAV debug: CAB: File format version: 1.3 >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 361737 >LibClamAV debug: CAB: Folder compression method: 5379 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: CAB: File record 0 >LibClamAV debug: CAB: File name: IKernel*dll >LibClamAV debug: CAB: File offset: 0 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 1 >LibClamAV debug: CAB: File name: ctor*dll >LibClamAV debug: CAB: File offset: 753664 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 2 >LibClamAV debug: CAB: File name: IScript*dll >LibClamAV debug: CAB: File offset: 823378 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 3 >LibClamAV debug: CAB: File name: IUser*dll >LibClamAV debug: CAB: File offset: 1097810 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 4 >LibClamAV debug: CAB: File name: objectps*dll >LibClamAV debug: CAB: File offset: 1282130 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 5 >LibClamAV debug: CAB: File name: DotNetInstaller*exe >LibClamAV debug: CAB: File offset: 1314898 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 6 >LibClamAV debug: CAB: File name: iKernel*rgs >LibClamAV debug: CAB: File offset: 1320530 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 7 >LibClamAV debug: CAB: File name: ISProBE9x*tlb >LibClamAV debug: CAB: File offset: 1358611 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 8 >LibClamAV debug: CAB: File name: ISProBENT*tlb >LibClamAV debug: CAB: File offset: 1487479 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 9 >LibClamAV debug: CAB: File name: ISBEW64*rgs >LibClamAV debug: CAB: File offset: 1605299 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 10 >LibClamAV debug: CAB: File name: IsBEW64*tlb >LibClamAV debug: CAB: File offset: 1605869 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 11 >LibClamAV debug: CAB: File name: ISBEW64*exe >LibClamAV debug: CAB: File offset: 1608289 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 12 >LibClamAV debug: CAB: File name: ISBEW64A*exe >LibClamAV debug: CAB: File offset: 1732705 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IKernel*dll:0:753664:0:1:0:0x0 >LibClamAV debug: CAB: Extracting file IKernel*dll to /tmp//clamav-9100e0ae982cc389a40f360955255480.tmp, size 753664, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 24 >LibClamAV debug: lzx_decompress: current frame = 0 >LibClamAV debug: lzx_decompress: current frame = 1 >LibClamAV debug: lzx_decompress: current frame = 2 >LibClamAV debug: lzx_decompress: current frame = 3 >LibClamAV debug: lzx_decompress: current frame = 4 >LibClamAV debug: lzx_decompress: current frame = 5 >LibClamAV debug: lzx_decompress: current frame = 6 >LibClamAV debug: lzx_decompress: current frame = 7 >LibClamAV debug: lzx_decompress: current frame = 8 >LibClamAV debug: lzx_decompress: current frame = 9 >LibClamAV debug: lzx_decompress: current frame = 10 >LibClamAV debug: lzx_decompress: current frame = 11 >LibClamAV debug: lzx_decompress: current frame = 12 >LibClamAV debug: lzx_decompress: current frame = 13 >LibClamAV debug: lzx_decompress: current frame = 14 >LibClamAV debug: lzx_decompress: current frame = 15 >LibClamAV debug: lzx_decompress: current frame = 16 >LibClamAV debug: lzx_decompress: current frame = 17 >LibClamAV debug: lzx_decompress: current frame = 18 >LibClamAV debug: lzx_decompress: current frame = 19 >LibClamAV debug: lzx_decompress: current frame = 20 >LibClamAV debug: lzx_decompress: current frame = 21 >LibClamAV debug: lzx_decompress: current frame = 22 >LibClamAV debug: lzx_decompress: current frame = 23 >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 594678e8fc20d430eb7bd2de53f8f307 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: c30d8 >LibClamAV debug: cli_peheader: parsing version info @ rva c30d8 (1/1) >LibClamAV debug: VersionInfo (ab236): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (ab286): 'FileDescription'='InstallShield (R) Setup Engine' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c0064002000280052002900200053006500740075007000200045006e00670069006e00 >LibClamAV debug: VersionInfo (ab2ee): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (ab326): 'InternalName'='Kernel' - VI:49006e007400650072006e0061006c004e0061006d00650000004b00650072006e006500 >LibClamAV debug: VersionInfo (ab356): 'OriginalFilename'='iKernel.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000069004b00650072006e0065006c002e006400 >LibClamAV debug: VersionInfo (ab396): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (ab412): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (ab456): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 272 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:02:55 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x89000 >LibClamAV debug: SizeOfInitializedData: 0x46000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x76aec >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0xd0000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x88de5 0x89000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x89000 0x89000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17cd4 0x18000 >LibClamAV debug: VirtualAddress: 0x8a000 0x8a000 >LibClamAV debug: SizeOfRawData: 0x18000 0x18000 >LibClamAV debug: PointerToRawData: 0x8a000 0x8a000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x201a0 0x21000 >LibClamAV debug: VirtualAddress: 0xa2000 0xa2000 >LibClamAV debug: SizeOfRawData: 0x9000 0x9000 >LibClamAV debug: PointerToRawData: 0xa2000 0xa2000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x838 0x1000 >LibClamAV debug: VirtualAddress: 0xc3000 0xc3000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0xab000 0xab000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xb53a 0xc000 >LibClamAV debug: VirtualAddress: 0xc4000 0xc4000 >LibClamAV debug: SizeOfRawData: 0xc000 0xc000 >LibClamAV debug: PointerToRawData: 0xac000 0xac000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x76aec (486124) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_detect_swizz_str: 107, 29, 21 >LibClamAV debug: swizz_j48: 697, 189, 136 >LibClamAV debug: cli_detect_swizz_str: ok, 54 words >LibClamAV debug: cli_detect_swizz_str: 88, 43, 16 >LibClamAV debug: swizz_j48: 613, 299, 111 >LibClamAV debug: cli_detect_swizz_str: ok, 29 words >LibClamAV debug: cli_detect_swizz: 0/717, version:1, manifest: 0 >LibClamAV debug: cli_detect_swizz: gn: 19010, 7253, 4002, 1125, 625, 250, 125, 250, 0, 125, >LibClamAV debug: cli_detect_swizz: global: clean >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 594678e8fc20d430eb7bd2de53f8f307 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ctor*dll:0:69714:0:2:0:0x0 >LibClamAV debug: CAB: Extracting file ctor*dll to /tmp//clamav-e090e444fafc662f4d07c1c4a4a409a4.tmp, size 69714, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 26 >LibClamAV debug: lzx_decompress: current frame = 24 >LibClamAV debug: lzx_decompress: current frame = 25 >LibClamAV debug: CAB: Length from header 69714 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 34fc187d14c58d715804983399f5faad is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: f090 >LibClamAV debug: cli_peheader: parsing version info @ rva f090 (1/1) >LibClamAV debug: VersionInfo (f13e): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (f18e): 'FileDescription'='InstallShield (R) Ctor DLL' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000430074006f007200200044004c00 >LibClamAV debug: VersionInfo (f1ee): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (f226): 'InternalName'='Ctor' - VI:49006e007400650072006e0061006c004e0061006d0065000000430074006f00 >LibClamAV debug: VersionInfo (f252): 'OriginalFilename'='ctor.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000630074006f0072002e0064006c00 >LibClamAV debug: VersionInfo (f28e): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (f30a): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (f34e): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 248 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:02:21 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x9000 >LibClamAV debug: SizeOfInitializedData: 0x7000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x7cdf >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x11000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8ae4 0x9000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x9000 0x9000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x3837 0x4000 >LibClamAV debug: VirtualAddress: 0xa000 0xa000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0xa000 0xa000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xd18 0x1000 >LibClamAV debug: VirtualAddress: 0xe000 0xe000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0xe000 0xe000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4a0 0x1000 >LibClamAV debug: VirtualAddress: 0xf000 0xf000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0xf000 0xf000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xb02 0x1000 >LibClamAV debug: VirtualAddress: 0x10000 0x10000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x10000 0x10000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x7cdf (31967) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_detect_swizz_str: 11, 20, 0 >LibClamAV debug: swizz_j48: 363, 660, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 8 words >LibClamAV debug: cli_detect_swizz_str: 79, 41, 17 >LibClamAV debug: swizz_j48: 590, 306, 127 >LibClamAV debug: cli_detect_swizz_str: ok, 29 words >LibClamAV debug: cli_detect_swizz: 0/380, version:1, manifest: 0 >LibClamAV debug: cli_detect_swizz: gn: 18033, 7477, 2639, 3738, 659, 0, 0, 0, 219, 0, >LibClamAV debug: cli_detect_swizz: global: clean >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 34fc187d14c58d715804983399f5faad (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IScript*dll:0:274432:0:3:0:0x0 >LibClamAV debug: CAB: Extracting file IScript*dll to /tmp//clamav-745e4951b06ee10dba993c0ff28782c1.tmp, size 274432, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 34 >LibClamAV debug: lzx_decompress: current frame = 26 >LibClamAV debug: lzx_decompress: current frame = 27 >LibClamAV debug: lzx_decompress: current frame = 28 >LibClamAV debug: lzx_decompress: current frame = 29 >LibClamAV debug: lzx_decompress: current frame = 30 >LibClamAV debug: lzx_decompress: current frame = 31 >LibClamAV debug: lzx_decompress: current frame = 32 >LibClamAV debug: lzx_decompress: current frame = 33 >LibClamAV debug: CAB: Length from header 274432 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 887e758f5267b616905f0168b39d16d5 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 3e090 >LibClamAV debug: cli_peheader: parsing version info @ rva 3e090 (1/1) >LibClamAV debug: VersionInfo (3d13e): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (3d18e): 'FileDescription'='InstallShield (R) Script Engine' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000530063007200690070007400200045006e0067006900 >LibClamAV debug: VersionInfo (3d1f6): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (3d22e): 'InternalName'='Engine' - VI:49006e007400650072006e0061006c004e0061006d006500000045006e00670069006e00 >LibClamAV debug: VersionInfo (3d25e): 'OriginalFilename'='IScript.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049005300630072006900700074002e006400 >LibClamAV debug: VersionInfo (3d29e): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (3d31a): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (3d35e): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 256 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:01:26 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x2d000 >LibClamAV debug: SizeOfInitializedData: 0x16000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x21b5d >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x44000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2ce5a 0x2d000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x2d000 0x2d000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x9374 0xa000 >LibClamAV debug: VirtualAddress: 0x2e000 0x2e000 >LibClamAV debug: SizeOfRawData: 0xa000 0xa000 >LibClamAV debug: PointerToRawData: 0x2e000 0x2e000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5de4 0x6000 >LibClamAV debug: VirtualAddress: 0x38000 0x38000 >LibClamAV debug: SizeOfRawData: 0x5000 0x5000 >LibClamAV debug: PointerToRawData: 0x38000 0x38000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x460 0x1000 >LibClamAV debug: VirtualAddress: 0x3e000 0x3e000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x3d000 0x3d000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4bfc 0x5000 >LibClamAV debug: VirtualAddress: 0x3f000 0x3f000 >LibClamAV debug: SizeOfRawData: 0x5000 0x5000 >LibClamAV debug: PointerToRawData: 0x3e000 0x3e000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x21b5d (138077) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_detect_swizz_str: 17, 4, 0 >LibClamAV debug: swizz_j48: 828, 195, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 3 words >LibClamAV debug: cli_detect_swizz_str: 79, 42, 20 >LibClamAV debug: swizz_j48: 573, 305, 145 >LibClamAV debug: cli_detect_swizz_str: ok, 29 words >LibClamAV debug: cli_detect_swizz: 0/350, version:1, manifest: 0 >LibClamAV debug: cli_detect_swizz: gn: 18230, 6692, 5076, 923, 1615, 0, 0, 0, 230, 0, >LibClamAV debug: cli_detect_swizz: global: clean >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 887e758f5267b616905f0168b39d16d5 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IUser*dll:0:184320:0:4:0:0x0 >LibClamAV debug: CAB: Extracting file IUser*dll to /tmp//clamav-c29b45eaa302330b051552bb068a1d02.tmp, size 184320, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 40 >LibClamAV debug: lzx_decompress: current frame = 34 >LibClamAV debug: lzx_decompress: current frame = 35 >LibClamAV debug: lzx_decompress: current frame = 36 >LibClamAV debug: lzx_decompress: current frame = 37 >LibClamAV debug: lzx_decompress: current frame = 38 >LibClamAV debug: lzx_decompress: current frame = 39 >LibClamAV debug: CAB: Length from header 184320 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: f77a9df6057ef2998e656a236b08e768 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 291f8 >LibClamAV debug: cli_peheader: parsing version info @ rva 291f8 (1/1) >LibClamAV debug: VersionInfo (28806): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (28856): 'FileDescription'='InstallShield (R) User DLL' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c006400200028005200290020005500730065007200200044004c00 >LibClamAV debug: VersionInfo (288b6): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (288ee): 'InternalName'='User' - VI:49006e007400650072006e0061006c004e0061006d0065000000550073006500 >LibClamAV debug: VersionInfo (2891a): 'OriginalFilename'='IUser.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000490055007300650072002e006400 >LibClamAV debug: VersionInfo (28956): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (289d2): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (28a16): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 272 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:00:50 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x1d000 >LibClamAV debug: SizeOfInitializedData: 0x11000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x132d9 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x2f000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1cf25 0x1d000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x1d000 0x1d000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4cd2 0x5000 >LibClamAV debug: VirtualAddress: 0x1e000 0x1e000 >LibClamAV debug: SizeOfRawData: 0x5000 0x5000 >LibClamAV debug: PointerToRawData: 0x1e000 0x1e000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5564 0x6000 >LibClamAV debug: VirtualAddress: 0x23000 0x23000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x23000 0x23000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1b30 0x2000 >LibClamAV debug: VirtualAddress: 0x29000 0x29000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x27000 0x27000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x32ac 0x4000 >LibClamAV debug: VirtualAddress: 0x2b000 0x2b000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x29000 0x29000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x132d9 (78553) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_detect_swizz_str: 37, 17, 12 >LibClamAV debug: swizz_j48: 574, 263, 186 >LibClamAV debug: cli_detect_swizz_str: ok, 32 words >LibClamAV debug: cli_detect_swizz_str: 24, 2, 0 >LibClamAV debug: swizz_j48: 945, 78, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 5 words >LibClamAV debug: cli_detect_swizz_str: 82, 40, 17 >LibClamAV debug: swizz_j48: 604, 294, 125 >LibClamAV debug: cli_detect_swizz_str: ok, 29 words >LibClamAV debug: cli_detect_swizz: 0/545, version:1, manifest: 0 >LibClamAV debug: cli_detect_swizz: gn: 20136, 5125, 1464, 2379, 915, 549, 1830, 183, 0, 183, >LibClamAV debug: cli_detect_swizz: global: clean >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: f77a9df6057ef2998e656a236b08e768 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:objectps*dll:0:32768:0:5:0:0x0 >LibClamAV debug: CAB: Extracting file objectps*dll to /tmp//clamav-cae2618531b6bc8d07d3052a4db9cb25.tmp, size 32768, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 41 >LibClamAV debug: lzx_decompress: current frame = 40 >LibClamAV debug: CAB: Length from header 32768 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: b6d770559ec6b834bb2357fd5deaf218 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 6048 >LibClamAV debug: cli_peheader: parsing version info @ rva 6048 (1/1) >LibClamAV debug: VersionInfo (60fe): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (614e): 'FileDescription'='InstallShield (R) ObjectPS DLL' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c006400200028005200290020004f0062006a0065006300740050005300200044004c00 >LibClamAV debug: VersionInfo (61b6): 'InternalName'='Object' - VI:49006e007400650072006e0061006c004e0061006d00650000004f0062006a0065006300 >LibClamAV debug: VersionInfo (61e6): 'OriginalFilename'='objectps.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d00650000006f0062006a00650063007400700073002e0064006c00 >LibClamAV debug: VersionInfo (622a): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (6262): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (62de): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (6322): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 224 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 6 >LibClamAV debug: TimeDateStamp: Mon Apr 4 05:57:14 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x3000 >LibClamAV debug: SizeOfInitializedData: 0x4000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x3070 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x8000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .orpc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1070 0x2000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x342 0x1000 >LibClamAV debug: VirtualAddress: 0x3000 0x3000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x3000 0x3000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x985 0x1000 >LibClamAV debug: VirtualAddress: 0x4000 0x4000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x4000 0x4000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2c 0x1000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x5000 0x5000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x3b8 0x1000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x6000 0x6000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 5 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2e8 0x1000 >LibClamAV debug: VirtualAddress: 0x7000 0x7000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x7000 0x7000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x3070 (12400) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: b6d770559ec6b834bb2357fd5deaf218 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:DotNetInstaller*exe:0:5632:0:6:0:0x0 >LibClamAV debug: CAB: Extracting file DotNetInstaller*exe to /tmp//clamav-b39201442e51586134752d677e020578.tmp, size 5632, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: CAB: Length from header 5632 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: d186d961e211e4fd7f7c3a02a864cbe5 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 0, rva: 4048 >LibClamAV debug: cli_peheader: parsing version info @ rva 4048 (1/1) >LibClamAV debug: VersionInfo (f3a): 'Comments'='Installer support for .NET' - VI:43006f006d006d0065006e0074007300000049006e007300740061006c006c0065007200200073007500700070006f0072007400200066006f00720020002e004e004500 >LibClamAV debug: VersionInfo (f8a): 'CompanyName'='InstallShield Software Corporation' - VI:43006f006d00700061006e0079004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c006400200053006f00660074007700610072006500200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (ff2): 'FileDescription'='DotNetInstaller' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000044006f0074004e006500740049006e007300740061006c006c00 >LibClamAV debug: VersionInfo (103a): 'FileVersion'='11.0.0.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e0030002e0030002e003200380038003400 >LibClamAV debug: VersionInfo (1076): 'InternalName'='dotnetinstaller.exe' - VI:49006e007400650072006e0061006c004e0061006d006500000064006f0074006e006500740069006e007300740061006c006c00650072002e006500 >LibClamAV debug: VersionInfo (10be): 'LegalCopyright'='Copyright (C) 1990-2002 InstallShield Software Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000280043002900200031003900390030002d003200300030003200200049006e007300740061006c006c0053006800690065006c006400200053006f00660074007700610072006500200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (115a): 'LegalTrademarks'=' ' - VI:4c006500670061006c00540072006100640065006d00610072006b0073000000 >LibClamAV debug: VersionInfo (1186): 'OriginalFilename'='dotnetinstaller.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000064006f0074006e006500740069006e007300740061006c006c00650072002e006500 >LibClamAV debug: VersionInfo (11d6): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (121a): 'ProductVersion'='11.0.0.28844' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e0030002e0030002e003200380038003400 >LibClamAV debug: VersionInfo (125a): 'Assembly Version'='11.0.0.28844' - VI:41007300730065006d0062006c0079002000560065007200730069006f006e000000310031002e0030002e0030002e003200380038003400 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 11, capacity: 64 >LibClamAV debug: e_lfanew == 128 >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 3 >LibClamAV debug: TimeDateStamp: Mon Apr 4 05:59:50 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0xc00 >LibClamAV debug: SizeOfInitializedData: 0x800 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x2a1e >LibClamAV debug: BaseOfCode: 0x2000 >LibClamAV debug: SectionAlignment: 0x2000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x8000 >LibClamAV debug: SizeOfHeaders: 0x200 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 console >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xa24 0x2000 >LibClamAV debug: VirtualAddress: 0x2000 0x2000 >LibClamAV debug: SizeOfRawData: 0xc00 0xc00 >LibClamAV debug: PointerToRawData: 0x200 0x200 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x498 0x2000 >LibClamAV debug: VirtualAddress: 0x4000 0x4000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0xe00 0xe00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xc 0x2000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x1400 0x1400 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc1e (3102) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: d186d961e211e4fd7f7c3a02a864cbe5 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:iKernel*rgs:0:38081:0:7:0:0x0 >LibClamAV debug: CAB: Extracting file iKernel*rgs to /tmp//clamav-7e35ec70c22cb1cdfe4d47d0cd77e938.tmp, size 38081, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 42 >LibClamAV debug: lzx_decompress: current frame = 41 >LibClamAV debug: CAB: Length from header 38081 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: a698fd50e6c7492a263967a1e026cbb3 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: a698fd50e6c7492a263967a1e026cbb3 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBE9x*tlb:0:128868:0:8:0:0x0 >LibClamAV debug: CAB: Extracting file ISProBE9x*tlb to /tmp//clamav-64b46e5249cbae2efc6935745bc1de52.tmp, size 128868, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 46 >LibClamAV debug: lzx_decompress: current frame = 42 >LibClamAV debug: lzx_decompress: current frame = 43 >LibClamAV debug: lzx_decompress: current frame = 44 >LibClamAV debug: lzx_decompress: current frame = 45 >LibClamAV debug: CAB: Length from header 128868 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: a52fc1b8942af75961107cfd02a71be1 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: a52fc1b8942af75961107cfd02a71be1 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBENT*tlb:0:117820:0:9:0:0x0 >LibClamAV debug: CAB: Extracting file ISProBENT*tlb to /tmp//clamav-737fde13af1e9c893a5b61fbaf13be13.tmp, size 117820, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 49 >LibClamAV debug: lzx_decompress: current frame = 46 >LibClamAV debug: lzx_decompress: current frame = 47 >LibClamAV debug: lzx_decompress: current frame = 48 >LibClamAV debug: CAB: Length from header 117820 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: d943779e389eb8f3ce4d8259be29f8e5 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: d943779e389eb8f3ce4d8259be29f8e5 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*rgs:0:570:0:10:0:0x0 >LibClamAV debug: CAB: Extracting file ISBEW64*rgs to /tmp//clamav-1a011f98b182d51b95d2d65eff78d6a3.tmp, size 570, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 50 >LibClamAV debug: lzx_decompress: current frame = 49 >LibClamAV debug: CAB: Length from header 570 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 3037b900afcc5fce6e55c950a6b7d112 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 3037b900afcc5fce6e55c950a6b7d112 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IsBEW64*tlb:0:2420:0:11:0:0x0 >LibClamAV debug: CAB: Extracting file IsBEW64*tlb to /tmp//clamav-d1f69f41e40638ea49970c795a53c8d4.tmp, size 2420, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: CAB: Length from header 2420 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: ea448d96f2751ef78e0d5fda86f3d143 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: ea448d96f2751ef78e0d5fda86f3d143 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*exe:0:124416:0:12:0:0x0 >LibClamAV debug: CAB: Extracting file ISBEW64*exe to /tmp//clamav-e0808ea13f31b0bcaac1fca5646fbca8.tmp, size 124416, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 53 >LibClamAV debug: lzx_decompress: current frame = 50 >LibClamAV debug: lzx_decompress: current frame = 51 >LibClamAV debug: lzx_decompress: current frame = 52 >LibClamAV debug: CAB: Length from header 124416 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: f60b80ee71d018e8659f7715be13aba8 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 28090 >LibClamAV debug: cli_peheader: parsing version info @ rva 28090 (1/1) >LibClamAV debug: VersionInfo (1e13e): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (1e18e): 'FileDescription'='InstallShield (R) 64-bit Setup Engine' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000360034002d00620069007400200053006500740075007000200045006e0067006900 >LibClamAV debug: VersionInfo (1e202): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (1e23a): 'InternalName'='Kernel' - VI:49006e007400650072006e0061006c004e0061006d00650000004b00650072006e006500 >LibClamAV debug: VersionInfo (1e26a): 'OriginalFilename'='ISBEW64.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049005300420045005700360034002e006500 >LibClamAV debug: VersionInfo (1e2aa): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (1e326): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (1e36a): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 240 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: IA64 >LibClamAV debug: NumberOfSections: 7 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:00:07 2005 >LibClamAV debug: SizeOfOptionalHeader: f0 >LibClamAV debug: File format: PE32+ >LibClamAV debug: MajorLinkerVersion: 7 >LibClamAV debug: MinorLinkerVersion: 10 >LibClamAV debug: SizeOfCode: 0x16200 >LibClamAV debug: SizeOfInitializedData: 0x8800 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x1a808 >LibClamAV debug: BaseOfCode: 0x2000 >LibClamAV debug: SectionAlignment: 0x2000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 5 >LibClamAV debug: MinorSubsystemVersion: 1 >LibClamAV debug: SizeOfImage: 0x2a000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x161a0 0x18000 >LibClamAV debug: VirtualAddress: 0x2000 0x2000 >LibClamAV debug: SizeOfRawData: 0x16200 0x16200 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x53c8 0x6000 >LibClamAV debug: VirtualAddress: 0x1a000 0x1a000 >LibClamAV debug: SizeOfRawData: 0x5400 0x5400 >LibClamAV debug: PointerToRawData: 0x16600 0x16600 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .pdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xb58 0x2000 >LibClamAV debug: VirtualAddress: 0x20000 0x20000 >LibClamAV debug: SizeOfRawData: 0xc00 0xc00 >LibClamAV debug: PointerToRawData: 0x1ba00 0x1ba00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .srdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x3a4 0x2000 >LibClamAV debug: VirtualAddress: 0x22000 0x22000 >LibClamAV debug: SizeOfRawData: 0x400 0x400 >LibClamAV debug: PointerToRawData: 0x1c600 0x1c600 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .sdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x618 0x2000 >LibClamAV debug: VirtualAddress: 0x24000 0x24000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0x1ca00 0x1ca00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 5 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1580 0x2000 >LibClamAV debug: VirtualAddress: 0x26000 0x26000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x1d000 0x1d000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 6 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x440 0x2000 >LibClamAV debug: VirtualAddress: 0x28000 0x28000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0x1e000 0x1e000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x16e08 (93704) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: f60b80ee71d018e8659f7715be13aba8 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64A*exe:0:63488:0:13:0:0x0 >LibClamAV debug: CAB: Extracting file ISBEW64A*exe to /tmp//clamav-91d8ab7ef0e7b1ea8139ba5b62743176.tmp, size 63488, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 55 >LibClamAV debug: lzx_decompress: current frame = 53 >LibClamAV debug: lzx_decompress: current frame = 54 >LibClamAV debug: CAB: Length from header 63488 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: bb0f3eb5117f6de265e6aff38c2afa9e is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 12090 >LibClamAV debug: cli_peheader: parsing version info @ rva 12090 (1/1) >LibClamAV debug: VersionInfo (f33e): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (f38e): 'FileDescription'='InstallShield (R) 64-bit Setup Engine' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000360034002d00620069007400200053006500740075007000200045006e0067006900 >LibClamAV debug: VersionInfo (f402): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (f43a): 'InternalName'='Kernel' - VI:49006e007400650072006e0061006c004e0061006d00650000004b00650072006e006500 >LibClamAV debug: VersionInfo (f46a): 'OriginalFilename'='ISBEW64.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049005300420045005700360034002e006500 >LibClamAV debug: VersionInfo (f4aa): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (f526): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (f56a): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 248 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: AMD64 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:00:25 2005 >LibClamAV debug: SizeOfOptionalHeader: f0 >LibClamAV debug: File format: PE32+ >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x9600 >LibClamAV debug: SizeOfInitializedData: 0x6a00 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x56c0 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 5 >LibClamAV debug: MinorSubsystemVersion: 2 >LibClamAV debug: SizeOfImage: 0x13000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x951c 0xa000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x9600 0x9600 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x3e30 0x4000 >LibClamAV debug: VirtualAddress: 0xb000 0xb000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x9a00 0x9a00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1478 0x2000 >LibClamAV debug: VirtualAddress: 0xf000 0xf000 >LibClamAV debug: SizeOfRawData: 0xa00 0xa00 >LibClamAV debug: PointerToRawData: 0xda00 0xda00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .pdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xcb4 0x1000 >LibClamAV debug: VirtualAddress: 0x11000 0x11000 >LibClamAV debug: SizeOfRawData: 0xe00 0xe00 >LibClamAV debug: PointerToRawData: 0xe400 0xe400 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x440 0x1000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0xf200 0xf200 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x4ac0 (19136) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: bb0f3eb5117f6de265e6aff38c2afa9e (level 0) >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: e_lfanew == 256 >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 1 >LibClamAV debug: TimeDateStamp: Sat Apr 16 18:54:57 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 2 >LibClamAV debug: MinorLinkerVersion: 25 >LibClamAV debug: SizeOfCode: 0x400 >LibClamAV debug: SizeOfInitializedData: 0x600 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x1040 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 3 >LibClamAV debug: MinorSubsystemVersion: 10 >LibClamAV debug: SizeOfImage: 0x2000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: [CLAMAV] >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x1 0x0 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x40 (64) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: e7d69e3a0825c65b215b0ed482a3f089 (level 0) >LibClamAV debug: e_lfanew == 232 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10a00 >LibClamAV debug: SizeOfInitializedData: 0xb600 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0xce17 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1091e 0x11000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17f0 0x2000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x1800 0x1800 >LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17c4 0x2000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x1600 0x1600 >LibClamAV debug: PointerToRawData: 0x12600 0x12600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8420 0x9000 >LibClamAV debug: VirtualAddress: 0x16000 0x16000 >LibClamAV debug: SizeOfRawData: 0x8600 0x8600 >LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc217 (49687) >LibClamAV debug: ishield: @1c224 found file clam.exe (Disk1\clam.exe) - version 0.0.0.0 - size 544 >LibClamAV debug: CDBNAME:CL_TYPE_ANY:544:clam.exe:544:544:0:0:0:0x0 >LibClamAV debug: ishield: extracted to /tmp//clamav-ab2dd9eb75cc6fbdb8cd771166887246.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: a54c20ccd89a41329f3feeca0df4a8b3:1748612:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 235bb0bcf01b767d5cf5570027c93f6b is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 >LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) >LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500 >LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400 >LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500 >LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type CAB-SFX at 471993 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: CAB/CAB-SFX signature found at 471993 >LibClamAV debug: in cli_scanmscab() >LibClamAV debug: CAB: -------------- Cabinet file ---------------- >LibClamAV debug: CAB: Cabinet length: 543349 >LibClamAV debug: CAB: Folders: 1 >LibClamAV debug: CAB: Files: 13 >LibClamAV debug: CAB: File format version: 1.3 >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 472410 >LibClamAV debug: CAB: Folder compression method: 5379 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: CAB: File record 0 >LibClamAV debug: CAB: File name: IKernel*dll >LibClamAV debug: CAB: File offset: 0 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 1 >LibClamAV debug: CAB: File name: ctor*dll >LibClamAV debug: CAB: File offset: 753664 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 2 >LibClamAV debug: CAB: File name: IScript*dll >LibClamAV debug: CAB: File offset: 823378 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 3 >LibClamAV debug: CAB: File name: IUser*dll >LibClamAV debug: CAB: File offset: 1097810 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 4 >LibClamAV debug: CAB: File name: objectps*dll >LibClamAV debug: CAB: File offset: 1282130 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 5 >LibClamAV debug: CAB: File name: DotNetInstaller*exe >LibClamAV debug: CAB: File offset: 1314898 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 6 >LibClamAV debug: CAB: File name: iKernel*rgs >LibClamAV debug: CAB: File offset: 1320530 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 7 >LibClamAV debug: CAB: File name: ISProBE9x*tlb >LibClamAV debug: CAB: File offset: 1358611 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 8 >LibClamAV debug: CAB: File name: ISProBENT*tlb >LibClamAV debug: CAB: File offset: 1487479 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 9 >LibClamAV debug: CAB: File name: ISBEW64*rgs >LibClamAV debug: CAB: File offset: 1605299 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 10 >LibClamAV debug: CAB: File name: IsBEW64*tlb >LibClamAV debug: CAB: File offset: 1605869 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 11 >LibClamAV debug: CAB: File name: ISBEW64*exe >LibClamAV debug: CAB: File offset: 1608289 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 12 >LibClamAV debug: CAB: File name: ISBEW64A*exe >LibClamAV debug: CAB: File offset: 1732705 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IKernel*dll:0:753664:0:1:0:0x0 >LibClamAV debug: CAB: Extracting file IKernel*dll to /tmp//clamav-bc84743530c112325c7a1a9409ac6e4a.tmp, size 753664, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 24 >LibClamAV debug: lzx_decompress: current frame = 0 >LibClamAV debug: lzx_decompress: current frame = 1 >LibClamAV debug: lzx_decompress: current frame = 2 >LibClamAV debug: lzx_decompress: current frame = 3 >LibClamAV debug: lzx_decompress: current frame = 4 >LibClamAV debug: lzx_decompress: current frame = 5 >LibClamAV debug: lzx_decompress: current frame = 6 >LibClamAV debug: lzx_decompress: current frame = 7 >LibClamAV debug: lzx_decompress: current frame = 8 >LibClamAV debug: lzx_decompress: current frame = 9 >LibClamAV debug: lzx_decompress: current frame = 10 >LibClamAV debug: lzx_decompress: current frame = 11 >LibClamAV debug: lzx_decompress: current frame = 12 >LibClamAV debug: lzx_decompress: current frame = 13 >LibClamAV debug: lzx_decompress: current frame = 14 >LibClamAV debug: lzx_decompress: current frame = 15 >LibClamAV debug: lzx_decompress: current frame = 16 >LibClamAV debug: lzx_decompress: current frame = 17 >LibClamAV debug: lzx_decompress: current frame = 18 >LibClamAV debug: lzx_decompress: current frame = 19 >LibClamAV debug: lzx_decompress: current frame = 20 >LibClamAV debug: lzx_decompress: current frame = 21 >LibClamAV debug: lzx_decompress: current frame = 22 >LibClamAV debug: lzx_decompress: current frame = 23 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 594678e8fc20d430eb7bd2de53f8f307 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ctor*dll:0:69714:0:2:0:0x0 >LibClamAV debug: CAB: Extracting file ctor*dll to /tmp//clamav-3f9b608123a73d64e131d00b7d719d35.tmp, size 69714, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 26 >LibClamAV debug: lzx_decompress: current frame = 24 >LibClamAV debug: lzx_decompress: current frame = 25 >LibClamAV debug: CAB: Length from header 69714 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 34fc187d14c58d715804983399f5faad is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IScript*dll:0:274432:0:3:0:0x0 >LibClamAV debug: CAB: Extracting file IScript*dll to /tmp//clamav-bccf972736fd9c4ab7b846bf280b92c4.tmp, size 274432, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 34 >LibClamAV debug: lzx_decompress: current frame = 26 >LibClamAV debug: lzx_decompress: current frame = 27 >LibClamAV debug: lzx_decompress: current frame = 28 >LibClamAV debug: lzx_decompress: current frame = 29 >LibClamAV debug: lzx_decompress: current frame = 30 >LibClamAV debug: lzx_decompress: current frame = 31 >LibClamAV debug: lzx_decompress: current frame = 32 >LibClamAV debug: lzx_decompress: current frame = 33 >LibClamAV debug: CAB: Length from header 274432 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 887e758f5267b616905f0168b39d16d5 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IUser*dll:0:184320:0:4:0:0x0 >LibClamAV debug: CAB: Extracting file IUser*dll to /tmp//clamav-512ee59f9dc827ae7837b7622040d6cf.tmp, size 184320, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 40 >LibClamAV debug: lzx_decompress: current frame = 34 >LibClamAV debug: lzx_decompress: current frame = 35 >LibClamAV debug: lzx_decompress: current frame = 36 >LibClamAV debug: lzx_decompress: current frame = 37 >LibClamAV debug: lzx_decompress: current frame = 38 >LibClamAV debug: lzx_decompress: current frame = 39 >LibClamAV debug: CAB: Length from header 184320 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: f77a9df6057ef2998e656a236b08e768 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:objectps*dll:0:32768:0:5:0:0x0 >LibClamAV debug: CAB: Extracting file objectps*dll to /tmp//clamav-567bbe1df904f880c06de8c61efd8f23.tmp, size 32768, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 41 >LibClamAV debug: lzx_decompress: current frame = 40 >LibClamAV debug: CAB: Length from header 32768 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: b6d770559ec6b834bb2357fd5deaf218 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:DotNetInstaller*exe:0:5632:0:6:0:0x0 >LibClamAV debug: CAB: Extracting file DotNetInstaller*exe to /tmp//clamav-8bc2cbf4948673d7d14ba8ffd2690422.tmp, size 5632, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: CAB: Length from header 5632 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: d186d961e211e4fd7f7c3a02a864cbe5 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:iKernel*rgs:0:38081:0:7:0:0x0 >LibClamAV debug: CAB: Extracting file iKernel*rgs to /tmp//clamav-d08c4caf256760190add0220badd3b96.tmp, size 38081, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 42 >LibClamAV debug: lzx_decompress: current frame = 41 >LibClamAV debug: CAB: Length from header 38081 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: a698fd50e6c7492a263967a1e026cbb3 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBE9x*tlb:0:128868:0:8:0:0x0 >LibClamAV debug: CAB: Extracting file ISProBE9x*tlb to /tmp//clamav-464b561cdd55c89d0660aa4e71ccec22.tmp, size 128868, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 46 >LibClamAV debug: lzx_decompress: current frame = 42 >LibClamAV debug: lzx_decompress: current frame = 43 >LibClamAV debug: lzx_decompress: current frame = 44 >LibClamAV debug: lzx_decompress: current frame = 45 >LibClamAV debug: CAB: Length from header 128868 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: a52fc1b8942af75961107cfd02a71be1 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBENT*tlb:0:117820:0:9:0:0x0 >LibClamAV debug: CAB: Extracting file ISProBENT*tlb to /tmp//clamav-bf297cb5dab6b2a679b1da683012f153.tmp, size 117820, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 49 >LibClamAV debug: lzx_decompress: current frame = 46 >LibClamAV debug: lzx_decompress: current frame = 47 >LibClamAV debug: lzx_decompress: current frame = 48 >LibClamAV debug: CAB: Length from header 117820 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: d943779e389eb8f3ce4d8259be29f8e5 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*rgs:0:570:0:10:0:0x0 >LibClamAV debug: CAB: Extracting file ISBEW64*rgs to /tmp//clamav-69095e608cf972f8896791c0de8042b3.tmp, size 570, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 50 >LibClamAV debug: lzx_decompress: current frame = 49 >LibClamAV debug: CAB: Length from header 570 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 3037b900afcc5fce6e55c950a6b7d112 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IsBEW64*tlb:0:2420:0:11:0:0x0 >LibClamAV debug: CAB: Extracting file IsBEW64*tlb to /tmp//clamav-eb7d5c22a29dc094f0109d41257b96a4.tmp, size 2420, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: CAB: Length from header 2420 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: ea448d96f2751ef78e0d5fda86f3d143 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*exe:0:124416:0:12:0:0x0 >LibClamAV debug: CAB: Extracting file ISBEW64*exe to /tmp//clamav-d95ca7cb2a2e5144f7d4606b3e3e504f.tmp, size 124416, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 53 >LibClamAV debug: lzx_decompress: current frame = 50 >LibClamAV debug: lzx_decompress: current frame = 51 >LibClamAV debug: lzx_decompress: current frame = 52 >LibClamAV debug: CAB: Length from header 124416 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: f60b80ee71d018e8659f7715be13aba8 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64A*exe:0:63488:0:13:0:0x0 >LibClamAV debug: CAB: Extracting file ISBEW64A*exe to /tmp//clamav-019ccca3f3588c19e9e544b3d20d3c50.tmp, size 63488, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 55 >LibClamAV debug: lzx_decompress: current frame = 53 >LibClamAV debug: lzx_decompress: current frame = 54 >LibClamAV debug: CAB: Length from header 63488 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: bb0f3eb5117f6de265e6aff38c2afa9e is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 >LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) >LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500 >LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400 >LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500 >LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: *** Detected embedded PE file at 1016015 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: a63fe77037d042c8690ed49557977a8c is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 >LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) >LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500 >LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400 >LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500 >LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: e_lfanew == 232 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10a00 >LibClamAV debug: SizeOfInitializedData: 0xb600 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0xce17 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1091e 0x11000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17f0 0x2000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x1800 0x1800 >LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17c4 0x2000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x1600 0x1600 >LibClamAV debug: PointerToRawData: 0x12600 0x12600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8420 0x9000 >LibClamAV debug: VirtualAddress: 0x16000 0x16000 >LibClamAV debug: SizeOfRawData: 0x8600 0x8600 >LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc217 (49687) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_detect_swizz_str: 5, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 5 words >LibClamAV debug: cli_detect_swizz_str: 5, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 7 words >LibClamAV debug: cli_detect_swizz_str: 76, 25, 6 >LibClamAV debug: swizz_j48: 727, 239, 57 >LibClamAV debug: cli_detect_swizz_str: ok, 41 words >LibClamAV debug: cli_detect_swizz: 0/315, version:1, manifest: 1 >LibClamAV debug: cli_detect_swizz: gn: 22140, 8561, 1180, 885, 0, 0, 0, 0, 0, 0, >LibClamAV debug: cli_detect_swizz: global: clean >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: a63fe77037d042c8690ed49557977a8c (level 0) >LibClamAV debug: e_lfanew == 232 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10a00 >LibClamAV debug: SizeOfInitializedData: 0xb600 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0xce17 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1091e 0x11000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17f0 0x2000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x1800 0x1800 >LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17c4 0x2000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x1600 0x1600 >LibClamAV debug: PointerToRawData: 0x12600 0x12600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8420 0x9000 >LibClamAV debug: VirtualAddress: 0x16000 0x16000 >LibClamAV debug: SizeOfRawData: 0x8600 0x8600 >LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc217 (49687) >LibClamAV debug: ishield: @1c229 found file data1.cab (Disk1\data1.cab) - version 0.0.0.0 - size 345386 >LibClamAV debug: CDBNAME:CL_TYPE_ANY:345386:data1.cab:345386:345386:0:0:0:0x0 >LibClamAV debug: ishield: added data1.cab to array >LibClamAV debug: ishield: @7077b found file data1.hdr (Disk1\data1.hdr) - version 0.0.0.0 - size 10471 >LibClamAV debug: CDBNAME:CL_TYPE_ANY:10471:data1.hdr:10471:10471:0:1:0:0x0 >LibClamAV debug: ishield: added data1.hdr to array >LibClamAV debug: ishield: @73088 found file data2.cab (Disk1\data2.cab) - version 0.0.0.0 - size 770 >LibClamAV debug: CDBNAME:CL_TYPE_ANY:770:data2.cab:770:770:0:2:0:0x0 >LibClamAV debug: ishield: added data2.cab to array >LibClamAV debug: ishield: @733b9 found file engine32.cab (Disk1\engine32.cab) - version 0.0.0.0 - size 543481 >LibClamAV debug: CDBNAME:CL_TYPE_ANY:543481:engine32.cab:543481:543481:0:3:0:0x0 >LibClamAV debug: ishield: extracted to /tmp//clamav-80e14337572d26ce07dae8dea70e1eb4.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS CAB file >LibClamAV debug: cache_check: f1388bda22a24abcdb0324903411bf7f is negative >LibClamAV debug: in cli_scanmscab() >LibClamAV debug: CAB: -------------- Cabinet file ---------------- >LibClamAV debug: CAB: Cabinet length: 543349 >LibClamAV debug: CAB: Folders: 1 >LibClamAV debug: CAB: Files: 13 >LibClamAV debug: CAB: File format version: 1.3 >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 417 >LibClamAV debug: CAB: Folder compression method: 5379 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: CAB: File record 0 >LibClamAV debug: CAB: File name: IKernel*dll >LibClamAV debug: CAB: File offset: 0 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 1 >LibClamAV debug: CAB: File name: ctor*dll >LibClamAV debug: CAB: File offset: 753664 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 2 >LibClamAV debug: CAB: File name: IScript*dll >LibClamAV debug: CAB: File offset: 823378 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 3 >LibClamAV debug: CAB: File name: IUser*dll >LibClamAV debug: CAB: File offset: 1097810 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 4 >LibClamAV debug: CAB: File name: objectps*dll >LibClamAV debug: CAB: File offset: 1282130 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 5 >LibClamAV debug: CAB: File name: DotNetInstaller*exe >LibClamAV debug: CAB: File offset: 1314898 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 6 >LibClamAV debug: CAB: File name: iKernel*rgs >LibClamAV debug: CAB: File offset: 1320530 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 7 >LibClamAV debug: CAB: File name: ISProBE9x*tlb >LibClamAV debug: CAB: File offset: 1358611 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 8 >LibClamAV debug: CAB: File name: ISProBENT*tlb >LibClamAV debug: CAB: File offset: 1487479 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 9 >LibClamAV debug: CAB: File name: ISBEW64*rgs >LibClamAV debug: CAB: File offset: 1605299 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 10 >LibClamAV debug: CAB: File name: IsBEW64*tlb >LibClamAV debug: CAB: File offset: 1605869 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 11 >LibClamAV debug: CAB: File name: ISBEW64*exe >LibClamAV debug: CAB: File offset: 1608289 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 12 >LibClamAV debug: CAB: File name: ISBEW64A*exe >LibClamAV debug: CAB: File offset: 1732705 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IKernel*dll:0:753664:0:1:0:0x0 >LibClamAV debug: CAB: Extracting file IKernel*dll to /tmp//clamav-e2261b7f49d1aaea4715e544a2f4ba50.tmp, size 753664, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 24 >LibClamAV debug: lzx_decompress: current frame = 0 >LibClamAV debug: lzx_decompress: current frame = 1 >LibClamAV debug: lzx_decompress: current frame = 2 >LibClamAV debug: lzx_decompress: current frame = 3 >LibClamAV debug: lzx_decompress: current frame = 4 >LibClamAV debug: lzx_decompress: current frame = 5 >LibClamAV debug: lzx_decompress: current frame = 6 >LibClamAV debug: lzx_decompress: current frame = 7 >LibClamAV debug: lzx_decompress: current frame = 8 >LibClamAV debug: lzx_decompress: current frame = 9 >LibClamAV debug: lzx_decompress: current frame = 10 >LibClamAV debug: lzx_decompress: current frame = 11 >LibClamAV debug: lzx_decompress: current frame = 12 >LibClamAV debug: lzx_decompress: current frame = 13 >LibClamAV debug: lzx_decompress: current frame = 14 >LibClamAV debug: lzx_decompress: current frame = 15 >LibClamAV debug: lzx_decompress: current frame = 16 >LibClamAV debug: lzx_decompress: current frame = 17 >LibClamAV debug: lzx_decompress: current frame = 18 >LibClamAV debug: lzx_decompress: current frame = 19 >LibClamAV debug: lzx_decompress: current frame = 20 >LibClamAV debug: lzx_decompress: current frame = 21 >LibClamAV debug: lzx_decompress: current frame = 22 >LibClamAV debug: lzx_decompress: current frame = 23 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 594678e8fc20d430eb7bd2de53f8f307 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ctor*dll:0:69714:0:2:0:0x0 >LibClamAV debug: CAB: Extracting file ctor*dll to /tmp//clamav-57bd95c3dfab72aeea435a3c1a8b8d1b.tmp, size 69714, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 26 >LibClamAV debug: lzx_decompress: current frame = 24 >LibClamAV debug: lzx_decompress: current frame = 25 >LibClamAV debug: CAB: Length from header 69714 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 34fc187d14c58d715804983399f5faad is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IScript*dll:0:274432:0:3:0:0x0 >LibClamAV debug: CAB: Extracting file IScript*dll to /tmp//clamav-50edba4e2d1b9718bb42fc5f00720614.tmp, size 274432, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 34 >LibClamAV debug: lzx_decompress: current frame = 26 >LibClamAV debug: lzx_decompress: current frame = 27 >LibClamAV debug: lzx_decompress: current frame = 28 >LibClamAV debug: lzx_decompress: current frame = 29 >LibClamAV debug: lzx_decompress: current frame = 30 >LibClamAV debug: lzx_decompress: current frame = 31 >LibClamAV debug: lzx_decompress: current frame = 32 >LibClamAV debug: lzx_decompress: current frame = 33 >LibClamAV debug: CAB: Length from header 274432 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 887e758f5267b616905f0168b39d16d5 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IUser*dll:0:184320:0:4:0:0x0 >LibClamAV debug: CAB: Extracting file IUser*dll to /tmp//clamav-382a5598ffda74506b2afbb1df0fc102.tmp, size 184320, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 40 >LibClamAV debug: lzx_decompress: current frame = 34 >LibClamAV debug: lzx_decompress: current frame = 35 >LibClamAV debug: lzx_decompress: current frame = 36 >LibClamAV debug: lzx_decompress: current frame = 37 >LibClamAV debug: lzx_decompress: current frame = 38 >LibClamAV debug: lzx_decompress: current frame = 39 >LibClamAV debug: CAB: Length from header 184320 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: f77a9df6057ef2998e656a236b08e768 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:objectps*dll:0:32768:0:5:0:0x0 >LibClamAV debug: CAB: Extracting file objectps*dll to /tmp//clamav-b124092e0a951c29832f803666990032.tmp, size 32768, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 41 >LibClamAV debug: lzx_decompress: current frame = 40 >LibClamAV debug: CAB: Length from header 32768 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: b6d770559ec6b834bb2357fd5deaf218 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:DotNetInstaller*exe:0:5632:0:6:0:0x0 >LibClamAV debug: CAB: Extracting file DotNetInstaller*exe to /tmp//clamav-840fd2766c52c89f017c2099e4edd26f.tmp, size 5632, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: CAB: Length from header 5632 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: d186d961e211e4fd7f7c3a02a864cbe5 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:iKernel*rgs:0:38081:0:7:0:0x0 >LibClamAV debug: CAB: Extracting file iKernel*rgs to /tmp//clamav-6137543aa503cf43cffb683fa1d7ebc4.tmp, size 38081, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 42 >LibClamAV debug: lzx_decompress: current frame = 41 >LibClamAV debug: CAB: Length from header 38081 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: a698fd50e6c7492a263967a1e026cbb3 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBE9x*tlb:0:128868:0:8:0:0x0 >LibClamAV debug: CAB: Extracting file ISProBE9x*tlb to /tmp//clamav-2761829e5d32934f6175717f67d2c5e5.tmp, size 128868, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 46 >LibClamAV debug: lzx_decompress: current frame = 42 >LibClamAV debug: lzx_decompress: current frame = 43 >LibClamAV debug: lzx_decompress: current frame = 44 >LibClamAV debug: lzx_decompress: current frame = 45 >LibClamAV debug: CAB: Length from header 128868 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: a52fc1b8942af75961107cfd02a71be1 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBENT*tlb:0:117820:0:9:0:0x0 >LibClamAV debug: CAB: Extracting file ISProBENT*tlb to /tmp//clamav-2eb77c694ed8af30ab29fdb50057b188.tmp, size 117820, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 49 >LibClamAV debug: lzx_decompress: current frame = 46 >LibClamAV debug: lzx_decompress: current frame = 47 >LibClamAV debug: lzx_decompress: current frame = 48 >LibClamAV debug: CAB: Length from header 117820 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: d943779e389eb8f3ce4d8259be29f8e5 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*rgs:0:570:0:10:0:0x0 >LibClamAV debug: CAB: Extracting file ISBEW64*rgs to /tmp//clamav-9f257edba921ae135ecf01733ea3594c.tmp, size 570, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 50 >LibClamAV debug: lzx_decompress: current frame = 49 >LibClamAV debug: CAB: Length from header 570 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 3037b900afcc5fce6e55c950a6b7d112 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IsBEW64*tlb:0:2420:0:11:0:0x0 >LibClamAV debug: CAB: Extracting file IsBEW64*tlb to /tmp//clamav-a07a5f12584ed7f9d9e70e2dd5f3685f.tmp, size 2420, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: CAB: Length from header 2420 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: ea448d96f2751ef78e0d5fda86f3d143 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*exe:0:124416:0:12:0:0x0 >LibClamAV debug: CAB: Extracting file ISBEW64*exe to /tmp//clamav-4606bdd4b758c560a106f0abd557b2fb.tmp, size 124416, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 53 >LibClamAV debug: lzx_decompress: current frame = 50 >LibClamAV debug: lzx_decompress: current frame = 51 >LibClamAV debug: lzx_decompress: current frame = 52 >LibClamAV debug: CAB: Length from header 124416 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: f60b80ee71d018e8659f7715be13aba8 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64A*exe:0:63488:0:13:0:0x0 >LibClamAV debug: CAB: Extracting file ISBEW64A*exe to /tmp//clamav-3a9c44041bdf6d8726b7bb3443a0f65f.tmp, size 63488, max_size: 26214400 >LibClamAV debug: CAB: Compression method: LZX >LibClamAV debug: lzx_decompress: end frame = 55 >LibClamAV debug: lzx_decompress: current frame = 53 >LibClamAV debug: lzx_decompress: current frame = 54 >LibClamAV debug: CAB: Length from header 63488 but wrote 0 bytes >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: bb0f3eb5117f6de265e6aff38c2afa9e is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: Matched signature for file type CAB-SFX at 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: f1388bda22a24abcdb0324903411bf7f (level 0) >LibClamAV debug: ishield: @f7eda found file layout.bin (Disk1\layout.bin) - version 0.0.0.0 - size 455 >LibClamAV debug: CDBNAME:CL_TYPE_ANY:455:layout.bin:455:455:0:4:0:0x0 >LibClamAV debug: ishield: extracted to /tmp//clamav-8630049ee07e7c00bfccdde08ff131f5.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 3b70579cc5a5bab9b5e634404e4b719b is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 3b70579cc5a5bab9b5e634404e4b719b (level 0) >LibClamAV debug: ishield: @f80cf found file setup.exe (Disk1\setup.exe) - version 11.0.0.28844 - size 121064 >LibClamAV debug: CDBNAME:CL_TYPE_ANY:121064:setup.exe:121064:121064:0:5:0:0x0 >LibClamAV debug: ishield: extracted to /tmp//clamav-ead577f0a985224525d1d9ffec2c7368.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: bef1e6a9b97045ec3f2b9cf34acb6810 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 >LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) >LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500 >LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400 >LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500 >LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 232 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10a00 >LibClamAV debug: SizeOfInitializedData: 0xb600 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0xce17 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1091e 0x11000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17f0 0x2000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x1800 0x1800 >LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17c4 0x2000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x1600 0x1600 >LibClamAV debug: PointerToRawData: 0x12600 0x12600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8420 0x9000 >LibClamAV debug: VirtualAddress: 0x16000 0x16000 >LibClamAV debug: SizeOfRawData: 0x8600 0x8600 >LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc217 (49687) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_detect_swizz_str: 5, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 5 words >LibClamAV debug: cli_detect_swizz_str: 5, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 7 words >LibClamAV debug: cli_detect_swizz_str: 76, 25, 6 >LibClamAV debug: swizz_j48: 727, 239, 57 >LibClamAV debug: cli_detect_swizz_str: ok, 41 words >LibClamAV debug: cli_detect_swizz: 0/315, version:1, manifest: 1 >LibClamAV debug: cli_detect_swizz: gn: 22140, 8561, 1180, 885, 0, 0, 0, 0, 0, 0, >LibClamAV debug: cli_detect_swizz: global: clean >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: bef1e6a9b97045ec3f2b9cf34acb6810 (level 0) >LibClamAV debug: ishield: @1159e0 found file setup.ibt (Disk1\setup.ibt) - version 0.0.0.0 - size 396011 >LibClamAV debug: CDBNAME:CL_TYPE_ANY:396011:setup.ibt:396011:396011:0:6:0:0x0 >LibClamAV debug: ishield: extracted to /tmp//clamav-4f43e4a841f8e5bda6b163c35bac0109.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: cache_check: e443daa20aed702ba6f5f5f2343de989 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Invalid DOS signature >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: Invalid DOS signature >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: e443daa20aed702ba6f5f5f2343de989 (level 0) >LibClamAV debug: ishield: @1764f1 found file setup.ini (Disk1\setup.ini) - version 0.0.0.0 - size 452 >LibClamAV debug: CDBNAME:CL_TYPE_ANY:452:setup.ini:452:452:0:7:0:0x0 >LibClamAV debug: ishield: extracted to /tmp//clamav-0a21b2b3df58cddaaa414712941fa2d1.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 677bb0dbd503488e051b8ce98518270c is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 677bb0dbd503488e051b8ce98518270c (level 0) >LibClamAV debug: is_parse_hdr: magic 28635349, unk1 1009500, unk2 0, data_off 200, data_sz 1b92 >LibClamAV debug: is_parse_hdr: file \iKernel.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \Setup.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \DotNetInstaller.exe (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \iscript.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \ctor.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \iuser.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \IGDI.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \ISBEW64.exe (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \IsProBE.tlb (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \objectps.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \ISBEW64.tlb (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \IKernel.rgs (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \ISBEW64.rgs (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: skipped external file:\setup.inx (size: 210370 csize: 210370 md5:6045272582fa1efe9ea7ff1e888facd6) >LibClamAV debug: is_parse_hdr: file \license.rtf (size: 11493 csize: 2605 md5:e7eb45e877c8cb80f56e9dbc9504e757 offset:200 (data1.cab) 13:20 14:b44a3283 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp//clamav-d2649f45dccfe8369a7d0783f5d1b043.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized RTF file >LibClamAV debug: cache_check: e7eb45e877c8cb80f56e9dbc9504e757 is negative >LibClamAV debug: in cli_scanrtf() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: e7eb45e877c8cb80f56e9dbc9504e757 (level 0) >LibClamAV debug: is_parse_hdr: skipped unknown file entry 15 >LibClamAV debug: is_parse_hdr: file \corecomp.ini (size: 65503 csize: 12414 md5:09d38ceca6a012f4ce5b54f03db9b21a offset:c2d (data1.cab) 13:20 14:b4733283 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp//clamav-a04a1e2eacd6a668c3cb18717cef3a56.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 09d38ceca6a012f4ce5b54f03db9b21a is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 09d38ceca6a012f4ce5b54f03db9b21a (level 0) >LibClamAV debug: is_parse_hdr: file \FontData.ini (size: 39 csize: 43 md5:00f313e3e007599349a0c4d81c7807c4 offset:3cab (data1.cab) 13:20 14:758c3af3 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp//clamav-350d86303c7c5550611953b68de270ae.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 00f313e3e007599349a0c4d81c7807c4 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 00f313e3e007599349a0c4d81c7807c4 (level 0) >LibClamAV debug: is_parse_hdr: file \StringTable-0009-English.ips (size: 329 csize: 177 md5:31563751792826a6272b09626250e155 offset:3cd6 (data1.cab) 13:20 14:758c3af3 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp//clamav-e2a6de006e8461176b4025297370c983.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 31563751792826a6272b09626250e155 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 31563751792826a6272b09626250e155 (level 0) >LibClamAV debug: is_parse_hdr: file \isrt.dll (size: 425984 csize: 211241 md5:9a7790ae29bbadfa35650751ecceb0e7 offset:3d87 (data1.cab) 13:20 14:b8703283 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp//clamav-5fc87e4ab2fa1dff9f9c7755f92ee52f.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 9a7790ae29bbadfa35650751ecceb0e7 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 63048 >LibClamAV debug: cli_peheader: parsing version info @ rva 63048 (1/1) >LibClamAV debug: VersionInfo (610fe): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (6114e): 'FileDescription'='InstallShield (R) RunTime DLL' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000520075006e00540069006d00650020004400 >LibClamAV debug: VersionInfo (611b2): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (611ea): 'InternalName'='ISRT' - VI:49006e007400650072006e0061006c004e0061006d0065000000490053005200 >LibClamAV debug: VersionInfo (61216): 'OriginalFilename'='ISRT.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049005300520054002e0064006c00 >LibClamAV debug: VersionInfo (61252): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (612ce): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (61312): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 280 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Mon Apr 4 06:03:31 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x4c000 >LibClamAV debug: SizeOfInitializedData: 0x1d000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x3c7b4 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x6a000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4b36e 0x4c000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x4c000 0x4c000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xd08d 0xe000 >LibClamAV debug: VirtualAddress: 0x4d000 0x4d000 >LibClamAV debug: SizeOfRawData: 0xe000 0xe000 >LibClamAV debug: PointerToRawData: 0x4d000 0x4d000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x7828 0x8000 >LibClamAV debug: VirtualAddress: 0x5b000 0x5b000 >LibClamAV debug: SizeOfRawData: 0x6000 0x6000 >LibClamAV debug: PointerToRawData: 0x5b000 0x5b000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x380 0x1000 >LibClamAV debug: VirtualAddress: 0x63000 0x63000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x61000 0x61000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5d74 0x6000 >LibClamAV debug: VirtualAddress: 0x64000 0x64000 >LibClamAV debug: SizeOfRawData: 0x6000 0x6000 >LibClamAV debug: PointerToRawData: 0x62000 0x62000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x3c7b4 (247732) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_detect_swizz_str: 70, 42, 16 >LibClamAV debug: swizz_j48: 560, 336, 128 >LibClamAV debug: cli_detect_swizz_str: ok, 28 words >LibClamAV debug: cli_detect_swizz: 0/291, version:1, manifest: 0 >LibClamAV debug: cli_detect_swizz: gn: 17920, 10752, 2304, 768, 768, 0, 0, 0, 256, 0, >LibClamAV debug: cli_detect_swizz: global: clean >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 9a7790ae29bbadfa35650751ecceb0e7 (level 0) >LibClamAV debug: is_parse_hdr: file \default.pal (size: 1168 csize: 466 md5:0abafe3f69d053494405061de2629c82 offset:376b0 (data1.cab) 13:20 14:b4733283 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp//clamav-964874e9068f2fbf15ce9054727502b9.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized RIFF file >LibClamAV debug: cache_check: 0abafe3f69d053494405061de2629c82 is negative >LibClamAV debug: in cli_check_riff_exploit() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 0abafe3f69d053494405061de2629c82 (level 0) >LibClamAV debug: is_parse_hdr: file \_IsRes.dll (size: 548963 csize: 117928 md5:d28b31e1e3d9972cce01e4deb0288b31 offset:37882 (data1.cab) 13:20 14:6403284 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp//clamav-a007734496fc284634b0283af5e470b2.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: d28b31e1e3d9972cce01e4deb0288b31 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 37048 >LibClamAV debug: cli_peheader: parsing version info @ rva 37048 (1/1) >LibClamAV debug: VersionInfo (6c1ee): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f007200610074006900 >LibClamAV debug: VersionInfo (6c23e): 'FileDescription'='InstallShield (R) Dialog Resources' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c006400200028005200290020004400690061006c006f00670020005200650073006f007500720063006500 >LibClamAV debug: VersionInfo (6c2ae): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800 >LibClamAV debug: VersionInfo (6c2e6): 'InternalName'='_IsRes2k' - VI:49006e007400650072006e0061006c004e0061006d00650000005f00490073005200650073003200 >LibClamAV debug: VersionInfo (6c31a): 'OriginalFilename'='_IsRes.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d00650000005f00490073005200650073002e0064006c00 >LibClamAV debug: VersionInfo (6c35a): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f00 >LibClamAV debug: VersionInfo (6c3d6): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800 >LibClamAV debug: VersionInfo (6c41a): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 216 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 6 >LibClamAV debug: TimeDateStamp: Mon Apr 4 07:49:58 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x2a000 >LibClamAV debug: SizeOfInitializedData: 0x5d000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x1180 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x88000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x29dc0 0x2a000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x2a000 0x2a000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1f01 0x2000 >LibClamAV debug: VirtualAddress: 0x2b000 0x2b000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x2b000 0x2b000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x6614 0x7000 >LibClamAV debug: VirtualAddress: 0x2d000 0x2d000 >LibClamAV debug: SizeOfRawData: 0x5000 0x5000 >LibClamAV debug: PointerToRawData: 0x2d000 0x2d000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .idata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xa11 0x1000 >LibClamAV debug: VirtualAddress: 0x34000 0x34000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x32000 0x32000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x50de3 0x51000 >LibClamAV debug: VirtualAddress: 0x35000 0x35000 >LibClamAV debug: SizeOfRawData: 0x51000 0x51000 >LibClamAV debug: PointerToRawData: 0x33000 0x33000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 5 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1b62 0x2000 >LibClamAV debug: VirtualAddress: 0x86000 0x86000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x84000 0x84000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x1180 (4480) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_detect_swizz_str: 60, 5, 5 >LibClamAV debug: swizz_j48: 877, 73, 73 >LibClamAV debug: cli_detect_swizz_str: ok, 40 words >LibClamAV debug: cli_detect_swizz_str: 77, 12, 12 >LibClamAV debug: swizz_j48: 780, 121, 121 >LibClamAV debug: cli_detect_swizz_str: ok, 64 words >LibClamAV debug: cli_detect_swizz_str: 59, 13, 5 >LibClamAV debug: swizz_j48: 784, 172, 66 >LibClamAV debug: cli_detect_swizz_str: ok, 57 words >LibClamAV debug: cli_detect_swizz_str: 45, 15, 15 >LibClamAV debug: swizz_j48: 614, 204, 204 >LibClamAV debug: cli_detect_swizz_str: ok, 69 words >LibClamAV debug: cli_detect_swizz_str: 71, 9, 6 >LibClamAV debug: swizz_j48: 845, 107, 71 >LibClamAV debug: cli_detect_swizz_str: ok, 49 words >LibClamAV debug: cli_detect_swizz_str: 58, 12, 3 >LibClamAV debug: swizz_j48: 813, 168, 42 >LibClamAV debug: cli_detect_swizz_str: ok, 48 words >LibClamAV debug: cli_detect_swizz_str: 53, 16, 4 >LibClamAV debug: swizz_j48: 743, 224, 56 >LibClamAV debug: cli_detect_swizz_str: ok, 45 words >LibClamAV debug: cli_detect_swizz_str: 58, 22, 39 >LibClamAV debug: swizz_j48: 499, 189, 335 >LibClamAV debug: cli_detect_swizz_str: ok, 106 words >LibClamAV debug: cli_detect_swizz_str: 33, 5, 20 >LibClamAV debug: swizz_j48: 582, 88, 353 >LibClamAV debug: cli_detect_swizz_str: ok, 61 words >LibClamAV debug: cli_detect_swizz_str: 32, 7, 4 >LibClamAV debug: swizz_j48: 762, 166, 95 >LibClamAV debug: cli_detect_swizz_str: ok, 23 words >LibClamAV debug: cli_detect_swizz_str: 70, 26, 12 >LibClamAV debug: swizz_j48: 663, 246, 113 >LibClamAV debug: cli_detect_swizz_str: ok, 70 words >LibClamAV debug: cli_detect_swizz_str: 54, 34, 20 >LibClamAV debug: swizz_j48: 512, 322, 189 >LibClamAV debug: cli_detect_swizz_str: ok, 84 words >LibClamAV debug: cli_detect_swizz_str: 65, 18, 16 >LibClamAV debug: swizz_j48: 672, 186, 165 >LibClamAV debug: cli_detect_swizz_str: ok, 74 words >LibClamAV debug: cli_detect_swizz_str: 34, 4, 15 >LibClamAV debug: swizz_j48: 656, 77, 289 >LibClamAV debug: cli_detect_swizz_str: ok, 44 words >LibClamAV debug: cli_detect_swizz_str: 61, 10, 13 >LibClamAV debug: swizz_j48: 743, 121, 158 >LibClamAV debug: cli_detect_swizz_str: ok, 57 words >LibClamAV debug: cli_detect_swizz_str: 58, 9, 15 >LibClamAV debug: swizz_j48: 724, 112, 187 >LibClamAV debug: cli_detect_swizz_str: ok, 61 words >LibClamAV debug: cli_detect_swizz_str: 27, 19, 15 >LibClamAV debug: swizz_j48: 453, 318, 251 >LibClamAV debug: cli_detect_swizz_str: ok, 55 words >LibClamAV debug: cli_detect_swizz_str: 20, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 7 words >LibClamAV debug: cli_detect_swizz_str: 16, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 6 words >LibClamAV debug: cli_detect_swizz_str: 36, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 8 words >LibClamAV debug: cli_detect_swizz_str: 67, 13, 1 >LibClamAV debug: swizz_j48: 847, 164, 12 >LibClamAV debug: cli_detect_swizz_str: ok, 40 words >LibClamAV debug: cli_detect_swizz_str: 20, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 7 words >LibClamAV debug: cli_detect_swizz_str: 16, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 6 words >LibClamAV debug: cli_detect_swizz_str: 36, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 8 words >LibClamAV debug: cli_detect_swizz_str: 67, 20, 3 >LibClamAV debug: swizz_j48: 762, 227, 34 >LibClamAV debug: cli_detect_swizz_str: ok, 48 words >LibClamAV debug: cli_detect_swizz_str: 35, 15, 5 >LibClamAV debug: swizz_j48: 651, 279, 93 >LibClamAV debug: cli_detect_swizz_str: ok, 36 words >LibClamAV debug: cli_detect_swizz_str: 59, 6, 0 >LibClamAV debug: swizz_j48: 929, 94, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 30 words >LibClamAV debug: cli_detect_swizz_str: 40, 23, 4 >LibClamAV debug: swizz_j48: 611, 351, 61 >LibClamAV debug: cli_detect_swizz_str: ok, 51 words >LibClamAV debug: cli_detect_swizz_str: 44, 27, 7 >LibClamAV debug: swizz_j48: 577, 354, 91 >LibClamAV debug: cli_detect_swizz_str: ok, 58 words >LibClamAV debug: cli_detect_swizz_str: 49, 6, 12 >LibClamAV debug: swizz_j48: 748, 91, 183 >LibClamAV debug: cli_detect_swizz_str: ok, 27 words >LibClamAV debug: cli_detect_swizz_str: 58, 1, 4 >LibClamAV debug: swizz_j48: 942, 16, 65 >LibClamAV debug: cli_detect_swizz_str: ok, 27 words >LibClamAV debug: cli_detect_swizz_str: 70, 26, 12 >LibClamAV debug: swizz_j48: 663, 246, 113 >LibClamAV debug: cli_detect_swizz_str: ok, 72 words >LibClamAV debug: cli_detect_swizz_str: 34, 4, 15 >LibClamAV debug: swizz_j48: 656, 77, 289 >LibClamAV debug: cli_detect_swizz_str: ok, 45 words >LibClamAV debug: cli_detect_swizz_str: 50, 1, 1 >LibClamAV debug: swizz_j48: 984, 19, 19 >LibClamAV debug: cli_detect_swizz_str: ok, 31 words >LibClamAV debug: cli_detect_swizz_str: 61, 9, 15 >LibClamAV debug: swizz_j48: 734, 108, 180 >LibClamAV debug: cli_detect_swizz_str: ok, 69 words >LibClamAV debug: cli_detect_swizz_str: 88, 31, 21 >LibClamAV debug: swizz_j48: 643, 226, 153 >LibClamAV debug: cli_detect_swizz_str: ok, 91 words >LibClamAV debug: cli_detect_swizz_str: 56, 10, 19 >LibClamAV debug: swizz_j48: 674, 120, 228 >LibClamAV debug: cli_detect_swizz_str: ok, 70 words >LibClamAV debug: cli_detect_swizz_str: 29, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 9 words >LibClamAV debug: cli_detect_swizz_str: 48, 2, 19 >LibClamAV debug: swizz_j48: 712, 29, 281 >LibClamAV debug: cli_detect_swizz_str: ok, 65 words >LibClamAV debug: cli_detect_swizz_str: 48, 2, 19 >LibClamAV debug: swizz_j48: 712, 29, 281 >LibClamAV debug: cli_detect_swizz_str: ok, 65 words >LibClamAV debug: cli_detect_swizz_str: 72, 13, 9 >LibClamAV debug: swizz_j48: 784, 141, 98 >LibClamAV debug: cli_detect_swizz_str: ok, 72 words >LibClamAV debug: cli_detect_swizz_str: 71, 9, 3 >LibClamAV debug: swizz_j48: 875, 111, 37 >LibClamAV debug: cli_detect_swizz_str: ok, 49 words >LibClamAV debug: cli_detect_swizz_str: 71, 8, 4 >LibClamAV debug: swizz_j48: 875, 98, 49 >LibClamAV debug: cli_detect_swizz_str: ok, 53 words >LibClamAV debug: cli_detect_swizz_str: 71, 8, 4 >LibClamAV debug: swizz_j48: 875, 98, 49 >LibClamAV debug: cli_detect_swizz_str: ok, 57 words >LibClamAV debug: cli_detect_swizz_str: 41, 16, 10 >LibClamAV debug: swizz_j48: 626, 244, 152 >LibClamAV debug: cli_detect_swizz_str: ok, 64 words >LibClamAV debug: cli_detect_swizz_str: 78, 6, 19 >LibClamAV debug: swizz_j48: 775, 59, 188 >LibClamAV debug: cli_detect_swizz_str: ok, 83 words >LibClamAV debug: cli_detect_swizz_str: 79, 5, 19 >LibClamAV debug: swizz_j48: 785, 49, 188 >LibClamAV debug: cli_detect_swizz_str: ok, 81 words >LibClamAV debug: cli_detect_swizz_str: 21, 11, 0 >LibClamAV debug: swizz_j48: 672, 352, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 17 words >LibClamAV debug: cli_detect_swizz_str: 61, 10, 16 >LibClamAV debug: swizz_j48: 717, 117, 188 >LibClamAV debug: cli_detect_swizz_str: ok, 77 words >LibClamAV debug: cli_detect_swizz_str: 61, 11, 16 >LibClamAV debug: swizz_j48: 709, 128, 186 >LibClamAV debug: cli_detect_swizz_str: ok, 74 words >LibClamAV debug: cli_detect_swizz_str: 30, 4, 18 >LibClamAV debug: swizz_j48: 590, 78, 354 >LibClamAV debug: cli_detect_swizz_str: ok, 58 words >LibClamAV debug: cli_detect_swizz_str: 36, 1, 0 >LibClamAV debug: swizz_j48: 996, 27, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 28 words >LibClamAV debug: cli_detect_swizz_str: 48, 16, 10 >LibClamAV debug: swizz_j48: 664, 221, 138 >LibClamAV debug: cli_detect_swizz_str: ok, 48 words >LibClamAV debug: cli_detect_swizz_str: 72, 11, 15 >LibClamAV debug: swizz_j48: 752, 114, 156 >LibClamAV debug: cli_detect_swizz_str: ok, 74 words >LibClamAV debug: cli_detect_swizz_str: 69, 17, 14 >LibClamAV debug: swizz_j48: 706, 174, 143 >LibClamAV debug: cli_detect_swizz_str: ok, 69 words >LibClamAV debug: cli_detect_swizz_str: 69, 9, 27 >LibClamAV debug: swizz_j48: 672, 87, 263 >LibClamAV debug: cli_detect_swizz_str: ok, 78 words >LibClamAV debug: cli_detect_swizz_str: 49, 7, 16 >LibClamAV debug: swizz_j48: 696, 99, 227 >LibClamAV debug: cli_detect_swizz_str: ok, 60 words >LibClamAV debug: cli_detect_swizz_str: 59, 2, 5 >LibClamAV debug: swizz_j48: 915, 31, 77 >LibClamAV debug: cli_detect_swizz_str: ok, 45 words >LibClamAV debug: cli_detect_swizz_str: 63, 13, 16 >LibClamAV debug: swizz_j48: 701, 144, 178 >LibClamAV debug: cli_detect_swizz_str: ok, 69 words >LibClamAV debug: cli_detect_swizz_str: 59, 24, 27 >LibClamAV debug: swizz_j48: 549, 223, 251 >LibClamAV debug: cli_detect_swizz_str: ok, 87 words >LibClamAV debug: cli_detect_swizz_str: 57, 15, 9 >LibClamAV debug: swizz_j48: 720, 189, 113 >LibClamAV debug: cli_detect_swizz_str: ok, 55 words >LibClamAV debug: cli_detect_swizz_str: 62, 16, 9 >LibClamAV debug: swizz_j48: 729, 188, 105 >LibClamAV debug: cli_detect_swizz_str: ok, 57 words >LibClamAV debug: cli_detect_swizz_str: 87, 36, 12 >LibClamAV debug: swizz_j48: 659, 273, 91 >LibClamAV debug: cli_detect_swizz_str: ok, 74 words >LibClamAV debug: cli_detect_swizz_str: 90, 43, 6 >LibClamAV debug: swizz_j48: 663, 316, 44 >LibClamAV debug: cli_detect_swizz_str: ok, 73 words >LibClamAV debug: cli_detect_swizz_str: 62, 25, 4 >LibClamAV debug: swizz_j48: 697, 281, 45 >LibClamAV debug: cli_detect_swizz_str: ok, 59 words >LibClamAV debug: cli_detect_swizz_str: 34, 4, 19 >LibClamAV debug: swizz_j48: 610, 71, 341 >LibClamAV debug: cli_detect_swizz_str: ok, 51 words >LibClamAV debug: cli_detect_swizz_str: 68, 19, 10 >LibClamAV debug: swizz_j48: 717, 200, 105 >LibClamAV debug: cli_detect_swizz_str: ok, 64 words >LibClamAV debug: cli_detect_swizz_str: 96, 19, 17 >LibClamAV debug: swizz_j48: 744, 147, 131 >LibClamAV debug: cli_detect_swizz_str: ok, 78 words >LibClamAV debug: cli_detect_swizz_str: 64, 18, 15 >LibClamAV debug: swizz_j48: 675, 190, 158 >LibClamAV debug: cli_detect_swizz_str: ok, 64 words >LibClamAV debug: cli_detect_swizz_str: 81, 44, 15 >LibClamAV debug: swizz_j48: 592, 321, 109 >LibClamAV debug: cli_detect_swizz_str: ok, 91 words >LibClamAV debug: cli_detect_swizz_str: 79, 11, 27 >LibClamAV debug: swizz_j48: 691, 96, 236 >LibClamAV debug: cli_detect_swizz_str: ok, 83 words >LibClamAV debug: cli_detect_swizz_str: 53, 7, 13 >LibClamAV debug: swizz_j48: 743, 98, 182 >LibClamAV debug: cli_detect_swizz_str: ok, 53 words >LibClamAV debug: cli_detect_swizz_str: 78, 2, 6 >LibClamAV debug: swizz_j48: 928, 23, 71 >LibClamAV debug: cli_detect_swizz_str: ok, 45 words >LibClamAV debug: cli_detect_swizz_str: 36, 13, 18 >LibClamAV debug: swizz_j48: 550, 198, 275 >LibClamAV debug: cli_detect_swizz_str: ok, 61 words >LibClamAV debug: cli_detect_swizz_str: 60, 7, 13 >LibClamAV debug: swizz_j48: 768, 89, 166 >LibClamAV debug: cli_detect_swizz_str: ok, 53 words >LibClamAV debug: cli_detect_swizz_str: 77, 12, 15 >LibClamAV debug: swizz_j48: 758, 118, 147 >LibClamAV debug: cli_detect_swizz_str: ok, 74 words >LibClamAV debug: cli_detect_swizz_str: 77, 13, 22 >LibClamAV debug: swizz_j48: 704, 118, 201 >LibClamAV debug: cli_detect_swizz_str: ok, 83 words >LibClamAV debug: cli_detect_swizz_str: 26, 9, 6 >LibClamAV debug: swizz_j48: 649, 224, 149 >LibClamAV debug: cli_detect_swizz_str: ok, 37 words >LibClamAV debug: cli_detect_swizz_str: 13, 3, 0 >LibClamAV debug: swizz_j48: 832, 192, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 12 words >LibClamAV debug: cli_detect_swizz_str: 12, 7, 1 >LibClamAV debug: swizz_j48: 614, 358, 51 >LibClamAV debug: cli_detect_swizz_str: ok, 16 words >LibClamAV debug: cli_detect_swizz_str: 12, 3, 1 >LibClamAV debug: swizz_j48: 768, 192, 64 >LibClamAV debug: cli_detect_swizz_str: ok, 14 words >LibClamAV debug: cli_detect_swizz_str: 34, 10, 1 >LibClamAV debug: swizz_j48: 773, 227, 22 >LibClamAV debug: cli_detect_swizz_str: ok, 30 words >LibClamAV debug: cli_detect_swizz_str: 43, 15, 3 >LibClamAV debug: swizz_j48: 721, 251, 50 >LibClamAV debug: cli_detect_swizz_str: ok, 26 words >LibClamAV debug: cli_detect_swizz_str: 67, 22, 3 >LibClamAV debug: swizz_j48: 745, 244, 33 >LibClamAV debug: cli_detect_swizz_str: ok, 34 words >LibClamAV debug: cli_detect_swizz_str: 5, 0, 44 >LibClamAV debug: swizz_j48: 104, 0, 919 >LibClamAV debug: cli_detect_swizz_str: ok, 100 words >LibClamAV debug: cli_detect_swizz_str: 36, 6, 0 >LibClamAV debug: swizz_j48: 877, 146, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 16 words >LibClamAV debug: cli_detect_swizz_str: 76, 8, 5 >LibClamAV debug: swizz_j48: 874, 92, 57 >LibClamAV debug: cli_detect_swizz_str: ok, 30 words >LibClamAV debug: cli_detect_swizz_str: 42, 35, 13 >LibClamAV debug: swizz_j48: 477, 398, 147 >LibClamAV debug: cli_detect_swizz_str: ok, 59 words >LibClamAV debug: cli_detect_swizz_str: 95, 31, 79 >LibClamAV debug: swizz_j48: 474, 154, 394 >LibClamAV debug: cli_detect_swizz_str: ok, 254 words >LibClamAV debug: cli_detect_swizz_str: 3, 29, 5 >LibClamAV debug: swizz_j48: 83, 802, 138 >LibClamAV debug: cli_detect_swizz_str: ok, 21 words >LibClamAV debug: cli_detect_swizz_str: 3, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 0 words >LibClamAV debug: cli_detect_swizz_str: 31, 3, 0 >LibClamAV debug: swizz_j48: 933, 90, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 14 words >LibClamAV debug: cli_detect_swizz_str: 4, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 0 words >LibClamAV debug: cli_detect_swizz_str: 36, 1, 4 >LibClamAV debug: swizz_j48: 899, 24, 99 >LibClamAV debug: cli_detect_swizz_str: ok, 15 words >LibClamAV debug: cli_detect_swizz_str: 11, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 3 words >LibClamAV debug: cli_detect_swizz_str: 35, 3, 0 >LibClamAV debug: swizz_j48: 943, 80, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 13 words >LibClamAV debug: cli_detect_swizz_str: 101, 36, 13 >LibClamAV debug: swizz_j48: 689, 245, 88 >LibClamAV debug: cli_detect_swizz_str: ok, 79 words >LibClamAV debug: cli_detect_swizz_str: 39, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 15 words >LibClamAV debug: cli_detect_swizz_str: 91, 45, 44 >LibClamAV debug: swizz_j48: 517, 256, 250 >LibClamAV debug: cli_detect_swizz_str: ok, 126 words >LibClamAV debug: cli_detect_swizz_str: 110, 39, 30 >LibClamAV debug: swizz_j48: 629, 223, 171 >LibClamAV debug: cli_detect_swizz_str: ok, 130 words >LibClamAV debug: cli_detect_swizz_str: 98, 28, 33 >LibClamAV debug: swizz_j48: 631, 180, 212 >LibClamAV debug: cli_detect_swizz_str: ok, 118 words >LibClamAV debug: cli_detect_swizz_str: 3, 8, 0 >LibClamAV debug: swizz_j48: 279, 744, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 1 words >LibClamAV debug: cli_detect_swizz_str: 75, 4, 6 >LibClamAV debug: swizz_j48: 903, 48, 72 >LibClamAV debug: cli_detect_swizz_str: ok, 39 words >LibClamAV debug: cli_detect_swizz_str: 168, 45, 34 >LibClamAV debug: swizz_j48: 696, 186, 140 >LibClamAV debug: cli_detect_swizz_str: ok, 169 words >LibClamAV debug: cli_detect_swizz_str: 157, 72, 128 >LibClamAV debug: swizz_j48: 450, 206, 367 >LibClamAV debug: cli_detect_swizz_str: ok, 406 words >LibClamAV debug: cli_detect_swizz_str: 184, 72, 164 >LibClamAV debug: swizz_j48: 448, 175, 399 >LibClamAV debug: cli_detect_swizz_str: ok, 386 words >LibClamAV debug: cli_detect_swizz_str: 157, 55, 59 >LibClamAV debug: swizz_j48: 593, 207, 222 >LibClamAV debug: cli_detect_swizz_str: ok, 174 words >LibClamAV debug: cli_detect_swizz_str: 98, 13, 11 >LibClamAV debug: swizz_j48: 822, 109, 92 >LibClamAV debug: cli_detect_swizz_str: ok, 43 words >LibClamAV debug: cli_detect_swizz_str: 28, 3, 1 >LibClamAV debug: swizz_j48: 896, 96, 32 >LibClamAV debug: cli_detect_swizz_str: ok, 13 words >LibClamAV debug: cli_detect_swizz_str: 27, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 7 words >LibClamAV debug: cli_detect_swizz_str: 38, 2, 0 >LibClamAV debug: swizz_j48: 972, 51, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 9 words >LibClamAV debug: cli_detect_swizz_str: 29, 16, 31 >LibClamAV debug: swizz_j48: 390, 215, 417 >LibClamAV debug: cli_detect_swizz_str: ok, 32 words >LibClamAV debug: cli_detect_swizz_str: 11, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 1 words >LibClamAV debug: cli_detect_swizz_str: 84, 8, 7 >LibClamAV debug: swizz_j48: 868, 82, 72 >LibClamAV debug: cli_detect_swizz_str: ok, 35 words >LibClamAV debug: cli_detect_swizz_str: 142, 38, 45 >LibClamAV debug: swizz_j48: 646, 172, 204 >LibClamAV debug: cli_detect_swizz_str: ok, 149 words >LibClamAV debug: cli_detect_swizz_str: 73, 24, 76 >LibClamAV debug: swizz_j48: 432, 142, 449 >LibClamAV debug: cli_detect_swizz_str: ok, 202 words >LibClamAV debug: cli_detect_swizz_str: 115, 52, 72 >LibClamAV debug: swizz_j48: 492, 222, 308 >LibClamAV debug: cli_detect_swizz_str: ok, 199 words >LibClamAV debug: cli_detect_swizz_str: 28, 0, 0 >LibClamAV debug: swizz_j48: 1024, 0, 0 >LibClamAV debug: cli_detect_swizz_str: ok, 10 words >LibClamAV debug: cli_detect_swizz_str: 116, 29, 20 >LibClamAV debug: swizz_j48: 719, 179, 124 >LibClamAV debug: cli_detect_swizz_str: ok, 80 words >LibClamAV debug: cli_detect_swizz_str: 90, 34, 61 >LibClamAV debug: swizz_j48: 498, 188, 337 >LibClamAV debug: cli_detect_swizz_str: ok, 141 words >LibClamAV debug: cli_detect_swizz_str: 118, 40, 57 >LibClamAV debug: swizz_j48: 562, 190, 271 >LibClamAV debug: cli_detect_swizz_str: ok, 204 words >LibClamAV debug: cli_detect_swizz_str: 80, 39, 16 >LibClamAV debug: swizz_j48: 606, 295, 121 >LibClamAV debug: cli_detect_swizz_str: ok, 30 words >LibClamAV debug: cli_detect_swizz: 0/41460, version:1, manifest: 0 >LibClamAV debug: cli_detect_swizz: gn: 7911, 3955, 2886, 1282, 1282, 1363, 1069, 694, 614, 11706, >LibClamAV debug: cli_detect_swizz: global: clean >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: d28b31e1e3d9972cce01e4deb0288b31 (level 0) >LibClamAV debug: is_parse_hdr: skipped external file:\layout.bin (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) >LibClamAV debug: is_parse_hdr: skipped external file:\data1.hdr (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) >LibClamAV debug: is_parse_hdr: skipped external file:\data1.cab (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) >LibClamAV debug: is_parse_hdr: skipped external file:\setup.exe (size: 121064 csize: 121064 md5:bef1e6a9b97045ec3f2b9cf34acb6810) >LibClamAV debug: is_parse_hdr: skipped external file:\setup.inx (size: 210370 csize: 210370 md5:6045272582fa1efe9ea7ff1e888facd6) >LibClamAV debug: is_parse_hdr: skipped external file:\setup.ini (size: 452 csize: 452 md5:677bb0dbd503488e051b8ce98518270c) >LibClamAV debug: is_parse_hdr: file \clam.exe (size: 544 csize: 258 md5:aa15bcf478d165efd2065190eb473bcb offset:200 (data2.cab) 13:20 14:75023af3 15:2) >LibClamAV debug: is_extract_cab: extracted to /tmp//clamav-89f58a0563193fb64c67e65c00675a88.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 235bb0bcf01b767d5cf5570027c93f6b:1744032:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2987 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 37b9b0f97ea3bd6269e1d0be65185da2 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 0, rva: 99e18 >LibClamAV debug: cli_peheader: parsing version info @ rva 99e18 (1/1) >LibClamAV debug: VersionInfo (deda2): 'CompanyName'='company ' - VI:43006f006d00700061006e0079004e0061006d0065000000000063006f006d00700061006e0079002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (dee3e): 'FileDescription'='Setup Launcher Unicode ' - VI:460069006c0065004400650073006300720069007000740069006f006e00000000005300650074007500700020004c00610075006e006300680065007200200055006e00690063006f0064006500200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (deee6): 'FileVersion'='1.00.0000 ' - VI:460069006c006500560065007200730069006f006e000000000031002e00300030002e00300030003000300020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (def6a): 'InternalName'='Setup ' - VI:49006e007400650072006e0061006c004e0061006d00650000005300650074007500700020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (defe6): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. ' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (df112): 'OriginalFilename'='Setup.exe ' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e0065007800650020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (df19e): 'ProductName'='clam ' - VI:500072006f0064007500630074004e0061006d0065000000000063006c0061006d0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (df22a): 'ProductVersion'='1.00.0000 ' - VI:500072006f006400750063007400560065007200730069006f006e00000031002e00300030002e0030003000300030002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (df2aa): 'Internal Build Number'='90563 ' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d00620065007200000000003900300035003600330020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ISHIELD-MSI >LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: ISHIELD-MSI signature found at 915561 >LibClamAV debug: in ishield-msi >LibClamAV debug: ishield-msi: File clam.exe409.bmp (csize: 106, unk1:6 unk2:0 unk3:0 unk4:1 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) >LibClamAV debug: ishield-msi: extracted to /tmp//clamav-7549eb839de7de802a0afad93e581cb6.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 37b9b0f97ea3bd6269e1d0be65185da2:1215239:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 2f60b47aa5ff8931c786fbe0eafc657e is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 0, rva: 99e18 >LibClamAV debug: cli_peheader: parsing version info @ rva 99e18 (1/1) >LibClamAV debug: VersionInfo (deda2): 'CompanyName'='company ' - VI:43006f006d00700061006e0079004e0061006d0065000000000063006f006d00700061006e0079002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (dee3e): 'FileDescription'='Setup Launcher Unicode ' - VI:460069006c0065004400650073006300720069007000740069006f006e00000000005300650074007500700020004c00610075006e006300680065007200200055006e00690063006f0064006500200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (deee6): 'FileVersion'='1.00.0000 ' - VI:460069006c006500560065007200730069006f006e000000000031002e00300030002e00300030003000300020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (def6a): 'InternalName'='Setup ' - VI:49006e007400650072006e0061006c004e0061006d00650000005300650074007500700020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (defe6): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. ' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (df112): 'OriginalFilename'='Setup.exe ' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e0065007800650020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (df19e): 'ProductName'='clam ' - VI:500072006f0064007500630074004e0061006d0065000000000063006c0061006d0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (df22a): 'ProductVersion'='1.00.0000 ' - VI:500072006f006400750063007400560065007200730069006f006e00000031002e00300030002e0030003000300030002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: VersionInfo (df2aa): 'Internal Build Number'='90563 ' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d00620065007200000000003900300035003600330020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ISHIELD-MSI >LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Can't read file header >LibClamAV debug: ISHIELD-MSI signature found at 915561 >LibClamAV debug: in ishield-msi >LibClamAV debug: ishield-msi: File 0x0409.ini (csize: 1153, unk1:6 unk2:0 unk3:0 unk4:1 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) >LibClamAV debug: ishield-msi: extracted to /tmp//clamav-0376b1b3f78ad608ca3d61f02ff0b817.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized UTF-16LE character data >LibClamAV debug: entconv: Encoding UTF-16LE >LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 >LibClamAV debug: cache_check: 36affbd6ff77d1515cfc1c5e998fbaf9 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 36affbd6ff77d1515cfc1c5e998fbaf9 (level 0) >LibClamAV debug: ishield-msi: File EvalMarker.dat (csize: 8, unk1:6 unk2:0 unk3:0 unk4:1 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) >LibClamAV debug: ishield-msi: extracted to /tmp//clamav-4fdfcbcc3a84d5784ea150fb60d0cfb3.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Small data (0 bytes) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3006 (no post, no cache) >LibClamAV debug: ishield-msi: File clam.msi (csize: 3fdbd, unk1:6 unk2:0 unk3:0 unk4:1 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) >LibClamAV debug: ishield-msi: extracted to /tmp//clamav-284766a0b0a7f2e411dd3516848af789.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized OLE2 container file >LibClamAV debug: cache_check: efa529f28de651b561dc36646733e7e6 is negative >LibClamAV debug: in cli_scanole2() >LibClamAV debug: in cli_ole2_extract() >LibClamAV debug: >Magic: 0xLibClamAV debug: d0LibClamAV debug: cfLibClamAV debug: 11LibClamAV debug: e0LibClamAV debug: a1LibClamAV debug: b1LibClamAV debug: 1aLibClamAV debug: e1LibClamAV debug: >LibClamAV debug: CLSID: {LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: } >LibClamAV debug: Minor version: 0x3e >LibClamAV debug: DLL version: 0x3 >LibClamAV debug: Byte Order: -2 >LibClamAV debug: Big Block Size: 9 >LibClamAV debug: Small Block Size: 6 >LibClamAV debug: BAT count: 11 >LibClamAV debug: Prop start: 1 >LibClamAV debug: SBAT cutoff: 4096 >LibClamAV debug: SBat start: 56 >LibClamAV debug: SBat block count: 4 >LibClamAV debug: XBat start: -2 >LibClamAV debug: XBat block count: 0 > >LibClamAV debug: Max block number: 10280 >LibClamAV debug: OLE2: no VBA projects found >LibClamAV debug: OLE2: binary.newbinary4 [file] b size:0x00000cbe flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 5371475e745a1d5d8241f8d35d63b920 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 5371475e745a1d5d8241f8d35d63b920 (level 0) >LibClamAV debug: OLE2: 01adminexecutesequence [file] b size:0x00000036 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: c02ab4558c885456a8dc0895f8218e78 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: c02ab4558c885456a8dc0895f8218e78 (level 0) >LibClamAV debug: OLE2: icon.arpproducticon.exe [file] b size:0x0000d000 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 4667578a6b885927dac70c85a3e87e4f is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 9200 >LibClamAV debug: cli_peheader: parsing version info @ rva 9200 (1/1) >LibClamAV debug: VersionInfo (ba4a): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e00 >LibClamAV debug: VersionInfo (ba96): 'FileDescription'='InstallShield' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c005300680069006500 >LibClamAV debug: VersionInfo (bada): 'FileVersion'='16.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0033003200 >LibClamAV debug: VersionInfo (bb0e): 'InternalName'='_IsIcoRes.exe' - VI:49006e007400650072006e0061006c004e0061006d00650000005f0049007300490063006f005200650073002e006500 >LibClamAV debug: VersionInfo (bb4a): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c00200052006900670068007400730020005200650073006500720076006500 >LibClamAV debug: VersionInfo (bc26): 'OriginalFilename'='_IsIcoRes.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d00650000005f0049007300490063006f005200650073002e006500 >LibClamAV debug: VersionInfo (bc6a): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c005300680069006500 >LibClamAV debug: VersionInfo (bca6): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00 >LibClamAV debug: VersionInfo (bcd6): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 >LibClamAV debug: e_lfanew == 216 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Wed Jun 10 21:04:05 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x4000 >LibClamAV debug: SizeOfInitializedData: 0x8000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x1005 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0xd000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x35ae 0x4000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x7a0 0x1000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x5000 0x5000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x29dc 0x3000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x3000 0x3000 >LibClamAV debug: PointerToRawData: 0x6000 0x6000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x30e4 0x4000 >LibClamAV debug: VirtualAddress: 0x9000 0x9000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x9000 0x9000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x1005 (4101) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 4667578a6b885927dac70c85a3e87e4f (level 0) >LibClamAV debug: OLE2: 01installexecutesequence [file] b size:0x000001bc flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 4cb36190d6680b2807bc94a6991dc7db is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 4cb36190d6680b2807bc94a6991dc7db (level 0) >LibClamAV debug: OLE2: _5_summaryinformation [file] r size:0x00000224 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: entconv: Encoding UCS-4 >LibClamAV debug: entconv: iconv not found in cache, for encoding:UCS-4 >LibClamAV debug: entconv: Internal iconv >LibClamAV debug: entconv: iconv_open(),for:UCS-4 -> 0x4241f7a0 >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: entconv: Warning: unicode character out of utf16 range! >LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 >LibClamAV debug: cache_check: 4b51cc967957f26c2cef15a8c2cbc696 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 4b51cc967957f26c2cef15a8c2cbc696 (level 0) >LibClamAV debug: OLE2: 01advtexecutesequence [file] b size:0x00000060 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 30c1f86169b14c6f430776885316df3d is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 30c1f86169b14c6f430776885316df3d (level 0) >LibClamAV debug: OLE2: 01adminuisequence [file] b size:0x0000003c flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 14f6fec489f4d9db89817bc02bb3d3de is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 14f6fec489f4d9db89817bc02bb3d3de (level 0) >LibClamAV debug: OLE2: 01installuisequence [file] b size:0x0000009c flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 816b801e90a5e45ec40b4a6d4ffc556e is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 816b801e90a5e45ec40b4a6d4ffc556e (level 0) >LibClamAV debug: OLE2: 01issetuptypefeatures [file] b size:0x0000000c flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 2b9d03825b6b40206c0993861a2a5284 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 2b9d03825b6b40206c0993861a2a5284 (level 0) >LibClamAV debug: OLE2: 01iscomponentextended [file] r size:0x0000001e flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 0a338583cc13b37789ac0a051e84bc47 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 0a338583cc13b37789ac0a051e84bc47 (level 0) >LibClamAV debug: OLE2: binary.setallusers.dll [file] r size:0x0001e540 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 1b05788b22e09f5f4282f06a1686ba1f is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 1a048 >LibClamAV debug: cli_peheader: parsing version info @ rva 1a048 (1/1) >LibClamAV debug: VersionInfo (18116): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e00 >LibClamAV debug: VersionInfo (18162): 'FileDescription'='SetAllUsers' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000053006500740041006c006c00550073006500 >LibClamAV debug: VersionInfo (181a2): 'FileVersion'='16.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0033003200 >LibClamAV debug: VersionInfo (181d6): 'InternalName'='SetAllUsers' - VI:49006e007400650072006e0061006c004e0061006d006500000053006500740041006c006c00550073006500 >LibClamAV debug: VersionInfo (1820e): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c00200052006900670068007400730020005200650073006500720076006500 >LibClamAV debug: VersionInfo (182ea): 'OriginalFilename'='SetAllUsers.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000053006500740041006c006c00550073006500720073002e006400 >LibClamAV debug: VersionInfo (18332): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c005300680069006500 >LibClamAV debug: VersionInfo (1836e): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00 >LibClamAV debug: VersionInfo (1839e): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 >LibClamAV debug: e_lfanew == 264 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Wed Jun 10 19:15:27 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10000 >LibClamAV debug: SizeOfInitializedData: 0xe000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x7735 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xfa52 0x10000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10000 0x10000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2038 0x3000 >LibClamAV debug: VirtualAddress: 0x11000 0x11000 >LibClamAV debug: SizeOfRawData: 0x3000 0x3000 >LibClamAV debug: PointerToRawData: 0x11000 0x11000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5848 0x6000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x14000 0x14000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x420 0x1000 >LibClamAV debug: VirtualAddress: 0x1a000 0x1a000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x18000 0x18000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x3e14 0x4000 >LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x19000 0x19000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x7735 (30517) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_detect_swizz_str: 80, 37, 27 >LibClamAV debug: swizz_j48: 568, 263, 192 >LibClamAV debug: cli_detect_swizz_str: ok, 38 words >LibClamAV debug: cli_detect_swizz: 0/358, version:1, manifest: 0 >LibClamAV debug: cli_detect_swizz: gn: 18204, 8419, 3868, 910, 910, 455, 0, 0, 0, 0, >LibClamAV debug: cli_detect_swizz: global: clean >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 1b05788b22e09f5f4282f06a1686ba1f (level 0) >LibClamAV debug: OLE2: binary.isselfreg.dll [file] r size:0x00029538 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: b9be841281819a5af07e3611913a55f5 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 24048 >LibClamAV debug: cli_peheader: parsing version info @ rva 24048 (1/1) >LibClamAV debug: VersionInfo (220fe): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e00 >LibClamAV debug: VersionInfo (2214a): 'FileDescription'='ISRegSvr.dll Module' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000490053005200650067005300760072002e0064006c006c0020004d006f0064007500 >LibClamAV debug: VersionInfo (2219a): 'FileVersion'='16.0.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0030002e0033003200 >LibClamAV debug: VersionInfo (221d2): 'InternalName'='ISRegSvr.dll' - VI:49006e007400650072006e0061006c004e0061006d0065000000490053005200650067005300760072002e0064006c00 >LibClamAV debug: VersionInfo (2220e): 'OriginalFilename'='ISRegSvr.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000490053005200650067005300760072002e0064006c00 >LibClamAV debug: VersionInfo (22252): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c00200052006900670068007400730020005200650073006500720076006500 >LibClamAV debug: VersionInfo (2232e): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c005300680069006500 >LibClamAV debug: VersionInfo (2236a): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00 >LibClamAV debug: VersionInfo (2239a): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 >LibClamAV debug: e_lfanew == 264 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Wed Jun 10 19:15:13 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x1a000 >LibClamAV debug: SizeOfInitializedData: 0xf000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x11b2d >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x2a000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x19cd6 0x1a000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x1a000 0x1a000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x29d4 0x3000 >LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 >LibClamAV debug: SizeOfRawData: 0x3000 0x3000 >LibClamAV debug: PointerToRawData: 0x1b000 0x1b000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5848 0x6000 >LibClamAV debug: VirtualAddress: 0x1e000 0x1e000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x1e000 0x1e000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x418 0x1000 >LibClamAV debug: VirtualAddress: 0x24000 0x24000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x22000 0x22000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4178 0x5000 >LibClamAV debug: VirtualAddress: 0x25000 0x25000 >LibClamAV debug: SizeOfRawData: 0x5000 0x5000 >LibClamAV debug: PointerToRawData: 0x23000 0x23000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x11b2d (72493) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_detect_swizz_str: 79, 36, 28 >LibClamAV debug: swizz_j48: 565, 257, 200 >LibClamAV debug: cli_detect_swizz_str: ok, 41 words >LibClamAV debug: cli_detect_swizz: 0/357, version:1, manifest: 0 >LibClamAV debug: cli_detect_swizz: gn: 18102, 8249, 5041, 687, 687, 0, 0, 0, 0, 0, >LibClamAV debug: cli_detect_swizz: global: clean >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: b9be841281819a5af07e3611913a55f5 (level 0) >LibClamAV debug: OLE2: 01featurecomponents [file] b size:0x0000000c flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 40851857aabf17a3d1726e11ac6a1f53 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 40851857aabf17a3d1726e11ac6a1f53 (level 0) >LibClamAV debug: OLE2: binary.isexphlp.dll [file] b size:0x00019538 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 067bdf5e3c696b2cf069f1e1fc536cb0 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 224 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Wed Jun 10 19:09:26 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0xf000 >LibClamAV debug: SizeOfInitializedData: 0x9000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x7195 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x19000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xed8e 0xf000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0xf000 0xf000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1940 0x2000 >LibClamAV debug: VirtualAddress: 0x10000 0x10000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x10000 0x10000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4ac8 0x5000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x12000 0x12000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x176c 0x2000 >LibClamAV debug: VirtualAddress: 0x17000 0x17000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x16000 0x16000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x7195 (29077) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 067bdf5e3c696b2cf069f1e1fc536cb0 (level 0) >LibClamAV debug: OLE2: 01controlcondition [file] r size:0x000002f0 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 631c091fbd1542633b3b80f0f480bd41 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 631c091fbd1542633b3b80f0f480bd41 (level 0) >LibClamAV debug: OLE2: binary.newbinary6 [file] b size:0x000011b6 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 7ae6211cf33f3b24bcb3dfe2335ae665 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 7ae6211cf33f3b24bcb3dfe2335ae665 (level 0) >LibClamAV debug: OLE2: binary.newbinary8 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: fc70c1cdfdde03de2fe0df7d2e765232 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: fc70c1cdfdde03de2fe0df7d2e765232 (level 0) >LibClamAV debug: OLE2: binary.newbinary9 [file] r size:0x00002796 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 6e42cf0d47af25dea4cecdbe093d521c is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 6e42cf0d47af25dea4cecdbe093d521c (level 0) >LibClamAV debug: OLE2: binary.newbinary7 [file] r size:0x000002fe flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 6d13676263dc9721edebaafc689d8041 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 6d13676263dc9721edebaafc689d8041 (level 0) >LibClamAV debug: OLE2: binary.newbinary5 [file] b size:0x00003c08 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized JPEG file >LibClamAV debug: cache_check: a0c5d37ce39f8af4aeb99955f7c1403b is negative >LibClamAV debug: in cli_check_jpeg_exploit() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: a0c5d37ce39f8af4aeb99955f7c1403b (level 0) >LibClamAV debug: OLE2: binary.newbinary14 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 836970e8db25825325451f01f48383f9 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 836970e8db25825325451f01f48383f9 (level 0) >LibClamAV debug: OLE2: binary.newbinary18 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 33190636e8e16cc2aeb9d16a9edf7d81 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 33190636e8e16cc2aeb9d16a9edf7d81 (level 0) >LibClamAV debug: OLE2: binary.newbinary2 [file] b size:0x0000013e flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: c23cbf002d82192481b61ed7ec0890f4 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: c23cbf002d82192481b61ed7ec0890f4 (level 0) >LibClamAV debug: OLE2: binary.newbinary3 [file] b size:0x0000013e flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 83730ac00391fb0f02f56fe2e4207a10 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 83730ac00391fb0f02f56fe2e4207a10 (level 0) >LibClamAV debug: OLE2: binary.newbinary1 [file] b size:0x00000d0c flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized JPEG file >LibClamAV debug: cache_check: aa262223edcb4133972080119eca45ea is negative >LibClamAV debug: in cli_check_jpeg_exploit() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: aa262223edcb4133972080119eca45ea (level 0) >LibClamAV debug: OLE2: binary.newbinary16 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 9b140369b669be06a15d6c7ce099c48d is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 9b140369b669be06a15d6c7ce099c48d (level 0) >LibClamAV debug: OLE2: binary.newbinary17 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: a74f8a3a31718b091713ace0eeb60de6 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: a74f8a3a31718b091713ace0eeb60de6 (level 0) >LibClamAV debug: OLE2: binary.newbinary15 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 17dcb1a90bb1aa39c6d4b168119145b5 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 17dcb1a90bb1aa39c6d4b168119145b5 (level 0) >LibClamAV debug: OLE2: binary.newbinary10 [file] b size:0x000011b6 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 7f2548dc667d9a15410e22ed3a0fd099 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 7f2548dc667d9a15410e22ed3a0fd099 (level 0) >LibClamAV debug: OLE2: binary.newbinary12 [file] b size:0x00000cbe flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 6eb0cce1ca5d515df02f3770eac436b4 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 6eb0cce1ca5d515df02f3770eac436b4 (level 0) >LibClamAV debug: OLE2: binary.newbinary13 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 6052220b412200fcfe2c8e77cce7c42a is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 6052220b412200fcfe2c8e77cce7c42a (level 0) >LibClamAV debug: OLE2: binary.newbinary11 [file] b size:0x000011b6 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 7ae6211cf33f3b24bcb3dfe2335ae665 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2528 (no post, no cache) >LibClamAV debug: OLE2: 01controlevent [file] r size:0x00000798 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: adac420ec72c05e7dfb06f38cf1933b6 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: adac420ec72c05e7dfb06f38cf1933b6 (level 0) >LibClamAV debug: OLE2: 01createfolder [file] b size:0x00000008 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: ac433835c2d3b0c38eabd00560093d75 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: ac433835c2d3b0c38eabd00560093d75 (level 0) >LibClamAV debug: OLE2: 01customaction [file] b size:0x00000060 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 4cdd6cde882952408d1ef3f88edfeaa3 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 4cdd6cde882952408d1ef3f88edfeaa3 (level 0) >LibClamAV debug: OLE2: 01eventmapping [file] r size:0x00000078 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 400e1608b2521f32077a2409026e599b is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 400e1608b2521f32077a2409026e599b (level 0) >LibClamAV debug: OLE2: 01msifilehash [file] r size:0x00000014 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 85526b2efc358624dc2b5484b49ec495 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 85526b2efc358624dc2b5484b49ec495 (level 0) >LibClamAV debug: OLE2: 01_validation [file] b size:0x000012d8 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: dd00094e2735911ac4edfe57b574bdf8 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: dd00094e2735911ac4edfe57b574bdf8 (level 0) >LibClamAV debug: OLE2: 01radiobutton [file] b size:0x000000d8 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 02b76e2ad49a575e7adb59fc0cf9e629 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 02b76e2ad49a575e7adb59fc0cf9e629 (level 0) >LibClamAV debug: OLE2: 01component [file] r size:0x00000024 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 4288708281468e9daee219a08ebb7716 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 4288708281468e9daee219a08ebb7716 (level 0) >LibClamAV debug: OLE2: 01_stringdata [file] b size:0x00016eed flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 326928e2791390490f331ecf8bd610f1 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 326928e2791390490f331ecf8bd610f1 (level 0) >LibClamAV debug: OLE2: 01_stringpool [file] r size:0x00002c1c flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 01d545252f6faa983f19008530e7a862 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 01d545252f6faa983f19008530e7a862 (level 0) >LibClamAV debug: OLE2: 01issetuptype [file] r size:0x00000018 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 047a05b3ce47763a239dd0a5e9742f9a is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 047a05b3ce47763a239dd0a5e9742f9a (level 0) >LibClamAV debug: OLE2: 01upgrade [file] b size:0x00000010 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 7ff2b0570dc7468f539f2c7e514ebc91 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 7ff2b0570dc7468f539f2c7e514ebc91 (level 0) >LibClamAV debug: OLE2: 01textstyle [file] b size:0x00000120 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: fa6afc971904f8d2e449c17014c0a8ad is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: fa6afc971904f8d2e449c17014c0a8ad (level 0) >LibClamAV debug: OLE2: 01directory [file] r size:0x00000042 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 602fad121f27bc6f08468195956651b1 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 602fad121f27bc6f08468195956651b1 (level 0) >LibClamAV debug: OLE2: 01actiontext [file] b size:0x000001a4 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: fbb9e1da03525140eca2290883374101 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: fbb9e1da03525140eca2290883374101 (level 0) >LibClamAV debug: OLE2: 01property [file] r size:0x00000140 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 7eedccf84814ab89c9be1971916b2340 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 7eedccf84814ab89c9be1971916b2340 (level 0) >LibClamAV debug: OLE2: 01checkbox [file] b size:0x0000000c flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 89b7b3da5974ee1a40e9b8fea7f59ae7 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 89b7b3da5974ee1a40e9b8fea7f59ae7 (level 0) >LibClamAV debug: OLE2: 01control [file] r size:0x0000293c flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: aa247c4e9b047130ca0aa178972ba508 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: aa247c4e9b047130ca0aa178972ba508 (level 0) >LibClamAV debug: OLE2: 01file [file] b size:0x00000012 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: d56f92bbf68e34293641e5e0f9bc2857 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: d56f92bbf68e34293641e5e0f9bc2857 (level 0) >LibClamAV debug: OLE2: 01binary [file] r size:0x00000054 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 1d58b97dfce3ba06a0e4a00f982cf2ef is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 1d58b97dfce3ba06a0e4a00f982cf2ef (level 0) >LibClamAV debug: OLE2: 01feature [file] b size:0x00000010 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 8aed2b47eaa29d720da73246e463d67a is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 8aed2b47eaa29d720da73246e463d67a (level 0) >LibClamAV debug: OLE2: 01error [file] r size:0x00000994 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: d8edf31a1e45752e1654492056feaa2b is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: d8edf31a1e45752e1654492056feaa2b (level 0) >LibClamAV debug: OLE2: 01_columns [file] b size:0x00000578 flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 2bb78a0fec31babea8bb931d7e152026 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 2bb78a0fec31babea8bb931d7e152026 (level 0) >LibClamAV debug: OLE2: 01_tables [file] r size:0x0000004c flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 023736b780fd296af291267d4904603f is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 023736b780fd296af291267d4904603f (level 0) >LibClamAV debug: OLE2: data1.cab [file] r size:0x0000014f flags:0x00000000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS CAB file >LibClamAV debug: cache_check: 541061b126a8ff657e1f9f842a47a1f7 is negative >LibClamAV debug: in cli_scanmscab() >LibClamAV debug: CAB: -------------- Cabinet file ---------------- >LibClamAV debug: CAB: Cabinet length: 335 >LibClamAV debug: CAB: Folders: 1 >LibClamAV debug: CAB: Files: 1 >LibClamAV debug: CAB: File format version: 1.3 >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 69 >LibClamAV debug: CAB: Folder compression method: 1 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: CAB: File record 0 >LibClamAV debug: CAB: File name: clam*exe >LibClamAV debug: CAB: File offset: 0 >LibClamAV debug: CAB: File folder index: 0 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:clam*exe:0:544:0:1:0:0x0 >LibClamAV debug: CAB: Extracting file clam*exe to /tmp//clamav-3aeff309c5fc6d39073e6fd08b45f695.tmp, size 544, max_size: 26214400 >LibClamAV debug: CAB: Compression method: MSZIP >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: FP SIGNATURE: 541061b126a8ff657e1f9f842a47a1f7:335:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: FP SIGNATURE: efa529f28de651b561dc36646733e7e6:658432:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 2f60b47aa5ff8931c786fbe0eafc657e:1184248:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 0fcad0a2051bd0dfc8222694a41e2f86 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 8eaa9787edb074abdfaa93e15c33a8e2 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-753243407ffe25a6f2a2acf8550a3253.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] >LibClamAV debug: cli_untar: Checksum 4760 is valid. >LibClamAV debug: cli_untar: size = 1539 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1539:clam01.tgz:1539:1539:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-753243407ffe25a6f2a2acf8550a3253.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: cli_untar: pos = 2560 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 86b9faab66dfbb5494f02098de233337 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 1fd8b88265ce3f5f609112d1d7290360 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-2e92fe97e534ea5d5df76c02be443e8a.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] >LibClamAV debug: cli_untar: Checksum 4760 is valid. >LibClamAV debug: cli_untar: size = 1362 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1362:clam02.tgz:1362:1362:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-2e92fe97e534ea5d5df76c02be443e8a.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 3fd6edd55afc9ffd1b1b3a14037d318d is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 5/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 4686aa63b54275d9291460aeb43112fc is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-0e1244ef03b1a14bc40cdb3760e120cf.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4761, [11231 in octal] >LibClamAV debug: cli_untar: Checksum 4761 is valid. >LibClamAV debug: cli_untar: size = 1184 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1184:clam03.tgz:1184:1184:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-0e1244ef03b1a14bc40cdb3760e120cf.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: in cli_magic_scandesc (reclevel: 6/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: eefe348a7f2bbb93457c7542f2d25d40 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 7/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: c7035dd4361509ca567acf285f9cae7d is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-55598da5bd7a56f9151d7f9b7df938ad.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4762, [11232 in octal] >LibClamAV debug: cli_untar: Checksum 4762 is valid. >LibClamAV debug: cli_untar: size = 1028 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1028:clam04.tgz:1028:1028:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-55598da5bd7a56f9151d7f9b7df938ad.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: in cli_magic_scandesc (reclevel: 8/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: ae187a29a2985e38431a78c6af659c36 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 9/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: c465b8291b2cfe4dbc1c457feef5364a is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-c32a51b44305ff7589c8ee25dd7ccb4c.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4763, [11233 in octal] >LibClamAV debug: cli_untar: Checksum 4763 is valid. >LibClamAV debug: cli_untar: size = 844 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:844:clam05.tgz:844:844:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-c32a51b44305ff7589c8ee25dd7ccb4c.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 10/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: f81648d0166b550d74b5972632035215 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 11/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 97e0ec966bce0ed5368f7abd66a8a566 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-eb58a27dd64a715c9bbd77b2c74a8d4d.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4771, [11243 in octal] >LibClamAV debug: cli_untar: Checksum 4771 is valid. >LibClamAV debug: cli_untar: size = 694 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:694:clam06.tgz:694:694:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-eb58a27dd64a715c9bbd77b2c74a8d4d.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 12/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 229f703eda82655237de5742b71337e3 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 13/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 14ee5843e6c9e23c48e0a4c72f1b0055 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-30d53c991bf90e602ab7a5d341af9205.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4764, [11234 in octal] >LibClamAV debug: cli_untar: Checksum 4764 is valid. >LibClamAV debug: cli_untar: size = 550 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:550:clam07.tgz:550:550:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-30d53c991bf90e602ab7a5d341af9205.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 14/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: a9d25b35786e3a86e7d95e5b6af41544 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 15/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 9c2ea61e882349220e49b33a56b4ac08 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-4ef50231f99ceffaeace66d79d57f4c4.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4773, [11245 in octal] >LibClamAV debug: cli_untar: Checksum 4773 is valid. >LibClamAV debug: cli_untar: size = 389 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:389:clam08.tgz:389:389:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-4ef50231f99ceffaeace66d79d57f4c4.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: in cli_magic_scandesc (reclevel: 16/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 497c54d7262dc2c8b74fd3eb327099c5 is negative >LibClamAV debug: cli_magic_scandesc: Hit recursion limit, only scanning raw file >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: emax_reached: marked parents as non cacheable >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2553 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 9c2ea61e882349220e49b33a56b4ac08 (level 15) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: a9d25b35786e3a86e7d95e5b6af41544 (level 14) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 14ee5843e6c9e23c48e0a4c72f1b0055 (level 13) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 229f703eda82655237de5742b71337e3 (level 12) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 97e0ec966bce0ed5368f7abd66a8a566 (level 11) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: f81648d0166b550d74b5972632035215 (level 10) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: c465b8291b2cfe4dbc1c457feef5364a (level 9) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: ae187a29a2985e38431a78c6af659c36 (level 8) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: c7035dd4361509ca567acf285f9cae7d (level 7) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: eefe348a7f2bbb93457c7542f2d25d40 (level 6) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 4686aa63b54275d9291460aeb43112fc (level 5) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 3fd6edd55afc9ffd1b1b3a14037d318d (level 4) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 1fd8b88265ce3f5f609112d1d7290360 (level 3) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2985 >LibClamAV debug: cache_add: 86b9faab66dfbb5494f02098de233337 (level 2) >LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] >LibClamAV debug: cli_untar: Checksum 4760 is valid. >LibClamAV debug: cli_untar: size = 1362 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1362:clam02.tgz:1362:1362:0:2:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-753243407ffe25a6f2a2acf8550a3253.tmp/tar02 >LibClamAV debug: cli_untar: pos = 3072 >LibClamAV debug: cli_untar: pos = 3584 >LibClamAV debug: cli_untar: pos = 4096 >LibClamAV debug: cli_untar: pos = 4608 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 3fd6edd55afc9ffd1b1b3a14037d318d is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 4686aa63b54275d9291460aeb43112fc is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-772dc42c300dc74d743a270e8f600ea1.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4761, [11231 in octal] >LibClamAV debug: cli_untar: Checksum 4761 is valid. >LibClamAV debug: cli_untar: size = 1184 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1184:clam03.tgz:1184:1184:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-772dc42c300dc74d743a270e8f600ea1.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: eefe348a7f2bbb93457c7542f2d25d40 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 5/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: c7035dd4361509ca567acf285f9cae7d is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-822ffe62ff24e08eba8eec056bda882a.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4762, [11232 in octal] >LibClamAV debug: cli_untar: Checksum 4762 is valid. >LibClamAV debug: cli_untar: size = 1028 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1028:clam04.tgz:1028:1028:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-822ffe62ff24e08eba8eec056bda882a.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: in cli_magic_scandesc (reclevel: 6/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: ae187a29a2985e38431a78c6af659c36 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 7/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: c465b8291b2cfe4dbc1c457feef5364a is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-862a06b272809ae8fd95e7612c09e12d.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4763, [11233 in octal] >LibClamAV debug: cli_untar: Checksum 4763 is valid. >LibClamAV debug: cli_untar: size = 844 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:844:clam05.tgz:844:844:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-862a06b272809ae8fd95e7612c09e12d.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 8/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: f81648d0166b550d74b5972632035215 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 9/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 97e0ec966bce0ed5368f7abd66a8a566 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-3433b53118576260dea87258ffbbec81.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4771, [11243 in octal] >LibClamAV debug: cli_untar: Checksum 4771 is valid. >LibClamAV debug: cli_untar: size = 694 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:694:clam06.tgz:694:694:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-3433b53118576260dea87258ffbbec81.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 10/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 229f703eda82655237de5742b71337e3 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 11/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 14ee5843e6c9e23c48e0a4c72f1b0055 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-2ba5ce93963111efdd51f41bfac4f6cb.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4764, [11234 in octal] >LibClamAV debug: cli_untar: Checksum 4764 is valid. >LibClamAV debug: cli_untar: size = 550 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:550:clam07.tgz:550:550:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-2ba5ce93963111efdd51f41bfac4f6cb.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 12/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: a9d25b35786e3a86e7d95e5b6af41544 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 13/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 9c2ea61e882349220e49b33a56b4ac08 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-3b1bbb43485aab2cc2ef3b21377a6f19.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4773, [11245 in octal] >LibClamAV debug: cli_untar: Checksum 4773 is valid. >LibClamAV debug: cli_untar: size = 389 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:389:clam08.tgz:389:389:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-3b1bbb43485aab2cc2ef3b21377a6f19.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: in cli_magic_scandesc (reclevel: 14/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 497c54d7262dc2c8b74fd3eb327099c5 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 15/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 563085e0481c6f7826f74c3fe04dce6c is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp//clamav-a337e173b003fc618d15d245ff2a8862.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4645, [11045 in octal] >LibClamAV debug: cli_untar: Checksum 4645 is valid. >LibClamAV debug: cli_untar: size = 544 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp//clamav-a337e173b003fc618d15d245ff2a8862.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 16/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: cli_magic_scandesc: Hit recursion limit, only scanning raw file >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found in descriptor 20 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2553 >LibClamAV debug: FP SIGNATURE: 563085e0481c6f7826f74c3fe04dce6c:10240:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: FP SIGNATURE: 497c54d7262dc2c8b74fd3eb327099c5:389:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: FP SIGNATURE: 9c2ea61e882349220e49b33a56b4ac08:10240:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: FP SIGNATURE: a9d25b35786e3a86e7d95e5b6af41544:550:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: FP SIGNATURE: 14ee5843e6c9e23c48e0a4c72f1b0055:10240:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: FP SIGNATURE: 229f703eda82655237de5742b71337e3:694:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: FP SIGNATURE: 97e0ec966bce0ed5368f7abd66a8a566:10240:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: FP SIGNATURE: f81648d0166b550d74b5972632035215:844:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: FP SIGNATURE: c465b8291b2cfe4dbc1c457feef5364a:10240:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: FP SIGNATURE: ae187a29a2985e38431a78c6af659c36:1028:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: FP SIGNATURE: c7035dd4361509ca567acf285f9cae7d:10240:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: FP SIGNATURE: eefe348a7f2bbb93457c7542f2d25d40:1184:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: FP SIGNATURE: 4686aa63b54275d9291460aeb43112fc:10240:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: FP SIGNATURE: 3fd6edd55afc9ffd1b1b3a14037d318d:1362:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: FP SIGNATURE: 8eaa9787edb074abdfaa93e15c33a8e2:10240:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: FP SIGNATURE: 0fcad0a2051bd0dfc8222694a41e2f86:3079:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2875 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 85831fa179ee6d3a2417a9c10506813e is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: Matched signature for file type ISO9660 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ISO9660 signature found at 32768 >LibClamAV debug: in cli_scaniso >LibClamAV debug: cli_scaniso: Raw sector size: 2048 >LibClamAV debug: cli_scaniso: Block size: 2048 >LibClamAV debug: cli_scaniso: Volume descriptor version: 1 >LibClamAV debug: cli_scaniso: System: LINUX >LibClamAV debug: cli_scaniso: Volume: CDROM >LibClamAV debug: cli_scaniso: Volume space size: 0xb7 blocks >LibClamAV debug: cli_scaniso: Volume 1 of 1 >LibClamAV debug: cli_scaniso: Volume Set: >LibClamAV debug: cli_scaniso: Publisher: >LibClamAV debug: cli_scaniso: Data Preparer: >LibClamAV debug: cli_scaniso: Application: GENISOIMAGE ISO 9660_HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE >LibClamAV debug: cli_scaniso: Volume creation time: 2011-11-22 19:05:01 >LibClamAV debug: cli_scaniso: Volume modification time: 2011-11-22 19:05:01 >LibClamAV debug: cli_scaniso: Volume expiration time: 0000-00-00 00:00:00 >LibClamAV debug: cli_scaniso: Volume effective time: 2011-11-22 19:05:01 >LibClamAV debug: cli_scaniso: Path table size: 0x32 >LibClamAV debug: cli_scaniso: LSB Path Table: 0x18 >LibClamAV debug: cli_scaniso: Opt LSB Path Table: 0x0 >LibClamAV debug: cli_scaniso: MSB Path Table: 0x1a >LibClamAV debug: cli_scaniso: Opt MSB Path Table: 0x0 >LibClamAV debug: cli_scaniso: File Structure Version: 1 >LibClamAV debug: cli_scaniso: Joliet level 3 >LibClamAV debug: iso_parse_dir: Directory 'long_dir_is_long': off 1f - size 800 - flags 2 - unit size 0 - gap size 0 - volume 1 >LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:2048:long_dir_is_long:2048:2048:0:0:0:0x0 >LibClamAV debug: iso_parse_dir: File 'clam_exe_with_a_long_name.exe': off 20 - size 220 - flags 0 - unit size 0 - gap size 0 - volume 1 >LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:544:clam_exe_with_a_long_name.exe:544:544:0:0:0:0x0 >LibClamAV debug: iso_scan_file: dumping to /tmp//clamav-e13d77dfaf9c0aab81caa035b37cb5e4.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 1024 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: FP SIGNATURE: 85831fa179ee6d3a2417a9c10506813e:374784:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2913 >LibClamAV debug: Cleaning up phishcheck >LibClamAV debug: Freeing phishcheck struct >LibClamAV debug: Phishcheck cleaned up >LibClamAV debug: entconv: Destroying iconv pool:0x42417180 >LibClamAV debug: entconv: closing iconv:0x4241f670 >LibClamAV debug: entconv: closing iconv:0x4241f7a0 > >------------------------------------------------------------------------------- > >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-aspack.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-fsg.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-mew.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-nsis.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-pespin.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-petite.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-upack.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-upx.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-wwpack.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-yc.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.7z: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.arj: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.bin-be.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.bin-le.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.bz2.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.cab: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.chm: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.d64.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.ea05.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.ea06.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.binhex: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.bz2: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.html: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.mbox.base64: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.mbox.uu: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.rtf: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.szdd: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.impl.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.iso: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.mail: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.newc.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.odc.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.ole.doc: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.pdf: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.ppt: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.sis: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.tar.gz: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.tnef: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam_IScab_ext.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam_IScab_int.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam_ISmsi_ext.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam_ISmsi_int.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam_cache_emax.tgz: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clamjol.iso: ClamAV-Test-File.UNOFFICIAL FOUND > >----------- SCAN SUMMARY ----------- >Known viruses: 1 >Engine version: 0.98.3 >Scanned directories: 0 >Scanned files: 48 >Infected files: 46 >Data scanned: 13.76 MB >Data read: 6.91 MB (ratio 1.99:1) >Time: 1.122 sec (0 m 1 s) > >*** >*** clamscan didn't detect all testfiles correctly >*** > >FAIL: check2_clamd.sh (exit: 42) >================================ > >-------------------------------------- >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-aspack.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-fsg.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-mew.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-nsis.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-pespin.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-petite.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-upack.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-upx.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v2.rar: OK >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-v3.rar: OK >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-wwpack.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam-yc.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.7z: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.arj: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.bin-be.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.bin-le.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.bz2.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.cab: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.chm: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.d64.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.ea05.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.ea06.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.binhex: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.bz2: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.html: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.mbox.base64: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.mbox.uu: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.rtf: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.exe.szdd: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.impl.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.iso: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.mail: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.newc.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.odc.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.ole.doc: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.pdf: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.ppt: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.sis: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.tar.gz: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.tnef: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam_IScab_ext.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam_IScab_int.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam_ISmsi_ext.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam_ISmsi_int.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clam_cache_emax.tgz: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.98.3/unit_tests/../test/clamjol.iso: ClamAV-Test-File.UNOFFICIAL FOUND > >----------- SCAN SUMMARY ----------- >Infected files: 46 >Time: 1.019 sec (0 m 1 s) > >*** >*** clamd did not detect all testfiles correctly! >*** > >SKIP: check5_clamd_vg.sh (exit: 77) >=================================== > >*** valgrind tests skipped by default, use 'make check VG=1' to activate > >SKIP: check6_clamd_vg.sh (exit: 77) >=================================== > >*** valgrind tests skipped by default, use 'make check VG=1' to activate > >SKIP: check7_clamd_hg.sh (exit: 77) >=================================== > > >SKIP: check8_clamd_hg.sh (exit: 77) >=================================== > >*** valgrind tests skipped by default, use 'make check VG=1' to activate > >SKIP: check9_clamscan_vg.sh (exit: 77) >====================================== > >*** valgrind tests skipped by default, use 'make check VG=1' to activate >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=144003">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 191250
: 144003