FreeBSD Bugzilla – Attachment 193665 Details for
Bug 228468
security/clamav 0.100.0 unit_test fail
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
check1_clamscan.sh.log
check1_clamscan.sh.log (text/plain), 324.70 KB, created by
gondim
on 2018-05-24 17:59:57 UTC
(
hide
)
Description:
check1_clamscan.sh.log
Filename:
MIME Type:
Creator:
gondim
Created:
2018-05-24 17:59:57 UTC
Size:
324.70 KB
patch
obsolete
>LibClamAV debug: searching for unrar, user-searchpath: /usr/local/lib >LibClamAV debug: unrar support loaded from /usr/local/lib/libclamunrar_iface.so.7.1.1 libclamunrar_iface_so_7_1 >LibClamAV debug: Initialized 0.100.0 engine >LibClamAV debug: Initializing phishcheck module >LibClamAV debug: Phishcheck: Compiling regex: ^ *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$ >LibClamAV debug: Phishcheck module initialized >LibClamAV debug: Bytecode initialized in interpreter mode >LibClamAV debug: test-db/test.hdb loaded >LibClamAV debug: Initializing engine->root[0] >LibClamAV debug: Initializing AC pattern matcher of root[0] >LibClamAV debug: cli_initroots: Initializing BM tables of root[0] >LibClamAV debug: Initializing engine->root[1] >LibClamAV debug: Initializing AC pattern matcher of root[1] >LibClamAV debug: cli_initroots: Initializing BM tables of root[1] >LibClamAV debug: Initializing engine->root[2] >LibClamAV debug: Initializing AC pattern matcher of root[2] >LibClamAV debug: Initializing engine->root[3] >LibClamAV debug: Initializing AC pattern matcher of root[3] >LibClamAV debug: Initializing engine->root[4] >LibClamAV debug: Initializing AC pattern matcher of root[4] >LibClamAV debug: Initializing engine->root[5] >LibClamAV debug: Initializing AC pattern matcher of root[5] >LibClamAV debug: Initializing engine->root[6] >LibClamAV debug: Initializing AC pattern matcher of root[6] >LibClamAV debug: Initializing engine->root[7] >LibClamAV debug: Initializing AC pattern matcher of root[7] >LibClamAV debug: Initializing engine->root[8] >LibClamAV debug: Initializing AC pattern matcher of root[8] >LibClamAV debug: Initializing engine->root[9] >LibClamAV debug: Initializing AC pattern matcher of root[9] >LibClamAV debug: Initializing engine->root[10] >LibClamAV debug: Initializing AC pattern matcher of root[10] >LibClamAV debug: Initializing engine->root[11] >LibClamAV debug: Initializing AC pattern matcher of root[11] >LibClamAV debug: Initializing engine->root[12] >LibClamAV debug: Initializing AC pattern matcher of root[12] >LibClamAV debug: Initializing engine->root[13] >LibClamAV debug: Initializing AC pattern matcher of root[13] >LibClamAV debug: Initializing engine->root[14] >LibClamAV debug: Initializing AC pattern matcher of root[14] >LibClamAV debug: Loaded 153 filetype definitions >LibClamAV debug: Using filter for trie 0 >LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 82 (reloff: 1, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 32 >LibClamAV debug: Using filter for trie 1 >LibClamAV debug: Matcher[1]: PE: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 >LibClamAV debug: Matcher[2]: OLE2: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[3]: HTML: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Using filter for trie 4 >LibClamAV debug: Matcher[4]: MAIL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[6]: ELF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Using filter for trie 7 >LibClamAV debug: Matcher[7]: ASCII: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[10]: PDF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[11]: FLASH: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[12]: JAVA: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[13]: INTERNAL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Matcher[14]: OTHER: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) >LibClamAV debug: Dynamic engine configuration settings: >LibClamAV debug: -------------------------------------- >LibClamAV debug: Module PE: On >LibClamAV debug: * Submodule PARITE: On >LibClamAV debug: * Submodule KRIZ: On >LibClamAV debug: * Submodule MAGISTR: On >LibClamAV debug: * Submodule POLIPOS: On >LibClamAV debug: * Submodule MD5SECT: On >LibClamAV debug: * Submodule UPX: On >LibClamAV debug: * Submodule FSG: On >LibClamAV debug: * Submodule SWIZZOR: ** Off ** >LibClamAV debug: * Submodule PETITE: On >LibClamAV debug: * Submodule PESPIN: On >LibClamAV debug: * Submodule YC: On >LibClamAV debug: * Submodule WWPACK: On >LibClamAV debug: * Submodule NSPACK: On >LibClamAV debug: * Submodule MEW: On >LibClamAV debug: * Submodule UPACK: On >LibClamAV debug: * Submodule ASPACK: On >LibClamAV debug: * Submodule CATALOG: On >LibClamAV debug: * Submodule CERTS: On >LibClamAV debug: * Submodule MATCHICON: On >LibClamAV debug: * Submodule IMPTBL: On >LibClamAV debug: Module ELF: On >LibClamAV debug: Module MACHO: On >LibClamAV debug: Module ARCHIVE: On >LibClamAV debug: * Submodule RAR: On >LibClamAV debug: * Submodule ZIP: On >LibClamAV debug: * Submodule GZIP: On >LibClamAV debug: * Submodule BZIP: On >LibClamAV debug: * Submodule ARJ: On >LibClamAV debug: * Submodule SZDD: On >LibClamAV debug: * Submodule CAB: On >LibClamAV debug: * Submodule CHM: On >LibClamAV debug: * Submodule OLE2: On >LibClamAV debug: * Submodule TAR: On >LibClamAV debug: * Submodule CPIO: On >LibClamAV debug: * Submodule BINHEX: On >LibClamAV debug: * Submodule SIS: On >LibClamAV debug: * Submodule NSIS: On >LibClamAV debug: * Submodule AUTOIT: On >LibClamAV debug: * Submodule ISHIELD: On >LibClamAV debug: * Submodule 7zip: On >LibClamAV debug: * Submodule ISO9660: On >LibClamAV debug: * Submodule DMG: On >LibClamAV debug: * Submodule XAR: On >LibClamAV debug: * Submodule HFSPLUS: On >LibClamAV debug: * Submodule XZ: On >LibClamAV debug: * Submodule PASSWD: On >LibClamAV debug: * Submodule MBR: On >LibClamAV debug: * Submodule GPT: On >LibClamAV debug: * Submodule APM: On >LibClamAV debug: Module DOCUMENT: On >LibClamAV debug: * Submodule HTML: On >LibClamAV debug: * Submodule RTF: On >LibClamAV debug: * Submodule PDF: On >LibClamAV debug: * Submodule SCRIPT: On >LibClamAV debug: * Submodule HTMLSKIPRAW: On >LibClamAV debug: * Submodule JSNORM: On >LibClamAV debug: * Submodule SWF: On >LibClamAV debug: * Submodule OOXML: On >LibClamAV debug: * Submodule MSPML: On >LibClamAV debug: * Submodule HWP: On >LibClamAV debug: Module MAIL: On >LibClamAV debug: * Submodule MBOX: On >LibClamAV debug: * Submodule TNEF: On >LibClamAV debug: Module OTHER: On >LibClamAV debug: * Submodule UUENCODED: On >LibClamAV debug: * Submodule SCRENC: On >LibClamAV debug: * Submodule RIFF: On >LibClamAV debug: * Submodule JPEG: On >LibClamAV debug: * Submodule CRYPTFF: On >LibClamAV debug: * Submodule DLP: On >LibClamAV debug: * Submodule MYDOOMLOG: On >LibClamAV debug: * Submodule PREFILTERING: On >LibClamAV debug: * Submodule PDFNAMEOBJ: On >LibClamAV debug: * Submodule PRTNINTXN: On >LibClamAV debug: * Submodule LZW: On >LibClamAV debug: Module PHISHING On >LibClamAV debug: * Submodule ENGINE: On >LibClamAV debug: * Submodule ENTCONV: On >LibClamAV debug: Module BYTECODE On >LibClamAV debug: * Submodule INTERPRETER: On >LibClamAV debug: * Submodule JIT X86: On >LibClamAV debug: * Submodule JIT PPC: On >LibClamAV debug: * Submodule JIT ARM: ** Off ** >LibClamAV debug: Module STATS Off >LibClamAV debug: Module PCRE On >LibClamAV debug: * Submodule SUPPORT: On >LibClamAV debug: * Submodule OPTIONS: On >LibClamAV debug: * Submodule GLOBAL: On >LibClamAV debug: pool memory used: 5.913 MB >LibClamAV debug: No bytecodes loaded, not running builtin test >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 2bf6c8403b5b0a6ccdcfc7c7a434507c is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 6 >LibClamAV debug: TimeDateStamp: Mon Apr 14 06:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x200 >LibClamAV debug: SizeOfInitializedData: 0x400 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x5001 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x8000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x2000 0x2000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x600 0x600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x3000 0x3000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x800 0x800 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .clam >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x4000 0x4000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .aspack >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2000 0x2000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x1200 0x1200 >LibClamAV debug: PointerToRawData: 0xc00 0xc00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 5 >LibClamAV debug: Section name: .adata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x7000 0x7000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x1e00 0x1e00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc01 (3073) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Aspack: unpacking block rva:2000 - sz:200 >LibClamAV debug: Aspack: unpacking block rva:3058 - sz:1a8 >LibClamAV debug: Aspack: unpacking block rva:4000 - sz:1000 >LibClamAV debug: Aspack: successfully rebuilt >LibClamAV debug: Aspack: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 4a4477a6d2d866b38806e9bfa5a6bb2e is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 16864 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: c6ccf4ddbccbcaa01b441690a329d1b0 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 6112 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 6b39b93ff222f7b979337faae602c6cf is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 12 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 2 >LibClamAV debug: TimeDateStamp: Wed Dec 31 21:00:00 1969 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 0 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x200 >LibClamAV debug: SizeOfInitializedData: 0x0 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x63ff >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x7000 >LibClamAV debug: SizeOfHeaders: 0x200 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: MEW >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5000 0x5000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x0 0x0 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: ÒuÛëÔ >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x418 0x418 >LibClamAV debug: PointerToRawData: 0x200 0x200 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x5ff (1535) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression >LibClamAV debug: MEW: found MEW characteristics FFFF9D50 + 000063FF + 5 = 00000154 >LibClamAV debug: MEW: Win9x compatibility was set! >LibClamAV debug: MEW: ssize 00001000 dsize 00005000 offdiff: 0000001c >LibClamAV debug: MEW: 1048 (00000418) bytes read >LibClamAV debug: MEW unpacking section 0 (0x41eed3a8->0x41ee8380) >LibClamAV debug: MEW unpacking section 1 (0x41eed47d->0x41ee939c) >LibClamAV debug: MEW unpacking section 2 (0x41eed4b7->0x41eea3d8) >LibClamAV debug: MEW unpacking section 3 (0x41eed51d->0x41eec1ec) >LibClamAV debug: MEW unpacking section 4 (0x41eed696->0x41eed309) >LibClamAV debug: MEW: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: eb55c7b07f6c22b7c09ea52a8eeaddec is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ZIP-SFX at 17004 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ZIP/ZIP-SFX signature found at 17004 >LibClamAV debug: in cli_unzip_single >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp/clamav-ccdcbaf5563d71df9dc491d825780055.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 3527d9af6c885b7a469ced2fa4890dc6 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type NSIS at 46084 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: NSIS signature found at 46080 >LibClamAV debug: in scannulsft() >LibClamAV debug: NSIS: Header info - Flags=0, Header size=1105, Archive size=54d >LibClamAV debug: NSIS: solid compression not detected >LibClamAV debug: NSIS: bzip2 0 - lzma 2 - zlib 0 >LibClamAV debug: NSIS: Successully extracted file #1 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: NSIS: Successully extracted file #2 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 517cb11c1ae9e0c119e7699d65b71d05 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Wed Dec 31 21:00:00 1969 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 0 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x200 >LibClamAV debug: SizeOfInitializedData: 0x400 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x5087 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x82c3 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: KuNgBiM >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: KuNgBiM >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x2000 0x2000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x600 0x600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x3000 0x3000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x800 0x800 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: KuNgBiM >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x4000 0x4000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: KuNgBiM >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x32c3 0x4000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x3400 0x3400 >LibClamAV debug: PointerToRawData: 0xc00 0xc00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc87 (3207) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: in unspin >LibClamAV debug: spin: Key8 is 91, Len is 11fe >LibClamAV debug: spin: Key is 47b3f060, Len is 5a0 >LibClamAV debug: spin: Key32 is 3523a0f5 - XORbitmap is b >LibClamAV debug: spin: Decrypting sects (xor) >LibClamAV debug: spin: done >LibClamAV debug: spin: Key is 43a806db, Len is 180 >LibClamAV debug: spin: POLY1 len is 1a1 >LibClamAV debug: spin: POLYbitmap is b - decrypting sects (poly) >LibClamAV debug: spin: done >LibClamAV debug: spin: Compression bitmap is 8 >LibClamAV debug: spin: Not growing sect0 >LibClamAV debug: spin: Not growing sect1 >LibClamAV debug: spin: Not growing sect2 >LibClamAV debug: spin: Growing sect3: was 200 will be 1000 >LibClamAV debug: spin: decompression complete >LibClamAV debug: PEspin: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: ea58113cd88ec4715020f5189529d35b is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 6112 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 2891f5b98be269b9f6ffbbb2c84ae4f4 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 240 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 14 06:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x200 >LibClamAV debug: SizeOfInitializedData: 0x400 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x5042 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x6000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2000 0x2000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0x800 0x800 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x3000 0x3000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xe00 0xe00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x4000 0x4000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x0 0x0 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .petite >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2cc 0x1000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x400 0x400 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x442 (1090) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression >LibClamAV debug: UPX: NRV2B decompressor failed >LibClamAV debug: UPX: NRV2D decompressor failed >LibClamAV debug: UPX: NRV2E decompressor failed >LibClamAV debug: UPX: All decompressors failed >LibClamAV debug: Petite: v2.2 compression detected >LibClamAV debug: Petite: Found petite code in sect2(2000). Let's strip it. >LibClamAV debug: Petite: Encrypted EP: dfed1249 | Array of imports: 205c >LibClamAV debug: Petite: Old EP: 1020 >LibClamAV debug: Petite: Sections dump: >LibClamAV debug: Petite: .SECT0 RVA:1000 VSize:1000 ROffset: 0, RSize:f7 >LibClamAV debug: Petite: .SECT1 RVA:2000 VSize:2000 ROffset: f7, RSize:123 >LibClamAV debug: Petite: .SECT2 RVA:4000 VSize:ffc ROffset: 21a, RSize:ffc >LibClamAV debug: Petite: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 8a2bf11929515746f3df244a4ac91c7c is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ZIP-SFX at 5740 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ZIP/ZIP-SFX signature found at 5740 >LibClamAV debug: in cli_unzip_single >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp/clamav-649fa21e558551d518e8341660795367.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 832fd1026a13e16686b55e855bb559df is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 16 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 3 >LibClamAV debug: TimeDateStamp: Fri Jan 23 21:39:42 2004 >LibClamAV debug: SizeOfOptionalHeader: 148 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 76 >LibClamAV debug: MinorLinkerVersion: 111 >LibClamAV debug: SizeOfCode: 0x694c6461 >LibClamAV debug: SizeOfInitializedData: 0x72617262 >LibClamAV debug: SizeOfUninitializedData: 0x4179 >LibClamAV debug: AddressOfEntryPoint: 0x1018 >LibClamAV debug: BaseOfCode: 0x10 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0xf000 >LibClamAV debug: SizeOfHeaders: 0x200 >LibClamAV debug: NumberOfRvaAndSizes: 10 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: PSÿÕ«ëçà >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5000 0x5000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x1f0 0x200 >LibClamAV debug: PointerToRawData: 0x10 0x0 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8000 0x8000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x53c 0x53c >LibClamAV debug: PointerToRawData: 0x200 0x200 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: oP@ >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0xe000 0xe000 >LibClamAV debug: SizeOfRawData: 0x1f0 0x200 >LibClamAV debug: PointerToRawData: 0x10 0x0 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x18 (24) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Upack characteristics found. >LibClamAV debug: Upack: var set >LibClamAV debug: Upack: EP: 00000018 original: 00000020 || 00401020 >LibClamAV debug: Upack: Context Bits parameter used with lzma: 05, 1c00 >LibClamAV debug: Upack: data initialized, before upack lzma call! >LibClamAV debug: > p0: 0x41f3882e > p1: ffffffff > p2: 00000000 >LibClamAV debug: state[0] = ffffffff >LibClamAV debug: state[1] = 00000000 >LibClamAV debug: state[2] = 00000001 >LibClamAV debug: state[3] = 00000001 >LibClamAV debug: state[4] = 00000001 >LibClamAV debug: state[5] = 00000001 >LibClamAV debug: Upack: loops: 00000002 search value: 00 >LibClamAV debug: Upack: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: de4f18d10798acf90ab81dc899dffb14 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ZIP-SFX at 16492 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ZIP/ZIP-SFX signature found at 16492 >LibClamAV debug: in cli_unzip_single >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp/clamav-a85830991ac1810dca80f411e7de71b5.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: e77295fd480b05f9d22bd9e4f86c5cf3 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 3 >LibClamAV debug: TimeDateStamp: Mon Apr 14 06:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x1000 >LibClamAV debug: SizeOfInitializedData: 0x1000 >LibClamAV debug: SizeOfUninitializedData: 0x5000 >LibClamAV debug: AddressOfEntryPoint: 0x6320 >LibClamAV debug: BaseOfCode: 0x6000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x8000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: UPX0 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5000 0x5000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: UPX1 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x7000 0x7000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x720 (1824) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression >LibClamAV debug: UPX: Looks like a NRV2B decompression routine >LibClamAV debug: UPX: PE structure rebuilt from compressed file >LibClamAV debug: UPX: Successfully decompressed >LibClamAV debug: ***** Scanning decompressed file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 3b03bc19b1f39587a0650c7b6fe35d38 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 19936 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized RAR file >LibClamAV debug: cache_check: 240d23b090c954b017a73850af036178 is negative >LibClamAV debug: in scanrar() >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: RAR: infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: RAR: Exit code: 1 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized RAR file >LibClamAV debug: cache_check: f43c0b75c55428c5e84d6b40214ead41 is negative >LibClamAV debug: in scanrar() >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: RAR: infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: RAR: Exit code: 1 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 1cce7fa3d68fdb429da830618c1ebfee is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ZIP-SFX at 2569 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ZIP/ZIP-SFX signature found at 2569 >LibClamAV debug: in cli_unzip_single >LibClamAV debug: cli_unzip: lh - fname out of file >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Mon Apr 14 06:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x200 >LibClamAV debug: SizeOfInitializedData: 0x400 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x5000 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x6000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xf7 0x1000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x122 0x1000 >LibClamAV debug: VirtualAddress: 0x2000 0x2000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x600 0x600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x200 0x1000 >LibClamAV debug: VirtualAddress: 0x3000 0x3000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x800 0x800 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .clam >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x4000 0x4000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .WWP32 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2b7 0x1000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x400 0x400 >LibClamAV debug: PointerToRawData: 0xc00 0xc00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc00 (3072) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: in wwunpack >LibClamAV debug: WWP: src: 4000, szd: 18c, srcend: 188 - 0 >LibClamAV debug: WWPack: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 7b8cd3dd6a198ec191afce0206665d2d is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ZIP-SFX at 20076 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ZIP/ZIP-SFX signature found at 20076 >LibClamAV debug: in cli_unzip_single >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp/clamav-3cdb99aa28e24545c7d00431a6be43f9.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 7f8a72eb63173c80729ebb8c9999d9db is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 14 06:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x1000 >LibClamAV debug: SizeOfInitializedData: 0x1000 >LibClamAV debug: SizeOfUninitializedData: 0x5000 >LibClamAV debug: AddressOfEntryPoint: 0x8060 >LibClamAV debug: BaseOfCode: 0x6000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0xa000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: UPX0 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5000 0x5000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: UPX1 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x7000 0x7000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: yC >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2000 0x2000 >LibClamAV debug: VirtualAddress: 0x8000 0x8000 >LibClamAV debug: SizeOfRawData: 0xc52 0xc52 >LibClamAV debug: PointerToRawData: 0xc00 0xc00 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc60 (3168) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression >LibClamAV debug: UPX: NRV2B decompressor failed >LibClamAV debug: UPX: NRV2D decompressor failed >LibClamAV debug: UPX: NRV2E decompressor failed >LibClamAV debug: UPX: All decompressors failed >LibClamAV debug: 3,200,2923,0 >LibClamAV debug: yC: offset: 0, length: b6b >LibClamAV debug: yC: decrypting decryptor on sect 3 >LibClamAV debug: yC: decrypting sect1 >LibClamAV debug: yC: Unpacked and rebuilt executable >LibClamAV debug: ***** Scanning rebuilt PE file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 8822fca1f7b0cb5506f15f8088956197 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 200 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 3 >LibClamAV debug: TimeDateStamp: Mon Apr 14 06:51:53 2008 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 8 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x1000 >LibClamAV debug: SizeOfInitializedData: 0x1000 >LibClamAV debug: SizeOfUninitializedData: 0x5000 >LibClamAV debug: AddressOfEntryPoint: 0x0 >LibClamAV debug: BaseOfCode: 0x6000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x8000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: UPX0 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5000 0x5000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x0 0x0 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: UPX1 >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x600 0x600 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section's memory is executable >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x7000 0x7000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0xa00 0xa00 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x0 (0) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression >LibClamAV debug: UPX: no luck - scanning for PE >LibClamAV debug: UPX: PE structure rebuilt from compressed file >LibClamAV debug: UPX: Successfully decompressed with NRV2B >LibClamAV debug: ***** Scanning decompressed file ***** >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 3b03bc19b1f39587a0650c7b6fe35d38 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 19936 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized 7zip file >LibClamAV debug: cache_check: 30cc73fe9ec56e474c4d19c57ffe0546 is negative >LibClamAV debug: cli_7unz: extracting clam.exe >LibClamAV debug: CDBNAME:CL_TYPE_7Z:0:clam.exe:0:544:0:0:4010228989:0x0 >LibClamAV debug: cli_7unz: Saving to /tmp/clamav-83f0b54f754896808b5d80624a26ed44.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_7unz: completed successfully >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ARJ file >LibClamAV debug: cache_check: f58327b03afd2a727c3329ba3c0947a7 is negative >LibClamAV debug: in cli_scanarj() >LibClamAV debug: in cli_unarj_open >LibClamAV debug: Header Size: 44 >LibClamAV debug: ARJ Main File Header >LibClamAV debug: First Header Size: 34 >LibClamAV debug: Version: 11 >LibClamAV debug: Min version: 1 >LibClamAV debug: Host OS: 2 >LibClamAV debug: Flags: 0x10 >LibClamAV debug: Security version: 0 >LibClamAV debug: File type: 2 >LibClamAV debug: Filename: clam.arj >LibClamAV debug: Comment: >LibClamAV debug: Extended header size: 0 >LibClamAV debug: in cli_unarj_prepare_file >LibClamAV debug: Header Size: 56 >LibClamAV debug: ARJ File Header >LibClamAV debug: First Header Size: 46 >LibClamAV debug: Version: 11 >LibClamAV debug: Min version: 1 >LibClamAV debug: Host OS: 2 >LibClamAV debug: Flags: 0x10 >LibClamAV debug: Method: 1 >LibClamAV debug: File type: 0 >LibClamAV debug: File type: 232 >LibClamAV debug: Compressed size: 269 >LibClamAV debug: Original size: 544 >LibClamAV debug: Filename: clam.exe >LibClamAV debug: Comment: >LibClamAV debug: Extended header size: 0 >LibClamAV debug: CDBNAME:CL_TYPE_ARJ:269:clam.exe:269:544:0:1:0:0x0 >LibClamAV debug: in cli_unarj_extract_file >LibClamAV debug: Filename: /tmp/clamav-7030d4b6934c699ab1862fcf3e1fb94e.tmp/file.uar >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: ARJ: infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: ARJ: Exit code: 1 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized CPIO OLD BINARY BE file >LibClamAV debug: cache_check: f418df91fafd06fde1a23269d37959b4 is negative >LibClamAV debug: CPIO: -- File 1 -- >LibClamAV debug: CPIO: Name: clam.exe >LibClamAV debug: CPIO: Filesize: 544 >LibClamAV debug: CDBNAME:CL_TYPE_CPIO_OLD:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_map_scan: [36, +544) >LibClamAV debug: cli_map_scandesc: [0, +1024), [36, +544) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized CPIO OLD BINARY LE file >LibClamAV debug: cache_check: 72de8ccfc183c86eadd52f5f571d0fd7 is negative >LibClamAV debug: CPIO: -- File 1 -- >LibClamAV debug: CPIO: Name: clam.exe >LibClamAV debug: CPIO: Filesize: 544 >LibClamAV debug: CDBNAME:CL_TYPE_CPIO_OLD:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_map_scan: [36, +544) >LibClamAV debug: cli_map_scandesc: [0, +1024), [36, +544) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ZIP file >LibClamAV debug: cache_check: 879ac518d351ac3ba22c9d54bd17174b is negative >LibClamAV debug: in cli_unzip >LibClamAV debug: cli_unzip: central @182 >LibClamAV debug: cli_unzip: ch - flags 0 - method c - csize 15c - usize 220 - flen 8 - elen 0 - clen 0 - disk 0 - off 0 >LibClamAV debug: cli_unzip: ch - fname: clam.exe >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:348:clam.exe:348:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:348:ef073cfd:12:1:1 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:348:clam.exe:348:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp/clamav-b7d9d198aa88a741c94c842a462ebe79.tmp/zip.000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS CAB file >LibClamAV debug: cache_check: 05b9642706a9fc730b8371d239a9b8f9 is negative >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 69 >LibClamAV debug: CAB: Folder compression method: 0 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: CAB: File record 0 >LibClamAV debug: CAB: File name: clam*exe >LibClamAV debug: CAB: File offset: 0 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: Recorded files: 1 > >LibClamAV debug: Matched signature for file type CAB-SFX at 0 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 05b9642706a9fc730b8371d239a9b8f9 (level 0) >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS CHM file >LibClamAV debug: cache_check: e938c5e5e17caf5177e5d205ae01524f is negative >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/#IDXHDR:0:4096:0:0:0:0x0 >LibClamAV debug: lzx_decompress: end_frame = 1 >LibClamAV debug: lzx_decompress: current_frame = 0 >LibClamAV debug: mspack_fmap_read() 155 4096, 2262 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: b7d7abe6f39d65408fc0edaae672a845 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: b7d7abe6f39d65408fc0edaae672a845 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/#ITBITS:0:0:0:1:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Small data (0 bytes) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3602 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/#STRINGS:0:41:0:2:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 9439224e9b1b5a9bb3177cf28460c75c is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 9439224e9b1b5a9bb3177cf28460c75c (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/#SYSTEM:0:4254:0:3:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: a8792355240b7147918fe74352b86b13 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: a8792355240b7147918fe74352b86b13 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/#TOPICS:0:48:0:4:0:0x0 >LibClamAV debug: lzx_decompress: end_frame = 1 >LibClamAV debug: lzx_decompress: current_frame = 0 >LibClamAV debug: mspack_fmap_read() 155 4096, 2262 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 840fa05eb051a0834e4515abe67c3e5d is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 840fa05eb051a0834e4515abe67c3e5d (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/#URLSTR:0:64:0:5:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 139bd3ec257b12c8c193af09698a2ab5 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 139bd3ec257b12c8c193af09698a2ab5 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/#URLTBL:0:36:0:6:0:0x0 >LibClamAV debug: lzx_decompress: end_frame = 1 >LibClamAV debug: lzx_decompress: current_frame = 0 >LibClamAV debug: mspack_fmap_read() 155 4096, 2262 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 264c1275ab9797e4390e88f74ac70392 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 264c1275ab9797e4390e88f74ac70392 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/#WINDOWS:0:204:0:7:0:0x0 >LibClamAV debug: lzx_decompress: end_frame = 1 >LibClamAV debug: lzx_decompress: current_frame = 0 >LibClamAV debug: mspack_fmap_read() 155 4096, 2262 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 8ef5b3b3e78935dc9eb82193022a05c3 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 8ef5b3b3e78935dc9eb82193022a05c3 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/$FIftiMain:0:0:0:8:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Small data (0 bytes) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3602 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/$OBJINST:0:2751:0:9:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 285c3651f007aa8237ae2fa4eb24b9b8 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 285c3651f007aa8237ae2fa4eb24b9b8 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/$WWAssociativeLinks/Property:0:4:0:10:0:0x0 >LibClamAV debug: lzx_decompress: end_frame = 1 >LibClamAV debug: lzx_decompress: current_frame = 0 >LibClamAV debug: mspack_fmap_read() 155 4096, 2262 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Small data (4 bytes) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3602 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/$WWKeywordLinks/Property:0:4:0:11:0:0x0 >LibClamAV debug: lzx_decompress: end_frame = 1 >LibClamAV debug: lzx_decompress: current_frame = 0 >LibClamAV debug: mspack_fmap_read() 155 4096, 2262 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Small data (4 bytes) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3602 (no post, no cache) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/clam.chm.hhc:0:444:0:12:0:0x0 >LibClamAV debug: lzx_decompress: end_frame = 1 >LibClamAV debug: lzx_decompress: current_frame = 0 >LibClamAV debug: mspack_fmap_read() 155 4096, 2262 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: Matched signature for file type HTML data at 48 >LibClamAV debug: cache_check: f78cc15cc20f59e543742138902d407d is negative >LibClamAV debug: in cli_scanhtml() >LibClamAV debug: cli_scanhtml: using tempdir /tmp/clamav-54aac5d698068f02e562950ea9ea338a.tmp >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: f78cc15cc20f59e543742138902d407d (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/clam.chm.hhk:0:207:0:13:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: Matched signature for file type HTML data at 48 >LibClamAV debug: cache_check: 353eb087a36a4f630680f48e8deae3a8 is negative >LibClamAV debug: in cli_scanhtml() >LibClamAV debug: cli_scanhtml: using tempdir /tmp/clamav-2bea42c86460db4b1e0189b31d1f0016.tmp >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 353eb087a36a4f630680f48e8deae3a8 (level 0) >LibClamAV debug: CDBNAME:CL_TYPE_MSCHM:0:/clam.exe.txt:0:544:0:14:0:0x0 >LibClamAV debug: lzx_decompress: end_frame = 1 >LibClamAV debug: lzx_decompress: current_frame = 0 >LibClamAV debug: mspack_fmap_read() 155 4096, 2262 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ZIP file >LibClamAV debug: cache_check: 66e86fe942aea488a6ca46d3d2c007fd is negative >LibClamAV debug: in cli_unzip >LibClamAV debug: cli_unzip: central @136 >LibClamAV debug: cli_unzip: ch - flags 2 - method 9 - csize 110 - usize 220 - flen 8 - elen 24 - clen 0 - disk 0 - off 0 >LibClamAV debug: cli_unzip: ch - fname: clam.exe >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:272:clam.exe:272:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:272:ef073cfd:9:1:1 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:272:clam.exe:272:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp/clamav-69513b2c0f6f819f113b380e970c1a30.tmp/zip.000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 6b2324ea0df473777f58ca8d59d53ea5 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 809, rva: 893c8 >LibClamAV debug: cli_peheader: parsing version info @ rva 893c8 (1/1) >LibClamAV debug: VersionInfo (31ee2): 'FileVersion'='3, 2, 4, 9' - VI:460069006c006500560065007200730069006f006e000000000033002c00200032002c00200034002c002000390000000000 >LibClamAV debug: VersionInfo (31f1a): 'CompiledScript'='AutoIt v3 Script : 3, 2, 4, 9' - VI:43006f006d00700069006c006500640053006300720069007000740000004100750074006f0049007400200076003300200053006300720069007000740020003a00200033002c00200032002c00200034002c00200039000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type AUTOIT at 206848 >LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 64 >LibClamAV debug: AUTOIT signature found at 206848 >LibClamAV debug: in scanautoit() >LibClamAV debug: autoit: magic string '>AUTOIT UNICODE SCRIPT<' >LibClamAV debug: autoit: original filename 'C:\DOCUME~1\acab\IMPOST~1\Temp\autD.tmp' >LibClamAV debug: autoit: compressed size: 1112 >LibClamAV debug: autoit: advertised uncompressed size 57e6 >LibClamAV debug: autoit: ref chksum: 2142245d >LibClamAV debug: autoit: file is compressed >LibClamAV debug: autoit: uncompressed size again: 57e6 >LibClamAV debug: autoit: file successfully extracted >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized UTF-16LE character data >LibClamAV debug: entconv: Encoding UTF-16LE >LibClamAV debug: entconv: iconv:registering atexit >LibClamAV debug: entconv: Initializing iconv pool:0x41e1d400 >LibClamAV debug: entconv: iconv not found in cache, for encoding:UTF-16LE >LibClamAV debug: entconv: iconv_open(),for:UTF-16LE -> 0x41e69920 >LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 >LibClamAV debug: cache_check: 144d97bc59d6944c6cf31e3fca78f432 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 144d97bc59d6944c6cf31e3fca78f432 (level 0) >LibClamAV debug: autoit: magic string 'C:\clam.exe' >LibClamAV debug: autoit: original filename 'C:\clam.exe' >LibClamAV debug: autoit: compressed size: 132 >LibClamAV debug: autoit: advertised uncompressed size 220 >LibClamAV debug: autoit: ref chksum: 204d611b >LibClamAV debug: autoit: file is compressed >LibClamAV debug: autoit: uncompressed size again: 220 >LibClamAV debug: autoit: file successfully extracted >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 21d1acd7ff5a8ff24b08d07be6f47709 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 809, rva: 9a4e8 >LibClamAV debug: cli_peheader: parsing version info @ rva 9a4e8 (1/1) >LibClamAV debug: VersionInfo (3d31e): 'FileVersion'='3, 2, 8, 1' - VI:460069006c006500560065007200730069006f006e000000000033002c00200032002c00200038002c002000310000000000 >LibClamAV debug: VersionInfo (3d356): 'CompiledScript'='AutoIt v3 Script : 3, 2, 8, 1' - VI:43006f006d00700069006c006500640053006300720069007000740000004100750074006f0049007400200076003300200053006300720069007000740020003a00200033002c00200032002c00200038002c00200031000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type AUTOIT at 252928 >LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 64 >LibClamAV debug: AUTOIT signature found at 252928 >LibClamAV debug: in scanautoit() >LibClamAV debug: fpu: Floating point little endian detected. >LibClamAV debug: autoit: magic string '>>>AUTOIT SCRIPT<<<' >LibClamAV debug: autoit: original filename 'C:\DOCUME~1\acab\IMPOST~1\Temp\aut7.tmp' >LibClamAV debug: autoit: compressed size: 1156 >LibClamAV debug: autoit: advertised uncompressed size 4dd1 >LibClamAV debug: autoit: ref chksum: f7b40440 >LibClamAV debug: autoit: file is compressed >LibClamAV debug: autoit: uncompressed size again: 4dd1 >LibClamAV debug: autoit: script has got 331 lines >LibClamAV debug: autoit: script successfully extracted >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 8903cae272bf36a778c2f361ba282d42 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 8903cae272bf36a778c2f361ba282d42 (level 0) >LibClamAV debug: autoit: magic string 'C:\clam.exe' >LibClamAV debug: autoit: original filename 'C:\clam.exe' >LibClamAV debug: autoit: compressed size: 130 >LibClamAV debug: autoit: advertised uncompressed size 220 >LibClamAV debug: autoit: ref chksum: 74306db2 >LibClamAV debug: autoit: file is compressed >LibClamAV debug: autoit: uncompressed size again: 220 >LibClamAV debug: autoit: file successfully extracted >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized BinHex file >LibClamAV debug: cache_check: 2ac43b63da9af01c299936b345746126 is negative >LibClamAV debug: in cli_binhex >LibClamAV debug: cli_binhex: decoding 'clam.exe' - 544 bytes of data to /tmp/clamav-bba0ef5b75fdadeac7a2f484b7502821.tmp - 1 bytes or resources to /tmp/clamav-c8cd93fc90a891c9de09b792fc8edc57.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized BZip file >LibClamAV debug: cache_check: 6fd6a864ed39180892e6f2e75a0c497f is negative >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: Bzip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: Matched signature for file type HTML data >LibClamAV debug: cache_check: 7aede91f6a4399ebc923e196ae01530f is negative >LibClamAV debug: in cli_scanhtml() >LibClamAV debug: cli_scanhtml: using tempdir /tmp/clamav-aaa91c0a9d1f11f07652e631a332c4e6.tmp >LibClamAV debug: RFC2397 data file: /tmp/clamav-aaa91c0a9d1f11f07652e631a332c4e6.tmp/rfc2397/clamav-c613493a98aaab3d661417216d2510b1.tmp >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MBox file >LibClamAV debug: cache_check: f8c0f87349a4318a414ea00b11643c5b is negative >LibClamAV debug: Starting cli_scanmail(), recursion = 2 >LibClamAV debug: in mbox() >LibClamAV debug: Extract attachments from email 1 >LibClamAV debug: parseEmailHeaders >LibClamAV debug: parseEmailHeaders: check 'From html-normalise' >LibClamAV debug: parseEmailHeaders: check 'Content-type: application/octet-stream;base64' >LibClamAV debug: parseEmailHeader 'Content-type: application/octet-stream;base64' >LibClamAV debug: parseMimeHeader: cmd='Content-type', arg=' application/octet-stream;base64' >LibClamAV debug: messageSetMimeType: 'application' >LibClamAV debug: mimeArgs = 'base64' >LibClamAV debug: Add arguments 'base64' >LibClamAV debug: Can't parse header "base64" >LibClamAV debug: parseEmailHeaders: check 'Content-transfer-encoding: base64' >LibClamAV debug: parseEmailHeader 'Content-transfer-encoding: base64' >LibClamAV debug: parseMimeHeader: cmd='Content-transfer-encoding', arg=' base64' >LibClamAV debug: messageSetEncoding: 'base64' >LibClamAV debug: Encoding type 1 is "base64" >LibClamAV debug: parseEmailHeaders: check '' >LibClamAV debug: End of header information >LibClamAV debug: newline_in_header, check "TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFiDAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExMAENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkABAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAEAAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0AEAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA==" >LibClamAV debug: parseEmailHeaders: finished with headers, moving body >LibClamAV debug: parseEmailHeaders: return >LibClamAV debug: in parseEmailBody, 0 files saved so far >LibClamAV debug: Parsing mail file >LibClamAV debug: mimeType = 1 >LibClamAV debug: messageToFileblob >LibClamAV debug: messageExport: numberOfEncTypes == 1 >LibClamAV debug: messageExport: enctype 0 is 2 >LibClamAV debug: Attachment sent with no filename >LibClamAV debug: messageAddArgument, arg='name=attachment' >LibClamAV debug: blobSetFilename: attachment >LibClamAV debug: fileblobSetFilename: file attachment saved to /tmp/clamav-de3a7684fa620cb54dee22f32eb54055.tmp/clamav-7801baaae9d46d6f114056428efbd855.tmp >LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFiDAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExMAENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkABAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAEAAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0AEAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' >LibClamAV debug: Exported 543 bytes using enctype 2 >LibClamAV debug: 2 trailing bytes to export >LibClamAV debug: base64chars = 2 (0 @ @) >LibClamAV debug: Saving main message as attachment >LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:attachment:544:544:0:0:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: /tmp/clamav-de3a7684fa620cb54dee22f32eb54055.tmp/clamav-7801baaae9d46d6f114056428efbd855.tmp is infected >LibClamAV debug: fileblobDestructiveDestroy: /tmp/clamav-de3a7684fa620cb54dee22f32eb54055.tmp/clamav-7801baaae9d46d6f114056428efbd855.tmp >LibClamAV debug: parseEmailBody() returning 3 >LibClamAV debug: cli_mbox returning 1 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MBox file >LibClamAV debug: cache_check: da3221bb1a6b9547dbe894d4483c5032 is negative >LibClamAV debug: Starting cli_scanmail(), recursion = 1 >LibClamAV debug: in mbox() >LibClamAV debug: Extract attachments from email 1 >LibClamAV debug: parseEmailHeaders >LibClamAV debug: parseEmailHeaders: check 'From test@example.com Thu Jul 31 13:49:50 2008' >LibClamAV debug: parseEmailHeaders: check 'From: test@example.com' >LibClamAV debug: parseEmailHeaders: check 'MIME-Version: 1.0' >LibClamAV debug: parseEmailHeaders: check 'Content-Type: Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: parseEmailHeader 'Content-Type: Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: messageSetMimeType: 'Application' >LibClamAV debug: mimeArgs = ' name="clam.exe"' >LibClamAV debug: Add arguments ' name="clam.exe"' >LibClamAV debug: messageAddArgument, arg='name=clam.exe' >LibClamAV debug: parseEmailHeaders: check 'Content-Transfer-Encoding: Base64' >LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: Base64' >LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' Base64' >LibClamAV debug: messageSetEncoding: 'Base64' >LibClamAV debug: Encoding type 1 is "Base64" >LibClamAV debug: parseEmailHeaders: check '' >LibClamAV debug: End of header information >LibClamAV debug: newline_in_header, check "TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" >LibClamAV debug: parseEmailHeaders: finished with headers, moving body >LibClamAV debug: parseEmailHeaders: return >LibClamAV debug: in parseEmailBody, 0 files saved so far >LibClamAV debug: Parsing mail file >LibClamAV debug: mimeType = 1 >LibClamAV debug: messageToFileblob >LibClamAV debug: messageExport: numberOfEncTypes == 1 >LibClamAV debug: messageExport: enctype 0 is 2 >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp/clamav-8c0a879f65584aac127a742f49df204e.tmp/clamav-71f629d0131bdb9cdd86d572ad99f896.tmp >LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFi' >LibClamAV debug: sanitiseBase64 'DAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExM' >LibClamAV debug: sanitiseBase64 'AENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkA' >LibClamAV debug: sanitiseBase64 'BAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAE' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0A' >LibClamAV debug: sanitiseBase64 'EAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' >LibClamAV debug: Exported 543 bytes using enctype 2 >LibClamAV debug: 2 trailing bytes to export >LibClamAV debug: base64chars = 2 (0 @ @) >LibClamAV debug: Saving main message as attachment >LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:clam.exe:544:544:0:0:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: /tmp/clamav-8c0a879f65584aac127a742f49df204e.tmp/clamav-71f629d0131bdb9cdd86d572ad99f896.tmp is infected >LibClamAV debug: fileblobDestructiveDestroy: /tmp/clamav-8c0a879f65584aac127a742f49df204e.tmp/clamav-71f629d0131bdb9cdd86d572ad99f896.tmp >LibClamAV debug: parseEmailBody() returning 3 >LibClamAV debug: cli_mbox returning 1 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MBox file >LibClamAV debug: cache_check: 69a26d9c8eda12094e588f66bf85b212 is negative >LibClamAV debug: Starting cli_scanmail(), recursion = 1 >LibClamAV debug: in mbox() >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp/clamav-2aa571758c2cfe97c7d11eaa28a6aaed.tmp/clamav-b2216cabb2f407eade9da6fc9a4112d5.tmp >LibClamAV debug: uudecode clam.exe >LibClamAV debug: fileblobDestroy: /tmp/clamav-2aa571758c2cfe97c7d11eaa28a6aaed.tmp/clamav-b2216cabb2f407eade9da6fc9a4112d5.tmp >LibClamAV debug: Extract attachments from email 1 >LibClamAV debug: parseEmailHeaders >LibClamAV debug: parseEmailHeaders: check 'From test@example.com Thu Jul 31 13:51:21 2008' >LibClamAV debug: parseEmailHeaders: check 'From: test@example.com' >LibClamAV debug: parseEmailHeaders: check 'MIME-Version: 1.0' >LibClamAV debug: parseEmailHeaders: check 'Content-Type: Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: parseEmailHeader 'Content-Type: Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' Application/Octet-Stream; name="clam.exe"' >LibClamAV debug: messageSetMimeType: 'Application' >LibClamAV debug: mimeArgs = ' name="clam.exe"' >LibClamAV debug: Add arguments ' name="clam.exe"' >LibClamAV debug: messageAddArgument, arg='name=clam.exe' >LibClamAV debug: parseEmailHeaders: check 'Content-Transfer-Encoding: x-uuencode' >LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: x-uuencode' >LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' x-uuencode' >LibClamAV debug: messageSetEncoding: 'x-uuencode' >LibClamAV debug: Encoding type 1 is "x-uuencode" >LibClamAV debug: parseEmailHeaders: check '' >LibClamAV debug: End of header information >LibClamAV debug: newline_in_header, check "e" >LibClamAV debug: parseEmailHeaders: finished with headers, moving body >LibClamAV debug: parseEmailHeaders: return >LibClamAV debug: in parseEmailBody, 0 files saved so far >LibClamAV debug: Parsing mail file >LibClamAV debug: mimeType = 1 >LibClamAV debug: messageToFileblob >LibClamAV debug: messageExport: numberOfEncTypes == 1 >LibClamAV debug: messageExport: enctype 0 is 5 >LibClamAV debug: messageExport: treat uuencode as text/plain >LibClamAV debug: messageSetEncoding: 'base64' >LibClamAV debug: Encoding type 2 is "base64" >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp/clamav-2aa571758c2cfe97c7d11eaa28a6aaed.tmp/clamav-406bcc794d9fcf139d08fa4651bdf3bf.tmp >LibClamAV debug: textToFileBlob to clam.exe, destroy = 0 >LibClamAV debug: fileblobDestroy: /tmp/clamav-2aa571758c2cfe97c7d11eaa28a6aaed.tmp/clamav-406bcc794d9fcf139d08fa4651bdf3bf.tmp >LibClamAV debug: messageExport: enctype 1 is 2 >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp/clamav-2aa571758c2cfe97c7d11eaa28a6aaed.tmp/clamav-fe64326980a30107c7eda0422b9d0993.tmp >LibClamAV debug: sanitiseBase64 'e' >LibClamAV debug: Exported 0 bytes using enctype 2 >LibClamAV debug: 1 trailing bytes to export >LibClamAV debug: base64chars = 1 (@ @ @) >LibClamAV debug: Saving main message as attachment >LibClamAV debug: fileblobScan, ctx == NULL >LibClamAV debug: fileblobDestroy: /tmp/clamav-2aa571758c2cfe97c7d11eaa28a6aaed.tmp/clamav-fe64326980a30107c7eda0422b9d0993.tmp >LibClamAV debug: Saving text part to scan, rc = 1 >LibClamAV debug: messageAddArgument, arg='filename=textportion' >LibClamAV debug: Force mime encoding to application >LibClamAV debug: messageSetMimeType: 'application' >LibClamAV debug: messageToFileblob >LibClamAV debug: parseEmailBody() returning 1 >LibClamAV debug: cli_mbox returning 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized RTF file >LibClamAV debug: cache_check: 04cf3829d62e39af9ac138a38ed73117 is negative >LibClamAV debug: in cli_scanrtf() >LibClamAV debug: RTF: waiting for magic >LibClamAV debug: RTF: description length:8 >LibClamAV debug: RTF: in WAIT_DESC >LibClamAV debug: Preparing to dump rtf embedded object, description:Package >LibClamAV debug: RTF: next state: wait_data_size >LibClamAV debug: RTF: in WAIT_DATA_SIZE >LibClamAV debug: Dumping rtf embedded object of size:639 >LibClamAV debug: RTF: next state: DUMP_DATA >LibClamAV debug: RTF:Scanning embedded object:/tmp/clamav-51aa591c2c599491cb91226c3a7a9dc2.tmp/clamav-ed46e97ca9fd9b13e8fd704ef0d12eb6.tmp >LibClamAV debug: Decoding ole object >LibClamAV debug: cli_decode_ole_object: decoding to /tmp/clamav-906d67a4e06a94eac7ec9deea452a833.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized compress.exed file >LibClamAV debug: cache_check: e24d74f1524609277d2af5b497121a41 is negative >LibClamAV debug: in cli_scanszdd() >LibClamAV debug: MSEXPAND: File size from header: 544 >LibClamAV debug: MSEXPAND: Decompressed into /tmp/clamav-505807787452d23b9af9149a5f758523.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ZIP file >LibClamAV debug: cache_check: 0048ab72da0177e75e852bdce3fdd69e is negative >LibClamAV debug: in cli_unzip >LibClamAV debug: cli_unzip: central @13e >LibClamAV debug: cli_unzip: ch - flags 0 - method 6 - csize 118 - usize 220 - flen 8 - elen 0 - clen 0 - disk 0 - off 0 >LibClamAV debug: cli_unzip: ch - fname: CLAM.EXE >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:280:CLAM.EXE:280:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:CLAM.EXE:544:280:ef073cfd:6:1:1 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:280:CLAM.EXE:280:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp/clamav-9370697832eed2d2b767aa2457a91ec0.tmp/zip.000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 2ede2afebefe66b71744584bbfd004c9 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: Matched signature for file type ISO9660 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ISO9660 signature found at 32768 >LibClamAV debug: in cli_scaniso >LibClamAV debug: cli_scaniso: Raw sector size: 2048 >LibClamAV debug: cli_scaniso: Block size: 2048 >LibClamAV debug: cli_scaniso: Volume descriptor version: 1 >LibClamAV debug: cli_scaniso: System: LINUX >LibClamAV debug: cli_scaniso: Volume: CDROM >LibClamAV debug: cli_scaniso: Volume space size: 0xb0 blocks >LibClamAV debug: cli_scaniso: Volume 1 of 1 >LibClamAV debug: cli_scaniso: Volume Set: >LibClamAV debug: cli_scaniso: Publisher: >LibClamAV debug: cli_scaniso: Data Preparer: >LibClamAV debug: cli_scaniso: Application: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM >LibClamAV debug: cli_scaniso: Volume creation time: 2011-11-22 19:06:50 >LibClamAV debug: cli_scaniso: Volume modification time: 2011-11-22 19:06:50 >LibClamAV debug: cli_scaniso: Volume expiration time: 0000-00-00 00:00:00 >LibClamAV debug: cli_scaniso: Volume effective time: 2011-11-22 19:06:50 >LibClamAV debug: cli_scaniso: Path table size: 0x16 >LibClamAV debug: cli_scaniso: LSB Path Table: 0x13 >LibClamAV debug: cli_scaniso: Opt LSB Path Table: 0x0 >LibClamAV debug: cli_scaniso: MSB Path Table: 0x15 >LibClamAV debug: cli_scaniso: Opt MSB Path Table: 0x0 >LibClamAV debug: cli_scaniso: File Structure Version: 1 >LibClamAV debug: iso_parse_dir: Directory 'DIR': off 18 - size 800 - flags 2 - unit size 0 - gap size 0 - volume 1 >LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:2048:DIR:2048:2048:0:0:0:0x0 >LibClamAV debug: iso_parse_dir: File 'CLAM.EXE': off 19 - size 220 - flags 0 - unit size 0 - gap size 0 - volume 1 >LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:544:CLAM.EXE:544:544:0:0:0:0x0 >LibClamAV debug: iso_scan_file: dumping to /tmp/clamav-f19ea97a4f8d6b3e2d657e8fa5a292dd.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 1024 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized Exim mail file >LibClamAV debug: cache_check: a57a8f14a6d5a0ec8d373d646ce1f88a is negative >LibClamAV debug: Starting cli_scanmail(), recursion = 1 >LibClamAV debug: in mbox() >LibClamAV debug: parseEmailFile >LibClamAV debug: parseEmailFile: check 'From: ClamAV' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'To: ClamAV' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'Subject: ClamAV Test File' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'Message-ID: <20080603232833.1aeaf8f1@ClamAV>' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'Organization: ClamAV' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'Mime-Version: 1.0' fullline 0x0 >LibClamAV debug: parseEmailFile: check 'Content-Type: multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' fullline 0x0 >LibClamAV debug: parseEmailHeader 'Content-Type: multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' >LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' >LibClamAV debug: messageSetMimeType: 'multipart' >LibClamAV debug: mimeArgs = ' boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' >LibClamAV debug: Add arguments ' boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' >LibClamAV debug: messageAddArgument, arg='boundary=MP_/6OvrPH9HEPZRUCVu6uT=Fey' >LibClamAV debug: parseEmailFile: check '' fullline 0x0 >LibClamAV debug: End of header information >LibClamAV debug: newline_in_header, check "--MP_/6OvrPH9HEPZRUCVu6uT=Fey" >LibClamAV debug: getline_from_mbox: fmap need failed >LibClamAV debug: parseEmailFile: return >LibClamAV debug: in parseEmailBody, 0 files saved so far >LibClamAV debug: Parsing mail file >LibClamAV debug: mimeType = 5 >LibClamAV debug: Content-type 'multipart' handler >LibClamAV debug: boundaryStart: found MP_/6OvrPH9HEPZRUCVu6uT=Fey in --MP_/6OvrPH9HEPZRUCVu6uT=Fey >LibClamAV debug: Now read in part 0 >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type: text/plain; charset=US-ASCII' >LibClamAV debug: parseEmailHeader 'Content-Type: text/plain; charset=US-ASCII' >LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' text/plain; charset=US-ASCII' >LibClamAV debug: messageSetMimeType: 'text' >LibClamAV debug: mimeArgs = ' charset=US-ASCII' >LibClamAV debug: Add arguments ' charset=US-ASCII' >LibClamAV debug: messageAddArgument, arg='charset=US-ASCII' >LibClamAV debug: Discarding unwanted argument 'charset=US-ASCII' >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Transfer-Encoding: 7bit' >LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: 7bit' >LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' 7bit' >LibClamAV debug: messageSetEncoding: '7bit' >LibClamAV debug: Encoding type 1 is "7bit" >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Disposition: inline' >LibClamAV debug: parseEmailHeader 'Content-Disposition: inline' >LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' inline' >LibClamAV debug: messageAddArgument, arg='filename=unknown' >LibClamAV debug: Multipart 0: End of header information >LibClamAV debug: boundaryStart: found MP_/6OvrPH9HEPZRUCVu6uT=Fey in --MP_/6OvrPH9HEPZRUCVu6uT=Fey >LibClamAV debug: Part 0 has 1 lines, rc = 1 >LibClamAV debug: Mixed message part 0 is of type 6 >LibClamAV debug: Mixed message text part disposition "inline" >LibClamAV debug: Mime subtype "plain" >LibClamAV debug: Treating inline as attachment >LibClamAV debug: messageToFileblob >LibClamAV debug: messageExport: numberOfEncTypes == 1 >LibClamAV debug: messageExport: enctype 0 is 0 >LibClamAV debug: messageSetEncoding: 'base64' >LibClamAV debug: Encoding type 2 is "base64" >LibClamAV debug: blobSetFilename: unknown >LibClamAV debug: fileblobSetFilename: file unknown saved to /tmp/clamav-bc4c86148889933f02e5727175d77755.tmp/clamav-ded4c886ac66fa36bad7b461a2082fbb.tmp >LibClamAV debug: textToFileBlob to unknown, destroy = 0 >LibClamAV debug: fileblobDestroy: /tmp/clamav-bc4c86148889933f02e5727175d77755.tmp/clamav-ded4c886ac66fa36bad7b461a2082fbb.tmp >LibClamAV debug: messageExport: enctype 1 is 2 >LibClamAV debug: blobSetFilename: unknown >LibClamAV debug: fileblobSetFilename: file unknown saved to /tmp/clamav-bc4c86148889933f02e5727175d77755.tmp/clamav-813f87b57abb4fadd3c1e37f5617fe43.tmp >LibClamAV debug: sanitiseBase64 'This is a ClamAV test file with embedded clam.exe' >LibClamAV debug: Exported 30 bytes using enctype 2 >LibClamAV debug: CDBNAME:CL_TYPE_MAIL:30:unknown:30:30:0:0:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 8fe7d75a1adb2d661f9f622b32fb503b is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 8fe7d75a1adb2d661f9f622b32fb503b (level 0) >LibClamAV debug: /tmp/clamav-bc4c86148889933f02e5727175d77755.tmp/clamav-813f87b57abb4fadd3c1e37f5617fe43.tmp is clean >LibClamAV debug: fileblobDestructiveDestroy: /tmp/clamav-bc4c86148889933f02e5727175d77755.tmp/clamav-813f87b57abb4fadd3c1e37f5617fe43.tmp >LibClamAV debug: Now read in part 0 >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type: application/x-ms-dos-executable; name=clam.exe' >LibClamAV debug: parseEmailHeader 'Content-Type: application/x-ms-dos-executable; name=clam.exe' >LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' application/x-ms-dos-executable; name=clam.exe' >LibClamAV debug: messageSetMimeType: 'application' >LibClamAV debug: mimeArgs = ' name=clam.exe' >LibClamAV debug: Add arguments ' name=clam.exe' >LibClamAV debug: messageAddArgument, arg='name=clam.exe' >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Transfer-Encoding: base64' >LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: base64' >LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' base64' >LibClamAV debug: messageSetEncoding: 'base64' >LibClamAV debug: Encoding type 1 is "base64" >LibClamAV debug: Multipart 0: About to parse folded header 'Content-Disposition: attachment; filename=clam.exe' >LibClamAV debug: parseEmailHeader 'Content-Disposition: attachment; filename=clam.exe' >LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' attachment; filename=clam.exe' >LibClamAV debug: messageAddArgument, arg='filename=clam.exe' >LibClamAV debug: Multipart 0: End of header information >LibClamAV debug: Part 0 has 11 lines, rc = 1 >LibClamAV debug: Mixed message part 0 is of type 1 >LibClamAV debug: messageToFileblob >LibClamAV debug: messageExport: numberOfEncTypes == 1 >LibClamAV debug: messageExport: enctype 0 is 2 >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp/clamav-bc4c86148889933f02e5727175d77755.tmp/clamav-2468aded21546c70f8cce371a01f7db4.tmp >LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFi' >LibClamAV debug: sanitiseBase64 'DAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExM' >LibClamAV debug: sanitiseBase64 'AENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkA' >LibClamAV debug: sanitiseBase64 'BAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAE' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' >LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0A' >LibClamAV debug: sanitiseBase64 'EAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' >LibClamAV debug: Exported 543 bytes using enctype 2 >LibClamAV debug: 2 trailing bytes to export >LibClamAV debug: base64chars = 2 (0 @ @) >LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:clam.exe:544:544:0:0:0:0x0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: /tmp/clamav-bc4c86148889933f02e5727175d77755.tmp/clamav-2468aded21546c70f8cce371a01f7db4.tmp is infected >LibClamAV debug: fileblobDestructiveDestroy: /tmp/clamav-bc4c86148889933f02e5727175d77755.tmp/clamav-2468aded21546c70f8cce371a01f7db4.tmp >LibClamAV debug: The message has 0 parts >LibClamAV debug: cli_mbox returning 1 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized CPIO NEWC file >LibClamAV debug: cache_check: 0ad868ed626c3cdcd924d83d1dd85ead is negative >LibClamAV debug: CPIO: -- File 1 -- >LibClamAV debug: CPIO: Name: clam.exe >LibClamAV debug: CPIO: Filesize: 544 >LibClamAV debug: CDBNAME:CL_TYPE_CPIO_NEWC:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_map_scan: [120, +544) >LibClamAV debug: cli_map_scandesc: [0, +1024), [120, +544) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized CPIO ODC file >LibClamAV debug: cache_check: b874713310858f4299be1b41d31e4674 is negative >LibClamAV debug: CPIO: -- File 1 -- >LibClamAV debug: CPIO: Name: clam.exe >LibClamAV debug: CPIO: Filesize: 544 >LibClamAV debug: CDBNAME:CL_TYPE_CPIO_ODC:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_map_scan: [85, +544) >LibClamAV debug: cli_map_scandesc: [0, +1024), [85, +544) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized OLE2 container file >LibClamAV debug: cache_check: 72f471de3952aa10e0c729443ad7f65e is negative >LibClamAV debug: in cli_scanole2() >LibClamAV debug: in cli_ole2_extract() >LibClamAV debug: >LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 >LibClamAV debug: CLSID: {0000-00-00-00-000000} >LibClamAV debug: Minor version: 0x3e >LibClamAV debug: DLL version: 0x3 >LibClamAV debug: Byte Order: -2 >LibClamAV debug: Big Block Size: 9 >LibClamAV debug: Small Block Size: 6 >LibClamAV debug: BAT count: 1 >LibClamAV debug: Prop start: 18 >LibClamAV debug: SBAT cutoff: 4096 >LibClamAV debug: SBat start: 20 >LibClamAV debug: SBat block count: 1 >LibClamAV debug: XBat start: -2 >LibClamAV debug: XBat block count: 0 >LibClamAV debug: >LibClamAV debug: Max block number: 248 >LibClamAV debug: OLE2: VBA project found >LibClamAV debug: OLE2: root entry [root] b size:0x00000f80 flags:0x00000000 >LibClamAV debug: OLE2: _5_summaryinformation [file] b size:0x0000019c flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_summaryinformation' to '/tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/8f77ea59a4794f91b39913db2e55f3fc_0' >LibClamAV debug: OLE2: _5_documentsummaryinformation [file] b size:0x0000011c flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_documentsummaryinformation' to '/tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/c94e3926fdf7b9e624cba640b87b17a8_0' >LibClamAV debug: OLE2: worddocument [file] b size:0x0000102e flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping 'worddocument' to '/tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/126ea3fd0ff7f18c9c5eec0c07398c49_0' >LibClamAV debug: OLE2: 1table [file] r size:0x00000847 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '1table' to '/tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/0e2af3cf7b22050354734d7eb56b80d3_0' >LibClamAV debug: OLE2: objectpool [dir ] b size:0x00000000 flags:0x00000000 >LibClamAV debug: OLE2 dir entry: /tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/000003 >LibClamAV debug: OLE2: _1279313719 [dir ] b size:0x00000000 flags:0x00000000 >LibClamAV debug: OLE2 dir entry: /tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/000003/000004 >LibClamAV debug: OLE2: _1_compobj [file] b size:0x00000052 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/000003/000004/88144fbcb62650fa72c360688f4772c7_0' >LibClamAV debug: OLE2: _3_objinfo [file] b size:0x00000006 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_3_objinfo' to '/tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/000003/000004/b716b79df7921f86c7532913ba9e5562_0' >LibClamAV debug: OLE2: _1_ole10native [file] r size:0x00000255 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole10native' to '/tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/000003/000004/e74f5f7bbf0b77708bc591157d708d3d_0' >LibClamAV debug: OLE2: _1_ole [file] b size:0x00000014 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole' to '/tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/000003/000004/4d5f109dc1c0609112df3a2e6f747fea_0' >LibClamAV debug: OLE2: _1_compobj [file] r size:0x00000075 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/88144fbcb62650fa72c360688f4772c7_1' >LibClamAV debug: OLE2: data [file] b size:0x00001000 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping 'data' to '/tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/8d777f385d3dfec8815d20f7496026dc_0' >LibClamAV debug: VBADir: /tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp >LibClamAV debug: wm_readdir: macro offset: 0x41c0000 >LibClamAV debug: wm_readdir: macro len: 0x160000 > >LibClamAV debug: wm_readdir: read macro_info failed >LibClamAV debug: VBADir: /tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/000003 >LibClamAV debug: VBADir: /tmp/clamav-caeb4f671c2f3f6ec308deaa7cf2154f.tmp/000003/000004 >LibClamAV debug: cli_decode_ole_object: decoding to /tmp/clamav-d26bd125ab9eb1a6178745fdffb2b514.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized PDF document file >LibClamAV debug: cache_check: f6a7821809bff648e8dbd72f027f3850 is negative >LibClamAV debug: in cli_pdf(/tmp/clamav-f6afd2cd2e0365c98f4ba585bdc5226b.tmp) >LibClamAV debug: cli_pdf: did not find valid xref >LibClamAV debug: Bytecode executing hook id 258 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_pdf: found 1 0 obj @26 >LibClamAV debug: cli_pdf: found 2 0 obj @100 >LibClamAV debug: cli_pdf: found 3 0 obj @270 >LibClamAV debug: cli_pdf: found 4 0 obj @338 >LibClamAV debug: cli_pdf: found 5 0 obj @1719 >LibClamAV debug: cli_pdf: found 6 0 obj @1925 >LibClamAV debug: cli_pdf: found 7 0 obj @1963 >LibClamAV debug: cli_pdf: found 8 0 obj @2016 >LibClamAV debug: cli_pdf: found 9 0 obj @2054 >LibClamAV debug: cli_pdf: found 10 0 obj @2484 >LibClamAV debug: cli_pdf: found 11 0 obj @2773 >LibClamAV debug: cli_pdf: found 12 0 obj @5181 >LibClamAV debug: cli_pdf: found 13 0 obj @5283 >LibClamAV debug: cli_pdf: found 14 0 obj @5308 >LibClamAV debug: cli_pdf: found 15 0 obj @5729 >LibClamAV debug: cli_pdf: found 16 0 obj @6391 >LibClamAV debug: cli_pdf: found 17 0 obj @6474 >LibClamAV debug: cli_pdf: 1 0 obj flags: 02 >LibClamAV debug: cli_pdf: 2 0 obj flags: 02 >LibClamAV debug: cli_pdf: 3 0 obj flags: 02 >LibClamAV debug: cli_pdf: 4 0 obj flags: 03 >LibClamAV debug: cli_pdf: found Contents stored in indirect object 14 0 >LibClamAV debug: cli_pdf: 5 0 obj flags: 800002 >LibClamAV debug: cli_pdf: 6 0 obj flags: 02 >LibClamAV debug: cli_pdf: 7 0 obj flags: 02 >LibClamAV debug: cli_pdf: 8 0 obj flags: 02 >LibClamAV debug: cli_pdf: 9 0 obj flags: 02 >LibClamAV debug: cli_pdf: 10 0 obj flags: 20002 >LibClamAV debug: cli_pdf: 11 0 obj flags: 10023 >LibClamAV debug: cli_pdf: 12 0 obj flags: 02 >LibClamAV debug: cli_pdf: 13 0 obj: no dictionary >LibClamAV debug: cli_pdf: 14 0 obj flags: 1010023 >LibClamAV debug: cli_pdf: 15 0 obj flags: 07 >LibClamAV debug: cli_pdf: 16 0 obj flags: 02 >LibClamAV debug: cli_pdf: 17 0 obj flags: 1000002 >LibClamAV debug: Bytecode executing hook id 258 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_pdf: (parsed hooks) returned 0 >LibClamAV debug: pdf_extract_obj: obj 1 0 >LibClamAV debug: pdf_extract_obj: obj 2 0 >LibClamAV debug: pdf_extract_obj: obj 3 0 >LibClamAV debug: pdf_extract_obj: obj 4 0 >LibClamAV debug: cli_pdf: dumping obj 4 0 >LibClamAV debug: -------------EXPERIMENTAL------------- >LibClamAV debug: cli_pdf: /DecodeParms not found in dict >LibClamAV debug: cli_pdf: /DP not found in dict >LibClamAV debug: cli_pdf: detected 0 applied filters >LibClamAV debug: cli_pdf: no non-forced filters decoded, returning raw stream >LibClamAV debug: -------------EXPERIMENTAL------------- >LibClamAV debug: cli_pdf: extracted 1287 bytes 4 0 obj >LibClamAV debug: ... to /tmp/clamav-f6afd2cd2e0365c98f4ba585bdc5226b.tmp/pdf00 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: afeb29d29db00e7b0a56c1095a45152c is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: afeb29d29db00e7b0a56c1095a45152c (level 0) >LibClamAV debug: Bytecode executing hook id 258 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: pdf_extract_obj: obj 5 0 >LibClamAV debug: pdf_extract_obj: obj 6 0 >LibClamAV debug: pdf_extract_obj: obj 7 0 >LibClamAV debug: pdf_extract_obj: obj 8 0 >LibClamAV debug: pdf_extract_obj: obj 9 0 >LibClamAV debug: pdf_extract_obj: obj 10 0 >LibClamAV debug: pdf_extract_obj: obj 11 0 >LibClamAV debug: cli_pdf: dumping obj 11 0 >LibClamAV debug: -------------EXPERIMENTAL------------- >LibClamAV debug: cli_pdf: /DecodeParms not found in dict >LibClamAV debug: cli_pdf: /DP not found in dict >LibClamAV debug: cli_pdf: detected 1 applied filters >LibClamAV debug: cli_pdf: decoding [5] => FLATEDECODE >LibClamAV debug: cli_pdf: inflated 2957 bytes from 2305 total bytes (0 bytes remaining) >LibClamAV debug: -------------EXPERIMENTAL------------- >LibClamAV debug: cli_pdf: extracted 2957 bytes 11 0 obj >LibClamAV debug: ... to /tmp/clamav-f6afd2cd2e0365c98f4ba585bdc5226b.tmp/pdf01 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 00caa7c99f05f5c47d95c516d38c6f1e is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 00caa7c99f05f5c47d95c516d38c6f1e (level 0) >LibClamAV debug: Bytecode executing hook id 258 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: pdf_extract_obj: obj 12 0 >LibClamAV debug: pdf_extract_obj: obj 13 0 >LibClamAV debug: pdf_extract_obj: obj 14 0 >LibClamAV debug: cli_pdf: dumping obj 14 0 >LibClamAV debug: cli_pdf: length is in indirect object 13 0 >LibClamAV debug: -------------EXPERIMENTAL------------- >LibClamAV debug: cli_pdf: /DecodeParms not found in dict >LibClamAV debug: cli_pdf: /DP not found in dict >LibClamAV debug: cli_pdf: detected 1 applied filters >LibClamAV debug: cli_pdf: decoding [5] => FLATEDECODE >LibClamAV debug: cli_pdf: inflated 662 bytes from 334 total bytes (0 bytes remaining) >LibClamAV debug: -------------EXPERIMENTAL------------- >LibClamAV debug: cli_pdf: extracted 662 bytes 14 0 obj >LibClamAV debug: ... to /tmp/clamav-f6afd2cd2e0365c98f4ba585bdc5226b.tmp/pdf02 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: d6ceddd633b1dcc23e459f9579bde3b5 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: d6ceddd633b1dcc23e459f9579bde3b5 (level 0) >LibClamAV debug: Bytecode executing hook id 258 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_pdf: dumping contents 14 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 33af3356d8761430f7c7c76d93613f9a is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 33af3356d8761430f7c7c76d93613f9a (level 0) >LibClamAV debug: pdf_extract_obj: obj 15 0 >LibClamAV debug: cli_pdf: dumping obj 15 0 >LibClamAV debug: -------------EXPERIMENTAL------------- >LibClamAV debug: cli_pdf: /DecodeParms not found in dict >LibClamAV debug: cli_pdf: /DP not found in dict >LibClamAV debug: cli_pdf: detected 0 applied filters >LibClamAV debug: cli_pdf: no non-forced filters decoded, returning raw stream >LibClamAV debug: -------------EXPERIMENTAL------------- >LibClamAV debug: cli_pdf: extracted 544 bytes 15 0 obj >LibClamAV debug: ... to /tmp/clamav-f6afd2cd2e0365c98f4ba585bdc5226b.tmp/pdf03 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_pdf: returning 1 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized OLE2 container file >LibClamAV debug: cache_check: 5cc36bead5044641bf74a209721220df is negative >LibClamAV debug: in cli_scanole2() >LibClamAV debug: in cli_ole2_extract() >LibClamAV debug: >LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 >LibClamAV debug: CLSID: {0000-00-00-00-000000} >LibClamAV debug: Minor version: 0x3e >LibClamAV debug: DLL version: 0x3 >LibClamAV debug: Byte Order: -2 >LibClamAV debug: Big Block Size: 9 >LibClamAV debug: Small Block Size: 6 >LibClamAV debug: BAT count: 1 >LibClamAV debug: Prop start: 1 >LibClamAV debug: SBAT cutoff: 4096 >LibClamAV debug: SBat start: 2 >LibClamAV debug: SBat block count: 1 >LibClamAV debug: XBat start: -2 >LibClamAV debug: XBat block count: 0 >LibClamAV debug: >LibClamAV debug: Max block number: 520 >LibClamAV debug: OLE2: VBA project found >LibClamAV debug: OLE2: root entry [root] r size:0x00000c80 flags:0x00000000 >LibClamAV debug: OLE2: _5_summaryinformation [file] b size:0x00005500 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_summaryinformation' to '/tmp/clamav-72590024de9335b4afca8d2b1ec8c717.tmp/8f77ea59a4794f91b39913db2e55f3fc_0' >LibClamAV debug: OLE2: powerpoint document [file] b size:0x0000143e flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping 'powerpoint document' to '/tmp/clamav-72590024de9335b4afca8d2b1ec8c717.tmp/87320d137f01f7b183eb533a1de6c62a_0' >LibClamAV debug: OLE2: _5_documentsummaryinformation [file] r size:0x00000238 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_documentsummaryinformation' to '/tmp/clamav-72590024de9335b4afca8d2b1ec8c717.tmp/c94e3926fdf7b9e624cba640b87b17a8_0' >LibClamAV debug: OLE2: pictures [file] b size:0x000009ce flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping 'pictures' to '/tmp/clamav-72590024de9335b4afca8d2b1ec8c717.tmp/9ed98e5c3e9685aa3de82c99009a2ed3_0' >LibClamAV debug: OLE2: current user [file] r size:0x0000002c flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping 'current user' to '/tmp/clamav-72590024de9335b4afca8d2b1ec8c717.tmp/031e0a965ce78208b44b47340128ed45_0' >LibClamAV debug: VBADir: /tmp/clamav-72590024de9335b4afca8d2b1ec8c717.tmp >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x0f >LibClamAV debug: instance: 0x00 >LibClamAV debug: type: 0x03e8 >LibClamAV debug: length: 0x000004dc >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x0f >LibClamAV debug: instance: 0x00 >LibClamAV debug: type: 0x03f8 >LibClamAV debug: length: 0x00000a46 >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x0f >LibClamAV debug: instance: 0x00 >LibClamAV debug: type: 0x03ee >LibClamAV debug: length: 0x0000020c >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x00 >LibClamAV debug: instance: 0x01 >LibClamAV debug: type: 0x1011 >LibClamAV debug: length: 0x000002b0 >LibClamAV debug: length: 684 >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x00 >LibClamAV debug: instance: 0x00 >LibClamAV debug: type: 0x1772 >LibClamAV debug: length: 0x00000014 >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: version: 0x00 >LibClamAV debug: instance: 0x00 >LibClamAV debug: type: 0x0ff5 >LibClamAV debug: length: 0x0000001c >LibClamAV debug: in ppt_read_atom_header >LibClamAV debug: read ppt_header failed >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized OLE2 container file >LibClamAV debug: cache_check: 34bbee039661ffefe723e4c053c4349e is negative >LibClamAV debug: in cli_scanole2() >LibClamAV debug: in cli_ole2_extract() >LibClamAV debug: >LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 >LibClamAV debug: CLSID: {0000-00-00-00-000000} >LibClamAV debug: Minor version: 0x3e >LibClamAV debug: DLL version: 0x3 >LibClamAV debug: Byte Order: -2 >LibClamAV debug: Big Block Size: 9 >LibClamAV debug: Small Block Size: 6 >LibClamAV debug: BAT count: 1 >LibClamAV debug: Prop start: 2 >LibClamAV debug: SBAT cutoff: 4096 >LibClamAV debug: SBat start: 4 >LibClamAV debug: SBat block count: 1 >LibClamAV debug: XBat start: -2 >LibClamAV debug: XBat block count: 0 >LibClamAV debug: >LibClamAV debug: Max block number: 56 >LibClamAV debug: OLE2: VBA project found >LibClamAV debug: OLE2: root entry [root] r size:0x000003c0 flags:0x00000000 >LibClamAV debug: OLE2: _1_ole10native [file] b size:0x00000307 flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole10native' to '/tmp/clamav-65e127cde1a8a455a6f00863f89d1cfd.tmp/e74f5f7bbf0b77708bc591157d708d3d_0' >LibClamAV debug: OLE2: _1_compobj [file] r size:0x0000004c flags:0x00000000 >LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/tmp/clamav-65e127cde1a8a455a6f00863f89d1cfd.tmp/88144fbcb62650fa72c360688f4772c7_0' >LibClamAV debug: VBADir: /tmp/clamav-65e127cde1a8a455a6f00863f89d1cfd.tmp >LibClamAV debug: cli_decode_ole_object: decoding to /tmp/clamav-64f4e7205d507239c424fea5e9445814.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: Matched signature for file type SIS at 8 >LibClamAV debug: cache_check: 9af10e8bc42125f1b471a69e0104e09e is negative >LibClamAV debug: in scansis() >LibClamAV debug: SIS: UIDS 1000000 10003a12 10000419 - 73854f24 >LibClamAV debug: SIS: Application name: >LibClamAV debug: Name (UK English - @146, len 8) >LibClamAV debug: SIS: Provides: >LibClamAV debug: Name (UK English - @146, len 8) >LibClamAV debug: SIS: Depends on: >LibClamAV debug: UID: 101f6f88 v. 0.0.0 > aka: >LibClamAV debug: Series60ProductID (UK English - @124, len 34) >LibClamAV debug: SIS: Package is compressed >LibClamAV debug: SIS: Pkgtype: 0 >LibClamAV debug: SIS: File details: > Options: 0 > Type: simple >LibClamAV debug: Original filename: C:\Users\zolw\AppData\Local\Temp\MKS0\clam.exe >LibClamAV debug: Installed to: !:\clam.exe >LibClamAV debug: Unpacking lang#0 - ptr:14e csize:106 osize:220 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 4e05da42c0edfad9adc8103c1319a39f is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: d67efc70fcf79eca10063916930e446f is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-fdceb3ad98fc3f134d011932d79caa39.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 6032, [13620 in octal] >LibClamAV debug: cli_untar: Checksum 6032 is valid. >LibClamAV debug: cli_untar: size = 40 >LibClamAV debug: cli_untar: skipping entry >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: Candidate checksum = 5489, [12561 in octal] >LibClamAV debug: cli_untar: Checksum 5489 is valid. >LibClamAV debug: cli_untar: size = 544 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-fdceb3ad98fc3f134d011932d79caa39.tmp/tar01 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: cli_untar: pos = 2560 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized TNEF file >LibClamAV debug: cache_check: 9417e3d9e9e227fc029204a23d2b5bf1 is negative >LibClamAV debug: message tag 0x9006, type 0x8, length 4 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x9006, type 0x8, length 4 >LibClamAV debug: message tag 0x9007, type 0x6, length 8 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x9007, type 0x6, length 8 >LibClamAV debug: message tag 0x8008, type 0x7, length 24 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x8008, type 0x7, length 24 >LibClamAV debug: message tag 0x800d, type 0x4, length 2 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x800d, type 0x4, length 2 >LibClamAV debug: message tag 0x8004, type 0x1, length 48 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x8004, type 0x1, length 48 >LibClamAV debug: message tag 0x9, type 0x4, length 2 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x9, type 0x4, length 2 >LibClamAV debug: message tag 0x8006, type 0x3, length 14 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x8006, type 0x3, length 14 >LibClamAV debug: message tag 0x8020, type 0x2, length 52 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x8020, type 0x2, length 52 >LibClamAV debug: message tag 0x9004, type 0x6, length 124 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x9004, type 0x6, length 124 >LibClamAV debug: message tag 0x9003, type 0x6, length 2892 >LibClamAV debug: TNEF - found message >LibClamAV debug: message tag 0x9003, type 0x6, length 2892 >LibClamAV debug: message tag 0x9002, type 0x6, length 14 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x9002, type 0x6, length 14 >LibClamAV debug: TNEF - unsupported attachment tag 0x9002 type 0x6 length 14 >LibClamAV debug: message tag 0x8013, type 0x3, length 14 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x8013, type 0x3, length 14 >LibClamAV debug: TNEF - unsupported attachment tag 0x8013 type 0x3 length 14 >LibClamAV debug: message tag 0x800f, type 0x6, length 544 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x800f, type 0x6, length 544 >LibClamAV debug: message tag 0x8010, type 0x1, length 9 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x8010, type 0x1, length 9 >LibClamAV debug: TNEF filename clam.exe >LibClamAV debug: blobSetFilename: clam.exe >LibClamAV debug: fileblobSetFilename: file clam.exe saved to /tmp/clamav-3e0de4b43e3a1c4c78ce32612bf3707d.tmp/clamav-2244670e5f933196371d3c2bd1afd601.tmp >LibClamAV debug: message tag 0x8011, type 0x6, length 5624 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x8011, type 0x6, length 5624 >LibClamAV debug: TNEF - unsupported attachment tag 0x8011 type 0x6 length 5624 >LibClamAV debug: message tag 0x9005, type 0x6, length 180 >LibClamAV debug: TNEF - found attachment >LibClamAV debug: attachment tag 0x9005, type 0x6, length 180 >LibClamAV debug: TNEF - unsupported attachment tag 0x9005 type 0x6 length 180 >LibClamAV debug: tnef_header: ignoring trailing newline >LibClamAV debug: cli_tnef: flushing final data >LibClamAV debug: fileblobDestroy: /tmp/clamav-3e0de4b43e3a1c4c78ce32612bf3707d.tmp/clamav-2244670e5f933196371d3c2bd1afd601.tmp >LibClamAV debug: cli_tnef: returning 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized ZIP file >LibClamAV debug: cache_check: 37ee24a41abc0fdbe8ee342ededf33ef is negative >LibClamAV debug: in cli_unzip >LibClamAV debug: cli_unzip: central @13b >LibClamAV debug: cli_unzip: ch - flags 0 - method 8 - csize 100 - usize 220 - flen 8 - elen d - clen 0 - disk 0 - off 0 >LibClamAV debug: cli_unzip: ch - fname: clam.exe >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:1:1 >LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:1:4010228989:0x0 >LibClamAV debug: cli_unzip: extracted to /tmp/clamav-c76e4423074b4d2f9ed18b20f2cd4445.tmp/zip.000 >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: a54c20ccd89a41329f3feeca0df4a8b3 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 >LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) >LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 >LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 >LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 >LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 >LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 >LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 >LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 >LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type CAB-SFX at 476556 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 115236 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: e7d69e3a0825c65b215b0ed482a3f089 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type CAB-SFX at 361320 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: CAB/CAB-SFX signature found at 361320 >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 417 >LibClamAV debug: CAB: Folder compression method: 5379 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: CAB: File record 0 >LibClamAV debug: CAB: File name: IKernel*dll >LibClamAV debug: CAB: File offset: 0 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 1 >LibClamAV debug: CAB: File name: ctor*dll >LibClamAV debug: CAB: File offset: 753664 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 2 >LibClamAV debug: CAB: File name: IScript*dll >LibClamAV debug: CAB: File offset: 823378 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 3 >LibClamAV debug: CAB: File name: IUser*dll >LibClamAV debug: CAB: File offset: 1097810 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 4 >LibClamAV debug: CAB: File name: objectps*dll >LibClamAV debug: CAB: File offset: 1282130 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 5 >LibClamAV debug: CAB: File name: DotNetInstaller*exe >LibClamAV debug: CAB: File offset: 1314898 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 6 >LibClamAV debug: CAB: File name: iKernel*rgs >LibClamAV debug: CAB: File offset: 1320530 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 7 >LibClamAV debug: CAB: File name: ISProBE9x*tlb >LibClamAV debug: CAB: File offset: 1358611 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 8 >LibClamAV debug: CAB: File name: ISProBENT*tlb >LibClamAV debug: CAB: File offset: 1487479 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 9 >LibClamAV debug: CAB: File name: ISBEW64*rgs >LibClamAV debug: CAB: File offset: 1605299 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 10 >LibClamAV debug: CAB: File name: IsBEW64*tlb >LibClamAV debug: CAB: File offset: 1605869 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 11 >LibClamAV debug: CAB: File name: ISBEW64*exe >LibClamAV debug: CAB: File offset: 1608289 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 12 >LibClamAV debug: CAB: File name: ISBEW64A*exe >LibClamAV debug: CAB: File offset: 1732705 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: Recorded files: 13 > >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: e_lfanew == 256 >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 1 >LibClamAV debug: TimeDateStamp: Sat Apr 16 13:54:57 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 2 >LibClamAV debug: MinorLinkerVersion: 25 >LibClamAV debug: SizeOfCode: 0x400 >LibClamAV debug: SizeOfInitializedData: 0x600 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x1040 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 3 >LibClamAV debug: MinorSubsystemVersion: 10 >LibClamAV debug: SizeOfImage: 0x2000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: [CLAMAV] >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1000 0x1000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x200 0x200 >LibClamAV debug: PointerToRawData: 0x1 0x0 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x40 (64) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: e7d69e3a0825c65b215b0ed482a3f089 (level 0) >LibClamAV debug: e_lfanew == 232 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 4 01:05:10 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10a00 >LibClamAV debug: SizeOfInitializedData: 0xb600 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0xce17 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1091e 0x11000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17f0 0x2000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x1800 0x1800 >LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17c4 0x2000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x1600 0x1600 >LibClamAV debug: PointerToRawData: 0x12600 0x12600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8420 0x9000 >LibClamAV debug: VirtualAddress: 0x16000 0x16000 >LibClamAV debug: SizeOfRawData: 0x8600 0x8600 >LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc217 (49687) >LibClamAV debug: ishield: @1c224 found file clam.exe (Disk1\clam.exe) - version 0.0.0.0 - size 544 >LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:544:clam.exe:544:544:0:0:0:0x0 >LibClamAV debug: ishield: extracted to /tmp/clamav-b05788f20651c5b69c90c4ac1769891b.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 235bb0bcf01b767d5cf5570027c93f6b is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 >LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) >LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 >LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 >LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 >LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 >LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 >LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 >LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 >LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type CAB-SFX at 471993 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: CAB/CAB-SFX signature found at 471993 >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 417 >LibClamAV debug: CAB: Folder compression method: 5379 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: CAB: File record 0 >LibClamAV debug: CAB: File name: IKernel*dll >LibClamAV debug: CAB: File offset: 0 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 1 >LibClamAV debug: CAB: File name: ctor*dll >LibClamAV debug: CAB: File offset: 753664 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 2 >LibClamAV debug: CAB: File name: IScript*dll >LibClamAV debug: CAB: File offset: 823378 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 3 >LibClamAV debug: CAB: File name: IUser*dll >LibClamAV debug: CAB: File offset: 1097810 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 4 >LibClamAV debug: CAB: File name: objectps*dll >LibClamAV debug: CAB: File offset: 1282130 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 5 >LibClamAV debug: CAB: File name: DotNetInstaller*exe >LibClamAV debug: CAB: File offset: 1314898 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 6 >LibClamAV debug: CAB: File name: iKernel*rgs >LibClamAV debug: CAB: File offset: 1320530 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 7 >LibClamAV debug: CAB: File name: ISProBE9x*tlb >LibClamAV debug: CAB: File offset: 1358611 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 8 >LibClamAV debug: CAB: File name: ISProBENT*tlb >LibClamAV debug: CAB: File offset: 1487479 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 9 >LibClamAV debug: CAB: File name: ISBEW64*rgs >LibClamAV debug: CAB: File offset: 1605299 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 10 >LibClamAV debug: CAB: File name: IsBEW64*tlb >LibClamAV debug: CAB: File offset: 1605869 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 11 >LibClamAV debug: CAB: File name: ISBEW64*exe >LibClamAV debug: CAB: File offset: 1608289 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 12 >LibClamAV debug: CAB: File name: ISBEW64A*exe >LibClamAV debug: CAB: File offset: 1732705 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: Recorded files: 13 > >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 >LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) >LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 >LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 >LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 >LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 >LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 >LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 >LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 >LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 >LibClamAV debug: *** Detected embedded PE file at 1016015 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: a63fe77037d042c8690ed49557977a8c is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 >LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) >LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 >LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 >LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 >LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 >LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 >LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 >LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 >LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: e_lfanew == 232 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 4 01:05:10 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10a00 >LibClamAV debug: SizeOfInitializedData: 0xb600 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0xce17 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1091e 0x11000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17f0 0x2000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x1800 0x1800 >LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17c4 0x2000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x1600 0x1600 >LibClamAV debug: PointerToRawData: 0x12600 0x12600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8420 0x9000 >LibClamAV debug: VirtualAddress: 0x16000 0x16000 >LibClamAV debug: SizeOfRawData: 0x8600 0x8600 >LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc217 (49687) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: a63fe77037d042c8690ed49557977a8c (level 0) >LibClamAV debug: e_lfanew == 232 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 4 01:05:10 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10a00 >LibClamAV debug: SizeOfInitializedData: 0xb600 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0xce17 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1091e 0x11000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17f0 0x2000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x1800 0x1800 >LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17c4 0x2000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x1600 0x1600 >LibClamAV debug: PointerToRawData: 0x12600 0x12600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8420 0x9000 >LibClamAV debug: VirtualAddress: 0x16000 0x16000 >LibClamAV debug: SizeOfRawData: 0x8600 0x8600 >LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc217 (49687) >LibClamAV debug: ishield: @1c229 found file data1.cab (Disk1\data1.cab) - version 0.0.0.0 - size 345386 >LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:345386:data1.cab:345386:345386:0:0:0:0x0 >LibClamAV debug: ishield: added data1.cab to array >LibClamAV debug: ishield: @7077b found file data1.hdr (Disk1\data1.hdr) - version 0.0.0.0 - size 10471 >LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:10471:data1.hdr:10471:10471:0:1:0:0x0 >LibClamAV debug: ishield: added data1.hdr to array >LibClamAV debug: ishield: @73088 found file data2.cab (Disk1\data2.cab) - version 0.0.0.0 - size 770 >LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:770:data2.cab:770:770:0:2:0:0x0 >LibClamAV debug: ishield: added data2.cab to array >LibClamAV debug: ishield: @733b9 found file engine32.cab (Disk1\engine32.cab) - version 0.0.0.0 - size 543481 >LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:543481:engine32.cab:543481:543481:0:3:0:0x0 >LibClamAV debug: ishield: extracted to /tmp/clamav-2d9d9704c109f433ffbe99f143b54c35.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS CAB file >LibClamAV debug: cache_check: f1388bda22a24abcdb0324903411bf7f is negative >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 417 >LibClamAV debug: CAB: Folder compression method: 5379 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: CAB: File record 0 >LibClamAV debug: CAB: File name: IKernel*dll >LibClamAV debug: CAB: File offset: 0 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 1 >LibClamAV debug: CAB: File name: ctor*dll >LibClamAV debug: CAB: File offset: 753664 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 2 >LibClamAV debug: CAB: File name: IScript*dll >LibClamAV debug: CAB: File offset: 823378 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 3 >LibClamAV debug: CAB: File name: IUser*dll >LibClamAV debug: CAB: File offset: 1097810 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 4 >LibClamAV debug: CAB: File name: objectps*dll >LibClamAV debug: CAB: File offset: 1282130 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 5 >LibClamAV debug: CAB: File name: DotNetInstaller*exe >LibClamAV debug: CAB: File offset: 1314898 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 6 >LibClamAV debug: CAB: File name: iKernel*rgs >LibClamAV debug: CAB: File offset: 1320530 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 7 >LibClamAV debug: CAB: File name: ISProBE9x*tlb >LibClamAV debug: CAB: File offset: 1358611 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 8 >LibClamAV debug: CAB: File name: ISProBENT*tlb >LibClamAV debug: CAB: File offset: 1487479 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 9 >LibClamAV debug: CAB: File name: ISBEW64*rgs >LibClamAV debug: CAB: File offset: 1605299 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 10 >LibClamAV debug: CAB: File name: IsBEW64*tlb >LibClamAV debug: CAB: File offset: 1605869 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 11 >LibClamAV debug: CAB: File name: ISBEW64*exe >LibClamAV debug: CAB: File offset: 1608289 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: File record 12 >LibClamAV debug: CAB: File name: ISBEW64A*exe >LibClamAV debug: CAB: File offset: 1732705 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: Recorded files: 13 > >LibClamAV debug: Matched signature for file type CAB-SFX at 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: f1388bda22a24abcdb0324903411bf7f (level 0) >LibClamAV debug: ishield: @f7eda found file layout.bin (Disk1\layout.bin) - version 0.0.0.0 - size 455 >LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:455:layout.bin:455:455:0:4:0:0x0 >LibClamAV debug: ishield: extracted to /tmp/clamav-2d8e4ae1ec34a784dffea00903ca38c5.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 3b70579cc5a5bab9b5e634404e4b719b is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 3b70579cc5a5bab9b5e634404e4b719b (level 0) >LibClamAV debug: ishield: @f80cf found file setup.exe (Disk1\setup.exe) - version 11.0.0.28844 - size 121064 >LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:121064:setup.exe:121064:121064:0:5:0:0x0 >LibClamAV debug: ishield: extracted to /tmp/clamav-b82f39abde4365904ecc0962df2c852a.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: bef1e6a9b97045ec3f2b9cf34acb6810 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 >LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) >LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 >LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 >LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 >LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 >LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 >LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 >LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 >LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 232 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Mon Apr 4 01:05:10 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10a00 >LibClamAV debug: SizeOfInitializedData: 0xb600 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0xce17 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1091e 0x11000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17f0 0x2000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x1800 0x1800 >LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x17c4 0x2000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x1600 0x1600 >LibClamAV debug: PointerToRawData: 0x12600 0x12600 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x8420 0x9000 >LibClamAV debug: VirtualAddress: 0x16000 0x16000 >LibClamAV debug: SizeOfRawData: 0x8600 0x8600 >LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0xc217 (49687) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: bef1e6a9b97045ec3f2b9cf34acb6810 (level 0) >LibClamAV debug: ishield: @1159e0 found file setup.ibt (Disk1\setup.ibt) - version 0.0.0.0 - size 396011 >LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:396011:setup.ibt:396011:396011:0:6:0:0x0 >LibClamAV debug: ishield: extracted to /tmp/clamav-5db76d86d1c131c28dd1b756b33e2af5.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: cache_check: e443daa20aed702ba6f5f5f2343de989 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Invalid DOS signature >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: Invalid DOS signature >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: e443daa20aed702ba6f5f5f2343de989 (level 0) >LibClamAV debug: ishield: @1764f1 found file setup.ini (Disk1\setup.ini) - version 0.0.0.0 - size 452 >LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:452:setup.ini:452:452:0:7:0:0x0 >LibClamAV debug: ishield: extracted to /tmp/clamav-f9d82f12b8cac186a5e1225d4f7c585a.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 677bb0dbd503488e051b8ce98518270c is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 677bb0dbd503488e051b8ce98518270c (level 0) >LibClamAV debug: is_parse_hdr: magic 28635349, unk1 1009500, unk2 0, data_off 200, data_sz 1b92 >LibClamAV debug: is_parse_hdr: file \iKernel.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \Setup.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \DotNetInstaller.exe (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \iscript.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \ctor.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \iuser.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \IGDI.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \ISBEW64.exe (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \IsProBE.tlb (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \objectps.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \ISBEW64.tlb (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \IKernel.rgs (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: file \ISBEW64.rgs (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20 14:b5073283 15:1) >LibClamAV debug: is_parse_hdr: skipped empty file >LibClamAV debug: is_parse_hdr: skipped external file:\setup.inx (size: 210370 csize: 210370 md5:6045272582fa1efe9ea7ff1e888facd6) >LibClamAV debug: is_parse_hdr: file \license.rtf (size: 11493 csize: 2605 md5:e7eb45e877c8cb80f56e9dbc9504e757 offset:200 (data1.cab) 13:20 14:b44a3283 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp/clamav-844ef57cc6a0287d5d41d5262d180540.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized RTF file >LibClamAV debug: cache_check: e7eb45e877c8cb80f56e9dbc9504e757 is negative >LibClamAV debug: in cli_scanrtf() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: e7eb45e877c8cb80f56e9dbc9504e757 (level 0) >LibClamAV debug: is_parse_hdr: skipped unknown file entry 15 >LibClamAV debug: is_parse_hdr: file \corecomp.ini (size: 65503 csize: 12414 md5:09d38ceca6a012f4ce5b54f03db9b21a offset:c2d (data1.cab) 13:20 14:b4733283 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp/clamav-6439006d58fae0cbebb66d0bc443e344.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 09d38ceca6a012f4ce5b54f03db9b21a is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 09d38ceca6a012f4ce5b54f03db9b21a (level 0) >LibClamAV debug: is_parse_hdr: file \FontData.ini (size: 39 csize: 43 md5:00f313e3e007599349a0c4d81c7807c4 offset:3cab (data1.cab) 13:20 14:758c3af3 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp/clamav-e8b0e02c14b8db6ef1f3509529fe7bb6.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 00f313e3e007599349a0c4d81c7807c4 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 00f313e3e007599349a0c4d81c7807c4 (level 0) >LibClamAV debug: is_parse_hdr: file \StringTable-0009-English.ips (size: 329 csize: 177 md5:31563751792826a6272b09626250e155 offset:3cd6 (data1.cab) 13:20 14:758c3af3 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp/clamav-0f89e9e5b8ae6694a8a8d794f2821af4.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 31563751792826a6272b09626250e155 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 31563751792826a6272b09626250e155 (level 0) >LibClamAV debug: is_parse_hdr: file \isrt.dll (size: 425984 csize: 211241 md5:9a7790ae29bbadfa35650751ecceb0e7 offset:3d87 (data1.cab) 13:20 14:b8703283 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp/clamav-456d6cec2c4901b56c2728ec33bd60d8.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 9a7790ae29bbadfa35650751ecceb0e7 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 63048 >LibClamAV debug: cli_peheader: parsing version info @ rva 63048 (1/1) >LibClamAV debug: VersionInfo (610fe): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 >LibClamAV debug: VersionInfo (6114e): 'FileDescription'='InstallShield (R) RunTime DLL' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000520075006e00540069006d006500200044004c004c000000 >LibClamAV debug: VersionInfo (611b2): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 >LibClamAV debug: VersionInfo (611ea): 'InternalName'='ISRT' - VI:49006e007400650072006e0061006c004e0061006d0065000000490053005200540000000000 >LibClamAV debug: VersionInfo (61216): 'OriginalFilename'='ISRT.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049005300520054002e0064006c006c0000000000 >LibClamAV debug: VersionInfo (61252): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 >LibClamAV debug: VersionInfo (612ce): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 >LibClamAV debug: VersionInfo (61312): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 280 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Mon Apr 4 01:03:31 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x4c000 >LibClamAV debug: SizeOfInitializedData: 0x1d000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x3c7b4 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x6a000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4b36e 0x4c000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x4c000 0x4c000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xd08d 0xe000 >LibClamAV debug: VirtualAddress: 0x4d000 0x4d000 >LibClamAV debug: SizeOfRawData: 0xe000 0xe000 >LibClamAV debug: PointerToRawData: 0x4d000 0x4d000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x7828 0x8000 >LibClamAV debug: VirtualAddress: 0x5b000 0x5b000 >LibClamAV debug: SizeOfRawData: 0x6000 0x6000 >LibClamAV debug: PointerToRawData: 0x5b000 0x5b000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x380 0x1000 >LibClamAV debug: VirtualAddress: 0x63000 0x63000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x61000 0x61000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5d74 0x6000 >LibClamAV debug: VirtualAddress: 0x64000 0x64000 >LibClamAV debug: SizeOfRawData: 0x6000 0x6000 >LibClamAV debug: PointerToRawData: 0x62000 0x62000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x3c7b4 (247732) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 9a7790ae29bbadfa35650751ecceb0e7 (level 0) >LibClamAV debug: is_parse_hdr: file \default.pal (size: 1168 csize: 466 md5:0abafe3f69d053494405061de2629c82 offset:376b0 (data1.cab) 13:20 14:b4733283 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp/clamav-78cd325abf63efe3adbc5447d33a6cf6.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized RIFF file >LibClamAV debug: cache_check: 0abafe3f69d053494405061de2629c82 is negative >LibClamAV debug: in cli_check_riff_exploit() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 0abafe3f69d053494405061de2629c82 (level 0) >LibClamAV debug: is_parse_hdr: file \_IsRes.dll (size: 548963 csize: 117928 md5:d28b31e1e3d9972cce01e4deb0288b31 offset:37882 (data1.cab) 13:20 14:6403284 15:1) >LibClamAV debug: is_extract_cab: extracted to /tmp/clamav-9dc457e0323bf4a64c76e40846c96b77.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: d28b31e1e3d9972cce01e4deb0288b31 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 37048 >LibClamAV debug: cli_peheader: parsing version info @ rva 37048 (1/1) >LibClamAV debug: VersionInfo (6c1ee): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 >LibClamAV debug: VersionInfo (6c23e): 'FileDescription'='InstallShield (R) Dialog Resources' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c006400200028005200290020004400690061006c006f00670020005200650073006f007500720063006500730000000000 >LibClamAV debug: VersionInfo (6c2ae): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 >LibClamAV debug: VersionInfo (6c2e6): 'InternalName'='_IsRes2k' - VI:49006e007400650072006e0061006c004e0061006d00650000005f004900730052006500730032006b0000000000 >LibClamAV debug: VersionInfo (6c31a): 'OriginalFilename'='_IsRes.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d00650000005f00490073005200650073002e0064006c006c0000000000 >LibClamAV debug: VersionInfo (6c35a): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 >LibClamAV debug: VersionInfo (6c3d6): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 >LibClamAV debug: VersionInfo (6c41a): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 >LibClamAV debug: e_lfanew == 216 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 6 >LibClamAV debug: TimeDateStamp: Mon Apr 4 02:49:58 2005 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x2a000 >LibClamAV debug: SizeOfInitializedData: 0x5d000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x1180 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x88000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x29dc0 0x2a000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x2a000 0x2a000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1f01 0x2000 >LibClamAV debug: VirtualAddress: 0x2b000 0x2b000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x2b000 0x2b000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x6614 0x7000 >LibClamAV debug: VirtualAddress: 0x2d000 0x2d000 >LibClamAV debug: SizeOfRawData: 0x5000 0x5000 >LibClamAV debug: PointerToRawData: 0x2d000 0x2d000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .idata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xa11 0x1000 >LibClamAV debug: VirtualAddress: 0x34000 0x34000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x32000 0x32000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x50de3 0x51000 >LibClamAV debug: VirtualAddress: 0x35000 0x35000 >LibClamAV debug: SizeOfRawData: 0x51000 0x51000 >LibClamAV debug: PointerToRawData: 0x33000 0x33000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 5 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1b62 0x2000 >LibClamAV debug: VirtualAddress: 0x86000 0x86000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x84000 0x84000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x1180 (4480) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: d28b31e1e3d9972cce01e4deb0288b31 (level 0) >LibClamAV debug: is_parse_hdr: skipped external file:\layout.bin (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) >LibClamAV debug: is_parse_hdr: skipped external file:\data1.hdr (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) >LibClamAV debug: is_parse_hdr: skipped external file:\data1.cab (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) >LibClamAV debug: is_parse_hdr: skipped external file:\setup.exe (size: 121064 csize: 121064 md5:bef1e6a9b97045ec3f2b9cf34acb6810) >LibClamAV debug: is_parse_hdr: skipped external file:\setup.inx (size: 210370 csize: 210370 md5:6045272582fa1efe9ea7ff1e888facd6) >LibClamAV debug: is_parse_hdr: skipped external file:\setup.ini (size: 452 csize: 452 md5:677bb0dbd503488e051b8ce98518270c) >LibClamAV debug: is_parse_hdr: file \clam.exe (size: 544 csize: 258 md5:aa15bcf478d165efd2065190eb473bcb offset:200 (data2.cab) 13:20 14:75023af3 15:2) >LibClamAV debug: is_extract_cab: extracted to /tmp/clamav-8686c36659ee25c3f2b03f12015868fc.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 37b9b0f97ea3bd6269e1d0be65185da2 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 0, rva: 99e18 >LibClamAV debug: cli_peheader: parsing version info @ rva 99e18 (1/1) >LibClamAV debug: VersionInfo (deda2): 'CompanyName'='company ' - VI:43006f006d00700061006e0079004e0061006d0065000000000063006f006d00700061006e0079002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: VersionInfo (dee3e): 'FileDescription'='Setup Launcher Unicode ' - VI:460069006c0065004400650073006300720069007000740069006f006e00000000005300650074007500700020004c00610075006e006300680065007200200055006e00690063006f0064006500200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 >LibClamAV debug: VersionInfo (deee6): 'FileVersion'='1.00.0000 ' - VI:460069006c006500560065007200730069006f006e000000000031002e00300030002e00300030003000300020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 >LibClamAV debug: VersionInfo (def6a): 'InternalName'='Setup ' - VI:49006e007400650072006e0061006c004e0061006d00650000005300650074007500700020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: VersionInfo (defe6): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. ' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: VersionInfo (df112): 'OriginalFilename'='Setup.exe ' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e0065007800650020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: VersionInfo (df19e): 'ProductName'='clam ' - VI:500072006f0064007500630074004e0061006d0065000000000063006c0061006d0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: VersionInfo (df22a): 'ProductVersion'='1.00.0000 ' - VI:500072006f006400750063007400560065007200730069006f006e00000031002e00300030002e0030003000300030002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 >LibClamAV debug: VersionInfo (df2aa): 'Internal Build Number'='90563 ' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d00620065007200000000003900300035003600330020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ISHIELD-MSI >LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: ISHIELD-MSI signature found at 915561 >LibClamAV debug: in ishield-msi >LibClamAV debug: ishield-msi: File clam.exe409.bmp (csize: 106, unk1:6 unk2:0 unk3:0 unk4:1 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) >LibClamAV debug: ishield-msi: extracted to /tmp/clamav-43690bb4ac2e7fdeb8b5c6997bbf4abc.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 2f60b47aa5ff8931c786fbe0eafc657e is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 0, rva: 99e18 >LibClamAV debug: cli_peheader: parsing version info @ rva 99e18 (1/1) >LibClamAV debug: VersionInfo (deda2): 'CompanyName'='company ' - VI:43006f006d00700061006e0079004e0061006d0065000000000063006f006d00700061006e0079002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: VersionInfo (dee3e): 'FileDescription'='Setup Launcher Unicode ' - VI:460069006c0065004400650073006300720069007000740069006f006e00000000005300650074007500700020004c00610075006e006300680065007200200055006e00690063006f0064006500200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 >LibClamAV debug: VersionInfo (deee6): 'FileVersion'='1.00.0000 ' - VI:460069006c006500560065007200730069006f006e000000000031002e00300030002e00300030003000300020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 >LibClamAV debug: VersionInfo (def6a): 'InternalName'='Setup ' - VI:49006e007400650072006e0061006c004e0061006d00650000005300650074007500700020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: VersionInfo (defe6): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. ' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: VersionInfo (df112): 'OriginalFilename'='Setup.exe ' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e0065007800650020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: VersionInfo (df19e): 'ProductName'='clam ' - VI:500072006f0064007500630074004e0061006d0065000000000063006c0061006d0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: VersionInfo (df22a): 'ProductVersion'='1.00.0000 ' - VI:500072006f006400750063007400560065007200730069006f006e00000031002e00300030002e0030003000300030002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 >LibClamAV debug: VersionInfo (df2aa): 'Internal Build Number'='90563 ' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d00620065007200000000003900300035003600330020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type ISHIELD-MSI >LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: ISHIELD-MSI signature found at 915561 >LibClamAV debug: in ishield-msi >LibClamAV debug: ishield-msi: File 0x0409.ini (csize: 1153, unk1:6 unk2:0 unk3:0 unk4:1 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) >LibClamAV debug: ishield-msi: extracted to /tmp/clamav-8d14964e213b125b7746212932f96a64.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized UTF-16LE character data >LibClamAV debug: entconv: Encoding UTF-16LE >LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 >LibClamAV debug: cache_check: 36affbd6ff77d1515cfc1c5e998fbaf9 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 36affbd6ff77d1515cfc1c5e998fbaf9 (level 0) >LibClamAV debug: ishield-msi: File EvalMarker.dat (csize: 8, unk1:6 unk2:0 unk3:0 unk4:1 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) >LibClamAV debug: ishield-msi: extracted to /tmp/clamav-761cdf4cde5c8485b0c164389af96acb.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Small data (0 bytes) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3602 (no post, no cache) >LibClamAV debug: ishield-msi: File clam.msi (csize: 3fdbd, unk1:6 unk2:0 unk3:0 unk4:1 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) >LibClamAV debug: ishield-msi: extracted to /tmp/clamav-f030812df3d9a7b403a0f329b7ee54d6.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized OLE2 container file >LibClamAV debug: cache_check: efa529f28de651b561dc36646733e7e6 is negative >LibClamAV debug: in cli_scanole2() >LibClamAV debug: in cli_ole2_extract() >LibClamAV debug: >LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 >LibClamAV debug: CLSID: {0000-00-00-00-000000} >LibClamAV debug: Minor version: 0x3e >LibClamAV debug: DLL version: 0x3 >LibClamAV debug: Byte Order: -2 >LibClamAV debug: Big Block Size: 9 >LibClamAV debug: Small Block Size: 6 >LibClamAV debug: BAT count: 11 >LibClamAV debug: Prop start: 1 >LibClamAV debug: SBAT cutoff: 4096 >LibClamAV debug: SBat start: 56 >LibClamAV debug: SBat block count: 4 >LibClamAV debug: XBat start: -2 >LibClamAV debug: XBat block count: 0 >LibClamAV debug: >LibClamAV debug: Max block number: 10280 >LibClamAV debug: OLE2: no VBA projects found >LibClamAV debug: OLE2: binary.newbinary4 [file] b size:0x00000cbe flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_4_' to '/tmp/clamav-cb6f2c9349d0f1607478e9f2fb27dad7.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 5371475e745a1d5d8241f8d35d63b920 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 5371475e745a1d5d8241f8d35d63b920 (level 0) >LibClamAV debug: OLE2: 01adminexecutesequence [file] b size:0x00000036 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_bekaa_0_ldbaa_;&7_cemaa_4h&' to '/tmp/clamav-618fdfb14c7e4723badc6ef20bcdd346.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: c02ab4558c885456a8dc0895f8218e78 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: c02ab4558c885456a8dc0895f8218e78 (level 0) >LibClamAV debug: OLE2: icon.arpproducticon.exe [file] b size:0x0000d000 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_becaa_r_kdoaa_[_odjaa_x_ldoaa__mdnaa__odmaa__hehaa__geiaa_(' to '/tmp/clamav-824092c0b524970fa63a8715bd097199.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 4667578a6b885927dac70c85a3e87e4f is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 9200 >LibClamAV debug: cli_peheader: parsing version info @ rva 9200 (1/1) >LibClamAV debug: VersionInfo (ba4a): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e000000 >LibClamAV debug: VersionInfo (ba96): 'FileDescription'='InstallShield' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c0064000000 >LibClamAV debug: VersionInfo (bada): 'FileVersion'='16.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0033003200380000000000 >LibClamAV debug: VersionInfo (bb0e): 'InternalName'='_IsIcoRes.exe' - VI:49006e007400650072006e0061006c004e0061006d00650000005f0049007300490063006f005200650073002e006500780065000000 >LibClamAV debug: VersionInfo (bb4a): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e000000 >LibClamAV debug: VersionInfo (bc26): 'OriginalFilename'='_IsIcoRes.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d00650000005f0049007300490063006f005200650073002e006500780065000000 >LibClamAV debug: VersionInfo (bc6a): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c0064000000 >LibClamAV debug: VersionInfo (bca6): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00300000000000 >LibClamAV debug: VersionInfo (bcd6): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500360033000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 >LibClamAV debug: e_lfanew == 216 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Wed Jun 10 16:04:05 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x4000 >LibClamAV debug: SizeOfInitializedData: 0x8000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x1005 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0xd000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x35ae 0x4000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x7a0 0x1000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x5000 0x5000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x29dc 0x3000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x3000 0x3000 >LibClamAV debug: PointerToRawData: 0x6000 0x6000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x30e4 0x4000 >LibClamAV debug: VirtualAddress: 0x9000 0x9000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x9000 0x9000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x1005 (4101) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 4667578a6b885927dac70c85a3e87e4f (level 0) >LibClamAV debug: OLE2: 01installexecutesequence [file] b size:0x000001bc flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@r_fegaa__deeaa__ldpaa_;&7_cemaa_4h&' to '/tmp/clamav-2625f6363d0dfdf3cb1ba7e60f7038d7.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 4cb36190d6680b2807bc94a6991dc7db is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 4cb36190d6680b2807bc94a6991dc7db (level 0) >LibClamAV debug: OLE2: _5_summaryinformation [file] r size:0x00000224 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_5_summaryinformation' to '/tmp/clamav-2dae97447f5b095e720a44461df6c889.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: entconv: Encoding UCS-4 >LibClamAV debug: entconv: iconv not found in cache, for encoding:UCS-4 >LibClamAV debug: entconv: iconv_open(),for:UCS-4 -> 0x41e699d0 >LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 >LibClamAV debug: cache_check: 4b51cc967957f26c2cef15a8c2cbc696 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 4b51cc967957f26c2cef15a8c2cbc696 (level 0) >LibClamAV debug: OLE2: 01advtexecutesequence [file] b size:0x00000060 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_bekaa__fejaa__geoaa__beiaa__feiaa_((8_bebaa_(' to '/tmp/clamav-5861d620c234ae84c98c335ad7d85e4d.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 30c1f86169b14c6f430776885316df3d is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 30c1f86169b14c6f430776885316df3d (level 0) >LibClamAV debug: OLE2: 01adminuisequence [file] b size:0x0000003c flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_bekaa_0_pdbaa__pdcaa_(8_bebaa_(' to '/tmp/clamav-dd187e067b5688302d5b1de88deb8f1f.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 14f6fec489f4d9db89817bc02bb3d3de is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 14f6fec489f4d9db89817bc02bb3d3de (level 0) >LibClamAV debug: OLE2: 01installuisequence [file] b size:0x0000009c flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@r_fegaa__deeaa__pdpaa__pdcaa_(8_bebaa_(' to '/tmp/clamav-dd7f9b2927914e3600c64023ff85282a.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 816b801e90a5e45ec40b4a6d4ffc556e is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 816b801e90a5e45ec40b4a6d4ffc556e (level 0) >LibClamAV debug: OLE2: 01issetuptypefeatures [file] b size:0x0000000c flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_pdcaa__cemaa_7s_eemaa__ldiaa_(756' to '/tmp/clamav-06f88c6c722bd14a81c3f81ef20a5e76.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 2b9d03825b6b40206c0993861a2a5284 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 2b9d03825b6b40206c0993861a2a5284 (level 0) >LibClamAV debug: OLE2: 01iscomponentextended [file] r size:0x0000001e flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_pdcaa__eemaa__eeaaa_rh_ldhaa__felaa_h''' to '/tmp/clamav-9478581b0e8ceca361e92c8d2a076e82.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 0a338583cc13b37789ac0a051e84bc47 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 0a338583cc13b37789ac0a051e84bc47 (level 0) >LibClamAV debug: OLE2: binary.setallusers.dll [file] r size:0x0001e540 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15>_feiaa__dekaa__pdpaa_6_fefaa__beoaa__depaa_' to '/tmp/clamav-dddbbc7c8c92706748b7451859594322.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 1b05788b22e09f5f4282f06a1686ba1f is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 1a048 >LibClamAV debug: cli_peheader: parsing version info @ rva 1a048 (1/1) >LibClamAV debug: VersionInfo (18116): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e000000 >LibClamAV debug: VersionInfo (18162): 'FileDescription'='SetAllUsers' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000053006500740041006c006c00550073006500720073000000 >LibClamAV debug: VersionInfo (181a2): 'FileVersion'='16.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0033003200380000000000 >LibClamAV debug: VersionInfo (181d6): 'InternalName'='SetAllUsers' - VI:49006e007400650072006e0061006c004e0061006d006500000053006500740041006c006c00550073006500720073000000 >LibClamAV debug: VersionInfo (1820e): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e000000 >LibClamAV debug: VersionInfo (182ea): 'OriginalFilename'='SetAllUsers.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000053006500740041006c006c00550073006500720073002e0064006c006c000000 >LibClamAV debug: VersionInfo (18332): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c0064000000 >LibClamAV debug: VersionInfo (1836e): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00300000000000 >LibClamAV debug: VersionInfo (1839e): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500360033000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 >LibClamAV debug: e_lfanew == 264 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Wed Jun 10 14:15:27 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10000 >LibClamAV debug: SizeOfInitializedData: 0xe000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x7735 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xfa52 0x10000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10000 0x10000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2038 0x3000 >LibClamAV debug: VirtualAddress: 0x11000 0x11000 >LibClamAV debug: SizeOfRawData: 0x3000 0x3000 >LibClamAV debug: PointerToRawData: 0x11000 0x11000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5848 0x6000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x14000 0x14000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x420 0x1000 >LibClamAV debug: VirtualAddress: 0x1a000 0x1a000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x18000 0x18000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x3e14 0x4000 >LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x19000 0x19000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x7735 (30517) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 1b05788b22e09f5f4282f06a1686ba1f (level 0) >LibClamAV debug: OLE2: binary.isselfreg.dll [file] r size:0x00029538 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_mdoaa__pdmaa_n_odpaa__mdoaa_~u' to '/tmp/clamav-a4f2efc5ee5a8e818933ced52fd5d9f8.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: b9be841281819a5af07e3611913a55f5 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 24048 >LibClamAV debug: cli_peheader: parsing version info @ rva 24048 (1/1) >LibClamAV debug: VersionInfo (220fe): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e000000 >LibClamAV debug: VersionInfo (2214a): 'FileDescription'='ISRegSvr.dll Module' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000490053005200650067005300760072002e0064006c006c0020004d006f00640075006c0065000000 >LibClamAV debug: VersionInfo (2219a): 'FileVersion'='16.0.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0030002e0033003200380000000000 >LibClamAV debug: VersionInfo (221d2): 'InternalName'='ISRegSvr.dll' - VI:49006e007400650072006e0061006c004e0061006d0065000000490053005200650067005300760072002e0064006c006c0000000000 >LibClamAV debug: VersionInfo (2220e): 'OriginalFilename'='ISRegSvr.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000490053005200650067005300760072002e0064006c006c0000000000 >LibClamAV debug: VersionInfo (22252): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e000000 >LibClamAV debug: VersionInfo (2232e): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c0064000000 >LibClamAV debug: VersionInfo (2236a): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00300000000000 >LibClamAV debug: VersionInfo (2239a): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500360033000000 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 >LibClamAV debug: e_lfanew == 264 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Wed Jun 10 14:15:13 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x1a000 >LibClamAV debug: SizeOfInitializedData: 0xf000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x11b2d >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x2a000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x19cd6 0x1a000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x1a000 0x1a000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x29d4 0x3000 >LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 >LibClamAV debug: SizeOfRawData: 0x3000 0x3000 >LibClamAV debug: PointerToRawData: 0x1b000 0x1b000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5848 0x6000 >LibClamAV debug: VirtualAddress: 0x1e000 0x1e000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x1e000 0x1e000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x418 0x1000 >LibClamAV debug: VirtualAddress: 0x24000 0x24000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x22000 0x22000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4178 0x5000 >LibClamAV debug: VirtualAddress: 0x25000 0x25000 >LibClamAV debug: SizeOfRawData: 0x5000 0x5000 >LibClamAV debug: PointerToRawData: 0x23000 0x23000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x11b2d (72493) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: b9be841281819a5af07e3611913a55f5 (level 0) >LibClamAV debug: OLE2: 01featurecomponents [file] b size:0x0000000c flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_cepaa__feeaa_x(2_eedaa_1_febaa_6' to '/tmp/clamav-e5fb3c4e3ab572b7459b379176262b4f.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 40851857aabf17a3d1726e11ac6a1f53 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 40851857aabf17a3d1726e11ac6a1f53 (level 0) >LibClamAV debug: OLE2: binary.isexphlp.dll [file] b size:0x00019538 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_mdoaa__ldmaa__eelaa__debaa__hedaa__dehaa_/' to '/tmp/clamav-2b98c5e1a0aa18bca73c17b3abf0fddc.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 067bdf5e3c696b2cf069f1e1fc536cb0 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 224 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Wed Jun 10 14:09:26 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0xf000 >LibClamAV debug: SizeOfInitializedData: 0x9000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x7195 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x19000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xed8e 0xf000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0xf000 0xf000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1940 0x2000 >LibClamAV debug: VirtualAddress: 0x10000 0x10000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x10000 0x10000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4ac8 0x5000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x12000 0x12000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x176c 0x2000 >LibClamAV debug: VirtualAddress: 0x17000 0x17000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x16000 0x16000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x7195 (29077) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 067bdf5e3c696b2cf069f1e1fc536cb0 (level 0) >LibClamAV debug: OLE2: 01controlcondition [file] r size:0x000002f0 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_eemaa__febaa__eefaa_/r'7r' to '/tmp/clamav-66ba8bcef2877b7bdc023eb6eb70d0ee.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 631c091fbd1542633b3b80f0f480bd41 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 631c091fbd1542633b3b80f0f480bd41 (level 0) >LibClamAV debug: OLE2: binary.newbinary6 [file] b size:0x000011b6 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_6_' to '/tmp/clamav-3c182e7b270e75d51d94125096a83783.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 7ae6211cf33f3b24bcb3dfe2335ae665 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 7ae6211cf33f3b24bcb3dfe2335ae665 (level 0) >LibClamAV debug: OLE2: binary.newbinary8 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_8_' to '/tmp/clamav-74cadd3c6e83ff44e587634c18d66e09.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: fc70c1cdfdde03de2fe0df7d2e765232 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: fc70c1cdfdde03de2fe0df7d2e765232 (level 0) >LibClamAV debug: OLE2: binary.newbinary9 [file] r size:0x00002796 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_9_' to '/tmp/clamav-c7a0a97ab6befe189c23653a374851c5.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 6e42cf0d47af25dea4cecdbe093d521c is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 6e42cf0d47af25dea4cecdbe093d521c (level 0) >LibClamAV debug: OLE2: binary.newbinary7 [file] r size:0x000002fe flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_7_' to '/tmp/clamav-c3cd557a5e90a74beb1722d1173cef71.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 6d13676263dc9721edebaafc689d8041 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 6d13676263dc9721edebaafc689d8041 (level 0) >LibClamAV debug: OLE2: binary.newbinary5 [file] b size:0x00003c08 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_5_' to '/tmp/clamav-caaf3f31e4d004385cc9c22e5133d0cf.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized JPEG file >LibClamAV debug: cache_check: a0c5d37ce39f8af4aeb99955f7c1403b is negative >LibClamAV debug: in cli_check_jpeg_exploit() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: a0c5d37ce39f8af4aeb99955f7c1403b (level 0) >LibClamAV debug: OLE2: binary.newbinary14 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_1_' to '/tmp/clamav-3ab5e24ee163787534a9e16190fc22ee.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 836970e8db25825325451f01f48383f9 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 836970e8db25825325451f01f48383f9 (level 0) >LibClamAV debug: OLE2: binary.newbinary18 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_1_' to '/tmp/clamav-612863252c2eb4f57d35729ef51a0fe5.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 33190636e8e16cc2aeb9d16a9edf7d81 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 33190636e8e16cc2aeb9d16a9edf7d81 (level 0) >LibClamAV debug: OLE2: binary.newbinary2 [file] b size:0x0000013e flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_2_' to '/tmp/clamav-dfa35e4e53baf7f013f500a57a77afd7.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: c23cbf002d82192481b61ed7ec0890f4 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: c23cbf002d82192481b61ed7ec0890f4 (level 0) >LibClamAV debug: OLE2: binary.newbinary3 [file] b size:0x0000013e flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_3_' to '/tmp/clamav-0df37da925ac10e3871b34b5047bab4e.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 83730ac00391fb0f02f56fe2e4207a10 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 83730ac00391fb0f02f56fe2e4207a10 (level 0) >LibClamAV debug: OLE2: binary.newbinary1 [file] b size:0x00000d0c flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_1_' to '/tmp/clamav-64bee21889c172df1a25dd1e0c5b1b6d.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized JPEG file >LibClamAV debug: cache_check: aa262223edcb4133972080119eca45ea is negative >LibClamAV debug: in cli_check_jpeg_exploit() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: aa262223edcb4133972080119eca45ea (level 0) >LibClamAV debug: OLE2: binary.newbinary16 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_jdbaa_' to '/tmp/clamav-5cee4167e4b25896f27ab126816ce689.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 9b140369b669be06a15d6c7ce099c48d is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 9b140369b669be06a15d6c7ce099c48d (level 0) >LibClamAV debug: OLE2: binary.newbinary17 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_jdbaa_' to '/tmp/clamav-e3a4e67f28f436981f55459887cda0ea.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: a74f8a3a31718b091713ace0eeb60de6 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: a74f8a3a31718b091713ace0eeb60de6 (level 0) >LibClamAV debug: OLE2: binary.newbinary15 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15a' to '/tmp/clamav-957e964b28a5d7c81332f8583ce11d7b.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 17dcb1a90bb1aa39c6d4b168119145b5 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 17dcb1a90bb1aa39c6d4b168119145b5 (level 0) >LibClamAV debug: OLE2: binary.newbinary10 [file] b size:0x000011b6 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_1_' to '/tmp/clamav-62212f3eb19e76121df0580e63c36ac3.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 7f2548dc667d9a15410e22ed3a0fd099 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 7f2548dc667d9a15410e22ed3a0fd099 (level 0) >LibClamAV debug: OLE2: binary.newbinary12 [file] b size:0x00000cbe flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_idbaa_' to '/tmp/clamav-c575405f186b921a2087ce2d1bf16619.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 6eb0cce1ca5d515df02f3770eac436b4 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 6eb0cce1ca5d515df02f3770eac436b4 (level 0) >LibClamAV debug: OLE2: binary.newbinary13 [file] b size:0x000002fe flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_idbaa_' to '/tmp/clamav-b21c767f8bff7a58ec3982e3f5c04557.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 6052220b412200fcfe2c8e77cce7c42a is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 6052220b412200fcfe2c8e77cce7c42a (level 0) >LibClamAV debug: OLE2: binary.newbinary11 [file] b size:0x000011b6 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15a' to '/tmp/clamav-c81d300403ab0703538a9a1977194376.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 7ae6211cf33f3b24bcb3dfe2335ae665 is positive >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3042 (no post, no cache) >LibClamAV debug: OLE2: 01controlevent [file] r size:0x00000798 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_eemaa__febaa__eefaa__ldpaa_9_febaa_' to '/tmp/clamav-cf4932b574cefd0e793ed912e44cfad1.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: adac420ec72c05e7dfb06f38cf1933b6 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: adac420ec72c05e7dfb06f38cf1933b6 (level 0) >LibClamAV debug: OLE2: 01createfolder [file] b size:0x00000008 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@l(7_eepaa__bepaa_h' to '/tmp/clamav-0f0fc4621a6b1115002fc5d4e8c342de.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: ac433835c2d3b0c38eabd00560093d75 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: ac433835c2d3b0c38eabd00560093d75 (level 0) >LibClamAV debug: OLE2: 01customaction [file] b size:0x00000060 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_gemaa__fegaa_2_bekaa_7r' to '/tmp/clamav-9ebcbfdf78c9b16e70842d7d89edd370.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 4cdd6cde882952408d1ef3f88edfeaa3 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 4cdd6cde882952408d1ef3f88edfeaa3 (level 0) >LibClamAV debug: OLE2: 01eventmapping [file] r size:0x00000078 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@nh_ndhaa__eeeaa_3_cebaa_' to '/tmp/clamav-45f8e30b65bba2e88c7ddc5668b21d83.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 400e1608b2521f32077a2409026e599b is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 400e1608b2521f32077a2409026e599b (level 0) >LibClamAV debug: OLE2: 01msifilehash [file] r size:0x00000014 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_fegaa__ldmaa__demaa_h_feeaa_+' to '/tmp/clamav-9fd6134f1387a386c2b632cc14a333aa.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 85526b2efc358624dc2b5484b49ec495 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 85526b2efc358624dc2b5484b49ec495 (level 0) >LibClamAV debug: OLE2: 01_validation [file] b size:0x000012d8 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_pdpaa__deeaa__bemaa__feeaa__eemaa_1' to '/tmp/clamav-1d172d7e742fabc6b78cc377caadb578.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: dd00094e2735911ac4edfe57b574bdf8 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: dd00094e2735911ac4edfe57b574bdf8 (level 0) >LibClamAV debug: OLE2: 01radiobutton [file] b size:0x000000d8 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_belaa_'_kdcaa__feiaa__eehaa_1' to '/tmp/clamav-513a7d4d2573384cf99647050d4ac1c0.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 02b76e2ad49a575e7adb59fc0cf9e629 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 02b76e2ad49a575e7adb59fc0cf9e629 (level 0) >LibClamAV debug: OLE2: 01component [file] r size:0x00000024 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_eemaa__eeaaa_rh7' to '/tmp/clamav-626ef0120124292d40ad73571df7174f.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 4288708281468e9daee219a08ebb7716 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 4288708281468e9daee219a08ebb7716 (level 0) >LibClamAV debug: OLE2: 01_stringdata [file] b size:0x00016eed flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@?wlj_feeaa_$' to '/tmp/clamav-ca5b92819abe36c8e521e853230f6efc.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized ASCII text >LibClamAV debug: cache_check: 326928e2791390490f331ecf8bd610f1 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 326928e2791390490f331ecf8bd610f1 (level 0) >LibClamAV debug: OLE2: 01_stringpool [file] r size:0x00002c1c flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@?wlj_eecaa_/' to '/tmp/clamav-4470e6e11d4b8c3a5020bddc610f907d.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 01d545252f6faa983f19008530e7a862 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 01d545252f6faa983f19008530e7a862 (level 0) >LibClamAV debug: OLE2: 01issetuptype [file] r size:0x00000018 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_pdcaa__cemaa_7s_eemaa_(' to '/tmp/clamav-aabb45caf7d6b9c3c413102e00b0c36b.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 047a05b3ce47763a239dd0a5e9742f9a is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 047a05b3ce47763a239dd0a5e9742f9a (level 0) >LibClamAV debug: OLE2: 01upgrade [file] b size:0x00000010 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_eeoaa_j_beeaa_(' to '/tmp/clamav-c01e9bc1a9e917f4a07307aed6bdeabc.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 7ff2b0570dc7468f539f2c7e514ebc91 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 7ff2b0570dc7468f539f2c7e514ebc91 (level 0) >LibClamAV debug: OLE2: 01textstyle [file] b size:0x00000120 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_cenaa__felaa__femaa__demaa_(' to '/tmp/clamav-c54ffddef9bcde26f678da90ca34cb7d.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: fa6afc971904f8d2e449c17014c0a8ad is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: fa6afc971904f8d2e449c17014c0a8ad (level 0) >LibClamAV debug: OLE2: 01directory [file] r size:0x00000042 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_denaa_5_fegaa_r<' to '/tmp/clamav-c9c51332c663044782d38499b8b401bf.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 602fad121f27bc6f08468195956651b1 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 602fad121f27bc6f08468195956651b1 (level 0) >LibClamAV debug: OLE2: 01actiontext [file] b size:0x000001a4 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_bekaa_7r_cenaa__felaa_' to '/tmp/clamav-b86e14522144deff245634b0380e8e78.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: fbb9e1da03525140eca2290883374101 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: fbb9e1da03525140eca2290883374101 (level 0) >LibClamAV debug: OLE2: 01property [file] r size:0x00000140 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@y_eecaa_h7' to '/tmp/clamav-e92aa276bfc877a3adf4c2ee892f33c7.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 7eedccf84814ab89c9be1971916b2340 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 7eedccf84814ab89c9be1971916b2340 (level 0) >LibClamAV debug: OLE2: 01checkbox [file] b size:0x0000000c flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_cemaa__beiaa__kdoaa__gecaa_' to '/tmp/clamav-f216c3f38c668c571e29ede1b4e43c5e.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 89b7b3da5974ee1a40e9b8fea7f59ae7 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 89b7b3da5974ee1a40e9b8fea7f59ae7 (level 0) >LibClamAV debug: OLE2: 01control [file] r size:0x0000293c flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_eemaa__febaa__eefaa_/' to '/tmp/clamav-604fbd89e3a43ad92e9c2e6d18957dfc.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: aa247c4e9b047130ca0aa178972ba508 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: aa247c4e9b047130ca0aa178972ba508 (level 0) >LibClamAV debug: OLE2: 01file [file] b size:0x00000012 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_depaa_/' to '/tmp/clamav-e7c0087df3de62afa6899ca21a0ec106.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: d56f92bbf68e34293641e5e0f9bc2857 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: d56f92bbf68e34293641e5e0f9bc2857 (level 0) >LibClamAV debug: OLE2: 01binary [file] r size:0x00000054 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_delaa_15' to '/tmp/clamav-94bb134a6a02ea5ceb621d014fe8f867.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 1d58b97dfce3ba06a0e4a00f982cf2ef is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 1d58b97dfce3ba06a0e4a00f982cf2ef (level 0) >LibClamAV debug: OLE2: 01feature [file] b size:0x00000010 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_cepaa__feeaa_x(' to '/tmp/clamav-952cf3bcee6dc15dc2b069f30fea531a.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 8aed2b47eaa29d720da73246e463d67a is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 8aed2b47eaa29d720da73246e463d67a (level 0) >LibClamAV debug: OLE2: 01error [file] r size:0x00000994 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@n_eefaa_5' to '/tmp/clamav-763bb878f53a7a4e969d55beb50cb599.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: d8edf31a1e45752e1654492056feaa2b is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: d8edf31a1e45752e1654492056feaa2b (level 0) >LibClamAV debug: OLE2: 01_columns [file] b size:0x00000578 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@?_decaa_8_febaa_' to '/tmp/clamav-6f838ec5963181ec74b64e50dfec42b9.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 2bb78a0fec31babea8bb931d7e152026 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 2bb78a0fec31babea8bb931d7e152026 (level 0) >LibClamAV debug: OLE2: 01_tables [file] r size:0x0000004c flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_pdpaa_d/6' to '/tmp/clamav-9d38f5111937abc996fb53b9c4d1acc9.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 023736b780fd296af291267d4904603f is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 023736b780fd296af291267d4904603f (level 0) >LibClamAV debug: OLE2: data1.cab [file] r size:0x0000014f flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '_benaa_7_hebaa_&%' to '/tmp/clamav-2f23f99813ebdc9943ff2f8ec8545457.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized MS CAB file >LibClamAV debug: cache_check: 541061b126a8ff657e1f9f842a47a1f7 is negative >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 69 >LibClamAV debug: CAB: Folder compression method: 1 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: CAB: File record 0 >LibClamAV debug: CAB: File name: clam*exe >LibClamAV debug: CAB: File offset: 0 >LibClamAV debug: CAB: File folder index: 4294967295 >LibClamAV debug: CAB: File attribs: 0x20 >LibClamAV debug: CAB: * file modified since last backup >LibClamAV debug: CAB: Recorded files: 1 > >LibClamAV debug: Matched signature for file type CAB-SFX at 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 541061b126a8ff657e1f9f842a47a1f7 (level 0) >LibClamAV debug: OLE2: 01dialog [file] b size:0x000002aa flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_denaa__deeaa__cecaa_' to '/tmp/clamav-ef9e24ca0e351b99c472fbd872794a48.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized UTF-16BE character data >LibClamAV debug: cache_check: 84e7065400cff6f1ecc5e23c58e391c1 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 84e7065400cff6f1ecc5e23c58e391c1 (level 0) >LibClamAV debug: OLE2: 01uitext [file] b size:0x000000c8 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_mdoaa__cenaa__felaa_' to '/tmp/clamav-4bbb451070b5b665ad0c4f0c197cfbed.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: bcf49141bfb52d8e23ad1b18a2ea2757 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: bcf49141bfb52d8e23ad1b18a2ea2757 (level 0) >LibClamAV debug: OLE2: 01media [file] r size:0x0000000c flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_cegaa_'$' to '/tmp/clamav-2bc6f878bab726d637201831867a7157.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: a97b27682d18005b39804ee3b34dc910 is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: a97b27682d18005b39804ee3b34dc910 (level 0) >LibClamAV debug: OLE2: 01icon [file] b size:0x00000004 flags:0x00000000 >LibClamAV debug: OLE2 [handler_otf]: Dumping '@_becaa_r' to '/tmp/clamav-062b0532f5f8c4371fb33fbd1dd29faa.tmp' >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Small data (4 bytes) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 3602 (no post, no cache) >LibClamAV debug: Matched signature for file type CAB-SFX at 33216 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: CAB/CAB-SFX signature found at 33216 >LibClamAV debug: CAB: Folder record 0 >LibClamAV debug: CAB: Folder offset: 69 >LibClamAV debug: CAB: Folder compression method: 1 >LibClamAV debug: CAB: Recorded folders: 1 >LibClamAV debug: Unable to find null terminator for string read in buffer of len 256 >LibClamAV debug: WARNING; cab header file 1 of 1 has invalid filename >LibClamAV debug: WARNING; omitting file 0 of 1 from file list. >LibClamAV debug: CAB: Recorded files: 0 > >LibClamAV debug: No files found, even though header claimed to have 1 files >LibClamAV debug: cli_scanmscab() failed at 375 >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 83456 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 80602adb585dff22912d5ad9fdfc29b9 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: Not a PE file >LibClamAV debug: in cli_peheader >LibClamAV debug: Not a PE file >LibClamAV debug: in cli_peheader >LibClamAV debug: Not a PE file >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 114176 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 5/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 5dc409d548391b13331fa56bccb4111c is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 124928 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 7/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 1367b42fff4130b71fe4f28e0afb782f is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_peheader >LibClamAV debug: cli_peheader: Can't read file header >LibClamAV debug: in cli_peheader >LibClamAV debug: *** Detected embedded PE file at 104960 *** >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_magic_scandesc (reclevel: 9/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: 06ff30bbd34602b311b8ecf049115412 is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: e_lfanew == 264 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Wed Jun 10 14:15:13 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x1a000 >LibClamAV debug: SizeOfInitializedData: 0xf000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x11b2d >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x2a000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x19cd6 0x1a000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x1a000 0x1a000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x29d4 0x3000 >LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 >LibClamAV debug: SizeOfRawData: 0x3000 0x3000 >LibClamAV debug: PointerToRawData: 0x1b000 0x1b000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5848 0x6000 >LibClamAV debug: VirtualAddress: 0x1e000 0x1e000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x1e000 0x1e000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x418 0x1000 >LibClamAV debug: VirtualAddress: 0x24000 0x24000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x22000 0x22000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4178 0x5000 >LibClamAV debug: VirtualAddress: 0x25000 0x25000 >LibClamAV debug: SizeOfRawData: 0x5000 0x5000 >LibClamAV debug: PointerToRawData: 0x23000 0x23000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x11b2d (72493) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 06ff30bbd34602b311b8ecf049115412 (level 0) >LibClamAV debug: e_lfanew == 224 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Wed Jun 10 14:09:26 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0xf000 >LibClamAV debug: SizeOfInitializedData: 0x9000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x7195 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x19000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xed8e 0xf000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0xf000 0xf000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x1940 0x2000 >LibClamAV debug: VirtualAddress: 0x10000 0x10000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x10000 0x10000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4ac8 0x5000 >LibClamAV debug: VirtualAddress: 0x12000 0x12000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x12000 0x12000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x176c 0x2000 >LibClamAV debug: VirtualAddress: 0x17000 0x17000 >LibClamAV debug: SizeOfRawData: 0x2000 0x2000 >LibClamAV debug: PointerToRawData: 0x16000 0x16000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x7195 (29077) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 1367b42fff4130b71fe4f28e0afb782f (level 0) >LibClamAV debug: e_lfanew == 264 >LibClamAV debug: File type: DLL >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 5 >LibClamAV debug: TimeDateStamp: Wed Jun 10 14:15:27 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x10000 >LibClamAV debug: SizeOfInitializedData: 0xe000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x7735 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0x1f000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xfa52 0x10000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x10000 0x10000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x2038 0x3000 >LibClamAV debug: VirtualAddress: 0x11000 0x11000 >LibClamAV debug: SizeOfRawData: 0x3000 0x3000 >LibClamAV debug: PointerToRawData: 0x11000 0x11000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x5848 0x6000 >LibClamAV debug: VirtualAddress: 0x14000 0x14000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x14000 0x14000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x420 0x1000 >LibClamAV debug: VirtualAddress: 0x1a000 0x1a000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x18000 0x18000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 4 >LibClamAV debug: Section name: .reloc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x3e14 0x4000 >LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x19000 0x19000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x7735 (30517) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 5dc409d548391b13331fa56bccb4111c (level 0) >LibClamAV debug: e_lfanew == 216 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Wed Jun 10 16:04:05 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x4000 >LibClamAV debug: SizeOfInitializedData: 0x8000 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x1005 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x1000 >LibClamAV debug: MajorSubsystemVersion: 4 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0xd000 >LibClamAV debug: SizeOfHeaders: 0x1000 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x35ae 0x4000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x1000 0x1000 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x7a0 0x1000 >LibClamAV debug: VirtualAddress: 0x5000 0x5000 >LibClamAV debug: SizeOfRawData: 0x1000 0x1000 >LibClamAV debug: PointerToRawData: 0x5000 0x5000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x29dc 0x3000 >LibClamAV debug: VirtualAddress: 0x6000 0x6000 >LibClamAV debug: SizeOfRawData: 0x3000 0x3000 >LibClamAV debug: PointerToRawData: 0x6000 0x6000 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x30e4 0x4000 >LibClamAV debug: VirtualAddress: 0x9000 0x9000 >LibClamAV debug: SizeOfRawData: 0x4000 0x4000 >LibClamAV debug: PointerToRawData: 0x9000 0x9000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x1005 (4101) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 80602adb585dff22912d5ad9fdfc29b9 (level 0) >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: efa529f28de651b561dc36646733e7e6 (level 0) >LibClamAV debug: ishield-msi: File Setup.ini (csize: 569, unk1:6 unk2:0 unk3:0 unk4:1 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) >LibClamAV debug: ishield-msi: extracted to /tmp/clamav-05b99c7e301cbd8b7ed0a20f62adfeb1.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized UTF-16LE character data >LibClamAV debug: entconv: Encoding UTF-16LE >LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 >LibClamAV debug: cache_check: e8cb5418158b5144511e6c10dd1ecdb7 is negative >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: in cli_scanscript() >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: e8cb5418158b5144511e6c10dd1ecdb7 (level 0) >LibClamAV debug: ISHIELD-MSI signature found at 572044 >LibClamAV debug: in ishield-msi >LibClamAV debug: e_lfanew == 264 >LibClamAV debug: File type: Executable >LibClamAV debug: Machine type: 80386 >LibClamAV debug: NumberOfSections: 4 >LibClamAV debug: TimeDateStamp: Wed Jun 10 16:03:20 2009 >LibClamAV debug: SizeOfOptionalHeader: e0 >LibClamAV debug: File format: PE >LibClamAV debug: MajorLinkerVersion: 6 >LibClamAV debug: MinorLinkerVersion: 0 >LibClamAV debug: SizeOfCode: 0x73c00 >LibClamAV debug: SizeOfInitializedData: 0x6b800 >LibClamAV debug: SizeOfUninitializedData: 0x0 >LibClamAV debug: AddressOfEntryPoint: 0x55fc3 >LibClamAV debug: BaseOfCode: 0x1000 >LibClamAV debug: SectionAlignment: 0x1000 >LibClamAV debug: FileAlignment: 0x200 >LibClamAV debug: MajorSubsystemVersion: 5 >LibClamAV debug: MinorSubsystemVersion: 0 >LibClamAV debug: SizeOfImage: 0xe7000 >LibClamAV debug: SizeOfHeaders: 0x400 >LibClamAV debug: NumberOfRvaAndSizes: 16 >LibClamAV debug: Subsystem: Win32 GUI >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 0 >LibClamAV debug: Section name: .text >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x73b30 0x74000 >LibClamAV debug: VirtualAddress: 0x1000 0x1000 >LibClamAV debug: SizeOfRawData: 0x73c00 0x73c00 >LibClamAV debug: PointerToRawData: 0x400 0x400 >LibClamAV debug: Section contains executable code >LibClamAV debug: Section's memory is executable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 1 >LibClamAV debug: Section name: .rdata >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x13374 0x14000 >LibClamAV debug: VirtualAddress: 0x75000 0x75000 >LibClamAV debug: SizeOfRawData: 0x13400 0x13400 >LibClamAV debug: PointerToRawData: 0x74000 0x74000 >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 2 >LibClamAV debug: Section name: .data >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0xfce8 0x10000 >LibClamAV debug: VirtualAddress: 0x89000 0x89000 >LibClamAV debug: SizeOfRawData: 0xa600 0xa600 >LibClamAV debug: PointerToRawData: 0x87400 0x87400 >LibClamAV debug: Section's memory is writeable >LibClamAV debug: ------------------------------------ >LibClamAV debug: Section 3 >LibClamAV debug: Section name: .rsrc >LibClamAV debug: Section data (from headers - in memory) >LibClamAV debug: VirtualSize: 0x4dcf0 0x4e000 >LibClamAV debug: VirtualAddress: 0x99000 0x99000 >LibClamAV debug: SizeOfRawData: 0x4de00 0x4de00 >LibClamAV debug: PointerToRawData: 0x91a00 0x91a00 >LibClamAV debug: ------------------------------------ >LibClamAV debug: EntryPoint offset: 0x553c3 (349123) >LibClamAV debug: Bytecode executing hook id 259 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: Bytecode executing hook id 257 (0 hooks) >LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 2f60b47aa5ff8931c786fbe0eafc657e (level 0) >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 0fcad0a2051bd0dfc8222694a41e2f86 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 8eaa9787edb074abdfaa93e15c33a8e2 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-12c0f2c7e050b177e7b8818b40e1c97c.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] >LibClamAV debug: cli_untar: Checksum 4760 is valid. >LibClamAV debug: cli_untar: size = 1539 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1539:clam01.tgz:1539:1539:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-12c0f2c7e050b177e7b8818b40e1c97c.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: cli_untar: pos = 2560 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 86b9faab66dfbb5494f02098de233337 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 1fd8b88265ce3f5f609112d1d7290360 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-51f032c0623a31a80fd71afe2da951cb.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] >LibClamAV debug: cli_untar: Checksum 4760 is valid. >LibClamAV debug: cli_untar: size = 1362 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1362:clam02.tgz:1362:1362:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-51f032c0623a31a80fd71afe2da951cb.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 3fd6edd55afc9ffd1b1b3a14037d318d is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 5/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 4686aa63b54275d9291460aeb43112fc is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-cad868bb2e76337a91a79f6c1ca705dc.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4761, [11231 in octal] >LibClamAV debug: cli_untar: Checksum 4761 is valid. >LibClamAV debug: cli_untar: size = 1184 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1184:clam03.tgz:1184:1184:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-cad868bb2e76337a91a79f6c1ca705dc.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: in cli_magic_scandesc (reclevel: 6/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: eefe348a7f2bbb93457c7542f2d25d40 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 7/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: c7035dd4361509ca567acf285f9cae7d is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-ae60583fa3e47b50d5babed504c26e03.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4762, [11232 in octal] >LibClamAV debug: cli_untar: Checksum 4762 is valid. >LibClamAV debug: cli_untar: size = 1028 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1028:clam04.tgz:1028:1028:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-ae60583fa3e47b50d5babed504c26e03.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: in cli_magic_scandesc (reclevel: 8/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: ae187a29a2985e38431a78c6af659c36 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 9/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: c465b8291b2cfe4dbc1c457feef5364a is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-a479f0043d2971a8d98be71a34ceffb0.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4763, [11233 in octal] >LibClamAV debug: cli_untar: Checksum 4763 is valid. >LibClamAV debug: cli_untar: size = 844 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:844:clam05.tgz:844:844:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-a479f0043d2971a8d98be71a34ceffb0.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 10/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: f81648d0166b550d74b5972632035215 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 11/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 97e0ec966bce0ed5368f7abd66a8a566 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-1d167350e1824cd897bb3011c8b9d781.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4771, [11243 in octal] >LibClamAV debug: cli_untar: Checksum 4771 is valid. >LibClamAV debug: cli_untar: size = 694 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:694:clam06.tgz:694:694:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-1d167350e1824cd897bb3011c8b9d781.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 12/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 229f703eda82655237de5742b71337e3 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 13/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 14ee5843e6c9e23c48e0a4c72f1b0055 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-1be095d9d24b3d69ce3851b23d6b3165.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4764, [11234 in octal] >LibClamAV debug: cli_untar: Checksum 4764 is valid. >LibClamAV debug: cli_untar: size = 550 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:550:clam07.tgz:550:550:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-1be095d9d24b3d69ce3851b23d6b3165.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 14/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: a9d25b35786e3a86e7d95e5b6af41544 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 15/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 9c2ea61e882349220e49b33a56b4ac08 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-e2bb3f8695426e9562a40332d2f562b8.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4773, [11245 in octal] >LibClamAV debug: cli_untar: Checksum 4773 is valid. >LibClamAV debug: cli_untar: size = 389 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:389:clam08.tgz:389:389:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-e2bb3f8695426e9562a40332d2f562b8.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: in cli_magic_scandesc (reclevel: 16/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 497c54d7262dc2c8b74fd3eb327099c5 is negative >LibClamAV debug: cli_magic_scandesc: Hit recursion limit, only scanning raw file >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: emax_reached: marked parents as non cacheable >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 9c2ea61e882349220e49b33a56b4ac08 (level 15) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: a9d25b35786e3a86e7d95e5b6af41544 (level 14) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 14ee5843e6c9e23c48e0a4c72f1b0055 (level 13) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 229f703eda82655237de5742b71337e3 (level 12) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 97e0ec966bce0ed5368f7abd66a8a566 (level 11) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: f81648d0166b550d74b5972632035215 (level 10) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: c465b8291b2cfe4dbc1c457feef5364a (level 9) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: ae187a29a2985e38431a78c6af659c36 (level 8) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: c7035dd4361509ca567acf285f9cae7d (level 7) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: eefe348a7f2bbb93457c7542f2d25d40 (level 6) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 4686aa63b54275d9291460aeb43112fc (level 5) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 3fd6edd55afc9ffd1b1b3a14037d318d (level 4) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 1fd8b88265ce3f5f609112d1d7290360 (level 3) >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 >LibClamAV debug: cache_add: 86b9faab66dfbb5494f02098de233337 (level 2) >LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] >LibClamAV debug: cli_untar: Checksum 4760 is valid. >LibClamAV debug: cli_untar: size = 1362 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1362:clam02.tgz:1362:1362:0:2:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-12c0f2c7e050b177e7b8818b40e1c97c.tmp/tar02 >LibClamAV debug: cli_untar: pos = 3072 >LibClamAV debug: cli_untar: pos = 3584 >LibClamAV debug: cli_untar: pos = 4096 >LibClamAV debug: cli_untar: pos = 4608 >LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 3fd6edd55afc9ffd1b1b3a14037d318d is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 4686aa63b54275d9291460aeb43112fc is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-6a77a111d048f144393c2aed936a32bf.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4761, [11231 in octal] >LibClamAV debug: cli_untar: Checksum 4761 is valid. >LibClamAV debug: cli_untar: size = 1184 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1184:clam03.tgz:1184:1184:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-6a77a111d048f144393c2aed936a32bf.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: eefe348a7f2bbb93457c7542f2d25d40 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 5/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: c7035dd4361509ca567acf285f9cae7d is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-7e8ba550be1fa6efe528741d5aa47507.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4762, [11232 in octal] >LibClamAV debug: cli_untar: Checksum 4762 is valid. >LibClamAV debug: cli_untar: size = 1028 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1028:clam04.tgz:1028:1028:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-7e8ba550be1fa6efe528741d5aa47507.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: cli_untar: pos = 2048 >LibClamAV debug: in cli_magic_scandesc (reclevel: 6/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: ae187a29a2985e38431a78c6af659c36 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 7/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: c465b8291b2cfe4dbc1c457feef5364a is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-268fe2a8d1f87d39dee3d536416313dc.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4763, [11233 in octal] >LibClamAV debug: cli_untar: Checksum 4763 is valid. >LibClamAV debug: cli_untar: size = 844 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:844:clam05.tgz:844:844:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-268fe2a8d1f87d39dee3d536416313dc.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 8/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: f81648d0166b550d74b5972632035215 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 9/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 97e0ec966bce0ed5368f7abd66a8a566 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-0e519f35d14fe201a2b2f8f89bef91f6.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4771, [11243 in octal] >LibClamAV debug: cli_untar: Checksum 4771 is valid. >LibClamAV debug: cli_untar: size = 694 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:694:clam06.tgz:694:694:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-0e519f35d14fe201a2b2f8f89bef91f6.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 10/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 229f703eda82655237de5742b71337e3 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 11/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 14ee5843e6c9e23c48e0a4c72f1b0055 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-682b39049dc81bfed2fa79f0d4b45876.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4764, [11234 in octal] >LibClamAV debug: cli_untar: Checksum 4764 is valid. >LibClamAV debug: cli_untar: size = 550 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:550:clam07.tgz:550:550:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-682b39049dc81bfed2fa79f0d4b45876.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 12/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: a9d25b35786e3a86e7d95e5b6af41544 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 13/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 9c2ea61e882349220e49b33a56b4ac08 is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-19ab10e03e803fed5dff03855441e509.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4773, [11245 in octal] >LibClamAV debug: cli_untar: Checksum 4773 is valid. >LibClamAV debug: cli_untar: size = 389 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:389:clam08.tgz:389:389:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-19ab10e03e803fed5dff03855441e509.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: in cli_magic_scandesc (reclevel: 14/16) >LibClamAV debug: Recognized GZip file >LibClamAV debug: cache_check: 497c54d7262dc2c8b74fd3eb327099c5 is negative >LibClamAV debug: in cli_scangzip() >LibClamAV debug: in cli_magic_scandesc (reclevel: 15/16) >LibClamAV debug: Recognized TAR-POSIX file >LibClamAV debug: cache_check: 563085e0481c6f7826f74c3fe04dce6c is negative >LibClamAV debug: in cli_scantar() >LibClamAV debug: In untar(/tmp/clamav-1a44c0e0d3e53fe72d2cce86a698ba02.tmp) >LibClamAV debug: cli_untar: pos = 0 >LibClamAV debug: cli_untar: Candidate checksum = 4645, [11045 in octal] >LibClamAV debug: cli_untar: Checksum 4645 is valid. >LibClamAV debug: cli_untar: size = 544 >LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:544:clam.exe:544:544:0:1:0:0x0 >LibClamAV debug: cli_untar: extracting to /tmp/clamav-1a44c0e0d3e53fe72d2cce86a698ba02.tmp/tar01 >LibClamAV debug: cli_untar: pos = 512 >LibClamAV debug: cli_untar: pos = 1024 >LibClamAV debug: cli_untar: pos = 1536 >LibClamAV debug: in cli_magic_scandesc (reclevel: 16/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: cli_magic_scandesc: Hit recursion limit, only scanning raw file >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found in descriptor 20 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) >LibClamAV debug: Recognized binary data >LibClamAV debug: cache_check: 85831fa179ee6d3a2417a9c10506813e is negative >LibClamAV debug: in cli_check_mydoom_log() >LibClamAV debug: Matched signature for file type ISO9660 >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ISO9660 signature found at 32768 >LibClamAV debug: in cli_scaniso >LibClamAV debug: cli_scaniso: Raw sector size: 2048 >LibClamAV debug: cli_scaniso: Block size: 2048 >LibClamAV debug: cli_scaniso: Volume descriptor version: 1 >LibClamAV debug: cli_scaniso: System: LINUX >LibClamAV debug: cli_scaniso: Volume: CDROM >LibClamAV debug: cli_scaniso: Volume space size: 0xb7 blocks >LibClamAV debug: cli_scaniso: Volume 1 of 1 >LibClamAV debug: cli_scaniso: Volume Set: >LibClamAV debug: cli_scaniso: Publisher: >LibClamAV debug: cli_scaniso: Data Preparer: >LibClamAV debug: cli_scaniso: Application: GENISOIMAGE ISO 9660_HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE >LibClamAV debug: cli_scaniso: Volume creation time: 2011-11-22 19:05:01 >LibClamAV debug: cli_scaniso: Volume modification time: 2011-11-22 19:05:01 >LibClamAV debug: cli_scaniso: Volume expiration time: 0000-00-00 00:00:00 >LibClamAV debug: cli_scaniso: Volume effective time: 2011-11-22 19:05:01 >LibClamAV debug: cli_scaniso: Path table size: 0x32 >LibClamAV debug: cli_scaniso: LSB Path Table: 0x18 >LibClamAV debug: cli_scaniso: Opt LSB Path Table: 0x0 >LibClamAV debug: cli_scaniso: MSB Path Table: 0x1a >LibClamAV debug: cli_scaniso: Opt MSB Path Table: 0x0 >LibClamAV debug: cli_scaniso: File Structure Version: 1 >LibClamAV debug: cli_scaniso: Joliet level 3 >LibClamAV debug: iso_parse_dir: Directory 'long_dir_is_long': off 1f - size 800 - flags 2 - unit size 0 - gap size 0 - volume 1 >LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:2048:long_dir_is_long:2048:2048:0:0:0:0x0 >LibClamAV debug: iso_parse_dir: File 'clam_exe_with_a_long_name.exe': off 20 - size 220 - flags 0 - unit size 0 - gap size 0 - volume 1 >LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:544:clam_exe_with_a_long_name.exe:544:544:0:0:0:0x0 >LibClamAV debug: iso_scan_file: dumping to /tmp/clamav-a38ae5bda169bab13f17b81ec20166df.tmp >LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) >LibClamAV debug: Recognized MS-EXE/DLL file >LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative >LibClamAV debug: in cli_peheader >LibClamAV debug: Matched signature for file type PE >LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL >LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 1024 >LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found >LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 >LibClamAV debug: Cleaning up phishcheck >LibClamAV debug: Freeing phishcheck struct >LibClamAV debug: Phishcheck cleaned up >LibClamAV debug: entconv: Destroying iconv pool:0x41e1d400 >LibClamAV debug: entconv: closing iconv:0x41e69920 >LibClamAV debug: entconv: closing iconv:0x41e699d0 > >------------------------------------------------------------------------------- > >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-aspack.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-fsg.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-mew.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-nsis.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-pespin.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-petite.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-upack.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-upx.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-v2.rar: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-v3.rar: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-wwpack.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam-yc.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.7z: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.arj: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.bin-be.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.bin-le.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.bz2.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.chm: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.d64.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.ea05.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.ea06.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.exe.binhex: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.exe.bz2: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.exe.html: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.exe.mbox.base64: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.exe.mbox.uu: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.exe.rtf: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.exe.szdd: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.impl.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.iso: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.mail: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.newc.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.odc.cpio: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.ole.doc: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.pdf: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.ppt: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.sis: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.tar.gz: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.tnef: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam.zip: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam_IScab_ext.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam_IScab_int.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_ext.exe: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clam_cache_emax.tgz: ClamAV-Test-File.UNOFFICIAL FOUND >/usr/ports/security/clamav/work/clamav-0.100.0/unit_tests/../test/clamjol.iso: ClamAV-Test-File.UNOFFICIAL FOUND > >----------- SCAN SUMMARY ----------- >Known viruses: 1 >Engine version: 0.100.0 >Scanned directories: 0 >Scanned files: 48 >Infected files: 46 >Data scanned: 14.22 MB >Data read: 6.91 MB (ratio 2.06:1) >Time: 0.413 sec (0 m 0 s) > >*** >*** clamscan didn't detect all testfiles correctly >***
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=193665">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 228468
:
193664
| 193665 |
193666
|
196910
|
199674